Inactive [InActive] Recent registry clean and malware removal, now freezing

winoceros · 2008/10/15

I recently got the Vmonde and had it removed by working with the experts at the spybot.com forum. It seemed to work after that, so I gave the system back to my mom. It was running fine until she opened her Outlook and everything went awry. Striping on the monitor, frozen black screens, cursor that disappears, processes that halt and return. When booting, often, but not always goes to check disk, lines fill the screen. Mom wrote the message (partial) Fat32 vol ser # section 6CC5-1CE7, in case this is relevant. She hasn't gotten the blue screen of death, but it's currently kind of flipping out.

I had run a CCleaner and saved the registry entries, which I have on a thumb drive, but don't know how to post that, in case it's relevant. I ran the CCleaner before visiting spybot.com's forums, and they state my HiJackThis log looks clean.

I feel like I've done something to destabilize her hard drive. What should I do to proceed?

I have defragged, and it worked great. But after a couple more reboots, it all went downhill again, same symptoms. It was 30% fragmented, so I thought we had a winner, but no.

Logfile of random's system information tool 1.04 (written by random/random)
Run by NEllers at 2008-10-15 19:42:50
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 61 GB (80%) free of 76 GB
Total RAM: 767 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:42:57 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\GWMDMMSG.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\NEllers\Local Settings\Temporary Internet Files\Content.IE5\TLSQLZIT\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\NEllers.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [PROMon.exe] "C:\WINDOWS\system32\PROMon.exe "
O4 - HKLM\..\Run: [GWMDMMSG] "C:\WINDOWS\GWMDMMSG.exe "
O4 - HKLM\..\Run: [GWMDMpi] "C:\WINDOWS\GWMDMpi.exe "
O4 - HKLM\..\Run: [REGSHAVE] "C:\Program Files\REGSHAVE\REGSHAVE.EXE" /AUTORUN
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] "C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe "
O4 - HKLM\..\Run: [Microsoft Works Update Detection] "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe "
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe "
O4 - HKLM\..\Run: [Lexmark 1200 Series] "C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe "
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] "C:\WINDOWS\system32\dumprep.exe" 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe "
O4 - HKCU\..\Run: [DW6] "C:\PROGRA~1\THEWEA~1\DESKTOP\DesktopWeather.exe "
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://chill.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/sj/en/check/qdiagh.cab?326
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: PrismXL - Lanovation - C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 7461 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\wrSpySweeperFullSweep.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PROMon.exe "=C:\WINDOWS\system32\PROMon.exe [2002-04-18 73728]
"GWMDMMSG "=C:\WINDOWS\GWMDMMSG.exe [2006-08-04 90112]
"GWMDMpi "=C:\WINDOWS\GWMDMpi.exe [2006-08-04 53248]
"REGSHAVE "=C:\Program Files\REGSHAVE\REGSHAVE.EXE [2002-02-04 53248]
"HPDJ Taskbar Utility "=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe [2006-01-13 196608]
"Microsoft Works Update Detection "=C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2002-07-16 28672]
"tgcmd "=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"SunJavaUpdateSched "=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"Lexmark 1200 Series "=C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe [2006-07-13 57344]
"mcagent_exe "=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"NvCplDaemon "=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz "=C:\WINDOWS\system32\nwiz.exe [2006-10-22 1622016]
"NvMediaCenter "=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"KernelFaultCheck "=C:\WINDOWS\system32\dumprep.exe [2008-04-13 10752]
"SpySweeper "=C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-08-09 5418864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS "=C:\Program Files\Messenger\MSMSGS.EXE [2008-04-13 1695232]
"ctfmon.exe "=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DW6 "=C:\PROGRA~1\THEWEA~1\DESKTOP\DesktopWeather.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Exif Launcher.lnk - C:\Program Files\FinePixViewer\QuickDCF.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername "=0
"legalnoticecaption "=
"legalnoticetext "=
"shutdownwithoutlogon "=1
"undockwithoutlogon "=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives "=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun "=
"NoDrives "=
"NoDriveAutoRun "=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe "= "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe "= "%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 "
"%windir%\Network Diagnostic\xpnetdiag.exe "= "%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 "

======List of files/folders created in the last 3 months======

2008-10-15 19:42:50 ----D---- C:\rsit
2008-10-14 18:04:28 ----HD---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-14 18:04:22 ----HD---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-14 18:04:11 ----HD---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-14 18:03:57 ----HD---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-14 18:03:46 ----HD---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-09 16:46:52 ----SHD---- C:\FOUND.003
2008-10-08 20:23:20 ----SHD---- C:\FOUND.002
2008-10-07 17:54:53 ----A---- C:\WINDOWS\WRSetup.dll
2008-10-07 17:54:52 ----D---- C:\Program Files\Webroot
2008-10-07 17:54:52 ----D---- C:\Documents and Settings\NEllers\Application Data\Webroot
2008-10-07 17:54:52 ----D---- C:\Documents and Settings\All Users\Application Data\Webroot
2008-10-07 17:53:06 ----A---- C:\Program Files\SpySweeperSNRSetup_EN.exe
2008-10-07 17:09:03 ----A---- C:\WINDOWS\imsins.BAK
2008-10-07 17:08:57 ----HD---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-07 17:03:12 ----A---- C:\ComboFix.txt
2008-10-07 17:00:45 ----D---- C:\WINDOWS\erdnt
2008-10-07 17:00:34 ----A---- C:\WINDOWS\zip.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\VFIND.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\SWSC.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\SWREG.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\sed.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\NIRCMD.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\grep.exe
2008-10-07 17:00:34 ----A---- C:\WINDOWS\fdsv.exe
2008-10-07 17:00:31 ----D---- C:\ComboFix
2008-10-07 16:54:44 ----D---- C:\QooBox
2008-10-07 06:56:31 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-07 06:47:29 ----D---- C:\Documents and Settings\NEllers\Application Data\Malwarebytes
2008-10-07 06:47:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-07 06:45:28 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-06 21:27:58 ----D---- C:\VundoFix Backups
2008-10-06 21:27:58 ----A---- C:\VundoFix.txt
2008-10-05 23:27:52 ----SHD---- C:\FOUND.001
2008-10-05 23:08:54 ----D---- C:\WINDOWS\ERUNT
2008-10-05 23:02:09 ----A---- C:\WINDOWS\ntbtlog.txt
2008-10-05 22:59:16 ----D---- C:\SDFix
2008-10-05 22:11:40 ----A---- C:\Program Files\HJTInstall.exe
2008-10-05 22:02:04 ----D---- C:\Program Files\Trend Micro
2008-10-05 16:19:22 ----D---- C:\Program Files\CCleaner
2008-10-05 12:50:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-05 12:50:14 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-05 10:08:55 ----D---- C:\WINDOWS\Minidump
2008-09-29 20:48:24 ----D---- C:\WINDOWS\nview
2008-09-29 20:48:24 ----A---- C:\WINDOWS\system32\nvudisp.exe
2008-09-29 20:47:45 ----A---- C:\WINDOWS\system32\NVUNINST.EXE
2008-09-29 20:47:25 ----D---- C:\NVIDIA
2008-09-29 20:34:41 ----D---- C:\Program Files\SystemRequirementsLab
2008-09-28 21:54:30 ----A---- C:\WINDOWS\system32\67e6d836-.txt
2008-09-28 08:39:52 ----D---- C:\WINDOWS\Prefetch
2008-09-28 08:38:08 ----HD---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-28 08:38:01 ----HD---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-28 08:37:51 ----HD---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-28 08:37:44 ----HD---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-28 08:37:37 ----HD---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-28 08:37:29 ----HD---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-28 08:37:18 ----HD---- C:\WINDOWS\$NtUninstallKB951748$
2008-09-28 08:37:08 ----HD---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-09-28 08:37:00 ----HD---- C:\WINDOWS\$NtUninstallKB950762$
2008-09-28 08:36:51 ----HD---- C:\WINDOWS\$NtUninstallKB951376$
2008-09-28 08:36:43 ----HD---- C:\WINDOWS\$NtUninstallKB951698$
2008-09-28 08:31:46 ----D---- C:\WINDOWS\system32\scripting
2008-09-28 08:31:44 ----D---- C:\WINDOWS\system32\en
2008-09-28 08:31:44 ----D---- C:\WINDOWS\l2schemas
2008-09-23 18:45:31 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-09-23 18:45:31 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-09-23 18:45:29 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-09-23 18:45:29 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-09-23 18:45:29 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-09-23 18:45:28 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-09-23 18:45:28 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-09-23 18:45:27 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-09-23 18:45:26 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-09-23 18:45:26 ----N---- C:\WINDOWS\system32\azroles.dll
2008-09-23 18:45:25 ----N---- C:\WINDOWS\system32\napstat.exe
2008-09-23 18:45:25 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-09-23 18:45:25 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-09-23 18:45:23 ----N---- C:\WINDOWS\system32\qagent.dll
2008-09-23 18:45:23 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-09-23 18:45:23 ----N---- C:\WINDOWS\system32\mssha.dll
2008-09-23 18:45:23 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-09-23 18:45:23 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-09-23 18:45:23 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-09-23 18:45:22 ----N---- C:\WINDOWS\system32\onex.dll
2008-09-23 18:45:22 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-09-23 18:45:20 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-09-23 18:45:19 ----N---- C:\WINDOWS\system32\qutil.dll
2008-09-23 18:45:19 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-09-23 18:45:18 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-09-23 18:45:17 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-09-23 18:45:17 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-09-23 18:45:17 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-09-23 18:45:16 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-09-23 18:45:16 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-09-23 18:45:15 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-09-23 18:45:15 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-09-23 18:45:14 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-09-23 18:45:13 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-09-23 18:45:12 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-09-23 18:45:12 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-09-23 18:45:12 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-09-23 18:45:11 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-09-23 18:45:10 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-09-23 18:45:10 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-09-23 18:45:09 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-09-23 18:45:09 ----N---- C:\WINDOWS\system32\msxml6r.dll
2008-09-23 18:45:09 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-09-23 18:45:08 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-09-23 18:45:06 ----N---- C:\WINDOWS\system32\setupn.exe
2008-09-23 18:45:06 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-09-23 18:45:06 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-09-23 18:45:02 ----N---- C:\WINDOWS\system32\credssp.dll
2008-09-23 18:44:58 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-09-23 18:44:52 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-09-23 18:44:52 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-09-23 18:44:52 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-09-23 18:44:52 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-09-23 18:44:51 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-09-23 18:44:03 ----A---- C:\WINDOWS\005458_.tmp
2008-09-09 21:28:03 ----HD---- C:\WINDOWS\$NtUninstallKB938464_0$
2008-08-13 21:49:05 ----HD---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-08-13 21:48:59 ----HD---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-08-13 21:48:52 ----HD---- C:\WINDOWS\$NtUninstallKB953839$
2008-08-13 21:48:46 ----HD---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-08-13 21:47:36 ----HD---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-08-13 21:47:28 ----HD---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-08-13 21:46:54 ----HD---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-08-09 14:42:08 ----A---- C:\WINDOWS\system32\wrLZMA.dll
2008-08-09 14:42:00 ----A---- C:\WINDOWS\system32\SsiEfr.exe
2008-07-31 19:54:23 ----A---- C:\WINDOWS\wininit.ini
2008-07-30 15:52:38 ----D---- C:\BMGRDEMO
2008-07-30 15:52:32 ----A---- C:\WINDOWS\BMWEBLNK.EXE
2008-07-30 15:52:00 ----D---- C:\ltpb
2008-07-30 15:50:44 ----D---- C:\Program Files\Great Game Products
2008-07-30 15:44:36 ----D---- C:\SIERRA
2008-07-30 15:44:16 ----A---- C:\WINDOWS\SIERRA.INI

======List of files/folders modified in the last 3 months======

2008-10-15 05:47:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-07 17:02:34 ----A---- C:\WINDOWS\system.ini
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-05 11:41:44 ----A---- C:\WINDOWS\win.ini
2008-10-03 12:41:16 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-09-29 21:18:54 ----A---- C:\WINDOWS\3DHOME.INI
2008-09-28 08:43:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-08-30 07:31:52 ----A---- C:\WINDOWS\lexstat.ini
2008-08-27 03:24:32 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-08-26 02:24:32 ----A---- C:\WINDOWS\system32\wininet.dll
2008-08-26 02:24:32 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-08-26 02:24:32 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\occache.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\mstime.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\msrating.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\jsproxy.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\iernonce.dll
2008-08-26 02:24:30 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\url.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-08-26 02:24:30 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieaksie.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\ieakeng.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\extmgr.dll
2008-08-26 02:24:28 ----N---- C:\WINDOWS\system32\dxtrans.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\icardie.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-08-26 02:24:28 ----A---- C:\WINDOWS\system32\advpack.dll
2008-08-25 03:38:00 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2008-08-25 03:38:00 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-08-23 00:54:52 ----N---- C:\WINDOWS\system32\ieakui.dll
2008-08-14 05:11:02 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 04:33:16 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-18 22:10:48 ----A---- C:\WINDOWS\system32\cdm.dll
2008-07-18 22:10:42 ----A---- C:\WINDOWS\system32\wuauclt.exe
2008-07-18 22:10:40 ----A---- C:\WINDOWS\system32\wups2.dll
2008-07-18 22:10:24 ----A---- C:\WINDOWS\system32\wucltui.dll.mui
2008-07-18 22:10:20 ----A---- C:\WINDOWS\system32\wups.dll
2008-07-18 22:09:46 ----A---- C:\WINDOWS\system32\wucltui.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuweb.dll
2008-07-18 22:09:44 ----A---- C:\WINDOWS\system32\wuapi.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuaueng.dll
2008-07-18 22:09:42 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2008-07-18 22:08:34 ----A---- C:\WINDOWS\system32\wuaueng.dll.mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2006-09-26 3026]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R2 TVicPort;TVicPort; C:\WINDOWS\system32\drivers\TVicPort.sys [2002-10-11 4080]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2006-08-04 4816]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2006-08-04 139776]
R3 GTWModem;GTW V.92 Voicemodem; C:\WINDOWS\System32\DRIVERS\GWMDM.sys [2006-08-04 1107680]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2006-08-04 493896]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 BCMModem;BCM V.90 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMDM.sys [2001-08-17 871388]
S3 busbcrw;USB Card Reader Writer driver; C:\WINDOWS\System32\Drivers\busbcrw.sys [2003-04-22 16896]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2006-04-17 311296]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 1118208]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS [2006-08-04 57344]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [2008-08-09 3585384]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PictureTaker;PictureTaker; C:\WINDOWS\System32\PCTKRNT.SYS [2006-08-04 45056]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-15 19:43:00

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Hewlett-Packard\HP PrecisionScan\Uninst.isu "
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39DA87A1-0B26-4562-A70C-2A6147366E47}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F765BD0-B900-4EDE-A90B-61C8A9E95C42}\SETUP.EXE"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAD59025-5B73-4E12-B789-0028C5A573C2}\SETUP.EXE"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c "C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll "
Adobe Download Manager 2.0 (Remove Only)--> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe "
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
BlockBase-->C:\WINDOWS\IsUninst.exe -fC:\BB2\Uninst.isu
Bridge Baron 16-->MsiExec.exe /X{98CB5CA0-88D8-47E2-ABEC-A2547986B97F}
CCleaner (remove only)--> "C:\Program Files\CCleaner\uninst.exe "
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Dear Jane-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4AA3980B-6035-4F05-8B2C-93C7790A28B8}
Desktop Doctor--> "C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor? "
EQ5-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Electric Quilt Company\EQ5\Uninst.isu "
FinePixViewer Ver.3.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{24ED4D80-8294-11D5-96CD-0040266301AD} /l1033
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Gateway Desktop Manager-->C:\Program Files\Gateway\BMPMAN\GWBMPMAN.exe UNINSTALL
Gateway Drivers and Applications Recovery-->C:\Program Files\Gateway\HPA\GWMenu.exe UNINSTALL
Gateway IE Customizations-->C:\Program Files\\Gateway\IECustom\IEProj.exe UNINSTALL
Gateway Power Management-->C:\Program Files\Gateway\Power Management\Grnstar.exe UNINSTALL
GTW V.92 Voicemodem-->C:\WINDOWS\GWMDMU.exe verbose
HijackThis 2.0.2--> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)--> "C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe "
Hotfix for Windows XP (KB952287)--> "C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe "
hp deskjet 930c series (Remove only)-->C:\Program Files\hp deskjet 930c series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=LPT1: -vproduct=930c -huninstall
hp deskjet 930c series-->rundll32 hpzcon04.dll,VendorJettison hp deskjet 930c series
ImageMixer VCD for FinePix-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D3AA158A-9421-4883-8767-E771B0964A1D}\setup.exe"
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->MsiExec.exe /I{01A4AEDE-F219-49A2-B855-16A016EAF9A4}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lexmark 1200 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXCZUN5C.EXE -dLexmark 1200 Series
Malwarebytes' Anti-Malware--> "C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe "
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Internationalized Domain Names Mitigation APIs--> "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe "
Microsoft National Language Support Downlevel APIs--> "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe "
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
PC-Doctor for Windows-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F7CCFA3-D926-4882-B2A5-A0217ED25597}\SETUP.EXE"
PCQdesigner by Quilting Mouse Technologies-->MsiExec.exe /X{E7A545E3-D262-4F67-991F-267E8C069D8C}
PE-DESIGN Ver.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{30D1589D-8191-4BAB-8F8F-EC80E68122E9}\setup.exe" -l0x9 -uninst
PE-DESIGN Version 2.0-->C:\WINDOWS\IsUninst.exe -f "C:\Program Files\Brother\PE-DESIGN Version 2.0\Uninst.isu "
PhoneTools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3436EE2-D5CB-4249-840B-3A0140CC34C3}\SETUP.EXE" -l0x9 ControlPanel
Pre-Design 2-->MsiExec.exe /I{211DC681-804B-4D03-9E58-9A93C04E6632}
QTMenu-->C:\WINDOWS\system32\GKSUI18.EXE C:\Program Files\QTMenu\Uninstall45A8.DAT
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Security Update for Windows Internet Explorer 7 (KB938127)--> "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB939653)--> "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB942615)--> "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB944533)--> "C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB950759)--> "C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB953838)--> "C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe "
Security Update for Windows Internet Explorer 7 (KB956390)--> "C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe "
Security Update for Windows Media Player 8 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP8$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB911565)--> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe "
Security Update for Windows Media Player 9 (KB917734)--> "C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe "
Security Update for Windows XP (KB938464)--> "C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe "
Security Update for Windows XP (KB941569)--> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe "
Security Update for Windows XP (KB946648)--> "C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950760)--> "C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950762)--> "C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe "
Security Update for Windows XP (KB950974)--> "C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951066)--> "C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376)--> "C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951376-v2)--> "C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951698)--> "C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe "
Security Update for Windows XP (KB951748)--> "C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe "
Security Update for Windows XP (KB952954)--> "C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe "
Security Update for Windows XP (KB953839)--> "C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe "
Security Update for Windows XP (KB954211)--> "C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956391)--> "C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956803)--> "C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe "
Security Update for Windows XP (KB956841)--> "C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe "
Security Update for Windows XP (KB957095)--> "C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe "
Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
Spy Sweeper--> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe "
Spybot - Search & Destroy--> "C:\Program Files\Spybot - Search & Destroy\unins000.exe "
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Update for Windows XP (KB951072-v2)--> "C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe "
Update for Windows XP (KB951978)--> "C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe "
Windows XP Service Pack 3--> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe "
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: (no name) - {A4570AF1-E67E-4F81-BB53-E2DF7E199039} - (no file)
O2 - BHO: (no name) - {E0D22F32-1BB8-4934-ADA0-09C611A3E978} - (no file)
O2 - BHO: (no name) - {F845B343-5FDA-4699-B371-CC90C39E2E54} - C:\WINDOWS\system32\fccBrPgd.dll
O4 - HKLM\..\Run: [BM6ff62fd4] "C:\WINDOWS\system32\Rundll32.exe" "C:\WINDOWS\system32\fuwusxin.dll ",s
O20 - AppInit_DLLs: wkgkzd.dll potpkd.dll
O2 - BHO: (no name) - {E56DA3B7-6403-46CB-8C8B-7ED644B39814} - C:\WINDOWS\system32\fccBrPgd.dll

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Webroot Spy Sweeper (disabled)
AV: McAfee VirusScan
FW: McAfee Personal Firewall

======Environment variables======

"ComSpec "=%SystemRoot%\system32\cmd.exe
"Path "=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\PC-Doctor for Windows\services
"windir "=%SystemRoot%
"OS "=Windows_NT
"PROCESSOR_ARCHITECTURE "=x86
"PROCESSOR_LEVEL "=15
"PROCESSOR_IDENTIFIER "=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION "=0207
"NUMBER_OF_PROCESSORS "=1
"PATHEXT "=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP "=%SystemRoot%\TEMP
"TMP "=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK "=NO

-

noahdfear · 2008/10/19

Hi winoceros, and sorry for the delay.

Do you have a link to the topic at Spybot forums where you received assistance? I'd like to review and see what's been done.

winoceros · 2008/10/19

Thank you so much. I don't have the machine right here, but can get to it quickly if needed. Here is our forum thread:
http://forums.spybot.info/showthread.php?t=35023&highlight=winoceros

noahdfear · 2008/10/19

Recommend you update drivers on the machine, particularly the video drivers. I would also recommend running a hard drive integrity test using a tool that can be downloaded from the manufacturer's website. Not knowing what the hard drive's manufacturer is myself, I cannot point you to any specific utility. A quick search in the Hardware forum should yield some results for various tests available.

It might be helpful if you could get us a better description of the error message mentioned above.

winoceros · 2008/10/19

We are having a hard time finding a reliable, non "baiting" site for a video driver. Where should we go for an NVideo driver?

noahdfear · 2008/10/19

Generally the nVidia website is a good choice.
What are your video card specs?

winoceros · 2008/10/19

That's what I get for being a Google addict. I'll retrieve the machine from Mom and get the info tomorrow. I'll try your suggestions and report. Thank you so much, Dave.

noahdfear · 2008/10/19

Will await your findings.

winoceros · 2008/10/21

The freezing and flashing is still nonstop. I'll give you everything I can think of. I did a hard disk check courtesy of the driver manufacturer's website. Both the quick test and the extended test show "pass ". The lines still appear every time the computer is rebooted. Every other boot, the system goes into checkdisk mode. Whether I stop it or no, I get the same results. Sometimes the system is slow slow I have to just turn it off and try again. Sometimes, like now, it flashes and freezes just briefly, allowing me to get onto the internet. Usually though, within several minutes, it starts to freeze up. I'll be pleased if I can get this posted. I don't mean to bump, I'm just posting so I can get this info to you. More coming.

winoceros · 2008/10/21

I am somehow, possibly erroneously, convinced that I have very badly updated or not updated my Nvidia driver. I tried to find the right one, but there is nothing to convince me that I have done it correctly, given the lines, and the ghosting behind my desktop icons (randomly, each time I boot). I could weep. I don't think I've done it right. If it seems to be a question of video driver updating, I'm going to need handholding, unfortunately. I'm grateful but oh so frustrated.

winoceros · 2008/10/21

Lastly, each time I boot I get a message that is almost verbatim as this: "This system has both ECC and None-ECC memory and may be unstable as a result ". This is my mother's computer and she's had it since 2004, so I have no idea if this very phrase has come up for years, or if it's a new thing since I've begun working on her computer for her.

winoceros · 2008/10/21

One more "lastly ". I have been unable to enter Safe Mode. I hit the F8 rapidly, and I get the menu, but when I choose Safe Mode, it scrolls an entire screen of all the file locations of the various drivers on the machine. I cannot exit nor proceed past it. I have to hard boot in order to get restarted.

PeteC · 2008/10/22

Dave - see my response here

winoceros - when entering Safe Mode you see the list of drivers, etc as they are loaded - you will need to wait a while for Safe Mode to initiate.

Log in or Sign up

Inactive [InActive] Recent registry clean and malware removal, now freezing

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

winoceros Inactive Thread Starter

winoceros Inactive Thread Starter

winoceros Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Log in or Sign up

Inactive [InActive] Recent registry clean and malware removal, now freezing

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

noahdfear Inactive

winoceros Inactive Thread Starter

winoceros Inactive Thread Starter

winoceros Inactive Thread Starter

winoceros Inactive Thread Starter

PeteC SuperGeek Staff

Share This Page

Useful Searches