Combofix logs (2) attached (zip).
Gmer log and RSIT log and info files all posted, below.
I couldn't "uninstall" Kazaa, but I could and did delete the program files, after which the Add/Remove menu (Control Panel) invited me to take it off that list, which I did.
Thanks.
GMER 1.0.15.15077 [6gtudc4z.exe] -
http://www.gmer.netRootkit scan 2009-08-21 17:49:18
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT BAFBE7CE ZwCreateKey
SSDT BAFBE7C4 ZwCreateThread
SSDT BAFBE7D3 ZwDeleteKey
SSDT BAFBE7DD ZwDeleteValueKey
SSDT 8A3C44A0 ZwDeviceIoControlFile
SSDT BAFBE7E2 ZwLoadKey
SSDT BAFBE7B0 ZwOpenProcess
SSDT BAFBE7B5 ZwOpenThread
SSDT BAFBE7EC ZwReplaceKey
SSDT BAFBE7E7 ZwRestoreKey
SSDT BAFBE7D8 ZwSetValueKey
SSDT BAFBE7BF ZwTerminateProcess
Code 8A3C37B0 pIofCompleteRequest
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs 8A3BFAD0
AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
Device \FileSystem\Mup \Dfs 8A3BFAD0
Device \Driver\Tcpip \Device\Ip 8A3C2740
Device \FileSystem\RAW \Device\RawTape 8A3BFAD0
Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)
Device \Driver\Tcpip \Device\Tcp 8A3C2740
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
Device \FileSystem\Mup \Device\Mup 8A3BFAD0
Device \Driver\Tcpip \Device\Udp 8A3C2740
Device \Driver\Tcpip \Device\RawIp 8A3C2740
Device \FileSystem\RAW \Device\RawDisk 8A3BFAD0
Device \Driver\Tcpip \Device\IPMULTICAST 8A3C2740
Device \FileSystem\RAW \Device\RawCdRom 8A3BFAD0
Device \FileSystem\Mup \Device\WinDfs\Root 8A3BFAD0
AttachedDevice \FileSystem\Fastfat \Fat 8A3BFAD0
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread explorer.exe [1704:1796] 00F80000
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
---- EOF - GMER 1.0.15 ----
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-08-21 17:52:26
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (6%) free of 26 GB
Total RAM: 1271 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:52:40 PM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\HP DVD\Umbrella\DVDTray.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HDD Thermometer\HDD Thermometer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\6gtudc4z.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduserR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Documents%20and%20Settings/HP_Owner/My%20Documents/__Refdesk/_Refdesk.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduserR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: FDMIECookiesBHO Class - {cc59e0f9-7e43-44fa-9faa-8377850bf205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [StxTrayMenu] "C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe"
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [RSD_HDDThermo] C:\Program Files\HDD Thermometer\HDD Thermometer.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enqueue current page with Bulk Image Downloader -
file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidqueue.htm
O8 - Extra context menu item: Enqueue link target with Bulk Image Downloader -
file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlinkqueue.htm
O8 - Extra context menu item: Open current page with Bulk Image Downloader -
file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebid.htm
O8 - Extra context menu item: Open link target with Bulk Image Downloader -
file://C:\Program Files\Bulk Image Downloader\iemenu\nocookie\iebidlink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se6662.cabO16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) -
http://www.eomniform.com/OF5/nsplugins/OFMailX.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {FA945BB6-9D37-43FC-9B2A-AF09F56CBBF0} (moDiagCollectionActiveX Object) -
http://yme.music.yahoo.com/qos/cabs/Dia ... ontrol.cabO23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - Unknown owner - C:\WINDOWS\system32\bgsvcgen.exe (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Sansa Updater Service (SansaService) - Unknown owner - C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe
--
End of file - 10150 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6f74-2d53-2644-206d7942484f}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-22 256112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2009-07-22 761840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-07-22 458736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc59e0f9-7e43-44fa-9faa-8377850bf205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-07-22 256112]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
"StxTrayMenu"=C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe [2007-01-18 190008]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2005-02-14 479232]
"DVDTray"=C:\Program Files\HP DVD\Umbrella\DVDTray.exe [2004-09-03 53248]
"REGSHAVE"=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-03 155648]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2007-04-19 1169744]
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2007-04-19 1945688]
"Acronis Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2007-04-19 149024]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RSD_HDDThermo"=C:\Program Files\HDD Thermometer\HDD Thermometer.exe [2005-04-01 215040]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-05 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-05 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-10-04 180269]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
C:\PROGRA~1\FINEPI~1\QUICKD~1.EXE [2007-01-30 303104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
C:\PROGRA~1\Yahoo!\YAHOO!~1\ymetray.exe yahoomusicengine -preload []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-06-08 131072]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Kazaa Lite K++\KazaaLite.kpp"="C:\Program Files\Kazaa Lite K++\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre1.5.0_11\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre1.5.0_11\launch4j-tmp\JDownloader.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) 2 Platform Standard Edition binary"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2009-08-21 17:52:26 ----D---- C:\rsit
2009-08-16 19:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-16 19:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-08-16 19:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-16 19:00:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-16 19:00:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-16 18:54:35 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-08-16 18:54:34 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-08-16 18:54:34 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-08-15 11:10:07 ----D---- C:\Program Files\Trend Micro
2009-08-15 09:26:05 ----D---- C:\Program Files\NOS
2009-08-15 09:26:05 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-08-15 03:19:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-15 03:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-15 03:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-15 03:18:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-15 03:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-14 02:18:09 ----D---- C:\Program Files\ESET
2009-08-13 07:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-08-12 10:06:02 ----A---- C:\AVSCAN-20090812-042711-53FBC7D3.LOG - New.txt
2009-08-12 04:16:44 ----D---- C:\Program Files\Avira
2009-08-12 04:16:44 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-12 02:35:42 ----SHD---- C:\RECYCLER
2009-08-12 02:01:17 ----D---- C:\DepositFiles
2009-08-12 02:01:16 ----SD---- C:\ComboFix
2009-08-12 02:00:00 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-12 01:59:59 ----RAD---- C:\Favorite Music
2009-08-10 22:58:26 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-10 22:58:23 ----D---- C:\Program Files\MSBuild
2009-08-10 22:58:15 ----D---- C:\Program Files\Reference Assemblies
2009-08-10 22:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-08-10 22:44:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-08-10 22:44:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-08-10 22:44:10 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-08-10 22:44:00 ----DC---- C:\WINDOWS\$NtUninstallKB961371$
2009-08-10 20:50:43 ----D---- C:\RECYCLER(2)
2009-08-10 20:14:43 ----D---- C:\WINDOWS\temp
2009-08-10 20:14:40 ----A---- C:\ComboFix.txt
2009-08-10 08:48:57 ----D---- C:\WINDOWS\ie8updates
2009-08-10 02:07:33 ----A---- C:\WINDOWS\system32\proquota.exe
2009-08-10 01:51:48 ----A---- C:\WINDOWS\zip.exe
2009-08-10 01:51:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-10 01:51:48 ----A---- C:\WINDOWS\SWSC.exe
2009-08-10 01:51:48 ----A---- C:\WINDOWS\SWREG.exe
2009-08-10 01:51:48 ----A---- C:\WINDOWS\sed.exe
2009-08-10 01:51:48 ----A---- C:\WINDOWS\PEV.exe
2009-08-10 01:51:48 ----A---- C:\WINDOWS\grep.exe
2009-08-10 01:51:27 ----D---- C:\WINDOWS\ERDNT
2009-08-10 01:51:04 ----AD---- C:\Qoobox
2009-08-09 15:20:12 ----D---- C:\Documents and Settings\HP_Owner\Application Data\ImgBurn
2009-08-09 15:18:46 ----D---- C:\Program Files\ImgBurn
2009-08-09 14:24:59 ----D---- C:\UBCD4Win
2009-08-09 05:41:51 ----D---- C:\WINDOWS\system32\NtmsData
2009-08-09 05:10:50 ----HDC---- C:\WINDOWS\ie8
2009-07-29 23:45:40 ----D---- C:\Documents and Settings\HP_Owner\Application Data\vlc
======List of files/folders modified in the last 1 months======
2009-08-21 17:51:44 ----D---- C:\WINDOWS\Prefetch
2009-08-21 17:48:13 ----D---- C:\Program Files\Mozilla Firefox
2009-08-21 17:36:44 ----D---- C:\Program Files\SpeedFan
2009-08-21 17:33:08 ----ASH---- C:\boot.ini
2009-08-21 17:33:08 ----A---- C:\WINDOWS\win.ini
2009-08-21 17:33:07 ----A---- C:\WINDOWS\system.ini
2009-08-21 17:33:00 ----D---- C:\Documents and Settings\All Users\Application Data\HDD Thermometer
2009-08-21 17:32:48 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-21 17:30:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-21 09:50:27 ----D---- C:\Program Files
2009-08-17 16:01:13 ----D---- C:\WINDOWS\system32
2009-08-17 13:38:14 ----D---- C:\WINDOWS
2009-08-17 09:27:27 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-17 09:27:24 ----RSD---- C:\WINDOWS\assembly
2009-08-16 22:40:28 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Quintessential Media Player
2009-08-16 19:00:37 ----D---- C:\WINDOWS\inf
2009-08-16 19:00:36 ----D---- C:\WINDOWS\system32\dllcache
2009-08-16 19:00:30 ----A---- C:\WINDOWS\imsins.BAK
2009-08-16 19:00:01 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-16 18:59:55 ----SHD---- C:\WINDOWS\Installer
2009-08-16 18:59:55 ----D---- C:\Config.Msi
2009-08-16 18:58:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-16 18:58:23 ----D---- C:\WINDOWS\WinSxS
2009-08-16 18:55:10 ----D---- C:\WINDOWS\Fonts
2009-08-16 18:54:49 ----D---- C:\WINDOWS\system32\spool
2009-08-16 18:51:52 ----D---- C:\Program Files\Internet Explorer
2009-08-16 18:49:12 ----D---- C:\Program Files\Outlook Express
2009-08-16 18:47:54 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-16 17:37:38 ----D---- C:\WINDOWS\Minidump
2009-08-16 17:27:10 ----D---- C:\Documents and Settings
2009-08-16 17:26:53 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-16 15:36:20 ----D---- C:\WINDOWS\system32\drivers
2009-08-16 15:16:02 ----D---- C:\WINDOWS\system32\config
2009-08-16 15:15:33 ----D---- C:\WINDOWS\system32\wbem
2009-08-16 15:15:33 ----D---- C:\WINDOWS\Registration
2009-08-15 09:35:44 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Free Download Manager
2009-08-15 09:32:54 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-08-15 09:32:30 ----D---- C:\Program Files\Common Files\Adobe
2009-08-15 09:32:15 ----D---- C:\Program Files\Adobe
2009-08-15 03:45:29 ----D---- C:\Program Files\Risk 1
2009-08-15 03:44:17 ----D---- C:\Documents and Settings\All Users\Application Data\YAHOO
2009-08-15 03:44:16 ----D---- C:\Program Files\Yahoo!
2009-08-15 03:44:15 ----D---- C:\Program Files\Common Files\SureThing Shared
2009-08-14 22:10:41 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-14 17:05:42 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-14 03:16:19 ----D---- C:\WINDOWS\Downloaded Program Files
2009-08-13 06:41:41 ----D---- C:\WINDOWS\system32\en-US
2009-08-12 02:01:06 ----D---- C:\Program Files\IrfanView
2009-08-10 20:51:40 ----D---- C:\Fraps
2009-08-10 20:10:20 ----D---- C:\WINDOWS\AppPatch
2009-08-10 20:10:14 ----D---- C:\Program Files\Common Files
2009-08-10 09:39:29 ----D---- C:\WINDOWS\Media
2009-08-10 09:39:28 ----D---- C:\WINDOWS\Help
2009-08-10 02:09:54 ----D---- C:\WINDOWS\repair
2009-08-10 01:40:36 ----A---- C:\WINDOWS\WININIT.INI
2009-08-09 17:28:52 ----SHD---- C:\System Volume Information
2009-08-09 17:28:52 ----D---- C:\WINDOWS\system32\Restore
2009-08-09 12:05:29 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2009-08-09 07:05:06 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-09 04:22:13 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-08 22:58:51 ----A---- C:\Program Files\setting.ini
2009-08-08 22:58:42 ----A---- C:\Program Files\DirPrint.txt
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 12:18:41 ----A---- C:\WINDOWS\MegaManager.INI
2009-07-29 21:11:28 ----A---- C:\Program Files\rm.ini
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 00:37:01 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-07-29 00:37:01 ----A---- C:\WINDOWS\system32\fontsub.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cdudf_XP;cdudf_XP; C:\WINDOWS\system32\drivers\cdudf_XP.sys [2006-05-10 240640]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 pwd_2K;pwd_2K; C:\WINDOWS\system32\drivers\pwd_2K.sys [2006-05-10 134426]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2006-05-10 206464]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne); \??\C:\Program Files\Quintessential Player\cdrpdacc.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2007-10-29 32768]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-06-30 1094848]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2006-05-10 25674]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2004-10-14 155648]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-06-08 1050140]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-06-08 3160576]
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2006-05-10 30406]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-27 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-20 21248]
R3 TotRec7;Total Recorder WDM audio driver; C:\WINDOWS\system32\drivers\TotRec7.sys [2008-11-19 127496]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 5bf23d43;5bf23d43; C:\WINDOWS\System32\drivers\5bf23d43.sys []
S1 92c24744.sys;92c24744.sys; \??\C:\WINDOWS\System32\drivers\92c24744.sys []
S1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2006-10-18 2432]
S1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2006-10-18 2560]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 uiobPjba;uiobPjba; \??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\uiobPjba.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2007-04-19 411168]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SansaService;Sansa Updater Service; C:\Program Files\SanDisk\Sansa Updater\SansaSvr.exe [2007-01-22 61440]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\C:\WINDOWS\system32\HPZipm12.exe []
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-08-21 17:52:45
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.51 beta-->"C:\Program Files\7-Zip\Uninstall.exe"
A.F.5 Rename your files 1.1-->MsiExec.exe /I{A725C340-77EE-11D6-BBC2-0000CB591583}
Absolute Color Picker-->"C:\Program Files\Eltima Software\Absolute Color Picker\uninstall Absolute Color Picker\unins000.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Media Player-->MsiExec.exe /X{C7888C3F-0506-555F-7907-CDD3F81719A5}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Any Flv Player 2.4.2-->"C:\Program Files\Any Flv Player\unins000.exe"
Arachnophilia version 4.0-->"C:\Program Files\Arachnophilia\unins000.exe"
ArcSoft Panorama Maker 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E945031-37AA-4F35-BBD1-E378D62B5DA0}\Setup.exe" -l0x9
ArcSoft PhotoBase 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3559D7E5-6307-4EEE-B3CD-A488FE64A9FA}\setup.exe" -l0x9
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5782E9FF-CF65-4470-802D-E03F6CA47C21}\setup.exe" -l0x9
ArcSoft ShowBiz 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{791B20D4-AE59-4DE9-B45F-BA01F3D0A493}\Setup.exe" -l0x9
Attribute Changer 5.23-->C:\Program Files\Romain's Software\Attribute Changer\uninstall.exe
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
AVI/MPEG/RM/WMV Joiner 4.82-->"C:\Program Files\AVI MPEG RM WMV Joiner\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
BatchTextReplacer2 (remove only)-->"C:\Program Files\BrineSoft\BatchTextReplacer2\Uninstall_BatchTextReplacer.exe"
Boilsoft Video Splitter 5.01-->"C:\Program Files\Boilsoft Video Splitter\unins000.exe"
Bulk Image Downloader v1.27-->"C:\Program Files\Bulk Image Downloader\unins000.exe"
Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Corel WordPerfect Suite 8-->C:\Corel\Suite8\AppMan\Setup\REMOVELAUNCHER.EXE
CZ Print Job Report-->MsiExec.exe /I{8796B63B-89B9-4C7E-BD3D-667669056C43}
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dBpowerAMP-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP.dat
DepositFiles FileManager 0.9.8.107-->"C:\DepositFiles\Depositfiles Filemanager\unins000.exe"
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dMC Power Pack-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Power Pack.dat
dPilot (remove only)-->"C:\Program Files\dPilot\uninstall.exe"
DVDFab Platinum 4.0.5.0 Ghosthunter release-->"C:\Program Files\DVDFab Platinum 4\unins000.exe"
Easy CD Creator 5 Platinum-->MsiExec.exe /I{8851E12C-0EF9-11D4-A788-009027ABA5D0}
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
FairUse Wizard 2-->"C:\Program Files\FairUse Wizard 2\un_FU-Setup_14333.exe"
FastStone Image Viewer 3.0-->C:\Program Files\FastStone Image Viewer\uninst.exe
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.3-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePrint-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst5.exe /uninstall
FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe
FLV Player-->"C:\WINDOWS\FLV Player\uninstall.exe" "/U:C:\Program Files\FLV Player\Uninstall\uninstall.xml"
foobar2000 v0.9.4.2-->"C:\Program Files\foobar2000v0.9.4.2\uninstall.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
FreeAgent Pro Tools-->C:\Program Files\InstallShield Installation Information\{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}\setup.exe -runfromtemp -l0x0409
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GoldWave v5.06-->"C:\Program Files\GoldWave ~ 506\unstall.exe" "GoldWave v5.06" "C:\Program Files\GoldWave ~ 506\unstall.log"
GoldWave v5.25-->"C:\Program Files\GoldWave525\unstall.exe" "GoldWave v5.25" "C:\Program Files\GoldWave525\unstall.log"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HDD Thermometer-->C:\Program Files\HDD Thermometer\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB910998)-->"C:\WINDOWS\$NtUninstallKB910998$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Writer-->"C:\Program Files\HP DVD\Support\Uninstall.exe" /UNINSTALL
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{6FA269F8-38CB-4DF7-AA0D-36E3CE789485}
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
ImageMixer VCD2 LE for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B093990A-AAF2-44AC-9216-14BB7A2189B6}\SETUP.EXE" -l0x9
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Instant Eyedropper 1.501-->"C:\Program Files\InstantEyedropper\unins000.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
JetShell for iAUDIO G3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{531B5920-0EFD-4AEC-95E0-95C4848C4972}\setup.exe" -l0x9
Karen's Computer Profiler (C:\Program Files\Karen's Computer Profiler\)-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Karen's Computer Profiler\ST6UNST.000"
Karen's Computer Profiler-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Karen's Computer Profiler\ST6UNST.LOG"
Karen's Directory Printer-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\DirPrn\ST6UNST.LOG"
Karen's Replicator-->C:\Program Files\Karen's Power Tools\Replicator\uninst.exe
KLS Backup 2008 Professional 4.7.0.8-->"C:\Program Files\KLS Soft\KLS Backup 2008 Professional\unins000.exe"
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mega Manager-->C:\Program Files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe -runfromtemp -l0x0009 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B6F7DBE7-2FE2-458F-A738-B10832746036}\Setup.exe" -L0x9
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mp3tag v2.43-->C:\Program Files\Mp3tag\Mp3tagUninstall.EXE
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Ultra Edition HD-->MsiExec.exe /X{D6C9AF27-9414-46C8-B9D8-D878BA041033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenExpert 1.40-->C:\Program Files\OpenExpert\uninstall.exe
PageSucker 3.2-->"C:\Program Files\PageSucker 3.2\unins000.exe"
PicaLoader 1.47.1128-->"C:\Program Files\PicaLoader\UninsHs.exe"
PowerArchiver-->C:\Program Files\PowerArchiver\UNINST.EXE
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickSFV (Remove only)-->C:\Program Files\QuickSFV\QSFVUNST.EXE C:\Program Files\QuickSFV\
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083} /l1033
Quintessential CD-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\QCD_127.INF, DefaultUninstall.ntx86
Quintessential Media Player-->"C:\Program Files\Quintessential Media Player\uninst.exe"
Quintessential Player-->"C:\Program Files\Quintessential Player\uninst.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Risk-->"C:\Program Files\Risk 1\ReflexiveArcade\unins000.exe"
Sansa Media Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Sansa Updater-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2D7E05E-C8C7-45F4-8D89-D6696075E0B7}\setup.exe" -l0x9 -removeonly
Seagate DiscWizard-->MsiExec.exe /X{81A60A13-224D-4637-8203-3EAC03B121A4}
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SmartFTP-->MsiExec.exe /I{11C762F9-95EA-486A-A8E7-683A50C231C1}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sothink FLV Player-->"C:\Program Files\SourceTec\Sothink FLV Player\unins000.exe"
Speaking Clock Deluxe 3.61-->"C:\Program Files\Speaking Clock Deluxe\unins000.exe"
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy 1.2-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Stickies 6.0b-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Stickies 6.0b
Studio365 1.3-->C:\PROGRA~1\Live365\Basic\UNWISE.EXE C:\PROGRA~1\Live365\Basic\INSTALL.LOG
TagScanner 5.0 build 509 Beta-->"C:\Program Files\TagScanner\unins000.exe"
UBCD4Win 3.50-->"C:\UBCD4Win\unins000.exe"
Ultra Video Joiner 5.2.0108-->"C:\Program Files\Ultra Video Joiner\unins000.exe"
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wallpaper Master v2.16-->"C:\Program Files\Wallpaper Master\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Xilisoft Video Converter Ultimate-->C:\Program Files\Xilisoft\Video Converter Ultimate\Uninstall.exe
XnView 1.74-->"C:\Program Files\XnView\unins000.exe"
YAFSScreen-->"C:\Program Files\YAFSScreen\unins000.exe"
======Hosts File======
127.0.0.1 localhost
127.0.0.1
http://www.007guard.com127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1
http://www.008k.com127.0.0.1 008k.com
127.0.0.1
http://www.00hq.com127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1
http://www.032439.com======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: CONSTANTINE
Event Code: 7000
Message: The B's Recorder GOLD Library General Service service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 103286
Source Name: Service Control Manager
Time Written: 20090810171830.000000-240
Event Type: error
User:
Computer Name: CONSTANTINE
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.
Record Number: 103273
Source Name: Disk
Time Written: 20090810152512.000000-240
Event Type: warning
User:
Computer Name: CONSTANTINE
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.
Record Number: 103272
Source Name: Disk
Time Written: 20090810145749.000000-240
Event Type: warning
User:
Computer Name: CONSTANTINE
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\D during a paging operation.
Record Number: 103271
Source Name: Disk
Time Written: 20090810133026.000000-240
Event Type: warning
User:
Computer Name: CONSTANTINE
Event Code: 7000
Message: The B's Recorder GOLD Library General Service service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 103253
Source Name: Service Control Manager
Time Written: 20090810094025.000000-240
Event Type: error
User:
=====Application event log=====
Computer Name: CONSTANTINE
Event Code: 1000
Message: Faulting application firefox.exe, version 1.8.20070.50813, faulting module unknown, version 0.0.0.0, fault address 0x00000001.
Record Number: 1544
Source Name: Application Error
Time Written: 20070811180458.000000-240
Event Type: error
User:
Computer Name: CONSTANTINE
Event Code: 1000
Message: Faulting application msimn.exe, version 6.0.2900.2180, faulting module msoe.dll, version 6.0.2900.3028, fault address 0x000567cd.
Record Number: 1537
Source Name: Application Error
Time Written: 20070809164721.000000-240
Event Type: error
User:
Computer Name: CONSTANTINE
Event Code: 2001
Message: Rejected Safe Mode action : Microsoft Office Outlook.
Record Number: 1535
Source Name: Microsoft Office 11
Time Written: 20070809120054.000000-240
Event Type: error
User:
Computer Name: CONSTANTINE
Event Code: 1000
Message: Faulting application getpopupinfo.exe, version 0.0.0.0, faulting module msvcrt.dll, version 7.0.2600.2180, fault address 0x000383b7.
Record Number: 1533
Source Name: Application Error
Time Written: 20070806123441.000000-240
Event Type: error
User:
Computer Name: CONSTANTINE
Event Code: 1002
Message: Hanging application realplay.exe, version 6.0.12.1059, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 1526
Source Name: Application Hang
Time Written: 20070803144404.000000-240
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
-----------------EOF-----------------
You do not have the required permissions to view the files attached to this post.