Logfile of random's system information tool 1.06 (written by random/random)
Run by Owner at 2010-03-12 16:48:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 22 GB (30%) free of 73 GB
Total RAM: 447 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:48:35 PM, on 3/12/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\WINDOWS\system32\lxcecoms.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTMSG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://safesearch.cyberdefender.com/smallsearch.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/def ... /search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://us.rd.yahoo.com/customize/ie/def ... .yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBRR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 antivirplatinum.microsoft.com
O1 - Hosts: 91.212.127.226 antivirplatinum.com
O1 - Hosts: 91.212.127.226
www.antivirplatinum.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} -
C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program
Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-
4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program
Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} -
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-
76C02E2E7C4E} - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -
C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program
Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program
Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86
\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0
\Reader\Reader_sl.exe"
O4 - HKLM\..\RunServices: [Stealth] TRACK.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -
quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0
\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!
\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1
\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!
\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!
\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!
\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1
\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/share ... insctl.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -
http://download.mcafee.com/molbin/share ... cgdmgr.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program
Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Google Update Service (gupdate1c9becfe8eb9712) (gupdate1c9becfe8eb9712) -
Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program
Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program
Files\Java\jre6\bin\jqs.exe
O23 - Service: lxce_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcecoms.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB
Adapter Wireless Network Monitor\WLService.exe
--
End of file - 7254 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll [2009-07-30
909040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program
Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-17 312928]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google
Toolbar\Component\fastsearch_A8904FB862BD9564.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03
-09 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll
[2009-07-30 159472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!
\Companion\Installs\cpn4\yt.dll [2009-07-30 909040]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXCECATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3
\LXCEtime.dll,_RunDLLEntry@16 []
"LTMSG"=LTMSG.exe 7 []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
[2009-02-27 35696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
AcRdB7_0_9 -reboot 1 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CyberDefender
Early Detection Center]
C:\Program Files\CyberDefender\AntiSpyware\cdas6c.exe /minimize []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HijackThis
startup scan]
C:\Program Files\HijackThis\HijackThis.exe /startupscan []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartDefrag]
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-06 2705752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-17 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2
"WMPNetworkSvc"=3
"SolidWorks Licensing Service"=2
"ose"=3
"NVSvc"=3
"McSysmon"=2
"McShield"=2
"iPod Service"=3
"gusvc"=3
"gupdate1c9becfe8eb9712"=2
"WinDefend"=2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-04-07 315392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObje
ctDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -
C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExe
cuteHooks]
"{BB486A23-46B0-11D3-B702-00104BC86A82}"=C:\WINDOWS\system32\RdocEx.dll [1999-07
-31 32768]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystem
Start]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.S
ys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystem
Start]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.
Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=00000000
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpo
licy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program
Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!
\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Documents and Settings\Owner\My Documents\Beechie\TurboTax Deluxe 2006
\32bit\ttax.exe"="C:\Documents and Settings\Owner\My Documents\Beechie\TurboTax Deluxe
2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Documents and Settings\Owner\My Documents\Beechie\TurboTax Deluxe 2006
\32bit\updatemgr.exe"="C:\Documents and Settings\Owner\My Documents\Beechie\TurboTax
Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program
Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla
Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Disabled:iTunes"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32
\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows
Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program
Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program
Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common
Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows
Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpo
licy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-
22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network
Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN
Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows
Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows
Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======List of files/folders created in the last 1 months======
2010-03-11 03:05:08 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-11 03:03:39 ----D---- C:\WINDOWS\LastGood
2010-03-07 14:11:07 ----A---- C:\WINDOWS\marscam.ini
2010-03-02 12:37:33 ----D---- C:\Documents and Settings\All Users\Application Data\pdf995
2010-03-02 12:37:32 ----A---- C:\WINDOWS\system32\pdfmona.dll
2010-03-02 12:37:32 ----A---- C:\WINDOWS\system32\pdf995mon.dll
2010-02-25 10:10:36 ----D---- C:\temp
2010-02-25 09:12:44 ----A---- C:\WINDOWS\_delis32.ini
2010-02-24 03:00:38 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-22 14:39:16 ----D---- C:\Documents and Settings\Owner\Application Data\TaxCut
2010-02-22 14:27:39 ----D---- C:\Program Files\PDF995
2010-02-22 14:27:39 ----D---- C:\Program Files\HRBlock2009
2010-02-22 14:17:50 ----D---- C:\Documents and Settings\All Users\Application Data\TaxCut
======List of files/folders modified in the last 1 months======
2010-03-12 16:48:24 ----D---- C:\WINDOWS\Prefetch
2010-03-12 16:14:02 ----D---- C:\Program Files\Mozilla Firefox
2010-03-12 12:40:01 ----D---- C:\WINDOWS\Temp
2010-03-12 12:39:53 ----D---- C:\Program Files\Lx_cats
2010-03-12 03:01:07 ----SHD---- C:\WINDOWS\Installer
2010-03-11 05:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-03-11 03:07:27 ----D---- C:\Config.Msi
2010-03-11 03:06:19 ----A---- C:\WINDOWS\win.ini
2010-03-11 03:05:19 ----HD---- C:\WINDOWS\inf
2010-03-11 03:05:16 ----D---- C:\WINDOWS
2010-03-11 03:05:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-11 03:05:11 ----D---- C:\Program Files\Movie Maker
2010-03-11 03:03:40 ----D---- C:\WINDOWS\system32\CatRoot
2010-03-11 03:03:40 ----D---- C:\WINDOWS\$hf_mig$
2010-03-11 03:03:38 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-03 08:48:08 ----D---- C:\Program Files\Coupons
2010-03-03 08:45:51 ----D---- C:\WINDOWS\system32
2010-03-01 21:30:12 ----A---- C:\WINDOWS\system32\MRT.exe
2010-02-28 11:30:42 ----D---- C:\WINDOWS\system32\config
2010-02-28 11:29:53 ----D---- C:\WINDOWS\system32\wbem
2010-02-28 11:29:52 ----D---- C:\WINDOWS\Registration
2010-02-25 10:05:14 ----AC---- C:\WINDOWS\cdPlayer.ini
2010-02-25 09:58:46 ----D---- C:\Documents and Settings
2010-02-25 09:57:18 ----RASHC---- C:\boot.ini
2010-02-25 09:57:18 ----A---- C:\WINDOWS\system.ini
2010-02-25 09:54:01 ----D---- C:\WINDOWS\system32\ias
2010-02-25 09:34:50 ----D---- C:\Program Files\Google
2010-02-25 09:34:50 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-02-25 09:34:25 ----A---- C:\WINDOWS\imsins.BAK
2010-02-25 09:34:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-25 09:34:16 ----D---- C:\Program Files
2010-02-25 09:34:05 ----D---- C:\WINDOWS\addins
2010-02-25 09:22:09 ----D---- C:\Program Files\Common Files\Logitech
2010-02-25 09:18:20 ----D---- C:\Program Files\Yahoo! Games
2010-02-25 09:17:01 ----D---- C:\Program Files\NCH Swift Sound
2010-02-25 09:13:29 ----D---- C:\WINDOWS\twain_32
2010-02-25 09:13:13 ----D---- C:\WINDOWS\system32\drivers
2010-02-25 09:05:32 ----SD---- C:\WINDOWS\Tasks
2010-02-24 03:03:16 ----D---- C:\WINDOWS\ie8updates
2010-02-22 19:08:03 ----AC---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2010-02-22 14:29:34 ----D---- C:\WINDOWS\WinSxS
2010-02-22 14:29:33 ----RSD---- C:\WINDOWS\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,
4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04
-13 37760]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08
214024]
R1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-04-11 10624]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment;
C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32
\DRIVERS\AegisP.sys [2009-08-28 20747]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-08-29
63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys
[2002-08-29 55936]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32
\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-
04-13 60800]
R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\WINDOWS\system32
\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32
\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 GTNDIS5;GTNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\GTNDIS5.SYS []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-
04-13 10368]
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12
652689]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17
12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13
61824]
R3 RT73;Linksys Home Wireless-G USB Adapter Driver; C:\WINDOWS\system32
\DRIVERS\rt73.sys [2005-11-24 245248]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32
\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;
C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys
[2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys
[2008-04-13 25856]
R3 usbscan;Usbscan; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS
[2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32
\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 viagfx;viagfx; C:\WINDOWS\System32\DRIVERS\vtmini.sys [2005-03-08 172544]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys []
S2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\System32\DRIVERS\nvcap.sys
[2003-07-30 126348]
S2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\System32\DRIVERS\NVxbar.sys
[2003-07-30 13006]
S2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol;
C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver;
C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-04-15 113504]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver;
C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-04-15 78752]
S3 BCM42RLY;BCM42RLY; \??\C:\WINDOWS\System32\BCM42RLY.SYS []
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13
71552]
S3 catchme;catchme; \??\C:\DOCUME~1\KEVIN\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys
[2008-04-13 17024]
S3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service;
C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2009-06-16 46592]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32
\DRIVERS\fetnd5b.sys [2003-01-15 41984]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-04-15 90907]
S3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32
\Drivers\LHidUsbK.Sys [2006-03-28 36736]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\System32
\DRIVERS\LMouKE.Sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys []
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08
79816]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08
35272]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08
34248]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08
40552]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32
\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys
[2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys
[2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13
40320]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2002-07-29 23808]
S3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\System32
\DRIVERS\LVCM.sys []
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-04-16
22784]
S3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\System32
\DRIVERS\R8139n51.SYS [2002-10-04 46976]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-06 394752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\system32\Drivers\SYMIDSCO.SYS []
S3 UNDPX1K;UNDPX1K; \??\C:\WINDOWS\system32\drivers\UNDPX1K.SYS []
S3 UNDPX2A;UNDPX2A; \??\C:\WINDOWS\system32\drivers\UNDPX2A.SYS []
S3 UNDPX2K;UNDPX2K; \??\C:\WINDOWS\system32\drivers\UNDPX2K.SYS []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-
13 60032]
S3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\WINDOWS\system32
\DRIVERS\Sacm2A.sys [2004-06-09 15429]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32
\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\drivers\wanatw.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32
\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver;
C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector;
C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand,
4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09
152984]
R2 NetTcpPortSharing;Net.Tcp Port Sharing Service;
c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication
Foundation\SMSvcHost.exe [2008-07-29 132096]
R3 lxce_device;lxce_device; C:\WINDOWS\system32\lxcecoms.exe [2005-07-06 471040]
S2 gupdate1c9becfe8eb9712;Google Update Service (gupdate1c9becfe8eb9712); C:\Program
Files\Google\Update\GoogleUpdate.exe [2009-04-16 133104]
S2 NwSapAgent;SAP Agent; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S2 WUSB54GCSVC;WUSB54GCSVC; C:\Program Files\Compact Wireless-G USB Adapter
Wireless Network Monitor\WLService.exe [2005-07-04 53307]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727
\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86;
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;
c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29
46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11
\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows
Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source
Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework;
C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
S4 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2003-08-19
77824]
S4 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common
Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-02-02 79360]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows
Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!
\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-06-25 21:01:42
======Uninstall list======
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nvhp.inf
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132
C:\WINDOWS\INF\PCHealth.inf
-->VTUninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Timer'
7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR
Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ALOT Toolbar-->"C:\Program Files\alot\alotUninst.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil
Software\Avast4\Setup\setiface.dll",RunSetup
CA Yahoo! Anti-Spy (remove only)-->"C:\Program Files\CA Yahoo! Anti-Spy\uninstall.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
Compaq Instant Support-->C:\PROGRA~1\COMPAQ~2\UNWISE.EXE C:\PROGRA~1
\COMPAQ~2\INSTALL.LOG
Critical Update for Windows Media Player 11 (KB959772)--
>"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CyberDefender Early Detection Center-->C:\Program Files\CyberDefender\cdinstx.exe /u
Delicious 2 Deluxe-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program
Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\amg-
delicious2deluxe.rguninst" "AddRemove"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
fflink-->MsiExec.exe /I{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}
GameHouse-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program
Files\RealArcade\Installer\installerMain.clf" "C:\Program
Files\RealArcade\Installer\uninstall\GameHouse.rguninst" "AddRemove"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7
\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)--
>"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683
$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287
$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only)-->rundll.exe setupx.dll,InstallHinfSection
DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32
\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
kgcbaby-->MsiExec.exe /I{E18B549C-5D15-45DA-8D8F-8FD2BD946344}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
kgchday-->MsiExec.exe /I{11F3F858-4131-4FFA-A560-3FE282933B6E}
kgchlwn-->MsiExec.exe /I{03EDED24-8375-407D-A721-4643D9768BE1}
kgcinvt-->MsiExec.exe /I{9BD54685-1496-46A5-AB62-357CD140ED8B}
kgckids-->MsiExec.exe /I{693C08A7-9E76-43FF-B11E-9A58175474C4}
kgcmove-->MsiExec.exe /I{A1588373-1D86-4D44-86C9-78ABD190F9CC}
kgcvday-->MsiExec.exe /I{8A8664E1-84C8-4936-891C-BC1F07797549}
KhalSetup-->MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application
Data\Kodak\EasyShareSetup\$SETUP_140002_1f54224\Setup.exe /APR-REMOVE
Lexmark 4300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxceUNST.EXE -
NOLICENSE
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec
Shared\LiveReg\VcSetup.exe /REMOVE
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1
\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam-->MsiExec.exe /I{0496D9E9-224B-4AFA-8F37-23B98D52F1EB}
Logitech® Camera Driver-->"C:\Program Files\Common
Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1
\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Magic Online III-->C:\Program Files\InstallShield Installation Information\{AF7733C1-FB0B-4FED
-9730-E0433AF7A2EF}\setup.exe -runfromtemp -l0x0009 -removeonly
Magic Online-->C:\Program Files\Wizards of the Coast\Magic Online\magic.exe -u
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-
4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-
85786919EF28}
Microsoft Base Smart Card Cryptographic Service Provider Package--
>"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP--
>"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs--
>"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006
\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs--
>"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-
0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-
0150048383C9}
Microsoft Plus! Digital Media Edition-->MsiExec.exe /I{C6A7AF96-4EB1-4AAE-8318-
1AB393C64F88}
Microsoft User-Mode Driver Framework Feature Pack 1.0--
>"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-
1818da5d550d}
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nanny Mania (remove only)-->"C:\Program Files\Yahoo! Games\Nanny Mania\Uninstall.exe"
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NILE THEME-->MsiExec.exe /X{B19C841C-D60A-462F-AB86-4FDD51A77FA3}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe
RealNetworks|RealPlayer|6.0
Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9}
S3 S3Display-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Display'
S3 S3Gamma2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Gamma2'
S3 S3Info2-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Info2'
S3 S3Overlay-->vtuninst.exe -reg 5 'HKLM\Software\S3\VT\S3Uninst\S3Overlay'
Scientific Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2K.EXE
SecureDNA 2005-->MsiExec.exe /I{D989F368-206D-4390-B360-24AB8A2A5474}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-
038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-
038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)--
>"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)--
>"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)--
>"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)--
>"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)--
>"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)--
>"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)--
>"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)--
>"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)--
>"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)--
>"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)--
>"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)--
>"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)--
>"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)--
>"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)--
>"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)--
>"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)--
>"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)--
>"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)--
>"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)--
>"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)--
>"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898
$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238
$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Smart Defrag 1.11-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TaskExplorer 2005 SR1-->"C:\Program Files\The M&K Network\TaskExplorer\unins000.exe"
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
TurboTax Deluxe Deduction Maximizer 2006-->C:\Documents and Settings\Owner\My
Documents\Beechie\TurboTax Deluxe 2006\TaxUnst.EXE "C:\Documents and Settings\Owner\My
Documents\Beechie\TurboTax Deluxe 2006\Uninstall.log" -NoGui
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-
IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2
$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978
$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839
$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715
$\spuninst\spuninst.exe"
VIA Rhine-Family Fast-Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver-->VTsetvga.exe -s -rRundll32.exe setupapi.dll,InstallHinfSection
DefaultUninstall 132 C:\WINDOWS\system32\hg201hp.inf
Videora iPod Converter 4.05-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WexTech AnswerWorks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1
\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation
Information\{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}\SETUP.EXE" -l0x9 -eliminate
What's Running 2.2-->"C:\Program Files\WhatsRunning\unins000.exe"
Who Wants To Be A Millionaire 2nd Edition-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1
\BUENAV~1\WHOWAN~1\DeIsL1.isu
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe"
/UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11
$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.1 beta5-->C:\Program Files\WinPcap\uninstall.exe
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
Wireshark 1.2.0-->"C:\Program Files\Wireshark\uninstall.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!
\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!
\Common\YMMAPI~1.DLL
Yahoo! Mail Quick Select Tool (PhotoMail)-->C:\PROGRA~1\Yahoo!\Common\unymb.exe
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1
\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
======Hosts File======
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1
www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
======Security center information======
AV: avast! antivirus 4.8.1335 [VPS 090625-0]
======System event log======
Computer Name: BURTON
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 82789
Source Name: Service Control Manager
Time Written: 20090617092259.000000-420
Event Type: error
User:
Computer Name: BURTON
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 82786
Source Name: Service Control Manager
Time Written: 20090617092259.000000-420
Event Type: error
User:
Computer Name: BURTON
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 82783
Source Name: Service Control Manager
Time Written: 20090617092259.000000-420
Event Type: error
User:
Computer Name: BURTON
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 82780
Source Name: Service Control Manager
Time Written: 20090617092258.000000-420
Event Type: error
User:
Computer Name: BURTON
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.
Record Number: 82777
Source Name: Service Control Manager
Time Written: 20090617092258.000000-420
Event Type: error
User:
=====Application event log=====
Computer Name: BURTON
Event Code: 1517
Message: Windows saved user BURTON\Owner registry while an application or service was still
using the registry during log off. The memory used by the user's registry has not been freed. The
registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in
either the LocalService or NetworkService account.
Record Number: 11380
Source Name: Userenv
Time Written: 20090417151850.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: BURTON
Event Code: 1002
Message: Hanging application r1puninst.exe, version 7.0.1.68, hang module hungapp, version
0.0.0.0, hang address 0x00000000.
Record Number: 11379
Source Name: Application Hang
Time Written: 20090417143204.000000-420
Event Type: error
User:
Computer Name: BURTON
Event Code: 1000
Message: Faulting application explorer.exe, version 6.0.2900.3156, faulting module ole32.dll, version
5.1.2600.2726, fault address 0x00036777.
Record Number: 11377
Source Name: Application Error
Time Written: 20090417133414.000000-420
Event Type: error
User:
Computer Name: BURTON
Event Code: 1002
Message: Hanging application rundll32.exe, version 5.1.2600.2180, hang module hungapp, version
0.0.0.0, hang address 0x00000000.
Record Number: 11376
Source Name: Application Hang
Time Written: 20090417133005.000000-420
Event Type: error
User:
Computer Name: BURTON
Event Code: 5051
Message:
Record Number: 11375
Source Name: McLogEvent
Time Written: 20090417015054.000000-420
Event Type: error
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32
\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program
Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0a00
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_08\lib\ext\QTJava.zip
-----------------EOF-----------------
GMER 1.0.15.15281 -
http://www.gmer.netRootkit scan 2010-03-13 01:17:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\fgldqpow.sys
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!
\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3428] @ C:\WINDOWS\system32
\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!
\Messenger\yui.dll
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Cdfs \Cdfs
EF554400
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler
yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Windows@NoPopUpsOnBoot 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@SecureDesktop
1
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\AuxUserType\2
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\AuxUserType\2@ Picture
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\Conversion\Readable
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\Conversion\Readable\Main
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\Conversion\Readable\Main@
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\DataFormats\DefaultFile
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\DataFormats\DefaultFile@ 14
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\DataFormats\GetSet
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\DataFormats\GetSet\0
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\DataFormats\GetSet\0@ 14,1,64,3
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\InprocServer32@ ole32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\MiscStatus@ 536
Reg HKLM\SOFTWARE\Classes\CLSID\{F13B38F2-4869-5605-2D00-E9E5E3AF0FA8}
\ProgID@ StaticEnhancedMetafile
---- EOF - GMER 1.0.15 ----