Jan

3

Can’t update AVG or go to Windows update page

Filed Under Virus | 

My computer crashed yesterday and had issues trying to download updates to AVG, I disabled the update and ran AVG which found "trojan horse generic.AJIT" and "Trojan horse generic.AJHI".

I also attempted to run AVG in safe mode but before it got done it rebooted with an auto-shutdown.

I scanned it again this morning and it didn’t find the trojan horses but I am still getting nasty pop-ups and can not update AVG or do windows updates.

Need any help with this please, here are the RSIT logs:

Logfile of random’s system information tool 1.05 (written by random/random)

Run by Dad at 2009-01-02 05:23:46

Microsoft Windows XP Home Edition Service Pack 2

System drive I: has 26 GB (74%) free of 35 GB

Total RAM: 3071 MB (88% free)

HijackThis download failed

======Scheduled tasks folder======

I:\WINDOWS\tasks\eyyjvgjf.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]

I:\WINDOWS\system32\rqRIbCvT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java(tm) Plug-In SSV Helper - I:\Program Files\Java\jre6\bin\ssv.dll [2008-12-31 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]

AVG Security Toolbar - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-14 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{ab70e697-4347-4b8e-a78d-60e6a84dc0a1}]

I:\WINDOWS\system32\naywma.dll [2009-01-01 132608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - I:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-31 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{E24496C1-6DC3-4C17-8966-531ED055BFE7}]

I:\WINDOWS\system32\hgGvuRjh.dll [2009-01-01 289792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - I:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-09-14 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=I:\WINDOWS\System32\NvCpl.dll [2007-10-04 8491008]

"RTHDCPL"=I:\WINDOWS\RTHDCPL.EXE [2008-08-31 16862208]

"Alcmtr"=I:\WINDOWS\ALCMTR.EXE [2008-08-31 69632]

"NvMediaCenter"=I:\WINDOWS\System32\NvMcTray.dll [2007-10-04 81920]

"AVG8_TRAY"=I:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-11-27 1261336]

"SunJavaUpdateSched"=I:\Program Files\Java\jre6\bin\jusched.exe [2008-12-31 136600]

"prunnet"=I:\WINDOWS\system32\prunnet.exe []

"nwiz"=nwiz.exe /install []

"Adobe Reader Speed Launcher"=I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

"407f0733"=I:\WINDOWS\system32\yvbjejkw.dll [2009-01-01 90112]

"2Wire Wireless Manager"=I:\Program Files\2Wire Wireless Manager\2Wire.exe -a []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"RegistryCleanerProMFCT"=I:\Program Files\RegistryCleanerPro\RegistryCleanerPro.exe []

"cdloader"=I:\Documents and Settings\Dad\Application Data\mjusbsp\cdloader2.exe [2008-12-17 50520]

I:\Documents and Settings\All Users\Start Menu\Programs\Startup

Microsoft Office.lnk - I:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="avgrsstx.dll naywma.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRIbCvT]

rqRIbCvT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell ExecuteHooks]

"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"=I:\WINDOWS\system32\rqRIbCvT.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

I:\WINDOWS\system32\hgGvuRjh

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Upload Mgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Syste m]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explor er]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

"C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe"="C:\Program Files\Sony\Station\LaunchPad\LaunchPad.exe:*:Enabled:LaunchPad"

"I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

"I:\Program Files\AVG\AVG8\avgupd.exe"="I:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"

"I:\WINDOWS\system32\dpvsetup.exe"="I:\WINDOWS\system32\dpvsetup.exe:*:Enab led:Microsoft DirectPlay Voice Test"

"I:\WINDOWS\system32\rundll32.exe"="I:\WINDOWS\system32\rundll32.exe:*:Enab led:Run a DLL as an App"

"F:\EverQuest Trilogy\eqgame.exe"="F:\EverQuest Trilogy\eqgame.exe:*:Enabled:eqgame"

"I:\Documents and Settings\Dad\Application Data\mjusbsp\magicJack.exe"="I:\Documents and Settings\Dad\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameter s\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@x psp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\J]

shell\AutoRun\command - J:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\K]

shell\AutoRun\command - K:\autorun.exe

shell\phone\command - K:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\{4f2f1c90-76a2-11dd-8e8f-806d6172696f}]

shell\AutoRun\command - J:\setup.exe

======List of files/folders created in the last 3 months======

2009-01-02 05:23:46 —-D—- I:\rsit

2009-01-02 05:23:46 —-D—- I:\Program Files\trend micro

2009-01-01 20:54:11 —-A—- I:\WINDOWS\system32\MSVolume.dll

2009-01-01 20:54:09 —-D—- I:\Program Files\RegistryCleanerPro

2009-01-01 18:35:22 —-A—- I:\WINDOWS\system32\naywma.dll

2009-01-01 18:35:22 —-A—- I:\WINDOWS\system32\jnjtdimd.dll

2009-01-01 18:33:21 —-SH—- I:\WINDOWS\system32\wkjejbvy.ini

2009-01-01 18:33:17 —-A—- I:\WINDOWS\system32\yvbjejkw.dll

2009-01-01 18:32:47 —-A—- I:\WINDOWS\system32\4b5cc34d-.txt

2009-01-01 18:32:20 —-ASH—- I:\WINDOWS\system32\hjRuvGgh.ini2

2009-01-01 18:32:20 —-ASH—- I:\WINDOWS\system32\hjRuvGgh.ini

2009-01-01 18:32:16 —-A—- I:\WINDOWS\system32\hgGvuRjh.dll

2009-01-01 18:11:48 —-D—- I:\WINDOWS\Sun

2008-12-31 18:47:16 —-D—- I:\Program Files\Magelo

2008-12-31 18:44:46 —-A—- I:\WINDOWS\system32\javaws.exe

2008-12-31 18:44:46 —-A—- I:\WINDOWS\system32\javaw.exe

2008-12-31 18:44:46 —-A—- I:\WINDOWS\system32\deploytk.dll

2008-12-31 18:44:45 —-A—- I:\WINDOWS\system32\java.exe

2008-12-31 18:44:32 —-D—- I:\Program Files\Java

2008-12-31 18:44:00 —-D—- I:\Documents and Settings\Dad\Application Data\Sun

2008-12-12 17:31:26 —-D—- I:\Documents and Settings\All Users\Application Data\MSN6

2008-12-12 17:31:25 —-D—- I:\Documents and Settings\Dad\Application Data\MSN6

2008-11-10 05:06:57 —-HD—- I:\$AVG8.VAULT$

======List of files/folders modified in the last 3 months======

2009-01-02 05:23:46 —-RD—- I:\Program Files

2009-01-02 05:23:14 —-D—- I:\WINDOWS\Temp

2009-01-02 05:22:21 —-D—- I:\Documents and Settings\Dad\Application Data\mjusbsp

2009-01-02 05:21:12 —-A—- I:\WINDOWS\SchedLgU.Txt

2009-01-02 05:21:03 —-A—- I:\WINDOWS\win.ini

2009-01-02 05:21:03 —-A—- I:\WINDOWS\system.ini

2009-01-02 04:57:09 —-D—- I:\WINDOWS\system32

2009-01-01 21:38:53 —-A—- I:\WINDOWS\ntbtlog.txt

2009-01-01 21:04:05 —-D—- I:\Documents and Settings

2009-01-01 20:57:19 —-SHD—- I:\WINDOWS\Installer

2009-01-01 20:57:19 —-D—- I:\Documents and Settings\All Users\Application Data\2Wire

2009-01-01 20:57:17 —-D—- I:\Program Files\2Wire Wireless Manager

2009-01-01 20:57:17 —-D—- I:\Config.Msi

2009-01-01 20:57:03 —-D—- I:\Program Files\Common Files\InstallShield

2009-01-01 20:56:54 —-HD—- I:\WINDOWS\inf

2009-01-01 20:56:51 —-D—- I:\WINDOWS\system32\CatRoot2

2009-01-01 20:56:49 —-HD—- I:\Program Files\InstallShield Installation Information

2009-01-01 20:56:49 —-D—- I:\WINDOWS\system32\drivers

2009-01-01 20:54:20 —-D—- I:\WINDOWS\Prefetch

2009-01-01 18:48:30 —-D—- I:\Documents and Settings\All Users\Application Data\Avg8

2009-01-01 18:27:16 —-SD—- I:\WINDOWS\Tasks

2009-01-01 18:11:48 —-D—- I:\WINDOWS

2009-01-01 18:11:29 —-D—- I:\WINDOWS\Registration

2008-12-27 08:19:32 —-D—- I:\Program Files\WinEQ2

2008-12-24 19:25:26 —-D—- I:\WINDOWS\system32\config

2008-12-24 19:25:13 —-D—- I:\WINDOWS\system32\wbem

2008-12-07 15:23:51 —-SD—- I:\Documents and Settings\Dad\Application Data\Microsoft

2008-12-07 15:23:50 —-D—- I:\Documents and Settings\Dad\Application Data\Ventrilo

2008-12-05 07:09:20 —-D—- I:\Program Files\Common Files\System

2008-11-30 03:05:47 —-D—- I:\Documents and Settings\Dad\Application Data\Mozilla

2008-11-22 18:02:56 —-RSHDC—- I:\WINDOWS\system32\dllcache

2008-11-17 14:57:16 —-D—- I:\WINDOWS\Help

2008-11-13 18:23:53 —-A—- I:\WINDOWS\system32\PerfStringBackup.INI

2008-11-10 05:06:58 —-D—- I:\WINDOWS\system32\Tools

2008-10-16 14:13:40 —-A—- I:\WINDOWS\system32\wuweb.dll

2008-10-16 14:13:40 —-A—- I:\WINDOWS\system32\wuaueng.dll

2008-10-16 14:12:22 —-A—- I:\WINDOWS\system32\wucltui.dll

2008-10-16 14:12:20 —-A—- I:\WINDOWS\system32\wuapi.dll

2008-10-16 14:09:44 —-A—- I:\WINDOWS\system32\wups2.dll

2008-10-16 14:09:44 —-A—- I:\WINDOWS\system32\wuauclt.exe

2008-10-16 14:09:44 —-A—- I:\WINDOWS\system32\cdm.dll

2008-10-16 14:09:40 —-A—- I:\WINDOWS\system32\wucltui.dll.mui

2008-10-16 14:08:58 —-A—- I:\WINDOWS\system32\wups.dll

2008-10-16 14:07:44 —-A—- I:\WINDOWS\system32\wuapi.dll.mui

2008-10-16 14:07:14 —-A—- I:\WINDOWS\system32\wuaueng.dll.mui

2008-10-09 20:52:56 —-RSD—- I:\WINDOWS\assembly

2008-10-09 20:52:56 —-D—- I:\WINDOWS\Microsoft.NET

2008-10-09 19:11:30 —-D—- I:\WINDOWS\WinSxS

2008-10-09 19:11:14 —-D—- I:\WINDOWS\system32\mui

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG AVI Loader Driver x86; I:\WINDOWS\System32\Drivers\avgldx86.sys [2008-09-14 97928]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; I:\WINDOWS\System32\Drivers\avgmfx86.sys [2008-09-14 26824]

R1 intelppm;Intel Processor Driver; I:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-04 36096]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; I:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 hidusb;Microsoft HID Class Driver; I:\WINDOWS\System32\DRIVERS\hidusb.sys [2003-03-31 9600]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); I:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-08-31 4739072]

R3 mouhid;Mouse HID Driver; I:\WINDOWS\System32\DRIVERS\mouhid.sys [2003-03-31 12160]

R3 nv;nv; I:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]

R3 RT2500USB;Wireless USB Card Driver; I:\WINDOWS\system32\DRIVERS\rt2500usb.sys [2005-09-30 242432]

R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; I:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;USB2 Enabled Hub; I:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 USBSTOR;USB Mass Storage Driver; I:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; I:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S3 GMSIPCI;GMSIPCI; \??\J:\INSTALL\GMSIPCI.SYS []

S3 PCTINDIS5;PCTINDIS5 NDIS Protocol Driver; \??\I:\WINDOWS\System32\PCTINDIS5.SYS []

S3 RimUsb;BlackBerry Smartphone; I:\WINDOWS\System32\Drivers\RimUsb.sys [2007-05-14 22656]

S3 usbaudio;USB Audio Driver (WDM); I:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

S3 usbccgp;Microsoft USB Generic Parent Driver; I:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b g Wireless LAN Driver (USB)(ZyDAS); I:\WINDOWS\System32\DRIVERS\zd1211Bu.sys []

S4 IntelIde;IntelIde; I:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG8 WatchDog; I:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-14 231704]

R2 JavaQuickStarterService;Java Quick Starter; I:\Program Files\Java\jre6\bin\jqs.exe [2008-12-31 152984]

R2 NVSvc;NVIDIA Display Driver Service; I:\WINDOWS\System32\nvsvc32.exe [2007-10-04 155716]

S3 aspnet_state;ASP.NET State Service; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 odserv;Microsoft Office Diagnostics Service; I:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]

S3 ose;Office Source Engine; I:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

—————–EOF—————–

Info:

info.txt logfile of random’s system information tool 1.05 2009-01-02 05:23:48

======Uninstall list======

–>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {BE2E11CC-5DF5-4AF0-9131-932F4A8B51FC}

–>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 I:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)–>MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}

Adobe Flash Player ActiveX–>I:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.2–>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Advertisement Service–>I:\WINDOWS\system32\prunnet.exe Uninstall

AVG Free 8.0–>I:\Program Files\AVG\AVG8\setup.exe /UNINSTALL

High Definition Audio Driver Package - KB888111–>"I:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"

Hotfix for Office (KB941275)–>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {66B9496E-C0C3-4065-9868-85CCA92126C3}

Java(TM) 6 Update 11–>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Magelo Sync (uninstall only)–>"I:\Program Files\Magelo\Magelo Sync\UnInstall.exe"

MetaFrame Presentation Server Web Client for Win32–>I:\WINDOWS\system32\ctxsetup.exe /uninst I:\PROGRA~1\Citrix\icaweb32\uninst.inf

Microsoft .NET Framework 2.0–>I:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office 2000 SR-1 Professional–>MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}

Microsoft Office Outlook 2007–>"I:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall OUTLOOK /dll OSETUP.DLL

Microsoft Office Outlook 2007–>MsiExec.exe /X{90120000-001A-0000-0000-0000000FF1CE}

Microsoft Office Outlook MUI (English) 2007–>MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007–>MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Shared MUI (English) 2007–>MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007–>MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Visual C 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

NVIDIA Drivers–>I:\WINDOWS\system32\nvuninst.exe UninstallGUI

Realtek High Definition Audio Driver–>RunDll32 I:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,Launc hSetup "I:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0×9 -removeonly

Security Update for Windows Media Player (KB911564)–>"I:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"

Security Update for Windows Media Player 9 (KB911565)–>"I:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"

Security Update for Windows XP (KB890046)–>"I:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"

Security Update for Windows XP (KB893756)–>"I:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896358)–>"I:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896423)–>"I:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896424)–>"I:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"

Security Update for Windows XP (KB896428)–>"I:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899587)–>"I:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"

Security Update for Windows XP (KB899591)–>"I:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"

Security Update for Windows XP (KB900725)–>"I:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901017)–>"I:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"

Security Update for Windows XP (KB901214)–>"I:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"

Security Update for Windows XP (KB904706)–>"I:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905414)–>"I:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB905749)–>"I:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"

Security Update for Windows XP (KB908519)–>"I:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911562)–>"I:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB911927)–>"I:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"

Security Update for Windows XP (KB912919)–>"I:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"

Security Update for Windows XP (KB913580)–>"I:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914388)–>"I:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"

Security Update for Windows XP (KB914389)–>"I:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917344)–>"I:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917422)–>"I:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"

Security Update for Windows XP (KB917953)–>"I:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"

Security Update for Windows XP (KB919007)–>"I:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920670)–>"I:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920683)–>"I:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB920685)–>"I:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921398)–>"I:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"

Security Update for Windows XP (KB921883)–>"I:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922616)–>"I:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"

Security Update for Windows XP (KB922819)–>"I:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923191)–>"I:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923414)–>"I:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924191)–>"I:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"

Security Update for Windows XP (KB924496)–>"I:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"

Update for Office 2007 (KB946691)–>msiexec /package {90120000-001A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}

Update for Windows XP (KB898461)–>"I:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB908531)–>"I:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"

Update for Windows XP (KB910437)–>"I:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"

Update for Windows XP (KB911280)–>"I:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"

Ventrilo Client–>MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

Windows Installer 3.1 (KB893803)–>"I:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows XP Hotfix - KB873333–>I:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe

Windows XP Hotfix - KB873339–>I:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe

Windows XP Hotfix - KB885835–>I:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe

Windows XP Hotfix - KB885836–>I:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe

Windows XP Hotfix - KB888302–>I:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe

Windows XP Hotfix - KB890859–>"I:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"

Windows XP Hotfix - KB891781–>I:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe

Windows XP Service Pack 2–>I:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe

======Security center information======

AV: AVG Anti-Virus Free

System event log

Computer Name: DADSHOME

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18368

Source Name: Disk

Time Written: 20090101130319.000000-300

Event Type: error

User:

Computer Name: DADSHOME

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18367

Source Name: Disk

Time Written: 20090101130314.000000-300

Event Type: error

User:

Computer Name: DADSHOME

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18366

Source Name: Disk

Time Written: 20090101130309.000000-300

Event Type: error

User:

Computer Name: DADSHOME

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18365

Source Name: Disk

Time Written: 20090101130304.000000-300

Event Type: error

User:

Computer Name: DADSHOME

Event Code: 11

Message: The driver detected a controller error on \Device\Harddisk1\D.

Record Number: 18364

Source Name: Disk

Time Written: 20090101130259.000000-300

Event Type: error

User:

Application event log

Computer Name: DADSHOME

Event Code: 7

Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 310

Source Name: crypt32

Time Written: 20081005170743.000000-240

Event Type: information

User:

Computer Name: DADSHOME

Event Code: 2

Message: Successful auto update retrieval of third-party root list cab from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

Record Number: 309

Source Name: crypt32

Time Written: 20080926170719.000000-240

Event Type: information

User:

Computer Name: DADSHOME

Event Code: 7

Message: Successful auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

Record Number: 308

Source Name: crypt32

Time Written: 20080926170719.000000-240

Event Type: information

User:

Computer Name: DADSHOME

Event Code: 1002

Message: Hanging application iexplore.exe, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0×00000000.

Record Number: 307

Source Name: Application Hang

Time Written: 20080925194554.000000-240

Event Type: error

User:

Computer Name: DADSHOME

Event Code: 1800

Message: The Windows Security Center Service has started.

Record Number: 306

Source Name: SecurityCenter

Time Written: 20080921134415.000000-240

Event Type: information

User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem

"windir"=%SystemRoot%

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel

"PROCESSOR_REVISION"=0f0b

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"FP_NO_HOST_CHECK"=NO

—————–EOF—————–

wildone34134 is offline

Related Posts:

written by lina \\ tags: , , , , , , , , , , , , , , , , , , , , , , , ,

Comments

Leave a Reply

You must be logged in to post a comment.