Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Restored HP w.XP to inital setup after Trojan Virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 Wrangler Space

Wrangler Space

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 09 November 2009 - 02:38 AM

Hi and thanks in advance to anyone with any assistance they may offer in helping me clean up my reinstalled OS and any viruses or general slowdowns. I just restored XP to it's original settings as my computer would have random shut-downs. It seems to have helped as I haven't experienced anything in 2 or 3 days. It seems to me I've got a lot of junk, doubles, etc. on my computer. I'd love to be able to tighten up my HD (and keep it that way) so I don't run into this again. Muchas Gracias! :(
I've run and attached the following:
dds log
HJT log
RootRepeal log
ESET online Scanner log

I am not sure what I am looking at but there are a few things that look concerning!?

DDS (Ver_09-10-26.01) - NTFSx86
Run by HP_Administrator at 21:53:07.28 on Sun 11/08/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3006.2287 [GMT -8:00]

AV: Norton Internet Security 2006 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Norton Internet Security 2006 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\HP_Administrator\Desktop\Java Skype VLC CCleaner Pidgin ImgBurn Essentials Ninite Installer.exe
C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\6d8e2067-ccf3-11de-ba7d-001731f09b54\Ninite.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [cdloader] "c:\documents and settings\hp_administrator\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [HPHUPD08] c:\program files\hp\digital imaging\{33d6cc28-9f75-4d1b-a11d-98895b3a3729}\hphupd08.exe
mRun: [DMAScheduler] "c:\program files\hp digitalmedia archive\DMAScheduler.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
StartupFolder: c:\documents and settings\hp_administrator\start menu\programs\startup\PowerReg Scheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {2DAD3559-2923-4935-AD49-B673D2539944} - hxxp://www-307.ibm.com/pc/support/acpir.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1257556965500
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

============= SERVICES / DRIVERS ===============

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-7 102448]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-11-4 17149]
S3 getPlusHelper;getPlusŪ Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2004-8-9 14336]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-11-4 362944]

=============== Created Last 30 ================

2009-11-09 05:32:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-11-09 05:32:04 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-09 03:15:01 0 d-----w- c:\program files\ESET
2009-11-09 01:49:43 474112 ----a-w- c:\windows\system32\SET344.tmp
2009-11-09 01:49:43 3073024 ----a-w- c:\windows\system32\SET33E.tmp
2009-11-09 01:49:43 22528 ----a-w- c:\windows\system32\SET347.tmp
2009-11-09 01:49:43 1495040 ----a-w- c:\windows\system32\SET343.tmp
2009-11-09 01:49:42 662016 ----a-w- c:\windows\system32\SET346.tmp
2009-11-09 01:49:42 613376 ----a-w- c:\windows\system32\SET345.tmp
2009-11-09 01:46:22 57344 ----a-w- c:\windows\system32\SET25A.tmp
2009-11-09 01:44:52 58880 ----a-w- c:\windows\system32\dllcache\SET218.tmp
2009-11-09 01:44:52 22528 ----a-w- c:\windows\system32\SET216.tmp
2009-11-08 04:38:43 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-11-08 04:38:43 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-11-07 08:32:04 0 d-----w- c:\docume~1\hp_adm~1\applic~1\eMule
2009-11-07 08:32:00 0 d-----w- c:\program files\eMule
2009-11-07 06:40:30 0 d-----w- c:\windows\system32\appmgmt
2009-11-07 03:28:32 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-11-07 03:28:32 59264 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-11-07 01:48:58 123392 ------w- c:\windows\system32\SET1A8.tmp
2009-11-07 01:48:53 66560 ----a-w- c:\windows\system32\SET186.tmp
2009-11-07 01:48:34 8192 ------w- c:\windows\system32\SET170.tmp
2009-11-07 01:48:33 148480 ------w- c:\windows\system32\SET171.tmp
2009-11-07 01:48:29 453120 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-07 01:27:11 0 d-----w- c:\windows\system32\PreInstall
2009-11-07 01:23:29 23576 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-11-07 01:22:58 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-06 00:20:57 37376 ----a-w- c:\windows\system32\hpz3l3xt.dll.1
2009-11-06 00:20:49 443 ----a-r- c:\windows\hpw0460k.ini
2009-11-06 00:20:49 102400 ----a-r- c:\windows\scrub2k.exe
2009-11-06 00:19:07 92 ----a-w- c:\windows\hpdj460.ini
2009-11-06 00:19:07 79 ----a-w- c:\windows\hpdj460.his
2009-11-06 00:17:11 2702 ----a-w- c:\windows\mariner.his
2009-11-06 00:17:11 1366 ----a-w- c:\windows\mariner.ini
2009-11-06 00:17:07 574 ----a-w- c:\windows\hpbvnstp.ini
2009-11-06 00:17:07 1835 ----a-w- c:\windows\hpbvnstp.his
2009-11-06 00:16:51 346 ----a-r- c:\windows\system32\hpbvnstp.dat
2009-11-06 00:16:51 184320 ----a-r- c:\windows\system32\hpbvnstp.dll
2009-11-06 00:16:49 37376 ----a-w- c:\windows\system32\hpz3l3xt.dll
2009-11-06 00:04:48 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-06 00:04:48 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-05 05:23:07 0 d-----w- c:\windows\system32\LogFiles
2009-11-05 04:02:49 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-05 04:00:16 8263 ----a-w- c:\windows\system32\drivers\WPN111.cat
2009-11-05 04:00:16 362944 ----a-w- c:\windows\system32\drivers\WPN111.sys
2009-11-05 04:00:16 192512 ----a-r- c:\windows\system32\AegisI5.exe
2009-11-05 04:00:16 17149 ----a-w- c:\windows\system32\DNINDIS5.sys
2009-11-05 04:00:16 15819 ----a-w- c:\windows\system32\drivers\netwpn11.inf
2009-11-05 04:00:16 149392 ----a-w- c:\windows\system32\drivers\ar5523.bin
2009-11-05 04:00:16 147456 ----a-w- c:\windows\system32\ssleay32.dll
2009-11-05 04:00:15 94208 ----a-w- c:\windows\system32\DNIN50.dll
2009-11-05 04:00:15 651264 ----a-w- c:\windows\system32\libeay32.dll
2009-11-05 04:00:15 15941 ----a-w- c:\windows\system32\DNINDIS3.VXD
2009-11-05 02:09:36 0 dcsh--r- C:\cmdcons
2009-11-05 02:06:49 1832 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_RB103AA-ABA a1547c_YC_0Pavi_QCNH629_E63NAemMPA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M3007_J250_7AMD_8Athlon 64_92.4_#061020_N_Z14F12F20_G10DE0241_OLITE-ON DVDRW SHM-165H6S.MRK
2009-11-05 01:41:00 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Intuit
2009-11-05 01:40:58 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Symantec
2009-11-04 21:13:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-11-04 21:13:48 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2009-11-04 21:13:43 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-04 21:13:39 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-04 21:13:36 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-04 20:24:04 0 d-sh--r- c:\windows\system32\dllcache
2009-11-04 02:33:54 0 d-----w- c:\documents and settings\hp_administrator\EurekaLog
2009-10-24 21:16:33 0 dc-h--w- C:\$AVG
2009-10-24 21:16:02 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-10-24 21:15:44 0 d-----w- c:\program files\AVG
2009-10-24 21:15:43 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-10-24 20:58:54 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Apowersoft
2009-10-24 20:58:50 0 d-----w- c:\program files\Apowersoft
2009-10-23 18:46:04 0 dc----w- C:\subsonic
2009-10-23 18:46:01 0 d-----w- c:\program files\Subsonic
2009-10-23 00:20:54 19500 ------w- c:\windows\hpqins13.dat.temp
2009-10-23 00:17:21 0 d-----w- c:\program files\Realtek
2009-10-23 00:17:13 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-10-22 23:17:13 0 d-----w- c:\program files\Digiarty
2009-10-22 22:45:17 0 d-----w- c:\program files\ASTRA32
2009-10-22 22:44:56 0 d-----w- c:\program files\Software Informer
2009-10-22 22:44:56 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Software Informer
2009-10-22 19:11:37 0 d-----w- c:\docume~1\hp_adm~1\applic~1\Malwarebytes
2009-10-22 19:11:31 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-22 19:11:31 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-10-20 00:43:19 0 d-----w- c:\program files\AV MP3 Player-Morpher
2009-10-20 00:30:12 0 d-----w- c:\program files\RonyaSoft CD DVD Label Maker
2009-10-20 00:30:12 0 d-----w- c:\docume~1\alluse~1\applic~1\RonyaSoft CD DVD Label Maker
2009-10-16 21:19:34 0 d-----w- c:\program files\EZ Label Xpress
2009-10-16 21:17:57 0 d-----w- c:\program files\Xpress
2009-10-13 21:04:20 0 d-----w- c:\documents and settings\hp_administrator\dwhelper
2009-10-12 01:18:33 0 d-----w- c:\program files\Coupons

==================== Find3M ====================

2009-11-08 04:40:14 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-11-08 04:40:14 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-10-23 00:20:54 19103 ----a-w- c:\windows\hpqins13.dat
2009-09-29 03:20:28 71181 ----a-w- c:\windows\hpqins06.dat
2009-09-25 20:40:13 70835 ----a-w- c:\windows\hpqins04.dat
2009-09-25 20:40:04 71195 ----a-w- c:\windows\hpqins05.dat
2009-09-25 20:38:30 71127 ----a-w- c:\windows\hpqins01.dat
2009-09-25 09:51:16 71216 ----a-w- c:\windows\hpqins09.dat
2009-09-25 05:49:02 668672 ----a-w- c:\windows\system32\SET2FC.tmp
2009-09-25 05:49:02 628224 ----a-w- c:\windows\system32\SET2FD.tmp
2009-09-25 05:49:02 474112 ----a-w- c:\windows\system32\SET2FE.tmp
2009-09-25 05:49:02 1509888 ------w- c:\windows\system32\SET2FF.tmp
2009-09-25 05:49:01 3070976 ----a-w- c:\windows\system32\SET304.tmp
2009-09-18 09:33:45 352768 ------w- c:\windows\system32\SET30E.tmp
2009-09-04 20:45:26 58880 ------w- c:\windows\system32\SET255.tmp
2009-08-21 09:46:35 450560 ------w- c:\windows\system32\dllcache\jscript.dll
2009-01-26 04:19:53 81408 ----a-w- c:\program files\taskkill.exe
2006-11-21 06:31:24 22 -csha-w- c:\windows\sminst\HPCD.sys

============= FINISH: 21:54:12.82 ===============

I apologize but did I need my HiJackThis report? I saved it but it did not save in a known format. I did upload it. Root Report and ESET below. Again Thank You So Much!

Attached Files


Edited by Wrangler Space, 09 November 2009 - 05:04 PM.

"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

BC AdBot (Login to Remove)

 


#2 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 09 November 2009 - 04:54 PM

It took almost 6 hours to run the Eset online scanner w/three viruses detected. Here are the results from the ESET log:

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\PowerReg Scheduler.exe Win32/PowerReg application cleaned by deleting - quarantined
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP20\A0006917.exe Win32/PowerReg application cleaned by deleting - quarantined
C:\WINDOWS\pss\PowerReg Scheduler.exeStartup Win32/PowerReg application cleaned by deleting - quarantined



I also have just run RootRepeal and have that log as well:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/09 13:13
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB601E000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE24000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAFBD6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091107.004\EraserUtilRebootDrv.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\all users\application data\microsoft\microsoft antimalware\support\mpwpptracing.bin
Status: Allocation size mismatch (API: 4194304, Raw: 2097152)

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a373bf8

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a33a160

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a4b3fc0

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a4170b0

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb63bd020

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a4ad690

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a612bf8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb63bd2a0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb63bd800

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a966ef8

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a41fe80

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a360e88

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a8ed3c8

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a15a630

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a568620

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8a5f73c0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x8a4ae3d0

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a4e29e8

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a40be80

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a512378

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x8a573378

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb63bda50

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a3cb3c8

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a516620

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a528af8

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a4ff3f8

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x89ea45a0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a4b3ef0

==EOF==


I am not sure how to read this information, if anyone can help decipher it for me - any tips would be much appreciated!

Thanks again! :(

If I'm doing something wrong please let me know first time newbie (sorry)
"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#3 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 10 November 2009 - 11:15 PM

OK Two new bits of information I hope is helpful:
#1 I've got my Hijack This Report.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:29 PM, on 11/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Documents and Settings\HP_Administrator\Desktop\RootRepeal.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Microsoft Security Essentials] C:\Program Files\Microsoft Security Essentials\msseces.exe /UpdateAndQuickScan
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1257556965500
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11741 bytes



#2 I turned up a Trojan Virus running a Full Scan with Microsoft Security Essentials. It says it is on my backup of my "Adobe CS3 Master Collection.exe" Which is odd because this is NOT pirated software. I have the seal, code, and dvd case it came in!


Anything Else I can do that would be helpful?

Thank you!

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the HJT Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to two weeks perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Orange Blossom ~ forum moderator

Edited by Orange Blossom, 10 November 2009 - 11:36 PM.

"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 15 November 2009 - 05:34 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 17 November 2009 - 11:33 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.

  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(


"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 18 November 2009 - 07:44 AM

Hi Wrangler Space,

The first thing I need are some more in-depth scan logs.

We need to run RSIT
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your next reply, please include the following:
  • Log.txt
  • info.txt


And then

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Thanks :(
Posted Image
m0le is a proud member of UNITE

#7 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 18 November 2009 - 04:44 PM

OK
>>>>>> Here is log.txt

======List of files/folders created in the last 1 months======

2009-11-18 13:05:05 ----DC---- C:\rsit
2009-11-17 14:42:34 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-11-16 01:02:47 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2009-11-16 01:02:30 ----D---- C:\Program Files\BitTorrent
2009-11-13 18:51:54 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-11-12 16:16:31 ----D---- C:\WINDOWS\LastGood
2009-11-12 12:56:02 ----D---- C:\Program Files\AskBarDis
2009-11-12 12:55:46 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Foxit
2009-11-12 12:55:45 ----D---- C:\Program Files\Foxit Software
2009-11-12 00:26:06 ----D---- C:\Program Files\eMusic Download Manager
2009-11-11 22:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2009-11-11 22:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-11 22:42:06 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-11 22:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 22:27:48 ----RA---- C:\WINDOWS\system32\vnetinst.dll
2009-11-11 22:27:41 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
2009-11-11 22:27:37 ----A---- C:\WINDOWS\system32\vmnat.exe
2009-11-11 22:27:29 ----A---- C:\WINDOWS\system32\vnetlib.dll
2009-11-11 22:26:21 ----D---- C:\Program Files\Common Files\VMware
2009-11-11 22:26:04 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-11-11 22:25:47 ----D---- C:\Program Files\VMware
2009-11-11 21:21:54 ----D---- C:\Program Files\ResumeMaker14
2009-11-11 21:21:31 ----D---- C:\Program Files\Data
2009-11-11 21:21:30 ----D---- C:\Program Files\BACKUP
2009-11-11 00:46:45 ----D---- C:\Documents and Settings\All Users\Application Data\Avery
2009-11-11 00:46:42 ----D---- C:\Program Files\Avery Dennison
2009-11-11 00:32:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2009-11-10 20:32:33 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2009-11-10 12:58:13 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\GrabPro
2009-11-10 11:35:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-10 03:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-10 03:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-10 03:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-10 03:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-10 03:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-10 03:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-10 03:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-10 03:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-11-10 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-10 01:25:37 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-11-09 21:38:38 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\CBS Interactive
2009-11-09 21:34:02 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrueCrypt
2009-11-09 19:49:25 ----D---- C:\Program Files\Belarc
2009-11-09 19:47:59 ----D---- C:\Program Files\TrueCrypt
2009-11-09 16:35:15 ----D---- C:\Documents and Settings\All Users\Application Data\MediaMonkey
2009-11-09 15:04:54 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-11-09 13:31:16 ----AC---- C:\RootRepeal report 11-09-09 (13-31-16).txt
2009-11-09 09:42:57 ----A---- C:\WINDOWS\system32\muweb.dll
2009-11-09 09:42:57 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-09 09:42:57 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-11-08 23:41:34 ----AC---- C:\RootRepeal report 11-08-09 (23-41-34).txt
2009-11-08 22:44:00 ----D---- C:\Program Files\Trend Micro
2009-11-08 22:41:04 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-08 22:36:19 ----D---- C:\Program Files\Microsoft Security Essentials
2009-11-08 22:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2009-11-08 22:34:07 ----D---- C:\Program Files\Common Files\GTK
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\java.exe
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-08 19:15:01 ----D---- C:\Program Files\ESET
2009-11-08 17:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-11-08 17:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-11-08 17:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-08 17:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-08 17:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-07 00:32:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\eMule
2009-11-07 00:32:00 ----D---- C:\Program Files\eMule
2009-11-07 00:19:26 ----D---- C:\Program Files\NOS
2009-11-07 00:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-11-06 22:40:30 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-06 17:27:11 ----D---- C:\WINDOWS\system32\PreInstall
2009-11-06 17:23:29 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-11-06 17:22:58 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-05 16:20:57 ----A---- C:\WINDOWS\system32\hpz3l3xt.dll.1
2009-11-05 16:20:49 ----RA---- C:\WINDOWS\scrub2k.exe
2009-11-05 16:20:49 ----RA---- C:\WINDOWS\hpw0460k.ini
2009-11-05 16:19:07 ----A---- C:\WINDOWS\hpdj460.ini
2009-11-05 16:17:11 ----A---- C:\WINDOWS\mariner.ini
2009-11-05 16:17:07 ----A---- C:\WINDOWS\hpbvnstp.ini
2009-11-05 16:16:51 ----RA---- C:\WINDOWS\system32\hpbvnstp.dll
2009-11-05 16:16:49 ----A---- C:\WINDOWS\system32\hpz3l3xt.dll
2009-11-05 16:00:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2009-11-04 21:23:07 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-04 20:00:16 ----RA---- C:\WINDOWS\system32\AegisI5.exe
2009-11-04 20:00:16 ----A---- C:\WINDOWS\system32\ssleay32.dll
2009-11-04 20:00:15 ----A---- C:\WINDOWS\system32\libeay32.dll
2009-11-04 20:00:15 ----A---- C:\WINDOWS\system32\DNIN50.dll
2009-11-04 18:09:36 ----RSHDC---- C:\cmdcons
2009-11-04 17:41:12 ----ASHC---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2009-11-04 17:41:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2009-11-04 17:41:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2009-11-04 17:40:58 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-11-04 17:40:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2009-11-04 17:40:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2009-11-04 13:13:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-04 12:24:04 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-02 13:28:12 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Help
2009-10-27 11:31:23 ----D---- C:\Program Files\Apple Software Update
2009-10-24 13:16:33 ----HDC---- C:\$AVG
2009-10-24 13:16:02 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-10-24 13:15:44 ----D---- C:\Program Files\AVG
2009-10-24 13:15:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-24 12:58:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Apowersoft
2009-10-23 10:46:04 ----DC---- C:\subsonic
2009-10-22 16:17:21 ----D---- C:\Program Files\Realtek
2009-10-22 16:17:13 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-10-22 15:17:13 ----D---- C:\Program Files\Digiarty
2009-10-22 14:45:17 ----D---- C:\Program Files\ASTRA32
2009-10-22 14:44:56 ----D---- C:\Program Files\Software Informer
2009-10-22 14:44:56 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Software Informer
2009-10-22 11:11:37 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-10-22 11:11:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-22 11:11:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-22 04:45:06 ----A---- C:\WINDOWS\system32\vmnetbridge.dll
2009-10-22 03:22:38 ----A---- C:\WINDOWS\system32\vmnc.dll
2009-10-19 16:43:19 ----D---- C:\Program Files\AV MP3 Player-Morpher
2009-10-19 16:30:12 ----D---- C:\Program Files\RonyaSoft CD DVD Label Maker
2009-10-19 16:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\RonyaSoft CD DVD Label Maker

======List of files/folders modified in the last 1 months======

2009-11-18 13:05:08 ----D---- C:\WINDOWS\Prefetch
2009-11-18 13:01:48 ----D---- C:\Program Files\Mozilla Firefox
2009-11-18 12:45:57 ----D---- C:\WINDOWS\Temp
2009-11-18 11:25:53 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-11-18 01:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-17 22:38:23 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-11-17 22:38:21 ----RHDC---- C:\AHCache
2009-11-17 22:38:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-11-17 22:35:40 ----DC---- C:\temp
2009-11-17 22:35:40 ----D---- C:\Program Files\Windows Plus
2009-11-17 22:35:40 ----D---- C:\Program Files\Windows Media Player
2009-11-17 22:35:40 ----D---- C:\Program Files\WildTangent
2009-11-17 22:35:40 ----D---- C:\Program Files
2009-11-17 22:35:39 ----D---- C:\Program Files\Internet Explorer
2009-11-17 22:35:39 ----D---- C:\Program Files\ImgBurn
2009-11-17 22:35:39 ----D---- C:\Program Files\Hewlett-Packard
2009-11-17 22:35:39 ----D---- C:\Program Files\Graboid
2009-11-17 22:35:39 ----D---- C:\Program Files\Google
2009-11-17 22:35:39 ----D---- C:\Program Files\DISC
2009-11-17 22:35:38 ----D---- C:\fsaua.data
2009-11-17 21:53:33 ----D---- C:\Program Files\FLAC
2009-11-17 20:13:59 ----HD---- C:\WINDOWS\inf
2009-11-17 20:13:58 ----D---- C:\WINDOWS\msagent
2009-11-17 20:13:57 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-17 20:13:57 ----AD---- C:\WINDOWS
2009-11-17 20:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-11-17 17:49:32 ----SHD---- C:\WINDOWS\Installer
2009-11-17 17:49:20 ----D---- C:\WINDOWS\system32
2009-11-17 17:48:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-17 14:08:26 ----D---- C:\WINDOWS\system32\FxsTmp
2009-11-16 18:18:13 ----SD---- C:\WINDOWS\Tasks
2009-11-16 17:59:59 ----D---- C:\Program Files\Adobe Media Player
2009-11-16 17:58:43 ----D---- C:\Program Files\Symantec
2009-11-16 14:02:40 ----A---- C:\WINDOWS\WININIT.INI
2009-11-16 01:03:02 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-15 03:05:15 ----A---- C:\WINDOWS\win.ini
2009-11-14 03:02:46 ----RSD---- C:\WINDOWS\Fonts
2009-11-14 03:01:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-13 19:01:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-13 18:51:53 ----D---- C:\WINDOWS\Debug
2009-11-13 01:49:37 ----D---- C:\Program Files\Norton Internet Security
2009-11-12 23:26:21 ----D---- C:\WINDOWS\Help
2009-11-12 16:16:43 ----D---- C:\WINDOWS\system32\drivers
2009-11-12 15:17:18 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp
2009-11-12 14:26:50 ----D---- C:\WINDOWS\system32\Lang
2009-11-12 14:26:12 ----D---- C:\WINDOWS\Registration
2009-11-12 13:35:04 ----D---- C:\Documents and Settings
2009-11-12 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2009-11-12 03:00:31 ----D---- C:\WINDOWS\WinSxS
2009-11-12 02:08:22 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-11-12 00:26:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\eMusic
2009-11-11 23:00:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-11 23:00:35 ----D---- C:\Program Files\muvee Technologies
2009-11-11 23:00:34 ----D---- C:\Program Files\Common Files
2009-11-11 22:47:03 ----A---- C:\WINDOWS\imsins.BAK
2009-11-11 22:26:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 18:39:08 ----D---- C:\Program Files\Microsoft Streets and Trips
2009-11-11 18:15:43 ----D---- C:\Program Files\Adobe
2009-11-11 17:12:55 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-10 13:09:10 ----D---- C:\WINDOWS\security
2009-11-10 12:56:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-10 12:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 12:48:58 ----D---- C:\WINDOWS\Cursors
2009-11-10 11:36:24 ----D---- C:\Program Files\iTunes
2009-11-10 11:22:10 ----D---- C:\WINDOWS\system32\wbem
2009-11-10 11:22:08 ----D---- C:\WINDOWS\system32\Setup
2009-11-10 11:22:08 ----D---- C:\WINDOWS\AppPatch
2009-11-10 03:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-11-10 03:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-10 03:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-10 03:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-10 03:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-11-10 03:51:30 ----D---- C:\Program Files\Messenger
2009-11-10 03:51:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-10 03:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-10 03:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-10 03:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-11-10 03:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-11-10 03:46:13 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-11-10 03:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-11-10 03:44:03 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-11-10 03:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-11-10 03:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-10 03:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-10 03:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-10 03:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-10 03:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-10 03:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-10 03:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-11-10 03:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-10 03:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-11-10 03:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-10 03:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-11-10 03:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-11-10 03:33:59 ----D---- C:\Program Files\Outlook Express
2009-11-10 03:33:57 ----D---- C:\Program Files\Common Files\System
2009-11-10 03:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-11-10 03:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-10 03:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-11-10 03:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-11-10 03:31:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-10 03:31:18 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-11-10 03:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-11-10 03:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-11-10 03:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-10 03:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-11-10 03:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-10 03:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-11-10 03:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-11-10 03:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-11-10 03:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-10 03:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-11-10 03:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-11-10 03:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-11-10 03:24:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-11-10 03:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-11-10 03:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-10 03:19:06 ----AD---- C:\WINDOWS\ehome
2009-11-10 03:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-11-10 03:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-10 03:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-11-10 03:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-10 03:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-10 03:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-10 03:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-11-10 03:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-11-10 03:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-10 03:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-10 03:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-11-10 03:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-11-10 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-10 03:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-11-10 03:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-10 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-09 22:50:04 ----D---- C:\WINDOWS\Minidump
2009-11-09 22:49:53 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Auslogics
2009-11-09 22:48:05 ----D---- C:\Program Files\Auslogics
2009-11-09 22:16:47 ----D---- C:\Program Files\Glary Registry Repair
2009-11-09 22:16:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\GlarySoft
2009-11-09 22:03:11 ----D---- C:\Program Files\Glary Utilities
2009-11-09 08:40:48 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-09 03:33:12 ----D---- C:\WINDOWS\pss
2009-11-08 22:41:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-08 22:34:26 ----D---- C:\Program Files\Pidgin
2009-11-08 21:50:07 ----D---- C:\Program Files\VideoLAN
2009-11-08 21:29:32 ----D---- C:\Program Files\Java
2009-11-08 17:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-11-08 17:50:29 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-11-08 17:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-11-08 17:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-11-08 17:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-11-08 17:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-11-08 17:49:06 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-11-08 17:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-11-08 17:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-11-08 17:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-11-08 17:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-11-08 17:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-11-08 17:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-11-08 17:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-11-08 17:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-11-08 17:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-11-08 17:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-11-08 17:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-11-08 17:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-11-08 17:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-11-08 17:46:14 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-11-08 17:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-11-08 17:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-08 17:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-11-08 17:45:13 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-11-08 17:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-08 17:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-11-08 17:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-11-08 17:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-11-08 17:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-11-08 17:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-11-08 17:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-11-08 17:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-11-08 17:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-11-08 17:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-11-08 17:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-11-08 17:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-11-08 17:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-11-08 17:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-11-08 12:44:04 ----HD---- C:\hp
2009-11-07 20:40:14 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-11-07 14:33:50 ----AD---- C:\WINDOWS\CREATOR
2009-11-06 22:40:07 ----D---- C:\Program Files\Microsoft Works
2009-11-06 22:40:03 ----D---- C:\Program Files\Microsoft Office
2009-11-06 17:56:36 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-06 17:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-11-06 17:18:54 ----A---- C:\WINDOWS\ODBC.INI
2009-11-06 17:12:02 ----D---- C:\WINDOWS\system
2009-11-04 18:10:13 ----RASHC---- C:\boot.ini
2009-11-04 18:09:36 ----AC---- C:\WINDOWS\UPGRADE.TXT
2009-11-04 18:09:32 ----D---- C:\WINDOWS\setup.pss
2009-11-04 18:07:58 ----SHD---- C:\RECYCLER
2009-11-04 18:06:48 ----AD---- C:\WINDOWS\system32\pcintro
2009-11-04 13:17:49 ----RASHC---- C:\BOOT.BAK
2009-11-04 13:14:14 ----A---- C:\WINDOWS\system.ini
2009-11-04 12:49:23 ----DC---- C:\I386
2009-11-04 12:46:19 ----RD---- C:\WINDOWS\Offline Web Pages
2009-11-04 12:46:17 ----RSD---- C:\WINDOWS\assembly
2009-11-04 12:46:17 ----RD---- C:\WINDOWS\Web
2009-11-02 17:41:51 ----D---- C:\Program Files\MediaMonkey
2009-11-02 12:12:38 ----D---- C:\Program Files\EZ Label Xpress
2009-10-28 23:47:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\foobar2000
2009-10-28 12:21:32 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Amazon
2009-10-27 18:54:22 ----D---- C:\Program Files\EvilLyrics
2009-10-27 11:32:09 ----D---- C:\Program Files\QuickTime
2009-10-27 11:31:32 ----D---- C:\Program Files\Common Files\Apple
2009-10-27 11:25:10 ----D---- C:\Program Files\Roxio Toast Titanium 9.0.4
2009-10-20 22:35:36 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-20 19:57:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-20 19:26:20 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-10-19 16:00:35 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-11-09 223432]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-04 17801]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2009-10-22 32688]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys []
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2006-04-13 168064]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091118.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091118.003\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20091110.002\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2009-10-22 16560]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-09 20480]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-01-22 192104]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2007-09-13 202088]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-01-22 169576]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-08 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-11-07 1251720]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2009-10-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2009-10-22 395824]
R3 NSCService;Norton Protection Center Service; c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; c:\Program Files\Norton Internet Security\ccPwdSvc.exe [2007-01-16 72328]
S3 comHost;COM Host; c:\Program Files\Norton Internet Security\comHost.exe [2007-01-16 45696]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;Symantec AVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2009-10-12 191024]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------






>>>> Here is info.txt:


info.txt logfile of random's system information tool 1.06 2009-11-18 13:05:12

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auslogics BoostSpeed-->"C:\Program Files\Auslogics\Auslogics BoostSpeed\unins000.exe"
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
DesignPro 5.0 Media Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}
DISCover-->"C:\Program Files\DISC\uninstall.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
eMusic Download Manager 4.1.3.1-->C:\Program Files\eMusic Download Manager\uninst.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /remove
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Foxit Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Free Studio version 4.2-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Glary Registry Repair 3.2.0.828-->"C:\Program Files\Glary Registry Repair\unins000.exe"
Glary Utilities 2.17.0.776-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet 460 Series-->C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Installer\setup.exe /x
HP Deskjet 460-->msiexec /x{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\Setup.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2006 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB914882)-->"C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Player-->C:\Documents and Settings\All Users\Application Data\VMware\VMware Player\Uninstaller\uninstall.exe -x
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"

======Security center information======

AV: Norton Internet Security 2006
AV: Microsoft Security Essentials
FW: Norton Internet Worm Protection (disabled)
FW: Norton Internet Security 2006

======System event log======

Computer Name: CHRISHP
Event Code: 2001
Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.69.795.0

Update Source: Microsoft Update Server

Update Stage: Download

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.5202.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 1023
Source Name: Microsoft Antimalware
Time Written: 20091111224423.000000-480
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 2001
Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.69.795.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.5202.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 1022
Source Name: Microsoft Antimalware
Time Written: 20091111224423.000000-480
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 2001
Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.69.795.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.5202.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 1021
Source Name: Microsoft Antimalware
Time Written: 20091111224423.000000-480
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{39627F2F-1BA7-4F0D-B4DE-19A4EE09A534}.

Record Number: 972
Source Name: Server
Time Written: 20091111222832.000000-480
Event Type: warning
User:

Computer Name: CHRISHP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 945
Source Name: Tcpip
Time Written: 20091111132306.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: CHRISHP
Event Code: 11316
Message: Product: Java™ 6 Update 17 -- Error 1316.A network error occurred while attempting to read from the file C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\jre1.6.0_17-c.msi

Record Number: 357
Source Name: MsiInstaller
Time Written: 20091108214907.000000-480
Event Type: error
User: CHRISHP\HP_Administrator

Computer Name: CHRISHP
Event Code: 1001
Message: Fault bucket 136444030.

Record Number: 84
Source Name: Application Error
Time Written: 20091106230603.000000-420
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0xf18b56ec.

Record Number: 83
Source Name: Application Error
Time Written: 20091106230559.000000-420
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 74
Source Name: WinMgmt
Time Written: 20091106181817.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CHRISHP
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 73
Source Name: WinMgmt
Time Written: 20091106181817.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------




>>>>> Here is RootRepeal.txt :

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/11/18 13:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP Media Center Edition SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB5A31000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBAE66000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB166A000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a
Status: Locked to the Windows API!

Path: C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091107.004\EraserUtilRebootDrv.sys
Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a1480c0

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a889e78

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a2d97b8

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x8a33c628

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb5d3d020

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a877110

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x8a2e5640

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb5d3d2a0

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb5d3d800

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x89bce640

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a157800

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8ac675b8

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a2ef628

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a147948

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a15f550

#: 129 Function Name: NtOpenThreadToken
Status: Hooked by "<unknown>" at address 0x8a8772d0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "<unknown>" at address 0x8ac6c8e8

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a40c990

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a1f7fd0

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a2b0628

#: 229 Function Name: NtSetInformationThread
Status: Hooked by "<unknown>" at address 0x88f8e3c0

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb5d3da50

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a147b68

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a3dc6b0

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a15b9b0

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a434880

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a15b828

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a143108

==EOF==

Again Thank you!
"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 18 November 2009 - 08:23 PM

Hi Wrangler Space,

Nothing to worry about so far, just a few things to take care of.

Firstly, there is evidence of updates being blocked which indicates rootkit activity as well as trojans. The RootRepeal shows a hidden folder which is one of those folders which seems to be legitimate but no-one remembers voluntarily downloading it.

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a

It's some kind of browser plug-in but if you don't know it then we'll remove it.


There are also some temp files which can go.

Backup Your Registry with ERUNT
  • Please use the following link and scroll down to ERUNT and download it.
    http://aumha.org/freeware/freeware.php
  • For version with the Installer:
    Use the setup program to install ERUNT on your computer
  • For the zipped version:
    Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.

Note: to restore your registry, go to the folder and start ERDNT.exe

We need to execute an OTM script
  • Please download OTM by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :Files
    c:\windows\system32\SET344.tmp
    c:\windows\system32\SET33E.tmp
    c:\windows\system32\SET347.tmp
    c:\windows\system32\SET343.tmp
    c:\windows\system32\SET346.tmp
    c:\windows\system32\SET345.tmp
    c:\windows\system32\SET25A.tmp
    c:\windows\system32\dllcache\SET218.tmp
    c:\windows\system32\SET216.tmp
    c:\windows\system32\SET1A8.tmp
    c:\windows\system32\SET186.tmp
    c:\windows\system32\SET170.tmp
    c:\windows\system32\SET171.tmp
    c:\windows\system32\SET2FC.tmp
    c:\windows\system32\SET2FD.tmp
    c:\windows\system32\SET2FE.tmp
    c:\windows\system32\SET2FF.tmp
    c:\windows\system32\SET304.tmp
    c:\windows\system32\SET30E.tmp
    c:\windows\system32\SET255.tmp
  • Push the large Posted Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Post the OTM log.

Please also post an RSIT log as shown below:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks :(

Edited by m0le, 18 November 2009 - 08:25 PM.

Posted Image
m0le is a proud member of UNITE

#9 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 18 November 2009 - 09:35 PM

1. I don't know what this is:
C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a

2. Your three requested logs:
a.) OTM Fix Log:

========== FILES ==========
File/Folder c:\windows\system32\SET344.tmp not found.
File/Folder c:\windows\system32\SET33E.tmp not found.
File/Folder c:\windows\system32\SET347.tmp not found.
File/Folder c:\windows\system32\SET343.tmp not found.
File/Folder c:\windows\system32\SET346.tmp not found.
File/Folder c:\windows\system32\SET345.tmp not found.
File/Folder c:\windows\system32\SET25A.tmp not found.
File/Folder c:\windows\system32\dllcache\SET218.tmp not found.
File/Folder c:\windows\system32\SET216.tmp not found.
File/Folder c:\windows\system32\SET1A8.tmp not found.
File/Folder c:\windows\system32\SET186.tmp not found.
File/Folder c:\windows\system32\SET170.tmp not found.
File/Folder c:\windows\system32\SET171.tmp not found.
File/Folder c:\windows\system32\SET2FC.tmp not found.
File/Folder c:\windows\system32\SET2FD.tmp not found.
File/Folder c:\windows\system32\SET2FE.tmp not found.
File/Folder c:\windows\system32\SET2FF.tmp not found.
File/Folder c:\windows\system32\SET304.tmp not found.
File/Folder c:\windows\system32\SET30E.tmp not found.
File/Folder c:\windows\system32\SET255.tmp not found.

OTM by OldTimer - Version 3.1.2.0 log created on 11182009_175208



b.) log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2009-11-18 17:57:25
Microsoft Windows XP Professional Service Pack 2
System drive C: has 111 GB (48%) free of 229 GB
Total RAM: 3006 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:57:32 PM, on 11/18/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\VMware\VMware Player\hqtray.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\eMusic Download Manager\xulrunner\xulrunner.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator\Desktop\OTM.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZENG12.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware player\vsocklib.dll
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1257556965500
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 11979 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - HP_Administrator.job
C:\WINDOWS\tasks\SmartDefrag.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8F38D8D-E480-4D52-B7A2-731BB6995FDD}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-06-17 1191424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AAAE832A-5FFF-4661-9C8F-369692D1DCB9}]
hpWebHelper Class - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [2006-06-17 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-08 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-08 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-06-17 1191424]
{C4069E3A-68F1-403E-B40E-20066696354B} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2007-05-23 140912]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-03-08 16010240]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-01-24 7311360]
"nwiz"=nwiz.exe /install []
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2007-01-22 52840]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2009-09-13 1048392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdloader"=C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe [2009-08-01 50520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-09 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMware hqtray]
C:\Program Files\VMware\VMware Player\hqtray.exe [2009-10-22 64048]

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\VMware\VMware Player\vmware-authd.exe"="C:\Program Files\VMware\VMware Player\vmware-authd.exe:*:Enabled:VMware Authd"
"C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{027d9347-c984-11de-ba77-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f603869-c9d2-11de-ba79-00184d2e4d68}]
shell\AutoRun\command - K:\wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f60386e-c9d2-11de-ba79-00184d2e4d68}]
shell\AutoRun\command - L:\autorun.exe
shell\phone\command - L:\autorun.exe


======List of files/folders created in the last 1 months======

2009-11-18 17:52:08 ----DC---- C:\_OTM
2009-11-18 17:48:08 ----D---- C:\WINDOWS\ERDNT
2009-11-18 17:44:12 ----D---- C:\Program Files\ERUNT
2009-11-18 13:25:40 ----AC---- C:\RootRepeal report 11-18-09 (13-25-40).txt
2009-11-18 13:05:05 ----DC---- C:\rsit
2009-11-17 14:42:34 ----N---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-11-16 01:02:47 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitTorrent
2009-11-16 01:02:30 ----D---- C:\Program Files\BitTorrent
2009-11-13 18:51:54 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-11-12 16:16:31 ----D---- C:\WINDOWS\LastGood
2009-11-12 12:56:02 ----D---- C:\Program Files\AskBarDis
2009-11-12 12:55:46 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Foxit
2009-11-12 12:55:45 ----D---- C:\Program Files\Foxit Software
2009-11-12 00:26:06 ----D---- C:\Program Files\eMusic Download Manager
2009-11-11 22:46:56 ----HDC---- C:\WINDOWS\$NtUninstallKB908250$
2009-11-11 22:46:06 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-11 22:42:06 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-11 22:41:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-11 22:27:48 ----RA---- C:\WINDOWS\system32\vnetinst.dll
2009-11-11 22:27:41 ----A---- C:\WINDOWS\system32\vmnetdhcp.exe
2009-11-11 22:27:37 ----A---- C:\WINDOWS\system32\vmnat.exe
2009-11-11 22:27:29 ----A---- C:\WINDOWS\system32\vnetlib.dll
2009-11-11 22:26:21 ----D---- C:\Program Files\Common Files\VMware
2009-11-11 22:26:04 ----D---- C:\Documents and Settings\All Users\Application Data\VMware
2009-11-11 22:25:47 ----D---- C:\Program Files\VMware
2009-11-11 21:21:54 ----D---- C:\Program Files\ResumeMaker14
2009-11-11 21:21:31 ----D---- C:\Program Files\Data
2009-11-11 21:21:30 ----D---- C:\Program Files\BACKUP
2009-11-11 00:46:45 ----D---- C:\Documents and Settings\All Users\Application Data\Avery
2009-11-11 00:46:42 ----D---- C:\Program Files\Avery Dennison
2009-11-11 00:32:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2009-11-10 20:32:33 ----D---- C:\Program Files\Debugging Tools for Windows (x86)
2009-11-10 12:58:13 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\GrabPro
2009-11-10 11:35:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-11-10 03:48:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-10 03:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-10 03:43:38 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-10 03:42:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-10 03:40:16 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-10 03:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-10 03:17:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-10 03:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$
2009-11-10 03:05:22 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-10 01:25:37 ----N---- C:\WINDOWS\system32\verclsid.exe
2009-11-09 21:38:38 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\CBS Interactive
2009-11-09 21:34:02 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\TrueCrypt
2009-11-09 19:49:25 ----D---- C:\Program Files\Belarc
2009-11-09 19:47:59 ----D---- C:\Program Files\TrueCrypt
2009-11-09 16:35:15 ----D---- C:\Documents and Settings\All Users\Application Data\MediaMonkey
2009-11-09 15:04:54 ----N---- C:\WINDOWS\system32\tzchange.exe
2009-11-09 13:31:16 ----AC---- C:\RootRepeal report 11-09-09 (13-31-16).txt
2009-11-09 09:42:57 ----A---- C:\WINDOWS\system32\muweb.dll
2009-11-09 09:42:57 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-11-09 09:42:57 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-11-08 23:41:34 ----AC---- C:\RootRepeal report 11-08-09 (23-41-34).txt
2009-11-08 22:44:00 ----D---- C:\Program Files\Trend Micro
2009-11-08 22:41:04 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2009-11-08 22:36:19 ----D---- C:\Program Files\Microsoft Security Essentials
2009-11-08 22:36:05 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2009-11-08 22:34:07 ----D---- C:\Program Files\Common Files\GTK
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\java.exe
2009-11-08 21:32:04 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-08 19:15:01 ----D---- C:\Program Files\ESET
2009-11-08 17:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-11-08 17:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2009-11-08 17:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-08 17:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-08 17:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-07 00:32:04 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\eMule
2009-11-07 00:32:00 ----D---- C:\Program Files\eMule
2009-11-07 00:19:26 ----D---- C:\Program Files\NOS
2009-11-07 00:19:26 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-11-06 22:40:30 ----D---- C:\WINDOWS\system32\appmgmt
2009-11-06 17:27:11 ----D---- C:\WINDOWS\system32\PreInstall
2009-11-06 17:23:29 ----A---- C:\WINDOWS\system32\wuapi.dll.mui
2009-11-06 17:22:58 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-11-05 16:20:57 ----A---- C:\WINDOWS\system32\hpz3l3xt.dll.1
2009-11-05 16:20:49 ----RA---- C:\WINDOWS\scrub2k.exe
2009-11-05 16:20:49 ----RA---- C:\WINDOWS\hpw0460k.ini
2009-11-05 16:19:07 ----A---- C:\WINDOWS\hpdj460.ini
2009-11-05 16:17:11 ----A---- C:\WINDOWS\mariner.ini
2009-11-05 16:17:07 ----A---- C:\WINDOWS\hpbvnstp.ini
2009-11-05 16:16:51 ----RA---- C:\WINDOWS\system32\hpbvnstp.dll
2009-11-05 16:16:49 ----A---- C:\WINDOWS\system32\hpz3l3xt.dll
2009-11-05 16:00:08 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\AdobeUM
2009-11-04 21:23:07 ----D---- C:\WINDOWS\system32\LogFiles
2009-11-04 20:00:16 ----RA---- C:\WINDOWS\system32\AegisI5.exe
2009-11-04 20:00:16 ----A---- C:\WINDOWS\system32\ssleay32.dll
2009-11-04 20:00:15 ----A---- C:\WINDOWS\system32\libeay32.dll
2009-11-04 20:00:15 ----A---- C:\WINDOWS\system32\DNIN50.dll
2009-11-04 18:09:36 ----RSHDC---- C:\cmdcons
2009-11-04 17:41:12 ----ASHC---- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
2009-11-04 17:41:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Intuit
2009-11-04 17:41:00 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Identities
2009-11-04 17:40:58 ----SD---- C:\Documents and Settings\HP_Administrator\Application Data\Microsoft
2009-11-04 17:40:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Symantec
2009-11-04 17:40:58 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Real
2009-11-04 13:13:51 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-04 12:24:04 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-02 13:28:12 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Help
2009-10-27 11:31:23 ----D---- C:\Program Files\Apple Software Update
2009-10-24 13:16:33 ----HDC---- C:\$AVG
2009-10-24 13:16:02 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-10-24 13:15:44 ----D---- C:\Program Files\AVG
2009-10-24 13:15:43 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-10-24 12:58:54 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Apowersoft
2009-10-23 10:46:04 ----DC---- C:\subsonic
2009-10-22 16:17:21 ----D---- C:\Program Files\Realtek
2009-10-22 16:17:13 ----A---- C:\WINDOWS\RtlExUpd.dll
2009-10-22 15:17:13 ----D---- C:\Program Files\Digiarty
2009-10-22 14:45:17 ----D---- C:\Program Files\ASTRA32
2009-10-22 14:44:56 ----D---- C:\Program Files\Software Informer
2009-10-22 14:44:56 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Software Informer
2009-10-22 11:11:37 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2009-10-22 11:11:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-22 11:11:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-22 04:45:06 ----A---- C:\WINDOWS\system32\vmnetbridge.dll
2009-10-22 03:22:38 ----A---- C:\WINDOWS\system32\vmnc.dll
2009-10-19 16:43:19 ----D---- C:\Program Files\AV MP3 Player-Morpher
2009-10-19 16:30:12 ----D---- C:\Program Files\RonyaSoft CD DVD Label Maker
2009-10-19 16:30:12 ----D---- C:\Documents and Settings\All Users\Application Data\RonyaSoft CD DVD Label Maker

======List of files/folders modified in the last 1 months======

2009-11-18 17:52:29 ----D---- C:\WINDOWS\Prefetch
2009-11-18 17:52:12 ----D---- C:\WINDOWS\Temp
2009-11-18 17:48:08 ----AD---- C:\WINDOWS
2009-11-18 17:44:12 ----D---- C:\Program Files
2009-11-18 13:45:05 ----D---- C:\Program Files\Mozilla Firefox
2009-11-18 13:08:18 ----D---- C:\WINDOWS\system32\drivers
2009-11-18 11:25:53 ----D---- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2009-11-18 01:32:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-17 22:38:24 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-11-17 22:38:23 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-11-17 22:38:21 ----RHDC---- C:\AHCache
2009-11-17 22:38:21 ----D---- C:\Documents and Settings\All Users\Application Data\LightScribe
2009-11-17 22:38:21 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-11-17 22:35:40 ----DC---- C:\temp
2009-11-17 22:35:40 ----D---- C:\Program Files\Windows Plus
2009-11-17 22:35:40 ----D---- C:\Program Files\Windows Media Player
2009-11-17 22:35:40 ----D---- C:\Program Files\WildTangent
2009-11-17 22:35:39 ----D---- C:\Program Files\Internet Explorer
2009-11-17 22:35:39 ----D---- C:\Program Files\ImgBurn
2009-11-17 22:35:39 ----D---- C:\Program Files\Hewlett-Packard
2009-11-17 22:35:39 ----D---- C:\Program Files\Graboid
2009-11-17 22:35:39 ----D---- C:\Program Files\Google
2009-11-17 22:35:39 ----D---- C:\Program Files\DISC
2009-11-17 22:35:38 ----D---- C:\fsaua.data
2009-11-17 21:53:33 ----D---- C:\Program Files\FLAC
2009-11-17 20:14:25 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-17 20:13:59 ----HD---- C:\WINDOWS\inf
2009-11-17 20:13:58 ----D---- C:\WINDOWS\msagent
2009-11-17 20:13:42 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-11-17 17:49:32 ----SHD---- C:\WINDOWS\Installer
2009-11-17 17:49:20 ----D---- C:\WINDOWS\system32
2009-11-17 17:48:18 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-11-17 14:08:26 ----D---- C:\WINDOWS\system32\FxsTmp
2009-11-16 18:18:13 ----SD---- C:\WINDOWS\Tasks
2009-11-16 17:59:59 ----D---- C:\Program Files\Adobe Media Player
2009-11-16 17:58:43 ----D---- C:\Program Files\Symantec
2009-11-16 14:02:40 ----A---- C:\WINDOWS\WININIT.INI
2009-11-16 01:03:02 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-15 03:05:15 ----A---- C:\WINDOWS\win.ini
2009-11-14 03:02:46 ----RSD---- C:\WINDOWS\Fonts
2009-11-14 03:01:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-13 19:01:57 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-13 18:51:53 ----D---- C:\WINDOWS\Debug
2009-11-13 01:49:37 ----D---- C:\Program Files\Norton Internet Security
2009-11-12 23:26:21 ----D---- C:\WINDOWS\Help
2009-11-12 15:17:18 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp
2009-11-12 14:26:50 ----D---- C:\WINDOWS\system32\Lang
2009-11-12 14:26:12 ----D---- C:\WINDOWS\Registration
2009-11-12 13:35:04 ----D---- C:\Documents and Settings
2009-11-12 03:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2009-11-12 03:00:31 ----D---- C:\WINDOWS\WinSxS
2009-11-12 02:08:22 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-11-12 00:26:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\eMusic
2009-11-11 23:00:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-11-11 23:00:35 ----D---- C:\Program Files\muvee Technologies
2009-11-11 23:00:34 ----D---- C:\Program Files\Common Files
2009-11-11 22:47:03 ----A---- C:\WINDOWS\imsins.BAK
2009-11-11 22:26:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-11 18:39:08 ----D---- C:\Program Files\Microsoft Streets and Trips
2009-11-11 18:15:43 ----D---- C:\Program Files\Adobe
2009-11-11 17:12:55 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-10 13:09:10 ----D---- C:\WINDOWS\security
2009-11-10 12:56:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-11-10 12:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-10 12:48:58 ----D---- C:\WINDOWS\Cursors
2009-11-10 11:36:24 ----D---- C:\Program Files\iTunes
2009-11-10 11:22:10 ----D---- C:\WINDOWS\system32\wbem
2009-11-10 11:22:08 ----D---- C:\WINDOWS\system32\Setup
2009-11-10 11:22:08 ----D---- C:\WINDOWS\AppPatch
2009-11-10 03:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-11-10 03:53:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-10 03:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-10 03:52:26 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-10 03:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-11-10 03:51:30 ----D---- C:\Program Files\Messenger
2009-11-10 03:51:26 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-10 03:50:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-10 03:50:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-10 03:47:18 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-11-10 03:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-11-10 03:46:13 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-11-10 03:44:59 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-11-10 03:44:03 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-11-10 03:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-11-10 03:41:34 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-10 03:41:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-10 03:40:45 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-10 03:39:43 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-10 03:38:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-10 03:37:44 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-10 03:37:17 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-11-10 03:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-10 03:36:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-11-10 03:36:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-10 03:35:56 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-11-10 03:35:04 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-11-10 03:33:59 ----D---- C:\Program Files\Outlook Express
2009-11-10 03:33:57 ----D---- C:\Program Files\Common Files\System
2009-11-10 03:33:52 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-11-10 03:33:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-10 03:32:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-11-10 03:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-11-10 03:31:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-10 03:31:18 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-11-10 03:30:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-11-10 03:29:42 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-11-10 03:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-10 03:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-11-10 03:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-10 03:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-11-10 03:27:25 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-11-10 03:26:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-11-10 03:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-10 03:25:52 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-11-10 03:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-11-10 03:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-11-10 03:24:05 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-11-10 03:22:58 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-11-10 03:19:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-10 03:19:06 ----AD---- C:\WINDOWS\ehome
2009-11-10 03:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973768$
2009-11-10 03:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-10 03:17:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-11-10 03:16:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-10 03:16:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-10 03:15:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-10 03:14:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
2009-11-10 03:12:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-11-10 03:11:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-10 03:11:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-10 03:09:59 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-11-10 03:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-11-10 03:07:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-10 03:06:28 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-11-10 03:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-10 03:04:41 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-09 22:50:04 ----D---- C:\WINDOWS\Minidump
2009-11-09 22:49:53 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Auslogics
2009-11-09 22:48:05 ----D---- C:\Program Files\Auslogics
2009-11-09 22:16:47 ----D---- C:\Program Files\Glary Registry Repair
2009-11-09 22:16:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\GlarySoft
2009-11-09 22:03:11 ----D---- C:\Program Files\Glary Utilities
2009-11-09 08:40:48 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-09 03:33:12 ----D---- C:\WINDOWS\pss
2009-11-08 22:41:45 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-08 22:34:26 ----D---- C:\Program Files\Pidgin
2009-11-08 21:50:07 ----D---- C:\Program Files\VideoLAN
2009-11-08 21:29:32 ----D---- C:\Program Files\Java
2009-11-08 17:50:38 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-11-08 17:50:29 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-11-08 17:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-11-08 17:50:06 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2009-11-08 17:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-11-08 17:49:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-11-08 17:49:06 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-11-08 17:48:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-11-08 17:48:44 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-11-08 17:48:34 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-11-08 17:48:23 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-11-08 17:48:14 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-11-08 17:48:01 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-11-08 17:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-11-08 17:47:40 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-11-08 17:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-11-08 17:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-11-08 17:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-11-08 17:46:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-11-08 17:46:31 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-11-08 17:46:14 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-11-08 17:46:04 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-11-08 17:45:51 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-08 17:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-11-08 17:45:13 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-11-08 17:45:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-08 17:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2009-11-08 17:44:42 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-11-08 17:44:33 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-11-08 17:44:24 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-11-08 17:44:04 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-11-08 17:43:45 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-11-08 17:43:26 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-11-08 17:43:15 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-11-08 17:43:01 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-11-08 17:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-11-08 17:42:41 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-11-08 17:42:33 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-11-08 17:42:20 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-11-08 12:44:04 ----HD---- C:\hp
2009-11-07 20:40:14 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-11-07 14:33:50 ----AD---- C:\WINDOWS\CREATOR
2009-11-06 22:40:07 ----D---- C:\Program Files\Microsoft Works
2009-11-06 22:40:03 ----D---- C:\Program Files\Microsoft Office
2009-11-06 17:56:36 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-06 17:27:09 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-11-06 17:18:54 ----A---- C:\WINDOWS\ODBC.INI
2009-11-06 17:12:02 ----D---- C:\WINDOWS\system
2009-11-04 18:10:13 ----RASHC---- C:\boot.ini
2009-11-04 18:09:36 ----AC---- C:\WINDOWS\UPGRADE.TXT
2009-11-04 18:09:32 ----D---- C:\WINDOWS\setup.pss
2009-11-04 18:07:58 ----SHD---- C:\RECYCLER
2009-11-04 18:06:48 ----AD---- C:\WINDOWS\system32\pcintro
2009-11-04 13:17:49 ----RASHC---- C:\BOOT.BAK
2009-11-04 13:14:14 ----A---- C:\WINDOWS\system.ini
2009-11-04 12:49:23 ----DC---- C:\I386
2009-11-04 12:46:19 ----RD---- C:\WINDOWS\Offline Web Pages
2009-11-04 12:46:17 ----RSD---- C:\WINDOWS\assembly
2009-11-04 12:46:17 ----RD---- C:\WINDOWS\Web
2009-11-02 17:41:51 ----D---- C:\Program Files\MediaMonkey
2009-11-02 12:12:38 ----D---- C:\Program Files\EZ Label Xpress
2009-10-28 23:47:25 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\foobar2000
2009-10-28 12:21:32 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Amazon
2009-10-27 18:54:22 ----D---- C:\Program Files\EvilLyrics
2009-10-27 11:32:09 ----D---- C:\Program Files\QuickTime
2009-10-27 11:31:32 ----D---- C:\Program Files\Common Files\Apple
2009-10-27 11:25:10 ----D---- C:\Program Files\Roxio Toast Titanium 9.0.4
2009-10-20 22:35:36 ----D---- C:\Program Files\Microsoft Silverlight
2009-10-20 19:57:02 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-10-20 19:26:20 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-10-19 16:00:35 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-03-06 3840]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2009-06-18 142832]
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-10-01 189320]
R1 truecrypt;truecrypt; C:\WINDOWS\System32\drivers\truecrypt.sys [2009-11-09 223432]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-09 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.2.0.3; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-11-04 17801]
R2 hcmon;VMware hcmon; \??\C:\WINDOWS\system32\drivers\hcmon.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 vmci;VMware vmci; \??\C:\WINDOWS\system32\Drivers\vmci.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys [2009-10-22 32688]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys []
R2 vmx86;VMware vmx86; \??\C:\WINDOWS\system32\Drivers\vmx86.sys []
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\C:\Program Files\VMware\VMware Player\vstor2-ws60.sys []
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2006-04-13 168064]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-27 49664]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-27 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-27 21568]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091118.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20091118.003\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-03 13056]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-10-01 12680]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-10-01 98184]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-10-01 31624]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20091110.002\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-10-01 28040]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-10-01 23944]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496]
R3 vmkbd;VMware kbd; \??\C:\WINDOWS\system32\drivers\VMkbd.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys [2009-10-22 16560]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\DNINDIS5.SYS []
S3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-26 36864]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-09 20480]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-09-26 362944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2007-01-22 192104]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2007-09-13 202088]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2007-01-22 169576]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-08 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-24 73728]
R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2009-07-02 17904]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-05-23 139888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-01-24 131139]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-10-01 214408]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-09-15 1160800]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2009-11-07 1251720]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files\VMware\VMware Player\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\WINDOWS\system32\vmnetdhcp.exe [2009-10-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\WINDOWS\system32\vmnat.exe [2009-10-22 395824]
R3 NSCService;Norton Protection Center Service; c:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE [2006-12-15 750720]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccISPwdSvc;Symantec Internet Security Password Validation; c:\Program Files\Norton Internet Security\ccPwdSvc.exe [2007-01-16 72328]
S3 comHost;COM Host; c:\Program Files\Norton Internet Security\comHost.exe [2007-01-16 45696]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;Symantec AVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 ufad-ws60;VMware Agent Service; C:\Program Files\VMware\VMware Player\vmware-ufad.exe [2009-10-12 191024]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------
c.) info.txt (took a couple times to figure out I had to remove original from rsit file before it would show up)

info.txt logfile of random's system information tool 1.06 2009-11-18 18:12:47

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Auslogics BoostSpeed-->"C:\Program Files\Auslogics\Auslogics BoostSpeed\unins000.exe"
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Belarc Advisor 8.1-->"C:\PROGRA~1\Belarc\Advisor\Uninstall.exe" "C:\PROGRA~1\Belarc\Advisor\INSTALL.LOG"
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
CC_ccProxyExt-->MsiExec.exe /I{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}
ccCommon-->MsiExec.exe /I{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ccPxyCore-->MsiExec.exe /I{30738666-9805-4926-A78F-91DA33B6C437}
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Debugging Tools for Windows (x86)-->MsiExec.exe /I{300A2961-B2B5-4889-9CB9-5C2A570D08AD}
DesignPro 5.0 Media Edition-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BC8032F1-0D5E-43C6-B14A-77AC8F9690B5}
DISCover-->"C:\Program Files\DISC\uninstall.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
eMusic Download Manager 4.1.3.1-->C:\Program Files\eMusic Download Manager\uninst.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /remove
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FLAC 1.2.1b (remove only)-->C:\Program Files\FLAC\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Foxit Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Free Studio version 4.2-->"C:\Program Files\DVDVideoSoft\Free Studio\unins000.exe"
Glary Registry Repair 3.2.0.828-->"C:\Program Files\Glary Registry Repair\unins000.exe"
Glary Utilities 2.17.0.776-->"C:\Program Files\Glary Utilities\unins000.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
GTK+ Runtime 2.14.7 rev a (remove only)-->C:\Program Files\Common Files\GTK\2.0\uninst.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB893357)-->"C:\WINDOWS\$NtUninstallKB893357$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB906569)-->"C:\WINDOWS\$NtUninstallKB906569$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB912024)-->"C:\WINDOWS\$NtUninstallKB912024$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet 460 Series-->C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Installer\setup.exe /x
HP Deskjet 460-->msiexec /x{9875BF9C-8565-4085-B6A4-5D8D838FB5C3}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{7FF9CD9C-6E0C-4462-9670-F424DCB32DAF}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Antimalware-->MsiExec.exe /X{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91E30409-6000-11D3-8CFE-0150048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NETGEAR RangeMax™ Wireless USB 2.0 Adapter WPN111-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{582E9125-32B6-4CBA-AB48-3E33CE3DB389}\Setup.exe"
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485F-9E18-C5025306BB3F}
Norton AntiVirus 2006-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2006 (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe" /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FFB4DD53-28B7-4981-BFF0-9BD801F61095}
Norton Protection Center-->MsiExec.exe /I{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pidgin-->C:\Program Files\Pidgin\pidgin-uninst.exe
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
TrueCrypt-->"C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /u
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB912945)-->"C:\WINDOWS\$NtUninstallKB912945$\spuninst\spuninst.exe"
Update for Windows XP (KB914882)-->"C:\WINDOWS\$NtUninstallKB914882$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VMware Player-->C:\Documents and Settings\All Users\Application Data\VMware\VMware Player\Uninstaller\uninstall.exe -x
VMware Player-->MsiExec.exe /I{A53A11EA-0095-493F-86FA-A15E8A86A405}
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"

======Security center information======

AV: Norton Internet Security 2006
AV: Microsoft Security Essentials
FW: Norton Internet Worm Protection (disabled)
FW: Norton Internet Security 2006

======System event log======

Computer Name: CHRISHP
Event Code: 10010
Message: The server {F3A614DC-ABE0-11D2-A441-00C04F795683} did not register with DCOM within the required timeout.

Record Number: 1062
Source Name: DCOM
Time Written: 20091112104923.000000-480
Event Type: error
User: CHRISHP\HP_Administrator

Computer Name: CHRISHP
Event Code: 2001
Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.69.795.0

Update Source: Microsoft Update Server

Update Stage: Download

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.5202.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 1023
Source Name: Microsoft Antimalware
Time Written: 20091111224423.000000-480
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 2001
Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.69.795.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.5202.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 1022
Source Name: Microsoft Antimalware
Time Written: 20091111224423.000000-480
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 2001
Message: Microsoft Antimalware has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.69.795.0

Update Source: Microsoft Update Server

Update Stage: Install

Source Path: http://www.microsoft.com

Signature Type: AntiVirus

Update Type: Full

User: NT AUTHORITY\SYSTEM

Current Engine Version:

Previous Engine Version: 1.1.5202.0

Error code: 0x80240016

Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Record Number: 1021
Source Name: Microsoft Antimalware
Time Written: 20091111224423.000000-480
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 2504
Message: The server could not bind to the transport \Device\NetBT_Tcpip_{39627F2F-1BA7-4F0D-B4DE-19A4EE09A534}.

Record Number: 972
Source Name: Server
Time Written: 20091111222832.000000-480
Event Type: warning
User:

=====Application event log=====

Computer Name: CHRISHP
Event Code: 11316
Message: Product: Java™ 6 Update 17 -- Error 1316.A network error occurred while attempting to read from the file C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\jre1.6.0_17\jre1.6.0_17-c.msi

Record Number: 357
Source Name: MsiInstaller
Time Written: 20091108214907.000000-480
Event Type: error
User: CHRISHP\HP_Administrator

Computer Name: CHRISHP
Event Code: 1001
Message: Fault bucket 136444030.

Record Number: 84
Source Name: Application Error
Time Written: 20091106230603.000000-420
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0xf18b56ec.

Record Number: 83
Source Name: Application Error
Time Written: 20091106230559.000000-420
Event Type: error
User:

Computer Name: CHRISHP
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 74
Source Name: WinMgmt
Time Written: 20091106181817.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CHRISHP
Event Code: 5603
Message: A provider, OffProv11, has been registered in the WMI namespace, Root\MSAPPS11, but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.

Record Number: 73
Source Name: WinMgmt
Time Written: 20091106181817.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

I believe I followed your directions. txt files listed above as requested. I SURE appreciate your help (I can't tell the first reports from the second reports :( !)

1.) Is it out of line to ask if you could recommend a safe program/way to get thoroughly clean unwanted programs (like Norton when it's trial runs up) off my computer without screwing something up? (I've got Glary's, Revo, and CCleaner but imagine I can get away with just one). Thanks for the link to recommended shareware (I usually go off of users picks from the CNet folks' website).

2.) I had Adobe CS3 (prior to my attempt at) restoring to the manufacturer's original OS & Programs. I backed up all Adobe CS3 files onto my backup HD, but I guess I was supposed to somehow know to deactivate CS3. Now when I plug in my authenticated Adobe code it tells me it is no good?! I got routed around for a few hours by Adobe's Customer Serv. :( Any advice you can offer?

Again I am grateful and may good karma come your way!
"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 19 November 2009 - 06:31 PM

Just a bit about P2P

The log shows that you have been using so called peer-to-peer or file-sharing programmes[/color]). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organisations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."


Let's remove the interloper

Use Windows Explorer to find and delete this folder:

C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete



Also,

the Ask toolbar is not recommended. This toolbar enhances internet browsing and provides a direct link to the "ask.com" search engine. This program is not known to be bundled with spyware - The company strongly denies the toolbar as being malware.

Please read why it might be good to remove it here.

If you choose to remove it then follow the instructions below.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":



Ask Toolbar



Additional instructions can be found here if needed.


Let's run an online scanner to clean up

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Thanks :(
Posted Image
m0le is a proud member of UNITE

#11 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 19 November 2009 - 10:49 PM

Regarding P2P - I downloaded Emule but was afraid to ever use it. I thought it may be another source for legal music (below). I already deleted it!
I don't know if Bittorrent is P2P but I use it strictly for downloading live music (authorized by the bands) at bt.etree.org almost exclusively although there are a few others that have live shows of sharing bands (a bit different genres). The bands believe they play the music, it's not tangible and if fans want to put there time in to figure out how to capture the music and share it then they give them the right to share in the magic than can happen up on the stage (or that's IMHO how they feel). One main rule is that it is done in a sharing way meaning NO PROFITING. Music fans feel grateful to the bands and musical artists along with their sound guys for making it available in this day in age....and oh, especially thankful to the forgotten tapers who put much time, focus, effort & money into perfecting the art of capturing the best quality sound possible at venues all over the world. They take great pride in the recording). If you don't know about it, you should check it out. I don't know your musical tastes, but it's a lot of good people from all over! No smut, Piracy, and people look out for one another....the way it should be;-) :(


>> I am sorry but it was unclear to me about deleting the unknown file or files or entire folder.
>> Am I to delete a.)) the entire assembly folder in c:/Windows or b.)) the System.EnterpriseServices file(s?) as there were multiple in the Windows/Assembly folder?

I hope you can see my screen capture in the Word doc I zipped and uploaded as there were multiple Enterprise files. I don't know if this helps you in knowing that when I put my cursor over the assembly file it says '.NET Framework Assemblies'

I got rid of the Ask Toolbar. Thanks for the tip and because it didn't show up in XP's uninstall your link really helped! (I bookmarked it because of the amount of good info on getting rid of unwanted or unnecessary programs "the right way").

I am running the ESET and will have it over as soon as it is done. Thank you very much!

Attached Files


"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#12 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 20 November 2009 - 05:05 PM

ESET No Found Viruses! :(

- It didn't offer me an option to save a report. I hit finish thinking it would then offer me the option to do so. It took over 9 hours to run! :(
I hope I didn't screw this up....that you needed the report?!

Again I am grateful for the link on how to properly or safely remove programs. I think too many people that do not possess the knowledge or take the time to read direction will download a program like Revo off cnet and then use it as the first option which increases their potential to delete important reg. files, thus making things worse. Speaking from experience, just because one may use a computer a lot and know a few programs very well doesn't make them an expert. I appreciate your help.

Do I need to delete the assembly folder? or the system file(s)?

As I mentioned previously my Adobe CS3 serial number says it is not valid. (not acquired P2P). Is there a file or something I wiped out on my OS reinstall? (I'm sure I can eventually figure something out with patience & Adobe's c.s.)

thank you!
"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 20 November 2009 - 05:54 PM

ESET No Found Viruses! :(

- It didn't offer me an option to save a report. I hit finish thinking it would then offer me the option to do so. It took over 9 hours to run! :)
I hope I didn't screw this up....that you needed the report?!


No, if ESET runs clean there is no log. Perfect :(

Again I am grateful for the link on how to properly or safely remove programs.


You're welcome, it's a good guide.

Just because one may use a computer a lot and know a few programs very well doesn't make them an expert. I appreciate your help.


I don't think there are many BC helpers that consider themselves experts. Thanks though.

Do I need to delete the assembly folder? or the system file(s)?


I've taken a look at this folder and files and I am inclined to leave them. There doesn't seem to be any concrete evidence stating that they are a problem.

As I mentioned previously my Adobe CS3 serial number says it is not valid. (not acquired P2P). Is there a file or something I wiped out on my OS reinstall? (I'm sure I can eventually figure something out with patience & Adobe's c.s.)


I did a quick search and Adobe have apparently messed the installer up. here's a blogger talking about it and the comments are enlightening - particularly Adobe's John Dowdell's comment at or near the top.


Anyway, your PC is in good shape, follow the final instructions to complete the fix.

You're clean. Good stuff! :)


Let's do some clearing up

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it Wrangler Space, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#14 Wrangler Space

Wrangler Space
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SF Bay
  • Local time:01:06 PM

Posted 20 November 2009 - 08:53 PM

M0le,

Thank you SO very much. I ran the OTC and seem to be in great shape! I appreciate ALL of your help, words of wisdom and advice. You've not only helped me but my g.f. as well as I will share the tips you've passed on to me.

I've got to get out tomorrow and pay it forward!


My sincerest gratitude to you,

Wrangler Space



"It is now very clear that techniques of machine-human interfacing, pharmacology of the synthetic variety, all kinds of manipulative techniques, all kinds of data storage, imaging and retrieval techniques. All of this is coalescing toward the potential of a truely demonic or angelic kind of self-imaging of our culture... And the people who are on the demonic side are fully aware of this and hurrying full-tilt forward with their plans to capture everyone as a 100% believing consumer inside some kind of a beige furnished fascism that won't even raise a ripple."
"I can't preach Scientism cause I don't believe it. I can't preach Buddhism cause I can't understand it. The only thing I can preach is the felt presence of immediate experience which for me came through the psychedelics, which are not drugs but plants. It's a perversion of language to try to derail this thing into talk of drugs. There are spirits in the natural world that come to us in this way and so far as I can tell this is the only way that they come to us that is rapid enough for it to have an impact upon us as a global population."
- Terrance McKenna
"For God's sakes give me someone who has the brains enough to make a fool of himself"
- Robert Louis Stevenson

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:06 PM

Posted 26 November 2009 - 05:29 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users