My Moms Computer - Free Antivirus Forum

My Moms Computer

BullGuard Antivirus Forum > Virus Removal > Removal Tools > My Moms Computer

Forum Quick Jump

32 posts in this thread.
Viewing Page : 1 2

[ << Previous Thread | Next Thread >> ]

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 6-9-2009 5:33 (GMT +1)

Mostly CA's activity monitoring "hooks" located by Gmer, so not finding the source of these current issues.

Just to be sure all of it was removed, if you haven't already Go here and download and run the AVG uninstaller. Be sure to disable CA before running that.

Then reboot, and Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

keng53140
Junior Member

Date Joined Apr 2007
Total Posts : 77

Posted 6-9-2009 7:28 (GMT +1)

2009-06-09 18:15:54,531 DEBUG Avg8Uninstall\Directories key failed to open (error: e0010013)
2009-06-09 18:15:54,578 WARN AvgDir param empty.
2009-06-09 18:15:54,578 WARN AvgDataDir param empty.
2009-06-09 18:16:01,062 INFO AvgRemover runs in attempt number 1
2009-06-09 18:16:01,062 INFO ***** Services *****
2009-06-09 18:16:01,062 INFO Processing service avg8emc
2009-06-09 18:16:01,062 INFO Service avg8emc is not installed
2009-06-09 18:16:01,062 DEBUG Service avg8emc RegCleanup
2009-06-09 18:16:01,062 DEBUG Registry keys for service avg8emc are not present
2009-06-09 18:16:01,062 INFO Processing service avgfws8
2009-06-09 18:16:01,078 INFO Service avgfws8 is not installed
2009-06-09 18:16:01,078 DEBUG Service avgfws8 RegCleanup
2009-06-09 18:16:01,078 DEBUG Registry keys for service avgfws8 are not present
2009-06-09 18:16:01,078 INFO Processing service avg8wd
2009-06-09 18:16:01,078 INFO Service avg8wd is not installed
2009-06-09 18:16:01,078 DEBUG Service avg8wd RegCleanup
2009-06-09 18:16:01,078 DEBUG Registry keys for service avg8wd are not present
2009-06-09 18:16:01,078 INFO Processing service AvgMfx86
2009-06-09 18:16:01,078 DEBUG Service AvgMfx86 Stop
2009-06-09 18:16:01,093 DEBUG Service AvgMfx86 Delete
2009-06-09 18:16:01,093 DEBUG Service AvgMfx86 RegCleanup
2009-06-09 18:16:01,203 INFO Processing service AvgMfx64
2009-06-09 18:16:01,203 INFO Service AvgMfx64 is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgMfx64 RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgMfx64 are not present
2009-06-09 18:16:01,203 INFO Processing service AvgLdx86
2009-06-09 18:16:01,203 INFO Service AvgLdx86 is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgLdx86 RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgLdx86 are not present
2009-06-09 18:16:01,203 INFO Processing service AvgLdx64
2009-06-09 18:16:01,203 INFO Service AvgLdx64 is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgLdx64 RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgLdx64 are not present
2009-06-09 18:16:01,203 INFO Processing service AvgTdiX
2009-06-09 18:16:01,203 INFO Service AvgTdiX is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgTdiX RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgTdiX are not present
2009-06-09 18:16:01,203 INFO Processing service AvgTdiA
2009-06-09 18:16:01,203 INFO Service AvgTdiA is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgTdiA RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgTdiA are not present
2009-06-09 18:16:01,203 INFO Processing service AvgWFPx
2009-06-09 18:16:01,203 INFO Service AvgWFPx is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgWFPx RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgWFPx are not present
2009-06-09 18:16:01,203 INFO Processing service AvgWFPa
2009-06-09 18:16:01,203 INFO Service AvgWFPa is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgWFPa RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgWFPa are not present
2009-06-09 18:16:01,203 INFO Processing service AvgRkx86
2009-06-09 18:16:01,203 INFO Service AvgRkx86 is not installed
2009-06-09 18:16:01,203 DEBUG Service AvgRkx86 RegCleanup
2009-06-09 18:16:01,203 DEBUG Registry keys for service AvgRkx86 are not present
2009-06-09 18:16:01,203 INFO ***** Registry keys and values *****
2009-06-09 18:16:01,203 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-06-09 18:16:01,218 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{3f963a5b-e555-4543-90e2-c3908898db71} Remove
2009-06-09 18:16:01,218 INFO Processing registry SOFTWARE\Mozilla\Firefox\Extensions
2009-06-09 18:16:01,218 DEBUG Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} Remove
2009-06-09 18:16:01,218 INFO Value SOFTWARE\Mozilla\Firefox\Extensions:{1d5287d1-8a92-0001-1f31-1cec198018d8} is not present
2009-06-09 18:16:01,218 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt
2009-06-09 18:16:01,218 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt ForceRemove
2009-06-09 18:16:01,218 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\Avg8Alrt not found
2009-06-09 18:16:01,218 INFO Processing registry SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms
2009-06-09 18:16:01,218 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms ForceRemove
2009-06-09 18:16:01,218 DEBUG Key SYSTEM\CurrentControlSet\Services\Eventlog\Application\AvgEms not found
2009-06-09 18:16:01,218 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-06-09 18:16:01,218 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-06-09 18:16:01,218 INFO Processing registry SYSTEM\CurrentControlSet\Services\Avg
2009-06-09 18:16:01,234 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg ForceRemove
2009-06-09 18:16:01,234 DEBUG Key SYSTEM\CurrentControlSet\Services\Avg not found
2009-06-09 18:16:01,234 INFO Processing registry SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054}
2009-06-09 18:16:01,234 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} ForceRemove
2009-06-09 18:16:01,234 DEBUG Key SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2AF1721-312E-4B07-8B17-CEB780DCD054} not found
2009-06-09 18:16:01,234 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-06-09 18:16:01,234 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:Outlook Setup Extension Remove
2009-06-09 18:16:01,234 INFO Processing registry SOFTWARE\Microsoft\Exchange\Client\Extensions
2009-06-09 18:16:01,234 DEBUG Value SOFTWARE\Microsoft\Exchange\Client\Extensions:AVG Exchange Extension Remove
2009-06-09 18:16:01,234 INFO Processing registry SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
2009-06-09 18:16:01,234 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify
2009-06-09 18:16:01,234 DEBUG Reading SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs failed (error: e001003d)
2009-06-09 18:16:01,234 DEBUG Value SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:AppInit_DLLs Modify failed
2009-06-09 18:16:01,234 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-09 18:16:01,234 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-09 18:16:01,234 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-09 18:16:01,250 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-09 18:16:01,250 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} is not present
2009-06-09 18:16:01,250 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-09 18:16:01,250 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-09 18:16:01,250 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
2009-06-09 18:16:01,250 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} Remove
2009-06-09 18:16:01,250 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} is not present
2009-06-09 18:16:01,250 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Run
2009-06-09 18:16:01,250 DEBUG Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY Remove
2009-06-09 18:16:01,250 INFO Value SOFTWARE\Microsoft\Windows\CurrentVersion\Run:AVG8_TRAY is not present
2009-06-09 18:16:01,250 INFO Processing registry SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall ForceRemove
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG8Uninstall not found
2009-06-09 18:16:01,265 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-06-09 18:16:01,265 INFO Processing registry SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 ForceRemove
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3 not found
2009-06-09 18:16:01,265 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-06-09 18:16:01,265 INFO Processing registry SOFTWARE\Classes\AvgDiagFile
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\AvgDiagFile ForceRemove
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\AvgDiagFile not found
2009-06-09 18:16:01,265 INFO Processing registry SOFTWARE\Classes\.avgdi
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\.avgdi ForceRemove
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\.avgdi not found
2009-06-09 18:16:01,265 INFO Processing registry SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-06-09 18:16:01,265 DEBUG Key SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-06-09 18:16:01,281 INFO Processing registry SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-06-09 18:16:01,281 DEBUG Key SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-06-09 18:16:01,281 INFO Processing registry SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension
2009-06-09 18:16:01,281 DEBUG Key SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG8 Shell Extension ForceRemove
2009-06-09 18:16:01,281 INFO Processing registry SOFTWARE\AVG\Clients
2009-06-09 18:16:01,281 DEBUG Key SOFTWARE\AVG\Clients ForceRemove
2009-06-09 18:16:01,281 INFO Processing registry SOFTWARE\AVG\AVG8
2009-06-09 18:16:01,281 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-06-09 18:16:01,281 INFO Processing registry SOFTWARE\AVG
2009-06-09 18:16:01,281 DEBUG Value SOFTWARE\AVG:DumpType Remove
2009-06-09 18:16:01,281 INFO Value SOFTWARE\AVG:DumpType is not present
2009-06-09 18:16:01,296 INFO Processing registry SOFTWARE\AVG
2009-06-09 18:16:01,296 DEBUG Key SOFTWARE\AVG Remove
2009-06-09 18:16:01,296 INFO Processing registry SOFTWARE\AVG\AVG8
2009-06-09 18:16:01,296 DEBUG Key SOFTWARE\AVG\AVG8 ForceRemove
2009-06-09 18:16:01,296 INFO Processing registry SOFTWARE\AVG
2009-06-09 18:16:01,296 DEBUG Key SOFTWARE\AVG Remove
2009-06-09 18:16:01,296 INFO Processing registry aAvgAPI.AvgBro
2009-06-09 18:16:01,296 DEBUG Key aAvgAPI.AvgBro ForceRemove
2009-06-09 18:16:01,296 DEBUG Key aAvgAPI.AvgBro not found
2009-06-09 18:16:01,296 INFO Processing registry AVG.Office
2009-06-09 18:16:01,296 DEBUG Key AVG.Office ForceRemove
2009-06-09 18:16:01,312 DEBUG Key AVG.Office not found
2009-06-09 18:16:01,312 INFO Processing registry AVG.Office.8
2009-06-09 18:16:01,312 DEBUG Key AVG.Office.8 ForceRemove
2009-06-09 18:16:01,312 DEBUG Key AVG.Office.8 not found
2009-06-09 18:16:01,312 INFO Processing registry avgtoolbar.AVGTOOLBAR
2009-06-09 18:16:01,312 DEBUG Key avgtoolbar.AVGTOOLBAR ForceRemove
2009-06-09 18:16:01,312 DEBUG Key avgtoolbar.AVGTOOLBAR not found
2009-06-09 18:16:01,312 INFO Processing registry avgtoolbar.AVGTOOLBARMenu Button
2009-06-09 18:16:01,312 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button ForceRemove
2009-06-09 18:16:01,312 DEBUG Key avgtoolbar.AVGTOOLBARMenu Button not found
2009-06-09 18:16:01,312 INFO Processing registry avgtoolbar.AVGTOOLBARToggle Button
2009-06-09 18:16:01,312 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button ForceRemove
2009-06-09 18:16:01,312 DEBUG Key avgtoolbar.AVGTOOLBARToggle Button not found
2009-06-09 18:16:01,312 INFO Processing registry LinkScannerIE.NavFilter
2009-06-09 18:16:01,312 DEBUG Key LinkScannerIE.NavFilter ForceRemove
2009-06-09 18:16:01,312 DEBUG Key LinkScannerIE.NavFilter not found
2009-06-09 18:16:01,312 INFO Processing registry LinkScannerIE.NavFilter.1
2009-06-09 18:16:01,312 DEBUG Key LinkScannerIE.NavFilter.1 ForceRemove
2009-06-09 18:16:01,312 DEBUG Key LinkScannerIE.NavFilter.1 not found
2009-06-09 18:16:01,312 INFO Processing registry CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA}
2009-06-09 18:16:01,312 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} ForceRemove
2009-06-09 18:16:01,312 DEBUG Key CLSID\{04373D9C-5ED8-44f2-BA00-7895D6A5A2DA} not found
2009-06-09 18:16:01,312 INFO Processing registry CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A}
2009-06-09 18:16:01,328 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} ForceRemove
2009-06-09 18:16:01,328 DEBUG Key CLSID\{18B30EBF-6B58-425E-AC54-831C05D91B5A} not found
2009-06-09 18:16:01,328 INFO Processing registry CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
2009-06-09 18:16:01,328 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ForceRemove
2009-06-09 18:16:01,328 DEBUG Key CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} not found
2009-06-09 18:16:01,328 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-06-09 18:16:01,328 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-06-09 18:16:01,328 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-06-09 18:16:01,328 INFO Processing registry CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
2009-06-09 18:16:01,328 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} ForceRemove
2009-06-09 18:16:01,328 DEBUG Key CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} not found
2009-06-09 18:16:01,328 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}
2009-06-09 18:16:01,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} ForceRemove
2009-06-09 18:16:01,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} not found
2009-06-09 18:16:01,328 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E2698F}
2009-06-09 18:16:01,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} ForceRemove
2009-06-09 18:16:01,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E2698F} not found
2009-06-09 18:16:01,328 INFO Processing registry CLSID\{A057A204-BACC-4D26-9990-79A187E26990}
2009-06-09 18:16:01,328 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} ForceRemove
2009-06-09 18:16:01,343 DEBUG Key CLSID\{A057A204-BACC-4D26-9990-79A187E26990} not found
2009-06-09 18:16:01,343 INFO Processing registry CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}
2009-06-09 18:16:01,343 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} ForceRemove
2009-06-09 18:16:01,343 DEBUG Key CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} not found
2009-06-09 18:16:01,343 INFO Processing registry Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D}
2009-06-09 18:16:01,343 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} ForceRemove
2009-06-09 18:16:01,343 DEBUG Key Interface\{52261B0E-CA1A-4FA9-9805-4D01202DF09D} not found
2009-06-09 18:16:01,343 INFO Processing registry Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C}
2009-06-09 18:16:01,343 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} ForceRemove
2009-06-09 18:16:01,343 DEBUG Key Interface\{8EA1F9F2-997A-4832-8E09-815E3D0C0A0C} not found
2009-06-09 18:16:01,343 INFO Processing registry TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30}
2009-06-09 18:16:01,343 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} ForceRemove
2009-06-09 18:16:01,343 DEBUG Key TypeLib\{3E536428-8E1A-4A2C-8463-4A8F74763C30} not found
2009-06-09 18:16:01,343 INFO Processing registry TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7}
2009-06-09 18:16:01,343 DEBUG Key TypeLib\{5DAB1D4C-D020-41CD-936F-D63FF662E9F7} ForceRemove
2009-06-09 18:16:01,343 INFO Processing registry TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9}
2009-06-09 18:16:01,343 DEBUG Key TypeLib\{A0C8F0F1-DE25-4ADB-8F0B-508F6CA43DE9} ForceRemove
2009-06-09 18:16:01,359 INFO ***** Files and folders *****
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 0
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 1
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 2
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 3
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 4
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 5
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 6
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 7
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 8
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 9
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 10
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 11
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 12
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 13
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 14
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 15
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 16
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 17
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 18
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 19
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 20
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 21
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 22
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 23
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 24
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 25
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 26
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 27
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 28
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 29
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 30
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 31
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 32
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 33
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 34
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 35
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 36
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 37
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 38
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 39
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 40
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 41
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 42
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 43
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 44
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 45
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 46
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 47
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 48
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 49
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 50
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 51
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 52
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 53
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 54
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 55
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 56
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 57
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 58
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 59
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 60
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 61
2009-06-09 18:16:01,359 DEBUG Missing ParentDir path for fileItem number 62
2009-06-09 18:16:01,359 DEBUG Processing item C:\Documents and Settings\Admin\Application Data\AVGTOOLBAR
2009-06-09 18:16:01,359 INFO Directory C:\Documents and Settings\Admin\Application Data\AVGTOOLBAR not found
2009-06-09 18:16:01,359 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-09 18:16:01,390 INFO File C:\WINDOWS\System32\Drivers\\avgldx86.sys deleted
2009-06-09 18:16:01,390 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-09 18:16:01,390 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-09 18:16:01,406 INFO File C:\WINDOWS\System32\Drivers\\avgmfx86.sys deleted
2009-06-09 18:16:01,406 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-09 18:16:01,421 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-09 18:16:01,421 INFO File C:\WINDOWS\System32\Drivers\\avgtdix.sys deleted
2009-06-09 18:16:01,421 DEBUG Processing item C:\WINDOWS\System32\Drivers
2009-06-09 18:16:01,421 DEBUG Processing item C:\WINDOWS\System32\Drivers\avg
2009-06-09 18:16:01,421 INFO File C:\WINDOWS\System32\Drivers\avg\avi7.avg deleted
2009-06-09 18:16:01,421 INFO File C:\WINDOWS\System32\Drivers\avg\incavi.avm deleted
2009-06-09 18:16:01,421 INFO File C:\WINDOWS\System32\Drivers\avg\microavi.avg deleted
2009-06-09 18:16:01,437 INFO File C:\WINDOWS\System32\Drivers\avg\miniavi.avg deleted
2009-06-09 18:16:01,484 INFO Directory C:\WINDOWS\System32\Drivers\avg deleted
2009-06-09 18:16:01,484 DEBUG Processing item C:\WINDOWS\System32
2009-06-09 18:16:01,515 INFO File C:\WINDOWS\System32\\avgrsstx.dll deleted
2009-06-09 18:16:01,515 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0
2009-06-09 18:16:01,515 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg 8.0 not found
2009-06-09 18:16:01,515 DEBUG Processing item C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0
2009-06-09 18:16:01,515 INFO Directory C:\Documents and Settings\All Users\Start Menu\Programs\avg free 8.0 not found
2009-06-09 18:16:01,515 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk
2009-06-09 18:16:01,515 INFO File C:\Documents and Settings\All Users\Desktop\avg 8.0.lnk not found
2009-06-09 18:16:01,515 DEBUG Processing item C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk
2009-06-09 18:16:01,515 INFO File C:\Documents and Settings\All Users\Desktop\avg free 8.0.lnk not found
2009-06-09 18:16:01,515 DEBUG Processing item C:\Program Files\AVG
2009-06-09 18:16:01,515 INFO Directory C:\Program Files\AVG not found
2009-06-09 18:16:01,515 INFO ***** Avg Fw NDIS driver *****
2009-06-09 18:16:01,765 INFO FW NDIS driver not present

keng53140
Junior Member

Date Joined Apr 2007
Total Posts : 77

Posted 6-9-2009 7:29 (GMT +1)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-06-09 13:22:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 93 GB (71%) free of 131 GB
Total RAM: 959 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:22:57 PM, on 6/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Admin\Desktop\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Admin\Desktop\FIX\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236551307093
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--
End of file - 7415 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\CAAntiSpywareScan_Daily as Admin at 3 00 AM.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2005-03-11 147456]
"cctray"=C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe [2009-05-05 177392]
"CAVRID"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe [2007-08-20 230664]
"QOELOADER"=C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe [2009-05-05 14088]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-02-20 49152]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-01-06 290088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\WINDOWS\system32\ftp.exe"="C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 3 months======

2009-06-09 13:22:41 ----D---- C:\rsit
2009-05-22 14:19:34 ----A---- C:\WINDOWS\system32\javaws.exe
2009-05-22 14:19:34 ----A---- C:\WINDOWS\system32\javaw.exe
2009-05-22 14:19:34 ----A---- C:\WINDOWS\system32\java.exe
2009-05-22 12:42:18 ----D---- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2009-05-22 12:00:49 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-22 12:00:49 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-05-20 17:09:14 ----D---- C:\WINDOWS\Minidump
2009-05-18 18:04:37 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-05-18 18:04:33 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-05-13 12:30:10 ----SHD---- C:\RECYCLER
2009-05-08 13:14:29 ----A---- C:\ComboFix.txt
2009-05-08 13:04:33 ----D---- C:\WINDOWS\temp
2009-05-06 13:09:53 ----A---- C:\Boot.bak
2009-05-06 13:09:48 ----RASHD---- C:\cmdcons
2009-05-06 00:09:44 ----D---- C:\WINDOWS\CAVTemp
2009-05-05 22:11:20 ----A---- C:\WINDOWS\system32\vetredir.dll
2009-05-05 22:11:20 ----A---- C:\WINDOWS\system32\isafprod.dll
2009-05-05 22:11:20 ----A---- C:\WINDOWS\system32\isafeif.dll
2009-05-05 22:10:44 ----D---- C:\Program Files\Common Files\Scanner
2009-05-05 22:10:27 ----D---- C:\Documents and Settings\All Users\Application Data\CA
2009-05-05 22:10:24 ----D---- C:\Program Files\CA
2009-05-05 21:48:15 ----A---- C:\caavsetupLog.txt
2009-05-05 11:32:30 ----D---- C:\Program Files\CCleaner
2009-05-04 18:09:05 ----A---- C:\caisslog.txt
2009-04-17 16:51:20 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-17 16:51:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-17 16:45:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-17 16:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-17 16:44:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-17 16:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-17 15:57:17 ----D---- C:\WINDOWS\ERDNT
2009-04-17 15:56:48 ----D---- C:\Qoobox
2009-04-17 15:48:42 ----D---- C:\Hijackthis
2009-04-16 08:24:42 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-04-15 21:25:57 ----D---- C:\Program Files\MSECache
2009-04-02 20:47:51 ----HDC---- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-31 13:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-03-25 20:46:38 ----HDC---- C:\WINDOWS\$NtUninstallbasecsp$
2009-03-25 20:33:35 ----D---- C:\WINDOWS\system32\XPSViewer
2009-03-25 20:33:24 ----D---- C:\Program Files\MSBuild
2009-03-25 20:33:01 ----D---- C:\Program Files\Reference Assemblies
2009-03-25 20:31:48 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-03-25 20:31:47 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-03-25 20:31:46 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-03-25 20:31:45 ----D---- C:\d01570ba83eb5681dc
2009-03-21 15:16:57 ----D---- C:\WINDOWS\pss
2009-03-14 12:24:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-14 12:23:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 14:48:23 ----D---- C:\Documents and Settings\Admin\Application Data\Windows Search
2009-03-10 14:21:54 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion

======List of files/folders modified in the last 3 months======

2009-06-09 13:22:14 ----D---- C:\WINDOWS\Prefetch
2009-06-09 13:18:44 ----D---- C:\WINDOWS
2009-06-09 13:16:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-09 13:16:01 ----D---- C:\WINDOWS\system32\drivers
2009-06-09 13:16:01 ----D---- C:\WINDOWS\system32
2009-06-09 12:31:31 ----D---- C:\Program Files\Mozilla Firefox
2009-06-08 23:45:27 ----A---- C:\WINDOWS\BSOL32.INI
2009-06-07 22:25:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-07 15:46:34 ----RASH---- C:\boot.ini
2009-06-07 15:46:34 ----A---- C:\WINDOWS\win.ini
2009-06-07 15:46:34 ----A---- C:\WINDOWS\system.ini
2009-06-06 20:57:36 ----D---- C:\WINDOWS\system32\wbem
2009-06-06 20:52:57 ----D---- C:\Shared
2009-06-01 14:09:24 ----D---- C:\Documents and Settings\Admin\Application Data\AdobeUM
2009-06-01 14:04:34 ----HD---- C:\WINDOWS\inf
2009-06-01 14:04:32 ----D---- C:\WINDOWS\Help
2009-05-27 16:17:51 ----A---- C:\WINDOWS\CSTBox.INI
2009-05-24 15:02:48 ----D---- C:\Temp
2009-05-22 14:19:48 ----SHD---- C:\WINDOWS\Installer
2009-05-22 14:19:29 ----D---- C:\Program Files\Java
2009-05-22 12:00:49 ----RD---- C:\Program Files
2009-05-21 17:15:12 ----D---- C:\WINDOWS\Debug
2009-05-08 13:05:03 ----D---- C:\WINDOWS\system32\config
2009-05-08 13:03:15 ----D---- C:\WINDOWS\AppPatch
2009-05-08 13:03:10 ----D---- C:\Program Files\Common Files
2009-05-07 02:16:29 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-06 13:05:19 ----SD---- C:\WINDOWS\Tasks
2009-05-05 22:08:25 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-05-05 21:56:33 ----D---- C:\Program Files\Watchtower
2009-04-17 17:04:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-17 16:51:22 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-17 16:50:25 ----D---- C:\WINDOWS\system32\en-us
2009-04-17 16:50:25 ----D---- C:\Program Files\Internet Explorer
2009-04-17 16:50:11 ----D---- C:\WINDOWS\ie7updates
2009-04-17 16:45:34 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-15 21:26:13 ----RSD---- C:\WINDOWS\Fonts
2009-04-15 21:26:13 ----D---- C:\WINDOWS\WinSxS
2009-04-15 21:26:13 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-04-15 21:26:09 ----D---- C:\Program Files\Microsoft Office
2009-04-15 13:27:06 ----HD---- C:\$AVG8.VAULT$
2009-03-31 13:17:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-26 10:07:57 ----RSD---- C:\WINDOWS\assembly
2009-03-26 10:07:23 ----D---- C:\WINDOWS\Microsoft.NET
2009-03-25 21:57:42 ----D---- C:\WINDOWS\security
2009-03-25 20:29:06 ----D---- C:\WINDOWS\PCHEALTH
2009-03-21 09:06:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-10 22:18:20 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-03-10 22:18:14 ----N---- C:\WINDOWS\system32\WgaTray.exe
2009-03-10 22:18:00 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-03-10 14:21:55 ----D---- C:\Documents and Settings\Admin\Application Data\Yahoo!
2009-03-10 14:21:51 ----D---- C:\Program Files\Yahoo!
2009-03-10 14:20:48 ----D---- C:\Documents and Settings\All Users\Application Data\yahoo!

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 VETEFILE;VET File Scan Engine; C:\WINDOWS\system32\drivers\VETEFILE.sys [2009-05-05 880560]
R1 VETFDDNT;VET Floppy Boot Sector Monitor; C:\WINDOWS\system32\drivers\VETFDDNT.sys [2007-08-20 21512]
R1 VET-FILT;VET File System Filter; C:\WINDOWS\system32\drivers\VET-FILT.sys [2007-08-20 26376]
R1 VETMONNT;VET File Monitor; C:\WINDOWS\system32\drivers\VETMONNT.sys [2007-08-20 32264]
R1 VET-REC;VET File System Recognizer; C:\WINDOWS\system32\drivers\VET-REC.sys [2007-08-20 21128]
R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2005-12-15 1368000]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VETEBOOT;VET Boot Scan Engine; C:\WINDOWS\system32\drivers\VETEBOOT.sys [2009-05-05 108368]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2005-04-22 226048]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VNUSB;VN Series Device; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [2006-04-07 38496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CAISafe;CAISafe; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe [2007-08-20 144960]
R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
R2 ITMRTSVC;CA Pest Patrol Realtime Protection Service; C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe [2007-01-04 280080]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
R2 VETMSGNT;VET Message Service; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe [2007-08-20 242952]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 CaCCProvSP;CaCCProvSP; C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe [2009-05-05 214256]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-01-06 536872]
R3 PPCtlPriv;PPCtlPriv; C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-08-16 189704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

keng53140
Junior Member

Date Joined Apr 2007
Total Posts : 77

Posted 6-9-2009 7:29 (GMT +1)

info.txt logfile of random's system information tool 1.06 2009-06-09 13:23:01

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat Reader 3.01-->C:\WINDOWS\uninst.exe -fC:\Acrobat3\Reader\DeIsL1.isu
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoBase 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}\setup.exe" -l0x9 -uninst
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
AuctionYen-->"C:\WINDOWS\AuctionYen\uninstall.exe" "/U:C:\Program Files\AuctionYen\Uninstall\uninstall.xml"
Bicycle® Solitaire-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Expert Software\Bicycle® Solitaire\DeIsL2.isu"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CA Internet Security Suite-->"C:\Program Files\CA\CA Internet Security Suite\caunst.exe" /u
Canon CanoScan Toolbox 4.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\CanoScan Toolbox Ver4.0\Uninst.isu" -c"C:\Program Files\Canon\CanoScan Toolbox Ver4.0\uninst.dll"
CanoScan LiDE20,30 Manual-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Digimax Master-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}\Setup.exe" -l0x9 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EuroTalk Talk Now Plus!-->C:\PROGRA~1\EuroTalk\TALKNO~1\UNWISE.EXE C:\PROGRA~1\EuroTalk\TALKNO~1\INSTALL.LOG
getPlus(R) for Adobe-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"C:\Documents and Settings\Admin\Desktop\FIX\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hoyle Board Games 4-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Board Games 4\Uninst.isu"
Hoyle Card Games 4-->C:\WINDOWS\IsUninst.exe -f"C:\SIERRA\Hoyle Card Games 4\Uninst.isu"
Hoyle Word Games 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B721EA9-076B-466C-B09E-5A8FC59A6105}\setup.exe" -l0x9 -removeonly
iTunes-->MsiExec.exe /I{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
MahJongg Master 3-->C:\PROGRA~1\eGames\MAHJON~1\UNWISE.EXE C:\PROGRA~1\eGames\MAHJON~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft XML Parser and SDK-->MsiExec.exe /I{3E908702-AF35-4611-9518-955DA24B7E07}
Mozilla Firefox (2.0.0.20)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Olympus Digital Wave Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB91E774-867B-4567-ACE7-8144EF036068}\Setup.exe" -l0x9
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
PIXELA ImageMixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13413C6C-C640-40B8-917E-CA3062826B18}\setup.exe"
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Samsung USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86D6A20D-3910-4441-A3E5-EB6977251C86}\Setup.exe" -l0x9 anything
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
The Print Shop® 6.0 Deluxe-->C:\WINDOWS\UNINST.EXE -f"C:\THEPRI~1\THEPRI~1.0DE\DeIsL1.isu" -c"C:\THEPRI~1\THEPRI~1.0DE\psfinst.dll"
Turbo Lister-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{99CC78D1-2356-497C-84C1-F239884001EC}
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Watchtower Library 2008 - English-->C:\Program Files\Watchtower\Watchtower Library 2008\E\uninst.exe
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Yahtzee-->C:\WINDOWS\uninst.exe -fC:\WINDOWS\DeIsL1.isu

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AVG Anti-Virus Free (disabled)
AV: CA Anti-Virus

======System event log======

Computer Name: ADMIN-PNNEM56CW
Event Code: 7034
Message: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 8906
Source Name: Service Control Manager
Time Written: 20090505114822.000000-300
Event Type: error
User:

Computer Name: ADMIN-PNNEM56CW
Event Code: 7022
Message: The Windows Image Acquisition (WIA) service hung on starting.

Record Number: 8809
Source Name: Service Control Manager
Time Written: 20090502185519.000000-300
Event Type: error
User:

Computer Name: ADMIN-PNNEM56CW
Event Code: 7034
Message: The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).

Record Number: 8802
Source Name: Service Control Manager
Time Written: 20090502185020.000000-300
Event Type: error
User:

Computer Name: ADMIN-PNNEM56CW
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 8779
Source Name: W32Time
Time Written: 20090501224940.000000-300
Event Type: warning
User:

Computer Name: ADMIN-PNNEM56CW
Event Code: 9
Message: The device, \Device\Ide\IdePort1, did not respond within the timeout period.

Record Number: 8681
Source Name: atapi
Time Written: 20090428122444.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: ADMIN-PNNEM56CW
Event Code: 1517
Message: Windows saved user ADMIN-PNNEM56CW\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5106
Source Name: Userenv
Time Written: 20080901230501.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ADMIN-PNNEM56CW
Event Code: 1517
Message: Windows saved user ADMIN-PNNEM56CW\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5101
Source Name: Userenv
Time Written: 20080831230550.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ADMIN-PNNEM56CW
Event Code: 1517
Message: Windows saved user ADMIN-PNNEM56CW\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5097
Source Name: Userenv
Time Written: 20080830225802.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ADMIN-PNNEM56CW
Event Code: 1517
Message: Windows saved user ADMIN-PNNEM56CW\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5093
Source Name: Userenv
Time Written: 20080829233819.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: ADMIN-PNNEM56CW
Event Code: 1517
Message: Windows saved user ADMIN-PNNEM56CW\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5085
Source Name: Userenv
Time Written: 20080828223735.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 6-10-2009 1:32 (GMT +1)

A lot of the AVG settings were already removed, but that uninstaller located and removed some services left behind. Did that correct the problem of the activity running there?

Post back on that, and for now also go to Add/Remove Programs and uninstall these older, more vulnerable Java versions (but leave that more current 6 Update 13 one):

[b\J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 3

keng53140
Junior Member

Date Joined Apr 2007
Total Posts : 77

Posted 6-10-2009 7:40 (GMT +1)

it is running alot better that it was, hopefully it stays like that :D

Jintan
Senior Member

Date Joined Dec 2006
Total Posts : 1424

Posted 6-11-2009 1:02 (GMT +1)

Very good. Since you did get those "UAC**" type files located better to do an additional scan now, just to make sure nothing gets left behind.

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.

32 posts in this thread.
Viewing Page : 1 2

Forum Information

Currently it is Friday, March 12, 2010 4:48 PM (GMT +1)
There are a total of 76.130 posts in 17.592 threads.
In the last 3 days there were 10 new threads and 66 reply posts. View Active Threads