TechSpot

Logs attached

By familyman14
Feb 14, 2009
  1. Computer is running slow. Also my cursor seems to have a mind of its own. it will high lite a page that I am reading or if when playing a game and the char is standing idle, he will move on his own. Thank you for looking. Sean
     
  2. mflynn

    mflynn TS Rookie Posts: 2,655

    Rerun both MBAM and SAS to confirm no more found we want clean logs.

    Then...

    Download SDFix to Desktop.

    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

    On Desktop run SDdFix It will run (install) then close.

    Then reboot into Safe Mode

    As the computer starts up, tap the F8 key several times.

    On the Boot menu Choose Safe Mode.

    Click thu all the prompts to get to desktop.

    At Desktop
    My Computer C: drive. Double-click to open.

    Look for a folder called SD Fix. Double-click to enter SD Fix.

    Double-click to RunThis.bat. Type Y to begin.

    SD Fix does its job.

    When prompted hit the enter key to restart the computer

    Your computer will reboot.

    On normal restart the Fixtool will run again and complete the removal process then say Finished,
    Hit the Enter key to end the script and load your desktop icons.

    Once the desktop is up, the SDFix report will open on screen and also be saved to the SDFix folder as Report.txt.
    Attach the Report.txt file to your next post.
    =========================================
    Download ComboFix

    NOTE: If you have had ComboFix more than a few days old delete and re-download.

    Get it here: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Or here: http://subs.geekstogo.com/ComboFix.exe

    Double click combofix.exe follow the prompts.

    Install Recovery Console if connected to the Internet!

    When finished, it will open a log.
    Attach the log and a new HJT log in your next reply.

    Note: Do not click combofix's window while its running. That may cause it to stall.

    Mike
     
  3. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    I reran both MBAM and SAS then ran SD fix. but when I try to install combofix i get an error msg that says I can't rename combofix and doesn't give me any options other than to x out of the window. I will attach these 3 files in case you need them. Thank you, Sean
     
  4. mflynn

    mflynn TS Rookie Posts: 2,655

    We definitely need a Combofix run and log.

    Do this..

    Remove ComboFix
    Start-Run
    type
    combofix /u
    Hit enter or click OK.

    Then re-download a new Combofix but do not run.

    Boot to Safe mode Networking and do the below.

    Left Drag mouse and Copy for Pasting all text in the box below. Make sure the slider bar goes to bottom from the @ to the end of the second exit.

    Then paste to the black screen of an open command prompt. All may not apply so ignore errors.

    Code:
    @echo off
    cd\
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    
    sc stop TDSSserv.sys
    sc delete TDSSserv.sys
    :: Above sc commands first stops then deletes service if it exists
    ::
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata"
    reg unload "HKEY_LOCAL_MACHINE\SOFTWARE\tdss"
    ::
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\tdss" /f
    ::The above reg commands first unloads the reg keys then deletes these keys.
    ::
    Attrib -h -s -r tdss*.* /s
    del  tdss*.* /f /q /s
    :: The above two lines first clears protective attributes then 
    :: deletes all files on Drive beginning with the name tdss
    
    :: Remove AntiVirus2009
    attrib -h -s -r "%UserProfile%\Desktop\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk"
    attrib -h -s -r "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll"
    attrib -h -s -r "%UserProfile%\Start Menu\Antivirus 2009\*.*"
    
    del "%UserProfile%\Desktop\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk" /f /q
    del "%UserProfile%\Local Settings\Temporary Internet Files\Content.IE5\S96PZM7V\winsrc[1].dll" /f /q
    del "%UserProfile%\Start Menu\Antivirus 2009\*.*" /f /q
    
    rd /s /q "%UserProfile%\Start Menu\Antivirus 2009"
    
    attrib -h -s -r "c:\Program Files\Antivirus 2009\*.*"
    rd /s/q "c:\Program Files\Antivirus 2009"
    
    attrib -h -s -r c:\WINDOWS\system32\ieupdates.exe
    attrib -h -s -r c:\WINDOWS\system32\scui.cpl
    attrib -h -s -r c:\WINDOWS\system32\winsrc.dll
    
    del c:\WINDOWS\system32\ieupdates.exe /f /q
    del c:\WINDOWS\system32\scui.cpl /f /q
    del c:\WINDOWS\system32\winsrc.dll /f /q
    
    attrib -h -s -r c:\program files\xwdxqu.txt
    attrib -h -s -r c:\windows\x
    attrib -h -s -r c:\windows\SxsCaPendDel
    
    del c:\program files\xwdxqu.txt  /f /q
    del c:\windows\x  /f /q
    del c:\windows\SxsCaPendDel  /f /q
    
    reg delete HKLM\SOFTWARE\swearware /f
    reg delete HKCU\Software\Wget /f
    reg delete HKLM\Software\Classes\CLSID\{CD363BEC-7150-B887-530D-F3E2E0424EA} /f
    
    :: rootkit gaopdxserv
    attrib -h -s -r "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    attrib -h -s -r "c:\windows\system32\gaopdxqpqjwmyc.dll"
    attrib -h -s -r "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    sc stop gaopdxserv.sys.sys
    sc delete gaopdxserv.sys.sys
    
    del  /f /q "c:\windows\system32\drivers\gaopdxqfotrruc.sys"
    del  /f /q  "c:\windows\system32\gaopdxqpqjwmyc.dll"
    del  /f /q  "\c:\windows\system32\drivers\gaopdxuigiphwm.sys"
    
    sc stop WinSvchostManager
    sc delete WinSvchostManager
    
    attrib -h -s -r "C:\WINDOWS\system32\svcprs32.exe"
    attrib -h -s -r "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe"
    attrib -h -s -r "C:\WINDOWS\system32\mdmcls32.exe"
    
    del  /f /q "C:\WINDOWS\system32\svcprs32.exe"
    del  /f /q "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dllhost.exe"
    del  /f /q "C:\WINDOWS\system32\mdmcls32.exe"
    
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gaopdxserv.sys" /f
    reg delete "HKEY_LOCAL_MACHINE\Software\Classes\gaopdxvx" /f
    
    reg delete "HKEY_CURRENT_USER\Software\75319611769193918898704537500611" /f
    reg delete "HKEY_CLASSES_ROOT\CLSID\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{037C7B8A-151A-49E6-BAED-CC05FCB50328}" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "75319611769193918898704537500611" /f
    reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" "ieupdate" /f
    echo Finshed ripping out Antivirus 2008-9
    :: Fix associations
    ftype exefile="%1" %*
    ftype batfile="%1" %*
    ftype cmdfile="%1" %*
    ftype comfile="%1" %*
    ftype scrfile="%1" /S
    ftype regfile="regedit.exe" "%1"
    ftype piffile="%1" %*
    ftype inffile=%SystemRoot%\System32\NOTEPAD.EXE "%1"
    ftype vbsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    ftype jsfile=%SystemRoot%\System32\WScript.exe "%1" %*
    
    assoc .exe=exefile
    assoc .bat=batfile
    assoc .cmd=cmdfile
    assoc .com=comfile
    assoc .scr=scrfile
    assoc .reg=regfile
    assoc .pif=piffile
    assoc .lnk=lnkfile
    assoc .inf=inffile
    assoc .vbs=VBSFile
    assoc .js=JSFile
    exit
    exit
    This should run and exit!

    It is a coverall and you may see a few errors related to it addressing something you do not need. This is normal ignore.

    Now while still in Safe mode networking run Combofix again. Attach log before rebooting to normal.

    Mike
     
  5. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Bro, when I try to delete old combo fix it says file not found. When I try to upload combo fix it says i cant change name.....?????
     
  6. mflynn

    mflynn TS Rookie Posts: 2,655

    Do the Drag mouse pasting operation.

    Reboot then try the Combofix uninstall reinstall!

    Mike
     
  7. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Mike , i am a grease monkey and have no idea what the drag mouse and paste thing is.... sorry
     
  8. mflynn

    mflynn TS Rookie Posts: 2,655

    Do post 4, except skip the Combofix uninstall and begin where it says

     
  9. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Mike, once I reboot how do I find that code? I cant get internet access in safe mode to bring this page up. Should I copy and paste it into ''notebook'' so I can find it once in safe mode? Also , once in safe mode where is this black command prompt? Does it open on its own or do I have to open something?

    Excuse my ignorance, Computers aren't my forte.

    Thanks, Sean
     
  10. mflynn

    mflynn TS Rookie Posts: 2,655

    Yes you can and that would be OK!

    But in SafeMode "Networking" you do have Internet access!

    Mike
     
  11. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    :eek: ok I see how to get internet in safe mode. :blush:
    I copy and pasted into command prompt, it did its thing. Then I tried to run combofix and still says file not found.
     
  12. mflynn

    mflynn TS Rookie Posts: 2,655

    Redownload replace the last Combofix and try the new download.

    Mike
     
  13. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    When I try to DL combofix I keep getting the same error msg.

    ''you cannot rename combofix as combofix[1]''
    ''Please use another name, preferbaly (*their mispelling) made of alphanumerical characters''
     
  14. mflynn

    mflynn TS Rookie Posts: 2,655

    Start-Run
    type
    Combofix /u
    Enter or ok

    If that fails delete the Comboxfix you have and then do the download.

    Mike
     
  15. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Thats just it... I don't have combofix on my computer. When I try to delete it, I get a msg that says cannot find combofix and when I try to DL it I get a msg that says I cant rename it. I'm baffled.
     
  16. mflynn

    mflynn TS Rookie Posts: 2,655

    Ok what about the initial problem. Is that still happening?
    As we have fixed other things with MBAM and SAS

    Mike
     
  17. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Yes sir, both problems persist.
     
  18. mflynn

    mflynn TS Rookie Posts: 2,655

    OK

    Run CCleaner from 8 Steps again twice or more on Cleanup temps, then on left click Registry then Scan for issues also repeat till clean.

    Run ATF-Cleaner http://majorgeeks.com/ATF_Cleaner_d4949.html Temp and Registry, repeatedly until no more found.

    KCleaner ftp://ftp2.kcsoftwares.com/kcsoftwa/files/kcleaner.exe
    Fantastic cleaner.

    Then..

    To look deeply at you system:

    Download RSIT
    http://images.malwareremoval.com/random/RSIT.exe

    Run it, when finished it will open a log Maximized on the screen, copy/paste the contents of this log back here then close that log.

    Then the 2nd log is Minimized so Max it and post it also to a separate post.
    The logs will contain a HighJackThis log also.

    Mike
     
  19. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Logfile of random's system information tool 1.05 (written by random/random)
    Run by Owner at 2009-02-16 20:14:08
    Microsoft Windows XP Home Edition Service Pack 3
    System drive C: has 171 GB (92%) free of 185 GB
    Total RAM: 503 MB (28% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:14:12 PM, on 2/16/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    c:\program files\relevantknowledge\rlvknlg.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\Registry Mechanic\RegMech.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\wbem\unsecapp.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZK1QSF0T\RSIT[1].exe
    C:\Program Files\Trend Micro\HijackThis\Owner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DigiSrv] C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [RelevantKnowledge] c:\program files\relevantknowledge\rlvknlg.exe -boot
    O4 - HKCU\..\Run: [NVIEW] "rundll32.exe" nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKUS\S-1-5-21-1558004879-3038671778-3870033892-500\..\Run: [RecordNow!] (User 'Administrator')
    O4 - HKUS\S-1-5-21-1558004879-3038671778-3870033892-500\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook (User 'Administrator')
    O4 - HKUS\S-1-5-21-1558004879-3038671778-3870033892-500\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Administrator')
    O4 - HKUS\S-1-5-21-1558004879-3038671778-3870033892-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149936511421
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll
    O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

    --
    End of file - 8046 bytes
     
  20. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    ======Scheduled tasks folder======

    C:\WINDOWS\tasks\At1.job
    C:\WINDOWS\tasks\At10.job
    C:\WINDOWS\tasks\At11.job
    C:\WINDOWS\tasks\At12.job
    C:\WINDOWS\tasks\At13.job
    C:\WINDOWS\tasks\At14.job
    C:\WINDOWS\tasks\At15.job
    C:\WINDOWS\tasks\At16.job
    C:\WINDOWS\tasks\At17.job
    C:\WINDOWS\tasks\At18.job
    C:\WINDOWS\tasks\At19.job
    C:\WINDOWS\tasks\At2.job
    C:\WINDOWS\tasks\At20.job
    C:\WINDOWS\tasks\At21.job
    C:\WINDOWS\tasks\At22.job
    C:\WINDOWS\tasks\At23.job
    C:\WINDOWS\tasks\At24.job
    C:\WINDOWS\tasks\At3.job
    C:\WINDOWS\tasks\At4.job
    C:\WINDOWS\tasks\At5.job
    C:\WINDOWS\tasks\At6.job
    C:\WINDOWS\tasks\At7.job
    C:\WINDOWS\tasks\At8.job
    C:\WINDOWS\tasks\At9.job
    C:\WINDOWS\tasks\Disk Cleanup.job
    C:\WINDOWS\tasks\SmartDefrag.job

    ======Registry dump======

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-14 35840]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-14 73728]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
    "HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2004-08-20 118784]
    "KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
    "UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-08-19 110592]
    "Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
    "LTMSG"=LTMSG.exe 7 []
    "PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
    "Sunkist2k"=C:\Program Files\Multimedia Card Reader\shwicon2k.exe [2003-08-14 139264]
    "HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe [2003-03-12 172032]
    "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-06-04 282624]
    "DigiSrv"=C:\WINDOWS\Twain_32\DigiCam\DigiSrv.exe [2003-08-07 180304]
    "IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2004-08-20 155648]
    "Verizon_McciTrayApp"=C:\Program Files\Verizon\McciTrayApp.exe [2007-03-11 936960]
    "HP Software Update"=c:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
    "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]
    "RelevantKnowledge"=c:\program files\relevantknowledge\rlvknlg.exe [2009-01-08 1690112]

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "NVIEW"=C:\WINDOWS\system32\nview.dll [2003-08-19 852038]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
    "updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
    "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-01-22 1830128]
    "Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-01-09 2262352]
    "RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]

    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-30 356352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    C:\WINDOWS\system32\igfxsrvc.dll [2004-08-20 344064]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge]
    C:\Program Files\RelevantKnowledge\rlls.dll [2009-01-08 372736]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=323
    "NoDriveAutoRun"=67108863
    "NoDrives"=0

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveAutoRun"=
    "NoDriveTypeAutoRun"=
    "NoDrives"=

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"
    "c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:mad:xpsp3res.dll,-20000"
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019"

    ======File associations======

    .inf - open - C:\WINDOWS\System32\NOTEPAD.EXE "%1"
    .js - open - C:\WINDOWS\System32\WScript.exe "%1" %*
    .reg - open - "regedit.exe" "%1"
    .vbs - open - C:\WINDOWS\System32\WScript.exe "%1" %*
     
  21. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    ======List of files/folders created in the last 1 months======

    2009-02-16 20:14:08 ----D---- C:\rsit
    2009-02-16 20:08:37 ----D---- C:\Documents and Settings\Owner\Application Data\KC Softwares
    2009-02-16 20:05:56 ----D---- C:\Program Files\RelevantKnowledge
    2009-02-16 20:05:47 ----D---- C:\Program Files\KC Softwares
    2009-02-16 19:57:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
    2009-02-16 19:57:31 ----A---- C:\WINDOWS\system32\STKIT432.DLL
    2009-02-16 19:57:28 ----D---- C:\Program Files\Registry Mechanic
    2009-02-16 19:04:36 ----A---- C:\WINDOWS\system32\CF2124.exe
    2009-02-16 19:00:36 ----A---- C:\WINDOWS\system32\CF1340.exe
    2009-02-16 18:44:53 ----A---- C:\WINDOWS\system32\CF30875.exe
    2009-02-16 18:44:13 ----A---- C:\WINDOWS\system32\CF30878.exe
    2009-02-14 19:14:59 ----A---- C:\WINDOWS\system32\CF29690.exe
    2009-02-14 19:13:38 ----A---- C:\WINDOWS\system32\CF29311.exe
    2009-02-14 18:32:22 ----D---- C:\WINDOWS\ERUNT
    2009-02-14 18:26:14 ----D---- C:\SDFix
    2009-02-14 10:52:29 ----A---- C:\WINDOWS\system32\javaws.exe
    2009-02-14 10:52:29 ----A---- C:\WINDOWS\system32\javaw.exe
    2009-02-14 10:52:28 ----A---- C:\WINDOWS\system32\java.exe
    2009-02-13 22:08:57 ----D---- C:\Documents and Settings\Owner\Application Data\IObit
    2009-02-13 22:08:55 ----D---- C:\Program Files\IObit
    2009-02-09 13:02:28 ----A---- C:\WINDOWS\system32\CF20521.exe
    2009-02-09 13:02:21 ----A---- C:\Bug.txt

    ======List of files/folders modified in the last 1 months======

    2009-02-16 20:13:58 ----D---- C:\WINDOWS\Prefetch
    2009-02-16 20:11:37 ----D---- C:\WINDOWS\ie7updates
    2009-02-16 20:11:37 ----D---- C:\WINDOWS
    2009-02-16 20:10:37 ----D---- C:\WINDOWS\TEMP
    2009-02-16 20:10:20 ----SHD---- C:\WINDOWS\Installer
    2009-02-16 20:06:39 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-02-16 20:05:56 ----AD---- C:\Program Files
    2009-02-16 19:57:31 ----D---- C:\WINDOWS\system32
    2009-02-16 19:50:30 ----D---- C:\WINDOWS\Debug
    2009-02-16 18:59:15 ----D---- C:\Qoobox
    2009-02-16 18:42:02 ----D---- C:\Program Files\Diablo II
    2009-02-16 10:48:40 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-02-15 10:45:58 ----D---- C:\WINDOWS\network diagnostic
    2009-02-14 18:34:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-02-14 16:23:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-02-14 16:23:31 ----D---- C:\WINDOWS\system32\drivers
    2009-02-14 10:52:13 ----A---- C:\WINDOWS\system32\deploytk.dll
    2009-02-14 10:52:10 ----D---- C:\Program Files\Java
    2009-02-13 22:09:11 ----SD---- C:\WINDOWS\Tasks
    2009-02-11 21:02:18 ----HD---- C:\WINDOWS\inf
    2009-02-11 21:02:13 ----HD---- C:\WINDOWS\$hf_mig$
    2009-02-11 21:01:54 ----D---- C:\Program Files\Internet Explorer
    2009-02-03 18:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
    2009-01-29 15:18:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
    2009-01-29 15:18:05 ----D---- C:\Program Files\Lavasoft
    2009-01-28 15:34:39 ----D---- C:\Program Files\CCleaner
    2009-01-22 07:44:09 ----D---- C:\Program Files\SUPERAntiSpyware

    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
    R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
    R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-26 75072]
    R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
    R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
    R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
    R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
    R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
    R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
    R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
    R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
    R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
    R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2004-08-20 737874]
    R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-07-02 652497]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
    R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-03 10368]
    R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
    R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
    R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
    R3 SunkFilt;Alcor Micro Corp - 9360; \??\C:\WINDOWS\System32\Drivers\sunkfilt.sys []
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
    R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
    R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
    R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
    S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
    S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys [2003-07-30 126348]
    S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys [2003-07-30 13006]
    S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
    S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
    S3 catchme;catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys []
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
    S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
    S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
    S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
    S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-04 166912]
    S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\internet explorer\SABProcEnum.sys []
    S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
    S3 SQTECH913C;DigiCam; C:\WINDOWS\System32\DRIVERS\Capt913c.sys [2004-03-16 27632]
    S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
    S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
    S3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2003-08-11 265344]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

    R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
    R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
    S2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19 77824]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
    S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2006-02-23 323584]

    -----------------EOF-----------------
     
  22. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    info.txt logfile of random's system information tool 1.05 2009-02-16 20:14:17

    ======Uninstall list======

    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
    -->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
    -->c:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\Setup.exe"
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\Setup.exe"
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\Setup.exe"
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
    -->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
    Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
    Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
    ArcSoft Funhouse 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FC4811E-29F4-4035-9274-43A16816152D}\setup.exe" -l0x9
    ArcSoft PhotoImpression 4-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68D5CEF9-0DA8-47FE-B0EB-4CBFB5AAF662}\setup.exe" -l0x9
    ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\setup.exe" -l0x9
    Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
    CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
    Croc-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Fox\Croc\Uninst.isu"
    Diablo II-->C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
    DigiCam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{68F34B52-A8E7-4DF9-95AC-079FE280DEBE}\Setup.exe" -l0x9
    HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
    hp deskjet 3600-->msiexec /x{7CA32143-2DAC-4F5F-9BAA-2AB3707EF192}
    HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
    HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
    HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
    Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
    iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{59C4F14F-7590-45FC-BE9F-A67AB3590709} /l1033
    Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000}
    Java(TM) 6 Update 12-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
    Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
    Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
    KBD-->C:\HP\KBD\KBD.EXE uninstalled
    KC Softwares KCleaner-->"C:\Program Files\KC Softwares\KCleaner\unins000.exe"
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Baseline Security Analyzer 2.1-->MsiExec.exe /I{6AF5CAB9-FD0A-494F-8AA6-784D4B5D06C5}
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 97, Professional Edition-->C:\Program Files\Microsoft Office\Office\Setup\Acme.exe /w Off97Pro.STF
    Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
    MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
    Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{145CACAF-9B34-41FC-BE49-7D510A253E78}
    NVIDIA GART Driver-->C:\WINDOWS\System32\nvugart.exe Uninstall C:\WINDOWS\System32\Nvgart.nvu,NVIDIA GART Driver
    PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\Setup.exe"
    Picture Package Music Transfer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}\setup.exe" -l0x9 -removeonly
    PS2-->C:\WINDOWS\system32\ps2.exe uninstall
    Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
    Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
    QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{C21D5524-A970-42FA-AC8A-59B8C7CDCA31} /l1033
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
    Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
     
  23. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    RelevantKnowledge-->C:\program files\relevantknowledge\rlvknlg.exe -bootremove -uninst:RelevantKnowledge
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Smart Defrag 1.10-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
    Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
    Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly uninstall -removeonly
    Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" -l0x9 UNINSTALL -removeonly
    SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    toolkit-->c:\Windows\HPTK\unhptkit.exe
    Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
    VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
    Verizon Online Help and Support-->C:\PROGRA~1\Verizon\UNWISE.EXE C:\PROGRA~1\Verizon\INSTALL.LOG
    Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
    Yahoo! Install Manager-->C:\WINDOWS\System32\regsvr32 /u C:\WINDOWS\DOWNLO~1\YINSTH~1.DLL
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

    ======Hosts File======

    127.0.0.1 localhost

    ======Security center information======

    AV: Avira AntiVir PersonalEdition (disabled)

    System event log

    Computer Name: FAMILYCOMP
    Event Code: 7036
    Message: The Application Layer Gateway Service service entered the running state.

    Record Number: 22745
    Source Name: Service Control Manager
    Time Written: 20081222130406.000000-300
    Event Type: information
    User:

    Computer Name: FAMILYCOMP
    Event Code: 7035
    Message: The Application Layer Gateway Service service was successfully sent a start control.

    Record Number: 22744
    Source Name: Service Control Manager
    Time Written: 20081222130405.000000-300
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: FAMILYCOMP
    Event Code: 7036
    Message: The Remote Access Connection Manager service entered the running state.

    Record Number: 22743
    Source Name: Service Control Manager
    Time Written: 20081222130403.000000-300
    Event Type: information
    User:

    Computer Name: FAMILYCOMP
    Event Code: 7036
    Message: The Network Location Awareness (NLA) service entered the running state.

    Record Number: 22742
    Source Name: Service Control Manager
    Time Written: 20081222130402.000000-300
    Event Type: information
    User:

    Computer Name: FAMILYCOMP
    Event Code: 7035
    Message: The Network Location Awareness (NLA) service was successfully sent a start control.

    Record Number: 22741
    Source Name: Service Control Manager
    Time Written: 20081222130401.000000-300
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Application event log

    Computer Name: FAMILYCOMP
    Event Code: 100
    Message:
    Record Number: 606
    Source Name: SAVSCAN
    Time Written: 20070410063205.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: FAMILYCOMP
    Event Code: 3
    Message:
    Record Number: 605
    Source Name: NISUM
    Time Written: 20070410063202.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM
     
  24. familyman14

    familyman14 TS Enthusiast Topic Starter Posts: 185

    Computer Name: FAMILYCOMP
    Event Code: 1
    Message:
    Record Number: 604
    Source Name: ccSetMgr
    Time Written: 20070410063155.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: FAMILYCOMP
    Event Code: 26
    Message:
    Record Number: 603
    Source Name: ccSetMgr
    Time Written: 20070410063155.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    Computer Name: FAMILYCOMP
    Event Code: 27
    Message:
    Record Number: 602
    Source Name: ccEvtMgr
    Time Written: 20070410063033.000000-240
    Event Type: information
    User: NT AUTHORITY\SYSTEM

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
    "PROCESSOR_REVISION"=0209
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
    "QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip
    "FP_NO_HOST_CHECK"=NO

    -----------------EOF-----------------
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...