Hi BioHazard,
Here are the requested files (I hope!)ROOTREPEAL (c) AD, 2007-2008
Run by Hal at 2009-05-04 15:10:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 41 GB (53%) free of 76 GB
Total RAM: 3583 MB (87% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:33, on 5/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hal\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Hal.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 8765978779O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0136941239247735) (0136941239247735mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\013694~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe
--
End of file - 6134 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-10 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-08 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-10 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus 2008\APVXDWIN.EXE [2007-10-04 455984]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\system32\avldr.dll [2007-02-15 50736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-11-07 72208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
======List of files/folders created in the last 3 months======
2009-05-04 15:01:11 ----D---- C:\rsit
2009-05-01 15:30:07 ----D---- C:\Program Files\Trend Micro
2009-04-30 21:29:45 ----D---- C:\Documents and Settings\Hal\Application Data\WinPatrol
2009-04-27 21:12:56 ----D---- C:\Program Files\WinRAR
2009-04-27 20:47:29 ----A---- C:\WINDOWS\system32\dxerr9.dll
2009-04-27 20:47:28 ----A---- C:\WINDOWS\system32\d3dx9.dll
2009-04-23 18:03:55 ----D---- C:\Program Files\Acoustica Shared Effects
2009-04-21 22:22:31 ----AH---- C:\WINDOWS\akebook.ini
2009-04-21 22:22:31 ----AH---- C:\WINDOWS\a3kebook.ini
2009-04-21 22:22:31 ----A---- C:\WINDOWS\ANS2000.INI
2009-04-18 13:41:43 ----D---- C:\Documents and Settings\Hal\Application Data\DriverCure
2009-04-18 13:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-04-18 13:41:38 ----D---- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-04-17 21:45:41 ----D---- C:\Program Files\SamsungODD
2009-04-17 20:35:56 ----A---- C:\WINDOWS\cdplayer.ini
2009-04-15 22:16:53 ----A---- C:\WINDOWS\imaginationx.ini
2009-04-15 22:15:57 ----A---- C:\WINDOWS\system32\Wavmix32.dll
2009-04-15 09:41:29 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-03-01 14:11:05 ----D---- C:\Program Files\Serif
2009-02-27 16:01:04 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJScan
2009-02-27 14:46:37 ----HD---- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
2009-02-27 14:38:48 ----D---- C:\Program Files\Common Files\CANON
2009-02-27 14:35:49 ----A---- C:\WINDOWS\system32\CNMLM9D.DLL
2009-02-27 14:35:46 ----HD---- C:\WINDOWS\system32\CanonIJ Uninstaller Information
2009-02-27 14:35:37 ----A---- C:\WINDOWS\system32\CNC620O.DLL
2009-02-27 14:35:37 ----A---- C:\WINDOWS\system32\CNC620L.DLL
2009-02-27 14:35:37 ----A---- C:\WINDOWS\system32\CNC620I.DLL
2009-02-27 14:35:37 ----A---- C:\WINDOWS\system32\CNC620C.DLL
2009-02-27 14:35:26 ----HD---- C:\Program Files\CanonBJ
2009-02-27 14:35:18 ----A---- C:\WINDOWS\system32\CNMNPUI.DLL
2009-02-27 14:35:18 ----A---- C:\WINDOWS\system32\CNMNPPM.DLL
2009-02-17 22:26:15 ----D---- C:\Temp
2009-02-16 23:09:40 ----HD---- C:\WINDOWS\PIF
2009-02-15 23:25:10 ----A---- C:\WINDOWS\StarryNight.ini
2009-02-15 23:22:57 ----D---- C:\Program Files\QuickTime
2009-02-14 19:36:54 ----A---- C:\Documents and Settings\Hal\Application Data\tsdnwin.dll
2009-02-14 19:34:59 ----D---- C:\Program Files\SAMSUNG
2009-02-14 18:13:39 ----D---- C:\Documents and Settings\Hal\Application Data\Acoustica
2009-02-13 23:14:26 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2009-02-13 23:14:21 ----D---- C:\Program Files\Common Files\LogiShrd
2009-02-13 20:18:34 ----D---- C:\Program Files\SpywareBlaster
2009-02-11 23:46:32 ----D---- C:\Documents and Settings\Hal\Application Data\XTrackCad
2009-02-11 18:52:23 ----D---- C:\Documents and Settings\Hal\Application Data\Apple Computer
2009-02-11 18:43:04 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-02-11 18:42:34 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-11 18:42:22 ----D---- C:\Program Files\Bonjour
2009-02-11 18:41:56 ----D---- C:\Program Files\Common Files\Apple
2009-02-11 18:38:51 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-02-10 21:36:09 ----A---- C:\WINDOWS\system32\Pcdlib32.dll
2009-02-10 21:36:08 ----A---- C:\WINDOWS\system32\Msvcrtd.dll
2009-02-10 21:36:08 ----A---- C:\WINDOWS\system32\Msvcp60d.dll
2009-02-10 21:36:08 ----A---- C:\WINDOWS\system32\msstkprp.dll
2009-02-10 21:36:08 ----A---- C:\WINDOWS\system32\Mfco42d.dll
2009-02-10 21:36:08 ----A---- C:\WINDOWS\system32\Mfc42d.dll
2009-02-10 21:36:08 ----A---- C:\WINDOWS\system32\cdTextCtl.dll
2009-02-10 21:36:07 ----A---- C:\WINDOWS\system32\stmpcdtx.dll
2009-02-10 21:36:06 ----A---- C:\WINDOWS\system32\Ter32.dll
2009-02-10 21:36:05 ----A---- C:\WINDOWS\system32\vbar332.dll
2009-02-09 13:35:06 ----D---- C:\Program Files\Common Files\xing shared
2009-02-09 13:35:01 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-02-09 13:34:56 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-02-09 13:34:56 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-02-09 13:34:55 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-02-09 13:34:53 ----D---- C:\Program Files\Common Files\Real
2009-02-09 13:34:52 ----D---- C:\Documents and Settings\Hal\Application Data\Real
2009-02-08 18:22:49 ----D---- C:\Documents and Settings\Hal\Application Data\AdobeUM
======List of files/folders modified in the last 3 months======
2009-05-04 15:10:28 ----D---- C:\WINDOWS\Prefetch
2009-05-04 15:06:54 ----D---- C:\Program Files\Mozilla Firefox
2009-05-04 13:40:02 ----D---- C:\WINDOWS\Temp
2009-05-04 13:26:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-04 13:21:45 ----SD---- C:\WINDOWS\Tasks
2009-05-04 13:21:39 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-05-04 13:21:20 ----D---- C:\WINDOWS\system32\drivers
2009-05-04 10:22:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-05-03 11:54:06 ----D---- C:\Program Files\Avery Dennison
2009-05-03 11:27:47 ----D---- C:\Program Files\Audio-Video
2009-05-02 22:20:13 ----D---- C:\WINDOWS\system32
2009-05-02 12:26:34 ----D---- C:\WINDOWS
2009-05-02 10:40:45 ----RD---- C:\Program Files
2009-05-01 15:29:52 ----D---- C:\Program Files\Utilities
2009-05-01 10:53:22 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-30 22:06:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-30 10:35:32 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-29 09:02:31 ----D---- C:\Config.Msi
2009-04-29 09:02:30 ----SHD---- C:\WINDOWS\Installer
2009-04-29 09:02:25 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-04-28 12:38:45 ----D---- C:\WINDOWS\Registration
2009-04-28 12:37:52 ----D---- C:\WINDOWS\system32\NtmsData
2009-04-27 20:47:29 ----RSD---- C:\WINDOWS\Fonts
2009-04-23 08:53:05 ----D---- C:\Program Files\Outlook Express
2009-04-21 22:22:31 ----A---- C:\WINDOWS\win.ini
2009-04-21 22:22:31 ----A---- C:\WINDOWS\system.ini
2009-04-18 13:50:28 ----D---- C:\Program Files\Common Files
2009-04-17 21:45:41 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-15 22:21:09 ----D---- C:\WINDOWS\Debug
2009-04-15 13:05:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 13:01:25 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 13:01:25 ----D---- C:\WINDOWS\AppPatch
2009-04-15 10:52:02 ----HD---- C:\WINDOWS\inf
2009-04-15 10:52:02 ----D---- C:\WINDOWS\system32\CatRoot
2009-04-15 10:51:46 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 10:51:46 ----D---- C:\Program Files\Internet Explorer
2009-04-15 10:51:37 ----D---- C:\WINDOWS\ie7updates
2009-04-15 10:50:15 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-14 16:23:29 ----D---- C:\Program Files\Games,Entertainment
2009-04-09 19:16:46 ----D---- C:\WINDOWS\Help
2009-04-08 21:25:24 ----D---- C:\Program Files\Windows Media Player
2009-04-08 20:28:14 ----D---- C:\Program Files\McAfee
2009-04-06 07:57:24 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-21 07:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-06 07:22:18 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-03 23:43:51 ----D---- C:\Program Files\Canon
2009-03-02 17:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-28 12:28:07 ----D---- C:\Documents and Settings\Hal\Application Data\Canon
2009-02-27 14:35:46 ----D---- C:\WINDOWS\twain_32
2009-02-20 11:09:38 ----N---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 11:09:38 ----N---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 11:09:38 ----N---- C:\WINDOWS\system32\occache.dll
2009-02-20 11:09:38 ----N---- C:\WINDOWS\system32\mstime.dll
2009-02-20 11:09:38 ----N---- C:\WINDOWS\system32\msrating.dll
2009-02-20 11:09:38 ----N---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 11:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 11:09:37 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 11:09:37 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 11:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 11:09:36 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 11:09:36 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 11:09:36 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 11:09:36 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 11:09:36 ----N---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 11:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 11:09:35 ----N---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 11:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 03:20:49 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 03:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-19 23:16:59 ----D---- C:\WINDOWS\pss
2009-02-19 22:14:12 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-02-16 17:49:29 ----D---- C:\Program Files\Panda Security
2009-02-16 17:23:50 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-15 23:29:10 ----D---- C:\Program Files\Starry Night Sky Explorer
2009-02-15 12:32:37 ----SD---- C:\Documents and Settings\Hal\Application Data\Microsoft
2009-02-15 00:03:49 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2009-02-15 00:01:08 ----D---- C:\Program Files\Common Files\LightScribe
2009-02-14 20:45:48 ----D---- C:\Documents and Settings\Hal\Application Data\Ashampoo
2009-02-13 23:14:30 ----D---- C:\Program Files\Common Files\Logitech
2009-02-13 23:13:58 ----D---- C:\Program Files\Logitech
2009-02-13 20:00:26 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-13 14:56:14 ----D---- C:\Program Files\ScanSoft
2009-02-12 21:13:00 ----D---- C:\Documents and Settings\Hal\Application Data\Canneverbe_Limited
2009-02-11 18:43:04 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-11 18:18:02 ----D---- C:\Documents and Settings\All Users\Application Data\Avery
2009-02-10 14:16:09 ----D---- C:\Program Files\AGEIA Technologies
2009-02-09 18:22:04 ----D---- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2009-02-09 05:10:49 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 05:10:48 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 05:10:48 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 05:10:48 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-07 09:36:38 ----D---- C:\Program Files\Foxit Software
2009-02-06 04:11:05 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 04:06:41 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 03:39:08 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-06 03:32:56 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-05-23 38968]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 pavdrv;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2007-09-28 83896]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-09-05 4611072]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-01-27 73728]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus 2008\PsCtrls.exe [2007-07-12 169264]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe [2007-06-14 63024]
R2 PAVSRV;Panda anti-virus service; C:\Program Files\Panda Security\Panda Antivirus 2008\pavsrv51.exe [2007-09-28 148272]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus 2008\PsImSvc.exe [2007-05-24 108592]
S2 0136941239247735mcinstcleanup;McAfee Application Installer Cleanup (0136941239247735); C:\WINDOWS\TEMP\013694~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-08 183280]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe [2008-11-07 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-05-04 15:01:16
======Uninstall list======
-->.
-->C:\Program Files\Audio-Video\Acoustica CD Label Maker\cdlabel.exe UNINSTALL
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85309D89-7BE9-4094-BB17-24999C6118FC}\SETUP.EXE" -l0x9
AudioLabel-->C:\Program Files\Audio-Video\AudioLabel\Uninstall.exe
Avery Wizard 3.1-->MsiExec.exe /I{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Canon IJ Network Scan Utility-->C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.EXE
Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator 3.0-->"C:\Program Files\Canon\MP Navigator 3.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator 3.0\uninst.ini
Canon MP Navigator EX 2.0-->"C:\Program Files\Canon\MP Navigator EX 2.0\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 2.0\uninst.ini
Canon MP620 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series /L0x0009
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
CCleaner (remove only)-->"C:\Program Files\Utilities\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
DesignPro 5.4 Limited Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}
Foxit PDF Editor-->C:\Program Files\Foxit Software\PDF Editor\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Utilities\Trend Micro\HijackThis\HijackThis.exe" /uninstall
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
LightScribe System Software-->MsiExec.exe /X{4A9849CA-E11C-4F24-8BB1-97C717A1C898}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Magic Speed-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{679423B8-A7DD-46A4-BB35-6AD19D0E5B9A}\Setup.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
Panda Antivirus 2008-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\SETUP.exe" -l0x9 -removeonly
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
ScanSoft OmniPage SE 4.0-->MsiExec.exe /I{29D851C2-048C-4B5E-8D1F-25D473342BB5}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Serif PhotoPlus 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}\Setup.exe" -l0x9
Spell Checker For OE 2.1-->C:\Program Files\Common Files\Microsoft Shared\proof\Uninstal.exe
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Starry Night Sky Explorer-->"C:\Program Files\Starry Night Sky Explorer\Uninstall Starry Night Sky Explorer\Uninstall Starry Night Sky Explorer.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Zusi 2.4-->"C:\Program Files\Games,Entertainment\Trains\Zusi\unins000.exe"
======Security center information======
AV: Panda Antivirus 2008
======System event log======
Computer Name: HAL-C1FA7AA9104
Event Code: 6161
Message: The document Borthalan Hotel, St Ives, C... owned by Hal failed to print on printer Canon MP620 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 589136. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\HAL-C1FA7AA9104. Win32 error code returned by the print processor: 2 (0x2).
Record Number: 12256
Source Name: Print
Time Written: 20090412153924.000000-420
Event Type: error
User: HAL-C1FA7AA9104\Hal
Computer Name: HAL-C1FA7AA9104
Event Code: 7000
Message: The NMSAccessU service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 12235
Source Name: Service Control Manager
Time Written: 20090412100604.000000-420
Event Type: error
User:
Computer Name: HAL-C1FA7AA9104
Event Code: 6161
Message: The document UFILE.CA 2008 owned by Hal failed to print on printer Canon MP620 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\HAL-C1FA7AA9104. Win32 error code returned by the print processor: 259 (0x103).
Record Number: 12231
Source Name: Print
Time Written: 20090411161028.000000-420
Event Type: error
User: HAL-C1FA7AA9104\Hal
Computer Name: HAL-C1FA7AA9104
Event Code: 6161
Message: The document UFILE.CA 2008 owned by Hal failed to print on printer Canon MP620 series Printer. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\HAL-C1FA7AA9104. Win32 error code returned by the print processor: 259 (0x103).
Record Number: 12230
Source Name: Print
Time Written: 20090411160914.000000-420
Event Type: error
User: HAL-C1FA7AA9104\Hal
Computer Name: HAL-C1FA7AA9104
Event Code: 7000
Message: The NMSAccessU service failed to start due to the following error:
The system cannot find the path specified.
Record Number: 12213
Source Name: Service Control Manager
Time Written: 20090411140655.000000-420
Event Type: error
User:
=====Application event log=====
Computer Name: HAL-C1FA7AA9104
Event Code: 1000
Message: Faulting application labeler.exe, version 5.2.1201.0, faulting module labeler.exe, version 5.2.1201.0, fault address 0x001f494a.
Record Number: 3873
Source Name: Application Error
Time Written: 20090210110005.000000-480
Event Type: error
User:
Computer Name: HAL-C1FA7AA9104
Event Code: 1001
Message: Fault bucket 736169863.
Record Number: 3868
Source Name: Application Hang
Time Written: 20090210094957.000000-480
Event Type: error
User:
Computer Name: HAL-C1FA7AA9104
Event Code: 1002
Message: Hanging application msimn.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 3867
Source Name: Application Hang
Time Written: 20090210094954.000000-480
Event Type: error
User:
Computer Name: HAL-C1FA7AA9104
Event Code: 1001
Message: Fault bucket 137247436.
Record Number: 3866
Source Name: Application Error
Time Written: 20090210094703.000000-480
Event Type: error
User:
Computer Name: HAL-C1FA7AA9104
Event Code: 1000
Message: Faulting application labeler.exe, version 5.2.1201.0, faulting module labeler.exe, version 5.2.1201.0, fault address 0x001f494a.
Record Number: 3865
Source Name: Application Error
Time Written: 20090210094700.000000-480
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Panda Security\Panda Antivirus 2008;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/05/04 15:15
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6F61000 Size: 98304 File Visible: No
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE06000 Size: 8192 File Visible: No
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6209000 Size: 45056 File Visible: No
Status: -
SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb644aa70
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\PavProc.sys" at address 0xb6449e40
I trust this is o.k.
H24