Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Troj/Rustok-N


  • This topic is locked This topic is locked
2 replies to this topic

#1 reverendpan

reverendpan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 20 December 2008 - 07:02 PM

:thumbsup: I have been trying to get rid of this for a couple of days now. I have used zonealarm to try to get rid of it, but it hasn't worked... help! I tried to use the Kapernsky online scan, but part way into updating I get a warning saying that I am not connected to the internet because they could not reach the server. Please Help!!! :)
Logfile of random's system information tool 1.05 (written by random/random)
Run by Reverend Jeffrey at 2008-12-20 17:45:01
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 50 GB (49%) free of 103 GB
Total RAM: 3006 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:45:35 PM, on 12/20/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Reverend Jeffrey\Program Files\DNA\btdna.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Reverend Jeffrey\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MRXJFELX\RSIT[1].exe
C:\Program Files\trend micro\Reverend Jeffrey.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1434207
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Print Clips - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Reverend Jeffrey\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/betapit/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{4150DF59-1A48-4CD4-8FCB-DFF0062D5C72}: NameServer = 85.255.113.130;85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9BE2224-AC0F-407A-A127-77C88EE6D805}: NameServer = 85.255.113.130;85.255.112.64
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.130;85.255.112.64
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.113.130;85.255.112.64
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.130;85.255.112.64
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9405 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForReverend Jeffrey.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job
C:\Windows\tasks\User_Feed_Synchronization-{A42B8D3D-8C50-4DBC-8AA9-AAFBDB4A2075}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
isoHunt Toolbar - C:\Program Files\isoHunt\tbisoH.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
HP Print Clips - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll [2007-08-31 177504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{a6e4a4eb-d169-4e99-8988-250fcbafe767} - isoHunt Toolbar - C:\Program Files\isoHunt\tbisoH.dll [2008-11-23 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1033512]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2007-12-19 468264]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-09-19 202032]
"OnScreenDisplay"=C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [2007-09-04 554320]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-06-02 80896]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-16 75008]
"WAWifiMessage"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [2007-01-08 311296]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-07 86016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2007-11-07 8534560]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2007-11-07 81920]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"1A:Stardock TrayMonitor"= []
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-08-21 981904]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2007-09-13 480560]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2007-09-13 1603152]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2007-10-25 652624]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-07 1838592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"=C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2007-10-01 1783136]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"BitTorrent DNA"=C:\Users\Reverend Jeffrey\Program Files\DNA\btdna.exe [2008-12-18 342848]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]

C:\Users\Reverend Jeffrey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2008-12-20 17:45:03 ----D---- C:\Program Files\trend micro
2008-12-20 17:45:01 ----D---- C:\rsit
2008-12-18 23:59:19 ----A---- C:\rollback.ini
2008-12-18 23:02:40 ----D---- C:\ProgramData\MailFrontier
2008-12-18 23:02:19 ----A---- C:\Windows\zllsputility.exe
2008-12-18 23:01:54 ----A---- C:\Windows\system32\vsregexp.dll
2008-12-18 23:01:51 ----A---- C:\Windows\system32\zlcommdb.dll
2008-12-18 23:01:51 ----A---- C:\Windows\system32\zlcomm.dll
2008-12-18 23:01:41 ----A---- C:\Windows\system32\vswmi.dll
2008-12-18 23:01:38 ----A---- C:\Windows\system32\zpeng25.dll
2008-12-18 23:01:37 ----A---- C:\Windows\system32\vsxml.dll
2008-12-18 23:01:35 ----D---- C:\Program Files\Zone Labs
2008-12-18 23:01:35 ----A---- C:\Windows\system32\vspubapi.dll
2008-12-18 23:01:35 ----A---- C:\Windows\system32\vsmonapi.dll
2008-12-18 23:01:33 ----A---- C:\Windows\system32\vsdata.dll
2008-12-18 23:00:45 ----A---- C:\Windows\system32\tcpipcfg.dll
2008-12-18 23:00:45 ----A---- C:\Windows\system32\netiougc.exe
2008-12-18 23:00:19 ----D---- C:\Windows\system32\ZoneLabs
2008-12-18 22:58:52 ----D---- C:\ProgramData\CheckPoint
2008-12-18 22:58:50 ----A---- C:\Windows\system32\vsutil.dll
2008-12-18 22:58:50 ----A---- C:\Windows\system32\vsinit.dll
2008-12-18 22:58:43 ----D---- C:\Windows\Internet Logs
2008-12-18 19:10:53 ----D---- C:\Program Files\IESurfBar
2008-12-18 15:10:52 ----D---- C:\Program Files\extravideo
2008-12-18 15:10:41 ----RSHD---- C:\resycled
2008-12-18 12:44:50 ----A---- C:\Windows\system32\mshtml.dll
2008-12-11 03:05:48 ----A---- C:\Windows\system32\tzres.dll
2008-12-10 19:09:51 ----A---- C:\Windows\system32\gdi32.dll
2008-12-10 19:09:40 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-10 19:09:38 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-10 19:09:25 ----A---- C:\Windows\system32\shell32.dll
2008-12-10 19:09:07 ----A---- C:\Windows\explorer.exe
2008-12-10 19:08:55 ----A---- C:\Windows\system32\urlmon.dll
2008-12-10 19:08:54 ----A---- C:\Windows\system32\ieframe.dll
2008-12-10 19:08:53 ----A---- C:\Windows\system32\wininet.dll
2008-12-10 19:08:52 ----A---- C:\Windows\system32\mstime.dll
2008-12-10 19:08:50 ----A---- C:\Windows\system32\iertutil.dll
2008-12-10 19:08:49 ----A---- C:\Windows\system32\jsproxy.dll
2008-12-10 19:08:40 ----A---- C:\Windows\system32\mf.dll
2008-12-10 19:08:38 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-10 19:08:35 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-10 19:08:35 ----A---- C:\Windows\system32\logagent.exe
2008-12-08 15:47:43 ----D---- C:\Program Files\PowerISO
2008-12-05 17:25:01 ----A---- C:\Windows\system32\javaws.exe
2008-12-05 17:25:01 ----A---- C:\Windows\system32\javaw.exe
2008-12-05 17:25:01 ----A---- C:\Windows\system32\java.exe
2008-12-03 04:01:40 ----D---- C:\Windows\RegCure
2008-12-03 04:01:40 ----D---- C:\Program Files\RegCure
2008-12-02 15:02:40 ----D---- C:\Program Files\Conduit
2008-12-02 15:02:39 ----D---- C:\Program Files\isoHunt
2008-12-01 23:55:10 ----A---- C:\Windows\system32\deploytk.dll
2008-12-01 23:30:18 ----D---- C:\ProgramData\PCSettings
2008-12-01 23:30:18 ----D---- C:\ProgramData\Norton
2008-12-01 23:30:06 ----D---- C:\ProgramData\NortonInstaller
2008-12-01 23:26:57 ----D---- C:\Users\Reverend Jeffrey\AppData\Roaming\WinRAR
2008-12-01 23:24:34 ----D---- C:\Windows\WinRAR
2008-12-01 23:24:34 ----D---- C:\Program Files\WinRAR
2008-12-01 17:13:39 ----A---- C:\Windows\system32\wups2.dll
2008-12-01 17:13:39 ----A---- C:\Windows\system32\wuauclt.exe
2008-12-01 17:13:38 ----A---- C:\Windows\system32\wucltux.dll
2008-12-01 17:13:38 ----A---- C:\Windows\system32\wuaueng.dll
2008-12-01 17:13:11 ----A---- C:\Windows\system32\wups.dll
2008-12-01 17:13:11 ----A---- C:\Windows\system32\wudriver.dll
2008-12-01 17:13:11 ----A---- C:\Windows\system32\wuapi.dll
2008-12-01 17:12:59 ----A---- C:\Windows\system32\wuwebv.dll
2008-12-01 17:12:59 ----A---- C:\Windows\system32\wuapp.exe
2008-12-01 14:21:15 ----D---- C:\Program Files\DivX
2008-12-01 14:10:56 ----A---- C:\Windows\iun6002.exe
2008-11-30 23:01:07 ----D---- C:\Users\Reverend Jeffrey\AppData\Roaming\BitTorrent
2008-11-30 23:00:47 ----D---- C:\Users\Reverend Jeffrey\AppData\Roaming\DNA
2008-11-30 23:00:47 ----D---- C:\Program Files\DNA
2008-11-30 23:00:46 ----D---- C:\Program Files\BitTorrent
2008-11-30 22:56:04 ----D---- C:\Program Files\BitDownload
2008-11-25 12:32:21 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2008-11-25 12:32:19 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll
2008-11-25 12:32:18 ----A---- C:\Windows\system32\WindowsCodecsExt.dll
2008-11-25 12:32:18 ----A---- C:\Windows\system32\WindowsCodecs.dll
2008-11-25 12:32:16 ----A---- C:\Windows\system32\connect.dll

======List of files/folders modified in the last 1 months======

2008-12-20 17:45:19 ----D---- C:\Windows\Prefetch
2008-12-20 17:45:12 ----D---- C:\Windows\Temp
2008-12-20 17:45:03 ----D---- C:\Program Files
2008-12-20 17:42:30 ----SHD---- C:\Windows\Installer
2008-12-20 17:41:57 ----SHD---- C:\System Volume Information
2008-12-20 17:40:32 ----D---- C:\SWSetup
2008-12-19 18:54:21 ----D---- C:\Windows\System32
2008-12-19 18:54:21 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-12-19 18:54:20 ----D---- C:\Windows\inf
2008-12-19 14:35:03 ----D---- C:\Program Files\Mozilla Firefox
2008-12-18 23:39:42 ----D---- C:\Windows
2008-12-18 23:31:17 ----A---- C:\Windows\ntbtlog.txt
2008-12-18 23:08:29 ----D---- C:\Windows\system32\drivers
2008-12-18 23:07:09 ----D---- C:\Windows\system32\migration
2008-12-18 23:02:40 ----HD---- C:\ProgramData
2008-12-18 23:02:14 ----D---- C:\Windows\system32\catroot
2008-12-18 23:01:20 ----D---- C:\Windows\system32\catroot2
2008-12-18 23:01:03 ----D---- C:\Windows\winsxs
2008-12-18 23:00:19 ----D---- C:\Windows\SoftwareDistribution
2008-12-18 22:38:10 ----D---- C:\Windows\system32\config
2008-12-18 22:38:05 ----D---- C:\Windows\Tasks
2008-12-18 22:38:05 ----D---- C:\Windows\system32\spool
2008-12-18 22:38:05 ----D---- C:\Windows\system32\Msdtc
2008-12-18 22:38:05 ----D---- C:\Windows\system32\CodeIntegrity
2008-12-18 22:38:02 ----D---- C:\ProgramData\eSellerate
2008-12-18 22:38:02 ----D---- C:\Program Files\LimeWire
2008-12-18 22:38:02 ----D---- C:\GDPHOME
2008-12-18 22:37:59 ----D---- C:\Windows\system32\wbem
2008-12-18 22:37:59 ----D---- C:\Windows\registration
2008-12-18 22:37:17 ----D---- C:\Program Files\Memeo
2008-12-18 16:05:56 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-18 15:48:12 ----D---- C:\Program Files\Common Files
2008-12-18 15:46:15 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-18 14:56:23 ----D---- C:\Program Files\CyberLink
2008-12-17 01:53:01 ----D---- C:\Windows\Minidump
2008-12-17 00:39:08 ----SD---- C:\Windows\Downloaded Program Files
2008-12-16 23:57:24 ----D---- C:\Windows\system32\Tasks
2008-12-11 03:39:23 ----D---- C:\Windows\rescache
2008-12-11 03:20:31 ----D---- C:\Windows\AppPatch
2008-12-11 03:20:31 ----D---- C:\Program Files\Windows Mail
2008-12-11 03:20:30 ----D---- C:\Windows\system32\en-US
2008-12-11 03:14:53 ----D---- C:\ProgramData\Microsoft Help
2008-12-10 23:32:57 ----D---- C:\ProgramData\CanonIJPLM
2008-12-09 17:24:37 ----A---- C:\Windows\system32\mrt.exe
2008-12-08 16:04:48 ----D---- C:\Users\Reverend Jeffrey\AppData\Roaming\Adobe
2008-12-05 17:24:58 ----D---- C:\Program Files\Java
2008-12-05 00:02:02 ----D---- C:\Program Files\Google
2008-12-04 23:43:36 ----D---- C:\ProgramData\Google
2008-12-03 18:34:27 ----SD---- C:\Users\Reverend Jeffrey\AppData\Roaming\Microsoft
2008-12-02 18:46:50 ----D---- C:\Windows\system32\LogFiles
2008-12-01 23:41:52 ----D---- C:\ProgramData\Symantec
2008-12-01 23:36:14 ----RSD---- C:\Windows\assembly
2008-12-01 00:04:03 ----D---- C:\Users\Reverend Jeffrey\AppData\Roaming\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-06-03 147984]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2008-08-21 294288]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2007-01-23 42496]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2007-03-21 37376]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-12-06 761856]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-20 14208]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HpqRemHid;HP Remote Control HID Device; C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 7168]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-06-20 984064]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-06-20 208896]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-03-06 1059112]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-07 8231584]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 12032]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-20 88576]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-01-18 196784]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-06-20 660480]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-20 11264]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDART.sys [2007-09-09 176640]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-20 200704]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-20 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-16 94208]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 IJPLMSVC;PIXMA Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2007-04-13 101528]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [2007-12-19 271760]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2008-08-21 2405776]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-07-10 386560]
S2 QPSched;QuickPlay Task Scheduler (QTS); C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe [2007-12-19 112016]
S3 Com4Qlb;Com4Qlb; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [2007-03-05 110592]
S3 GoogleDesktopManager;GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-07 1838592]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
info.txt logfile of random's system information tool 1.05 2008-12-20 17:45:49

======Uninstall list======

-->C:\Program Files\Conexant\SmartAudio\SETUP.EXE -U -ISmartAudio -SM=SMAUDIO.EXE,1801
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->MsiExec.exe /X{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}
AIM 6-->C:\Program Files\AIM6\uninst.exe
Atheros Driver Installation Program-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe" -l0x9 -removeonly
Canon iP2600 series User Registration-->C:\Program Files\Canon\IJEREG\iP2600 series\UNINST.EXE
Canon iP2600 series-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2600_series /L0x0009
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe uninst.ini
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU32a.exe -U -IQh30CFza.INF
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
extravideo-->"C:\Program Files\extravideo\Uninstall.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Gregg College Keyboarding & Document Processing Home 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0920B62C-6EDC-4282-8B7B-D9853FE84567}\setup.exe" -l0x9 GDPHOME
Gregg College Keyboarding & Document Processing Home 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E1E4AEF-0332-4C76-A64A-023B78F9C93C}\setup.exe" -l0x9 GDPHOME
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)-->C:\PROGRA~1\WinTV\UNSftMCE.EXE C:\PROGRA~1\WinTV\softMCE.LOG
HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -I*.INF
Hewlett-Packard Active Check for Health Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}\setup.exe -runfromtemp -l0x0409
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0E2B92-3814-46F0-893B-4612EA010C7E}\setup.exe" -l0x9 -removeonly
HP Doc Viewer-->MsiExec.exe /I{082702D5-5DD8-4600-BCE5-48B15174687F}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9 -removeonly
HP Help and Support-->MsiExec.exe /X{31216452-5540-4C96-B754-94890A63D5AB}
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Quick Launch Buttons 6.30 E1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe -runfromtemp -l0x0009 uninst
HP QuickPlay 3.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP QuickTouch 1.00 C4-->MsiExec.exe /I{7DC4A410-9986-4329-9E5D-687B2C42CA39}
HP Smart Web Printing-->msiexec /i{082F8ABA-84D5-4837-9DFC-F365D91A07D4}
HP Total Care Advisor-->MsiExec.exe /X{b02df929-29a7-4fd2-9a70-81a644b635f7}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HP User Guides 0087-->MsiExec.exe /I{4D49757C-367A-4333-BDB3-68966162B14E}
HP Wireless Assistant-->MsiExec.exe /I{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}
HP Wireless Rechargeable Optical Mouse-->Pmuninst.exe MouseSuite98
HPNetworkAssistant-->MsiExec.exe /I{228C6B46-64E2-404E-898A-EF0830603EF4}
isoHunt Toolbar-->C:\PROGRA~1\isoHunt\UNWISE.EXE C:\PROGRA~1\isoHunt\INSTALL.LOG
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
MSN-->C:\Program Files\MSN\MsnInstaller\msniadm.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PIXMA Extended Survey Program-->C:\Program Files\Canon\IJPLM\SETUP.EXE -R
Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
QuickPlay SlingPlayer 0.4.6-->"C:\Program Files\HP\QuickPlay\unins000.exe"
RegCure-->"C:\Windows\RegCure\uninstall.exe" "/U:C:\Program Files\RegCure\Uninstall\uninstall.xml"
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Slingbox Flash Tour-->MsiExec.exe /I{38EAC694-0D90-445F-8C17-8B50ADFE3162}
SlingPlayer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{004B0DCB-4C60-465B-8F01-44B0A4111187} /l1033
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft Office 2007 Help for Common Features (KB957244)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {C8C72583-C907-4D20-8973-C3858D96BD9E}
Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {51864046-74C8-487B-97CD-6167A4B1DB56}
Update for Microsoft Office OneNote 2007 Help (KB957245)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {7332DE60-DC79-4578-A60A-A5EA0D6E032B}
Update for Microsoft Office PowerPoint 2007 Help (KB957247)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {B20E2C59-EEC5-4102-9E50-5DBB2093C37D}
Update for Microsoft Office Word 2007 Help (KB957252)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {54DF3345-0720-4224-9740-C7E00303F565}
Update for Microsoft Script Editor Help (KB957253)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {F21BF703-548C-47B2-B92A-6876E9566C42}
Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
VC 9.0 Runtime-->MsiExec.exe /I{A040AC77-C1AA-4CC9-8931-9F648AF178F6}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
WinRAR-->"C:\Windows\WinRAR\uninstall.exe" "/U:C:\Program Files\WinRAR\Uninstall\uninstall.xml"
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall
AS: ZoneAlarm Security Suite Anti-Spyware (outdated)
AS: Windows Defender

System event log

Computer Name: jeffreys-bleep
Event Code: 7036
Message: The Volume Shadow Copy service entered the running state.
Record Number: 28085
Source Name: Service Control Manager
Time Written: 20081220234104.000000-000
Event Type: Information
User:

Computer Name: jeffreys-bleep
Event Code: 10029
Message: DCOM started the service swprv with arguments "" in order to run the server:
{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Record Number: 28086
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20081220234155.000000-000
Event Type: Information
User:

Computer Name: jeffreys-bleep
Event Code: 7036
Message: The Microsoft Software Shadow Copy Provider service entered the running state.
Record Number: 28087
Source Name: Service Control Manager
Time Written: 20081220234155.000000-000
Event Type: Information
User:

Computer Name: jeffreys-bleep
Event Code: 7036
Message: The Problem Reports and Solutions Control Panel Support service entered the stopped state.
Record Number: 28088
Source Name: Service Control Manager
Time Written: 20081220234222.000000-000
Event Type: Information
User:

Computer Name: jeffreys-bleep
Event Code: 7036
Message: The Volume Shadow Copy service entered the stopped state.
Record Number: 28089
Source Name: Service Control Manager
Time Written: 20081220234534.000000-000
Event Type: Information
User:

Application event log

Computer Name: jeffreys-bleep
Event Code: 1013
Message: Product: HP Update -- A newer version of this software has been found on your system. Setup will now exit.
Record Number: 7932
Source Name: MsiInstaller
Time Written: 20081220234230.000000-000
Event Type: Error
User: jeffreys-bleep\Reverend Jeffrey

Computer Name: jeffreys-bleep
Event Code: 10001
Message: Ending session 1 started 2008-12-20T23:42:14.441Z.
Record Number: 7933
Source Name: Microsoft-Windows-RestartManager
Time Written: 20081220234230.611000-000
Event Type: Information
User: jeffreys-bleep\Reverend Jeffrey

Computer Name: jeffreys-bleep
Event Code: 11708
Message: Product: HP Update -- Installation operation failed.
Record Number: 7934
Source Name: MsiInstaller
Time Written: 20081220234233.000000-000
Event Type: Information
User: jeffreys-bleep\Reverend Jeffrey

Computer Name: jeffreys-bleep
Event Code: 1033
Message: Windows Installer installed the product. Product Name: HP Update. Product Version: 4.000.010.008. Product Language: 1033. Installation success or error status: 1603.
Record Number: 7935
Source Name: MsiInstaller
Time Written: 20081220234233.000000-000
Event Type: Information
User: jeffreys-bleep\Reverend Jeffrey

Computer Name: jeffreys-bleep
Event Code: 8224
Message: The VSS service is shutting down due to idle timeout.
Record Number: 7936
Source Name: VSS
Time Written: 20081220234534.000000-000
Event Type: Information
User:

Security event log

Computer Name: jeffreys-bleep
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7038
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220234531.501000-000
Event Type: Audit Failure
User:

Computer Name: jeffreys-bleep
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7039
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220234531.597000-000
Event Type: Audit Failure
User:

Computer Name: jeffreys-bleep
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7040
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220234531.682000-000
Event Type: Audit Failure
User:

Computer Name: jeffreys-bleep
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7041
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220234531.774000-000
Event Type: Audit Failure
User:

Computer Name: jeffreys-bleep
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 7042
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20081220234531.858000-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\CyberLink\Power2Go\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6802
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"PLATFORM"=MCD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"USERPART"=E:
"tvdumpflags"=8

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:46 AM

Posted 28 December 2008 - 03:20 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,111 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:02:46 AM

Posted 03 January 2009 - 09:03 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please start a new topic.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users