info.txt logfile of random's system information tool 1.06 2009-11-16 09:08:34
======Uninstall list======
-->"C:\Program Files\HP Games\Airstrike 2 Gulf Thunder\Uninstall.exe"
-->"C:\Program Files\HP Games\Alien Shooter\Uninstall.exe"
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bistro Stars\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Garden Dreams\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\LEGO Builder Bots\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Snowy Space Trip\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
-->"C:\Program Files\WildTangent\Apps\My HP Game Console\Uninstall.exe"
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acoustica Effects Pack-->C:\PROGRA~1\ACOUST~2\UNWISE.EXE C:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 4.5-->C:\PROGRA~1\ACOUST~1\Unwise.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AllMusicConverter 3.8.6-->"C:\Program Files\AllMusicConverter\unins000.exe"
AnyTV Free 2.44-->"C:\Program Files\FDRLab\AnyTV\unins000.exe"
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.3-->"C:\Program Files\Cheat Engine\unins001.exe"
Cheat Engine 5.5-->"C:\Program Files\Cheat Engine\unins000.exe"
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Cross Fire En-->"C:\Program Files\Z8Games\CrossFire\unins000.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Deck Studio-->MsiExec.exe /X{59DA77AC-4A9F-4272-8800-FD3988EF35E8}
DISCover-->"C:\Program Files\DISC\uninstall.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.33\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Support Overview-->"C:\WINDOWS\unins000.exe"
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(tm) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaiba Corp Virtual Duel System 1.16-->"C:\Program Files\Kaiba Corp VDS\unins000.exe"
LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
Livestream Procaster-->MsiExec.exe /I{F3C514B0-F676-4D4E-91F7-A7EE89878593}
LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {067EC517-9731-43FD-B4D5-296EE0027BBB} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{067EC517-9731-43FD-B4D5-296EE0027BBB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Market\unins000.exe"
Media Go-->MsiExec.exe /X{AEE307D5-9E65-4971-818E-C4D96DF55C64}
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Office Standard Edition 2003 60 days trial-->c:\hp\bin\cloaker.exe c:\hp\bin\MSOffice\uninst.cmd
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Need4 Software Launcher 6.2-->C:\Program Files\Need4 Software Launcher\uninst.exe
Need4 Video Converter 6-->C:\Program Files\Need4 Video Converter 6\uninst.exe
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PFPortChecker 1.0.31-->C:\Program Files\PFPortChecker\uninst.exe
PlayStation®Network Downloader-->MsiExec.exe /X{BC4CA8FA-41D2-4B81-8680-E9B7573D6500}
PlayStation®Store-->MsiExec.exe /X{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}
Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727}
PSP Video 9 5.03-->C:\Program Files\Red Kawa\Video Converter App\uninstaller.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Remove WeatherBug Installer-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Rightdown Software - Toolbar-->regsvr32 /u /s "C:\Program Files\Rightdown Software SearchBar\rssb.dll"
RONIN-->MsiExec.exe /X{DF72F15A-76CE-46DD-A76E-3580E088D625}
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPOREâ„¢-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
Ultra Mobile 3GP Video Converter 5.2.0603-->"C:\Program Files\Ultra Mobile 3GP Video Converter\unins000.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Ventrilo Server-->MsiExec.exe /X{1D46A3A0-B37D-423A-91C2-101A49E2FF80}
Warcraft III-->C:\Program Files\Common Files\Blizzard Entertainment\Warcraft III\Uninstall.exe
WE Unlimited 1.20-->"C:\Program Files\WE Unlimited\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
WM Converter 2.0-->C:\Program Files\WM Converter\Uninstal.exe
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft Public Test-PTR\Uninstall.exe
Yahoo! Toolbar for Internet Explorer-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YouTube Downloader App 2.03-->C:\Program Files\Regensoft\Downloader App\uninstaller.exe
ZOrg-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28D30296-A495-4D1C-94BF-D9C5259F3D2F}\setup.exe" -l0x9 -removeonly
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: YOUR-4DACD0EA75
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 689
Source Name: Tcpip
Time Written: 20090816023126.000000-240
Event Type: warning
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 686
Source Name: Tcpip
Time Written: 20090816020326.000000-240
Event Type: warning
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 676
Source Name: W32Time
Time Written: 20090814161357.000000-240
Event Type: warning
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.
Record Number: 639
Source Name: Service Control Manager
Time Written: 20090814023446.000000-240
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 7034
Message: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
Record Number: 632
Source Name: Service Control Manager
Time Written: 20090814023245.000000-240
Event Type: error
User:
=====Application event log=====
Computer Name: YOUR-4DACD0EA75
Event Code: 20
Message:
Record Number: 738
Source Name: Google Update
Time Written: 20090919104237.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4DACD0EA75
Event Code: 20
Message:
Record Number: 730
Source Name: Google Update
Time Written: 20090919102722.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: YOUR-4DACD0EA75
Event Code: 1002
Message: Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 707
Source Name: Application Hang
Time Written: 20090917185012.000000-240
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x01530fd0.
Record Number: 676
Source Name: Application Error
Time Written: 20090913201822.000000-240
Event Type: error
User:
Computer Name: YOUR-4DACD0EA75
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x01530fd0.
Record Number: 674
Source Name: Application Error
Time Written: 20090913201755.000000-240
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\Common Files\DivX Shared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=5f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
AND
ComboFix 09-11-11.02 - Compaq_Administrator 11/12/2009 3:28.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1478 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\rfy.tmp
c:\windows\system32\kubidima.dll
c:\windows\system32\napokoku.dll
c:\windows\system32\rekomeve.dll
c:\windows\Tasks\fkkqugoq.job
.
((((((((((((((((((((((((( Files Created from 2009-10-12 to 2009-11-12 )))))))))))))))))))))))))))))))
.
2009-11-12 06:41 . 2009-11-12 06:41 -------- d-----w- c:\program files\Market
2009-11-11 22:23 . 2009-11-12 08:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\AskToolbar
2009-11-11 12:30 . 2009-11-11 12:30 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sega
2009-11-11 12:12 . 2009-11-11 12:12 -------- d-----w- c:\program files\Common Files\DirectX
2009-11-11 11:15 . 2009-11-11 11:16 -------- d-----w- c:\program files\Ask.com
2009-11-11 11:15 . 2009-11-11 11:15 -------- d-----w- c:\program files\uTorrent
2009-11-11 11:15 . 2009-11-11 11:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-11-11 09:50 . 2009-11-11 09:50 -------- d-----w- c:\windows\San Andreas Mod Installer
2009-11-11 04:43 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-11 04:43 . 2009-11-12 06:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-11 04:43 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 01:32 . 2009-11-11 01:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-11 01:32 . 2009-11-11 01:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-10 00:00 . 2009-11-10 00:00 -------- d-----w- c:\program files\Windows Media Connect 2
2009-11-09 23:46 . 2009-11-09 23:46 -------- d-----w- c:\program files\FDRLab
2009-11-09 23:46 . 2009-11-09 23:46 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\FDRLab
2009-11-08 21:34 . 2009-11-08 22:03 -------- d-----w- c:\program files\keyclone
2009-11-08 14:01 . 2009-11-08 14:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-11-08 14:01 . 2009-11-08 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-07 17:25 . 2009-11-07 17:25 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-03 05:52 . 2009-11-03 05:53 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SPORE
2009-11-03 05:28 . 2009-11-03 05:28 -------- d--h--r- c:\documents and settings\Compaq_Administrator\Application Data\SecuROM
2009-11-03 04:57 . 2009-11-03 04:57 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-03 04:57 . 2009-11-03 04:57 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-11-03 04:56 . 2009-11-03 05:15 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Lite
2009-11-03 04:56 . 2009-11-03 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-11-02 08:03 . 2009-11-02 08:03 -------- d-----w- C:\GAMES
2009-11-01 20:48 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\cleanup.exe
2009-11-01 20:45 . 2008-02-25 18:47 3489792 ---ha-w- c:\documents and settings\Compaq_Administrator\Application Data\U3\temp\Launchpad Removal.exe
2009-11-01 20:45 . 2009-11-01 20:48 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\U3
2009-10-29 19:22 . 2009-10-29 19:22 -------- d-----w- c:\program files\WM Converter
2009-10-25 10:34 . 2009-10-25 10:34 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Red Kawa
2009-10-25 10:16 . 2009-10-25 10:16 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Geckofx
2009-10-25 10:15 . 2009-10-25 10:15 -------- d-----w- c:\program files\Regensoft
2009-10-25 10:15 . 2009-10-25 10:15 -------- d-----w- c:\program files\AviSynth 2.5
2009-10-25 10:15 . 2009-10-25 10:15 -------- d-----w- c:\program files\Red Kawa
2009-10-25 10:12 . 2009-10-25 10:12 -------- d-----w- C:\Need4Video files
2009-10-25 10:11 . 2009-10-25 10:11 -------- d-----w- c:\program files\Need4 Software Launcher
2009-10-25 10:11 . 2009-10-25 10:11 -------- d-----w- c:\program files\Need4 Video Converter 6
2009-10-25 10:04 . 2009-10-25 10:04 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Sony
2009-10-25 10:03 . 2009-10-25 10:03 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-10-25 10:03 . 2009-10-25 10:03 10134 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2009-10-25 10:03 . 2009-10-25 10:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Downloaded Installations
2009-10-25 10:03 . 2009-10-25 10:03 -------- d-----w- c:\program files\Sony
2009-10-25 10:03 . 2009-10-25 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2009-10-25 10:02 . 2009-10-25 10:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-10-25 10:00 . 2009-10-25 10:01 12212040 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sony Setup\A34E95A5-C379-4746-B607-09AE7B36A102\WMFDist11-WindowsXP-x86-ENU.exe
2009-10-25 09:59 . 2009-10-25 10:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sony
2009-10-25 09:59 . 2009-10-25 10:00 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sony Setup
2009-10-25 09:59 . 2009-10-25 09:59 -------- d-----w- c:\program files\Sony Setup
2009-10-25 05:09 . 2009-10-25 05:09 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-25 04:09 . 2009-10-25 04:09 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AdobeUM
2009-10-23 02:41 . 2009-10-23 02:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\TeamViewer
2009-10-23 02:41 . 2009-10-23 02:41 -------- d-----w- c:\program files\TeamViewer
2009-10-23 02:40 . 2009-10-23 02:40 -------- d-----w- c:\documents and settings\Compaq_Administrator\temp
2009-10-21 22:18 . 2009-10-21 22:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Blizzard Entertainment
2009-10-19 23:25 . 2009-10-25 04:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Deployment
2009-10-18 17:38 . 2009-10-18 18:16 45 ----a-w- c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences2.dat
2009-10-17 05:21 . 2009-09-23 14:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-12 08:27 . 2009-07-25 20:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-12 07:59 . 2009-08-14 05:44 -------- d-----w- c:\program files\Spyware Doctor
2009-11-11 05:42 . 2009-07-31 20:53 -------- d-----w- c:\program files\Warcraft III
2009-11-11 04:29 . 2009-07-25 21:10 -------- d-----w- c:\program files\Rightdown Software SearchBar
2009-11-10 01:46 . 2009-08-12 19:46 -------- d-----w- c:\program files\World of Warcraft
2009-11-08 20:44 . 2007-01-10 22:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 05:28 . 2009-10-02 07:43 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-10-25 11:13 . 2009-07-21 19:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\LimeWire
2009-10-25 01:04 . 2009-10-04 03:36 -------- d-----w- c:\program files\World of Warcraft Public Test
2009-10-23 02:59 . 2009-10-12 09:27 -------- d-----w- c:\program files\Kaiba Corp VDS
2009-10-18 18:19 . 2009-07-29 01:52 38 ----a-w- c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat
2009-10-18 05:40 . 2009-10-02 07:43 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SPORE Creature Creator
2009-10-13 01:23 . 2009-10-12 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Dillie-O Digital
2009-10-13 00:11 . 2009-10-13 00:11 -------- d-----w- c:\program files\CCleaner
2009-10-12 23:21 . 2009-10-12 23:21 995840 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{DF72F15A-76CE-46DD-A76E-3580E088D625}\RONIN.exe
2009-10-12 23:21 . 2009-10-12 23:21 -------- d-----w- c:\program files\Dillie-O Digital
2009-10-12 23:21 . 2009-10-12 23:21 1244672 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{59DA77AC-4A9F-4272-8800-FD3988EF35E8}\DeckStudio.exe
2009-10-12 22:40 . 2007-01-10 22:14 44088 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-12 22:18 . 2009-10-12 22:18 111528 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-12 22:16 . 2009-10-12 22:16 -------- d-----w- c:\program files\MSBuild
2009-10-12 22:16 . 2009-10-12 22:16 -------- d-----w- c:\program files\Reference Assemblies
2009-10-12 22:04 . 2009-10-12 22:04 -------- d-----w- c:\program files\MSXML 6.0
2009-10-06 06:36 . 2009-10-06 06:36 -------- d-----w- c:\program files\ZOrg
2009-10-06 06:06 . 2007-01-10 22:09 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-06 06:06 . 2009-10-06 06:04 17204720 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-10-06 06:04 . 2009-10-06 06:04 8406648 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-10-06 06:03 . 2009-10-06 06:03 10309448 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-10-06 06:03 . 2009-10-06 06:03 64000 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-10-06 06:03 . 2009-10-06 06:03 52288 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-10-06 06:03 . 2009-10-06 06:03 50688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-10-06 06:03 . 2009-10-06 06:03 114688 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
2009-10-06 06:02 . 2009-10-06 06:02 488968 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup\setup.exe
2009-10-06 05:09 . 2009-08-01 07:41 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Apple Computer
2009-10-06 05:07 . 2009-10-06 05:07 -------- d-----w- c:\program files\iTunes
2009-10-06 05:07 . 2009-10-06 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-06 05:07 . 2009-10-06 05:07 -------- d-----w- c:\program files\iPod
2009-10-06 05:07 . 2009-10-06 05:05 -------- d-----w- c:\program files\Common Files\Apple
2009-10-06 05:07 . 2009-10-06 05:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-06 05:07 . 2009-10-06 05:06 -------- d-----w- c:\program files\Bonjour
2009-10-06 05:06 . 2009-10-06 05:06 -------- d-----w- c:\program files\QuickTime
2009-10-04 19:08 . 2009-07-30 18:56 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo
2009-10-04 04:09 . 2009-07-21 08:33 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-10-03 04:21 . 2009-10-03 04:21 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Sonic
2009-10-03 04:21 . 2009-10-03 04:21 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Leadertech
2009-10-02 07:36 . 2009-10-02 07:36 -------- d-----w- c:\program files\Electronic Arts
2009-10-01 00:30 . 2009-09-05 23:55 -------- d-----w- c:\program files\VentSrv
2009-09-23 21:03 . 2009-09-23 21:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Hamachi
2009-09-23 14:41 . 2009-04-23 15:15 26176 ---ha-w- c:\windows\system32\drivers\hamachi.sys
2009-09-21 21:09 . 2009-09-21 21:09 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-09-16 01:57 . 2009-09-16 01:57 -------- d-----w- c:\program files\PFPortChecker
2009-09-04 21:44 . 2009-10-02 07:43 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 21:44 . 2009-10-02 07:43 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 21:44 . 2009-10-02 07:42 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 21:29 . 2009-10-02 07:43 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 21:29 . 2009-10-02 07:43 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 21:29 . 2009-10-02 07:43 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 21:29 . 2009-10-02 07:43 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 21:29 . 2009-10-02 07:42 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8406d728-e394-4d1b-a63d-baba0b97b275}]
bopedisu.dll [BU]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 19:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-14 185896]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-07-09 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-14 13877248]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-07-14 86016]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"mevujewab"="c:\windows\system32\rekomeve.dll" [BU]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10522-to-0.3.0.10554-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10554-to-0.3.0.10571-enUS-ptr-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.3.0.10571-to-0.3.0.10596-enUS-ptr-downloader.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avguard.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Compaq_Administrator\\Desktop\\cluttered\\YUGIOHPC\\joey_pc.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58096:TCP"= 58096:TCP:Pando Media Booster
"58096:UDP"= 58096:UDP:Pando Media Booster
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/14/2009 12:45 AM 130936]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [7/21/2009 2:18 PM 108289]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [10/29/2009 12:27 PM 1074568]
R3 MusCAudio;MusCAudio;c:\windows\system32\drivers\MusCAudio.sys [7/22/2009 12:34 AM 23096]
S2 gupdate1ca0c272cb88fd2;Google Update Service (gupdate1ca0c272cb88fd2);c:\program files\Google\Update\GoogleUpdate.exe [7/24/2009 1:22 AM 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/10/2009 11:43 PM 38224]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/14/2009 12:44 AM 348752]
S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [7/22/2009 12:34 AM 245760]
--- Other Services/Drivers In Memory ---
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-11-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-14 05:41]
2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 06:22]
2009-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-24 06:22]
2009-11-12 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-02 19:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.buckeyecablesystem.com/express/index.html
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
Trusted Zone: trymedia.com
TCP: {95784DCE-D22F-4820-9A0A-6482FE5B3BDE} = 72.240.13.6,72.240.13.5
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\u8q6t1d9.default\
FF - prefs.js: browser.startup.homepage - wowhead.com
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\u8q6t1d9.default\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
SharedTaskScheduler-{698ab086-1874-4224-a9dc-96942191ca8f} - c:\windows\system32\rekomeve.dll
SSODL-mukopowug-{698ab086-1874-4224-a9dc-96942191ca8f} - c:\windows\system32\rekomeve.dll
AddRemove-SONICHEROES - c:\docume~1\COMPAQ~1\DESKTOP\SONICH~1\unsetup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-12 03:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A3501F8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\atapi -> 0x8a3501f8
Warning: possible MBR rootkit infection !
user & kernel MBR OK
Use "Recovery Console" command "fixmbr" to clear infection !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1637052564-2845929974-231691455-1007\Software\SecuROM\License information*]
"datasecu"=hex:0e,d3,fc,a2,73,8a,60,55,66,ad,d9,e8,80,b8,6e,3b,b2,df,c0,b7,2a,
6d,59,f5,53,37,bb,c1,a3,fe,26,c0,e9,9b,93,67,d6,86,99,82,e7,8f,33,41,89,62,\
"rkeysecu"=hex:5e,b7,c1,56,af,ca,b3,37,20,76,f3,f0,c7,49,60,35
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(908)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-11-12 3:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-12 08:38
ComboFix2.txt 2009-11-11 22:38
ComboFix3.txt 2009-11-11 04:34
Pre-Run: 47,835,586,560 bytes free
Post-Run: 47,800,836,096 bytes free
- - End Of File - - 0B29EC96130BDC382C3054E32A59DDDC
I have deleted some programs after running combofix, because i got viruses from them. don't know if that matters or not, but i figured i would let you know just in case.
