Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible rootkit.d

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Possible rootkit.d

Unread postby Dakeyras » March 11th, 2009, 7:39 am

Hi :)

Very pleased for your good self re the out-come! I apologies about my last set of instructions, I misunderstood your explanation about the XP Back-Up CD-ROMs. Even though the Boot.ini report you posted for myself showed the Recovery Console already present I though it wise since two partitions in evidence to opt for the method I posted, ah well no harm done.

Some Anti-Virus advice:

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time. My personal recommendation however is only have one installed what so ever!

Next:

Always a pleasure to read your posts to myself. If all I assisted provided such excellent information as you do it would make my life so much easier :lol:

OK levity aside do not install anymore new software applications for now unless I ask for something specific. I am perfectly happy to check on the current status of your system still, so lets proceed as follows please:

Next:

Please download Malwarebytes' Anti-Malware to your desktop.

Alternate download link.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Next:

  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
Please make sure that RSIT.exe is on the your Desktop before running the application.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

When completed the above, please post back the following in the order asked for:

  • Any problems encountered and or symptoms ?
  • Malwarebytes' Anti-Malware Log.
  • Both RSIT logs.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: Possible rootkit.d

Unread postby ingots » March 11th, 2009, 9:24 am

Good day!

Thanks for the Anti-Virus program advice. One AV program at a time is indeed my usual mode of operation. Since Norton was pre-installed after the Recovery, I just updated and started that program for convenience sake. I have not started my up old McAfee subscription.

- No new sympoms. I did get two error messages when MBAM was installing, but I clicked the"OK" button for both, and installation appeared to proceed normally. Error messages were:
1) vbAccelerator SGrid II Control
Runtime error '0'
[OK button]
2) 440 automation error
[OK button]


- MBAM log:

Malwarebytes' Anti-Malware 1.34
Database version: 1835
Windows 5.1.2600 Service Pack 3

3/11/2009 9:04:11 AM
mbam-log-2009-03-11 (09-04-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 235928
Time elapsed: 1 hour(s), 2 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


- RSIT log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-03-11 09:15:33
Microsoft Windows XP Professional Service Pack 3
System drive C: has 195 GB (86%) free of 226 GB
Total RAM: 958 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:47 AM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\DISC\DiscGui.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\HP_Administrator.HP\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.trymedia.com (HKLM)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10456 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD46FAB6-EE50-441F-B27B-8B50B3CC4A8C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2005-09-27 1060864]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe [2005-09-27 61440]
""= []
"PCDrProfiler"= []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-08 49512]
"URLLSTCK.exe"=c:\Program Files\Norton Internet Security\UrlLstCk.exe [2005-03-30 22656]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-03-10 100056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-03-11 09:15:33 ----D---- C:\rsit
2009-03-11 07:54:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Malwarebytes
2009-03-11 01:49:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Macromedia
2009-03-11 01:40:57 ----RSHD---- C:\cmdcons
2009-03-11 01:34:59 ----ASH---- C:\Documents and Settings\HP_Administrator.HP\Application Data\desktop.ini
2009-03-11 01:34:53 ----SD---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Microsoft
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Symantec
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Real
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Intuit
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Identities
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Digital Interactive Systems Corporation
2009-03-11 01:31:03 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-03-10 23:49:24 ----D---- C:\Program Files\SymNetDrv
2009-03-10 23:42:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-10 23:33:17 ----D---- C:\WINDOWS\Prefetch
2009-03-10 23:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-10 23:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-10 23:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 23:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-10 23:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-10 23:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-10 23:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-10 23:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-10 23:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-10 23:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-10 23:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-10 23:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-10 23:23:39 ----D---- C:\WINDOWS\system32\scripting
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\en
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\bits
2009-03-10 23:06:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-03-10 23:06:39 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-03-10 23:06:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-03-10 23:06:18 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slserv.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slgen.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-03-10 23:06:12 ----N---- C:\WINDOWS\system32\setupn.exe
2009-03-10 23:06:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-03-10 23:06:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-03-10 23:06:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-03-10 23:06:06 ----N---- C:\WINDOWS\system32\qutil.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagent.dll
2009-03-10 23:06:04 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-03-10 23:06:01 ----N---- C:\WINDOWS\system32\onex.dll
2009-03-10 23:05:58 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napstat.exe
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-03-10 23:05:51 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-03-10 23:05:50 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\mssha.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-03-10 23:05:22 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-03-10 23:05:18 ----A---- C:\WINDOWS\006352_.tmp
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-03-10 23:05:14 ----N---- C:\WINDOWS\system32\credssp.dll
2009-03-10 23:05:11 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-03-10 23:05:10 ----N---- C:\WINDOWS\system32\azroles.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-03-10 23:05:06 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-03-10 23:02:15 ----D---- C:\WINDOWS\system32\PreInstall
2009-03-10 22:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-10 22:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-03-10 22:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-10 22:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-10 22:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-10 22:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-03-10 22:40:26 ----D---- C:\WINDOWS\system32\en-US
2009-03-10 22:37:08 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-03-10 22:35:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-10 22:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-03-10 22:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-03-09 21:16:26 ----D---- C:\WINDOWS\ERUNT
2009-03-09 21:11:27 ----D---- C:\SDFix
2009-03-09 10:50:42 ----SHD---- C:\Config.Msi
2009-03-05 08:45:48 ----D---- C:\Program Files\Trend Micro
2009-03-04 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-04 19:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-04 18:56:07 ----D---- C:\Program Files\Common Files\PC Tools
2009-03-04 18:56:03 ----D---- C:\Program Files\Spyware Doctor
2009-03-04 18:56:03 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-04 13:31:31 ----SHD---- C:\WINDOWS\CSC
2009-03-04 00:00:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-25 23:16:27 ----D---- C:\sj753
2009-02-25 23:15:19 ----D---- C:\col5377
2009-02-24 23:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$

======List of files/folders modified in the last 1 months======

2009-03-11 09:15:42 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-11 08:20:34 ----D---- C:\WINDOWS
2009-03-11 08:03:08 ----D---- C:\WINDOWS\Temp
2009-03-11 08:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-11 07:54:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-11 01:41:19 ----RASH---- C:\boot.ini
2009-03-11 01:40:57 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-03-11 01:40:55 ----D---- C:\WINDOWS\setup.pss
2009-03-11 01:39:22 ----AD---- C:\WINDOWS\system32\pcintro
2009-03-11 01:34:51 ----D---- C:\Documents and Settings
2009-03-11 01:32:42 ----RASH---- C:\BOOT.BAK
2009-03-11 01:31:14 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-11 01:26:19 ----A---- C:\WINDOWS\system.ini
2009-03-11 00:20:04 ----D---- C:\Program Files\Common Files
2009-03-11 00:20:04 ----D---- C:\Program Files
2009-03-11 00:19:36 ----D---- C:\WINDOWS\Registration
2009-03-11 00:19:23 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-11 00:11:30 ----SD---- C:\WINDOWS\Tasks
2009-03-11 00:08:35 ----D---- C:\Program Files\Symantec
2009-03-10 23:59:53 ----D---- C:\WINDOWS\I386
2009-03-10 23:58:28 ----D---- C:\Program Files\Common Files\Services
2009-03-10 23:58:17 ----D---- C:\WINDOWS\system32\ras
2009-03-10 23:58:01 ----D---- C:\WINDOWS\system32\icsxml
2009-03-10 23:58:00 ----D---- C:\WINDOWS\system32\ias
2009-03-10 23:56:46 ----RD---- C:\WINDOWS\Web
2009-03-10 23:56:46 ----D---- C:\WINDOWS\addins
2009-03-10 23:56:42 ----D---- C:\WINDOWS\Media
2009-03-10 23:56:31 ----D---- C:\WINDOWS\Cursors
2009-03-10 23:56:29 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-03-10 23:56:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-03-10 23:56:25 ----AHDC---- C:\WINDOWS\$NtUninstallKB896688$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896422$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB893066$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB892050$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-03-10 23:56:20 ----RHD---- C:\MSOCache
2009-03-10 23:55:58 ----RSD---- C:\WINDOWS\assembly
2009-03-10 23:55:58 ----RD---- C:\WINDOWS\Offline Web Pages
2009-03-10 23:50:00 ----D---- C:\Program Files\Norton Internet Security
2009-03-10 23:49:24 ----SHD---- C:\WINDOWS\Installer
2009-03-10 23:49:15 ----D---- C:\WINDOWS\system32
2009-03-10 23:41:27 ----HD---- C:\WINDOWS\inf
2009-03-10 23:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-10 23:41:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-10 23:41:04 ----D---- C:\Program Files\Messenger
2009-03-10 23:40:54 ----A---- C:\WINDOWS\imsins.BAK
2009-03-10 23:40:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 23:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-10 23:37:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-10 23:33:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-10 23:33:10 ----A---- C:\WINDOWS\setuplog.txt
2009-03-10 23:32:38 ----D---- C:\WINDOWS\system32\Setup
2009-03-10 23:32:38 ----D---- C:\WINDOWS\ime
2009-03-10 23:32:37 ----D---- C:\WINDOWS\system32\wbem
2009-03-10 23:32:37 ----D---- C:\WINDOWS\AppPatch
2009-03-10 23:32:36 ----RSD---- C:\WINDOWS\Fonts
2009-03-10 23:31:56 ----D---- C:\WINDOWS\security
2009-03-10 23:28:49 ----D---- C:\WINDOWS\WinSxS
2009-03-10 23:23:57 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-10 23:23:56 ----D---- C:\WINDOWS\Help
2009-03-10 23:23:40 ----D---- C:\WINDOWS\system32\usmt
2009-03-10 23:23:38 ----D---- C:\WINDOWS\PeerNet
2009-03-10 23:23:38 ----D---- C:\Program Files\Movie Maker
2009-03-10 23:23:24 ----D---- C:\WINDOWS\system32\Restore
2009-03-10 23:23:23 ----D---- C:\WINDOWS\system32\npp
2009-03-10 23:23:23 ----D---- C:\WINDOWS\mui
2009-03-10 23:23:22 ----D---- C:\WINDOWS\msagent
2009-03-10 23:23:20 ----D---- C:\WINDOWS\srchasst
2009-03-10 23:23:19 ----D---- C:\Program Files\NetMeeting
2009-03-10 23:23:17 ----D---- C:\WINDOWS\system32\Com
2009-03-10 23:23:14 ----D---- C:\Program Files\Windows NT
2009-03-10 23:23:14 ----D---- C:\Program Files\Outlook Express
2009-03-10 23:23:10 ----D---- C:\Program Files\Common Files\System
2009-03-10 23:22:53 ----D---- C:\WINDOWS\system32\oobe
2009-03-10 23:22:51 ----D---- C:\WINDOWS\system
2009-03-10 23:19:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-10 23:19:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-10 23:14:06 ----AD---- C:\WINDOWS\ehome
2009-03-10 23:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-03-10 23:01:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-03-10 22:52:56 ----HD---- C:\hp
2009-03-10 22:52:55 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2009-03-10 22:50:58 ----D---- C:\Program Files\Internet Explorer
2009-03-10 22:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-10 22:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-10 22:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-03-10 22:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-03-10 22:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-10 22:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-03-10 22:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-03-10 22:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-03-10 22:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-03-10 22:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-03-10 22:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-03-10 22:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-03-10 22:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-10 22:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-10 22:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-10 22:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-10 22:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-10 22:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-03-10 22:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-10 22:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-10 22:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-03-10 22:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-10 22:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-03-10 22:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-10 22:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-03-10 22:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-03-10 22:40:36 ----D---- C:\WINDOWS\system32\config
2009-03-10 22:40:06 ----HDC---- C:\WINDOWS\ie7
2009-03-10 22:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-03-10 22:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-03-10 22:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-03-10 22:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-03-10 22:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-03-10 22:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-03-10 22:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-03-10 22:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-03-10 22:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-03-10 22:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-03-10 22:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-03-10 22:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-03-10 22:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-03-10 22:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-03-10 22:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-03-10 22:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-03-10 22:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-03-10 22:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-03-10 22:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-03-10 22:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-03-10 22:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-03-10 22:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-03-10 22:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-03-10 22:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-03-10 22:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-03-10 22:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-03-10 22:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-03-10 22:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-03-10 22:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-03-10 22:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-03-10 22:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-03-10 22:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-03-10 22:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-03-10 22:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-03-10 22:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-03-10 22:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-03-10 22:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-03-10 22:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-03-10 22:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-03-10 22:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-03-10 22:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-03-10 22:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-03-10 22:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-03-10 22:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-03-10 22:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-03-10 22:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-03-10 22:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-03-10 22:26:11 ----D---- C:\Program Files\Windows Media Player
2009-03-10 22:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-03-10 22:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-03-10 22:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-03-10 22:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-03-10 22:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-03-10 22:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-03-10 22:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-03-10 22:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-03-10 22:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-03-10 22:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-03-10 22:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-03-10 22:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-03-10 22:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-03-10 22:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-03-10 22:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-03-10 22:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-03-10 22:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-03-09 22:17:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-04 19:46:22 ----D---- C:\WINDOWS\network diagnostic
2009-03-04 12:03:04 ----D---- C:\6a971ded06646a105f683b
2009-03-03 09:19:10 ----SHD---- C:\RECYCLER
2009-02-25 17:00:05 ----A---- C:\WINDOWS\hpfccopy.INI
2009-02-20 16:19:44 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 36352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-30 3644928]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-17 100480]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-16 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-16 220928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090304.017\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090304.017\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090303.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-16 703232]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-08 185704]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-06-13 239264]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-08 177512]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 ISSVC;ISSvc; c:\Program Files\Norton Internet Security\ISSVC.exe [2005-03-30 83584]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2005-10-07 128112]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-02-25 992864]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-03 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2008-01-08 83304]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------




- RSIT info.txt logfile

info.txt logfile of random's system information tool 1.05 2009-03-11 09:15:51

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\AF012B1F-AFCE-45DB-8D6C-8AB06ADC1D6F\Uninstall.exe"
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AstroPop Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E44A47AF-C94B-4E3F-81A0-979FBA9DAC57\Uninstall.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barnyard Invasion from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\049D60AF-B425-4F8A-BD66-9D8C1B519D59\Uninstall.exe"
Bejeweled 2 Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\47D5A62B-1B41-4DB1-8267-ADA434FA782B\Uninstall.exe"
Blackhawk Striker 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe"
Blasterball 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe"
Blasterball 2 Remix from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe"
Boggle Supreme from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\90EA5584-4290-407B-B8F2-D6E6D65A4796\Uninstall.exe"
Bookworm Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E59F75D0-A38B-40F4-ABA2-CA35A7735473\Uninstall.exe"
Bounce Symphony from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe"
CC_ccProxyExt-->MsiExec.exe /I{DA42FDCA-7C5A-43EF-9A05-CCE148ADF919}
ccCommon-->MsiExec.exe /I{D8F6834B-D5E7-4451-8681-B051ABD8561D}
ccPxyCore-->MsiExec.exe /I{FC08587A-4F01-4188-819F-F55880022917}
Chuzzle Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BA42B721-D70B-4412-ABA6-057B5823FDE9\Uninstall.exe"
Crystal Maze from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -IAsu200Ck.inf
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Family Feud-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\413773DA-62DE-4C4C-A0F9-10EFB9317DE5\Uninstall.exe"
FATE from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3320769C-062B-4670-BD6B-AA4B3D0E9903\Uninstall.exe"
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /I{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software-->C:\HP\KBD\Install.exe /remove
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.A-->"C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Insaniquarium Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A09026AE-8F16-4929-B4E6-1825535844DB\Uninstall.exe"
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Lemonade Tycoon 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F38688AF-57C2-4A9C-BFEF-25F3AEC11F1E\Uninstall.exe"
Lexibox Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Mah Jong Quest from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\538B9061-0C77-4FB2-903F-EC42A1FF5DD8\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7137AFD-4E43-47A6-BDC7-533808F72B36}\setup.exe" -l0x9
muvee autoProducer unPlugged 1.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DFB0FED6-0010-4E9B-A402-E513F2459161}\setup.exe" -l0x9
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Internet Security-->MsiExec.exe /I{A93C9E60-29B6-49da-BA21-F70AC6AADE20}
Norton Internet Security-->MsiExec.exe /I{AADFE0B9-F905-4d5f-A144-0ADB2EFA747B}
Norton Internet Security-->MsiExec.exe /I{C9D599E1-6B68-4a1f-8A4F-A1DB433DB1BF}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Internet Security-->MsiExec.exe /I{FC2C0536-583C-46c0-844A-62CECAE01F22}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Norton WMI Update-->MsiExec.exe /X{E85FA9A1-C241-4698-893B-DD99509B8DB0}
Norton WMI Update-->MsiExec.exe /X{F64306A5-4C32-41bb-B153-53986527FAB4}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Polar Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe"
Polar Golfer from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0814ADC6-5B36-4144-A8EA-439C36B1BB11\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove IntelliMover Demo-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c "C:\Program Files\IntelliMoverDemo\clean.bat"
Ricochet Lost Worlds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0AA27562-3C4E-4860-8742-7ADEBE2EFC43\Uninstall.exe"
SCRABBLE from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B7217206-A362-446B-A0F7-A2622B82F821\Uninstall.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Shooting Stars Pool from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B2AA88B1-4920-462B-9F7C-019782B3C4DB\Uninstall.exe"
Shrek 2 Ogre Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe"
Slingo Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E0998E52-9D08-4AEE-A4F5-0BB1D8537F6E\Uninstall.exe"
Snowboard SuperJam from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\038D56DF-B15D-47F7-959F-59FA1FBB63FC\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Super Granny from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe"
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Tradewinds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908250-->"C:\WINDOWS\$NtUninstallKB908250$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Zuma Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\901E0096-B2AC-469E-A99E-2725A39C0B47\Uninstall.exe"

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

System event log

Computer Name: HP
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090311003535.000000-300
Event Type: information
User:

Computer Name: HP
Event Code: 49157
Message: INIT: BIOS TV signature not found

Record Number: 4
Source Name: ati2mtag
Time Written: 20090311003459.000000-300
Event Type: information
User:

Computer Name: HP
Event Code: 6005
Message: The Event log service was started.

Record Number: 3
Source Name: EventLog
Time Written: 20090311003437.000000-300
Event Type: information
User:

Computer Name: HP
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 2
Source Name: EventLog
Time Written: 20090311003437.000000-300
Event Type: information
User:

Computer Name: HP
Event Code: 115
Message: System Restore monitoring was enabled on all drives.

Record Number: 1
Source Name: SRService
Time Written: 20090311003339.000000-300
Event Type: information
User:

Application event log

Computer Name: HP
Event Code: 35
Message: The 'Symantec Event Manager' service has started.

Record Number: 5
Source Name: ccEvtMgr
Time Written: 20090311003454.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 34
Message: The 'Symantec Event Manager' service is starting.

Record Number: 4
Source Name: ccEvtMgr
Time Written: 20090311003450.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 35
Message: The 'Symantec Settings Manager' service has started.

Record Number: 3
Source Name: ccSetMgr
Time Written: 20090311003450.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 34
Message: The 'Symantec Settings Manager' service is starting.

Record Number: 2
Source Name: ccSetMgr
Time Written: 20090311003443.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: HP
Event Code: 34
Message: The 'Symantec Network Proxy' service is starting.

Record Number: 1
Source Name: ccProxy
Time Written: 20090311003443.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 43 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2b01
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------
ingots
Regular Member
 
Posts: 15
Joined: March 5th, 2009, 8:43 am

Re: Possible rootkit.d

Unread postby Dakeyras » March 11th, 2009, 11:43 am

Hi :)

Good day!

Thanks for the Anti-Virus program advice. One AV program at a time is indeed my usual mode of operation. Since Norton was pre-installed after the Recovery, I just updated and started that program for convenience sake. I have not started my up old McAfee subscription.

You're weclome! Absoutely fine re Norton, however once updates are no longer able to be downloaded, for example either the trial/subsription expires. Either renew the subscription. Remove Noton fully with this application and download one of the two freeware applications listed below:


Re the problems installing MBAM that appears to be a actuall programming language problem and not really my forte. However if any problems occur again when attempting to use MBAM, I found this topic pertaing to the subject matter at hand in the Malwarebytes Forum.

Trusted Zone Advice:

You really should not have any website in the Trusted Zone of Internet Explorer. The reason being the default security settings in the Trusted Zone are set too low, which makes it unsafe. Plus it should not be necessary for any remote server to have that level of access. Plenty of good & reputable sites get hacked to host malware; advertising networks are renowned for serving malware which can appear on any site. The best policy is to remove anything from the Trusted Zone unless it's absolutely required in order for the site to work & you trust that site implicitly.

My advice would be to carry out the below:

Right click Here and select Save Target As... to download WinHelp2002's DelDomains.inf. Please save the file somewhere you can find it like on the desktop. To run the inf file, right click on it and select Install.

Update both the Adobe Reader and the Java installations:

Both of these applications when out of date pose a security risk and a possible back-door for malware.

Now please go to Start >> Control Panel >> Add/Remove Programs and remove the following (if present):

Adobe Reader 7.0
J2SE Runtime Environment 5.0


Note: Take extra care in answering questions posed by any Uninstaller. Some questions may be worded to deceive you into keeping the program.

My personal advice about the above is if you do not use them just uninstall and do not bother upgrading. However is you wish to do so, explained as follows:

New Adobe Reader Installation:

  • Please download Adobe Reader 9 to your PC's desktop.
  • Install the new downloaded updated software.
  • If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
Note: Adobe 9 is a large program and if you prefer a smaller program you can get Foxit 2.3 instead from here.

If you choose to install FoxitReader, be carefull not to install anything to do with AskBar.

New Java Installation:

  • Click here to visit Java's website.
  • Scroll down to Java SE Runtime Environment (JRE) 6 Update 12. Click on Download.
  • Select Windows from the drop-down list for Platform.
  • Select Multi-language from the drop-down list for Language.
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  • Click on jre-6u12-windows-i586-p.exe link to download it and save this to a convenient location.
  • Double click on jre-6u12-windows-i586-p.exe to install Java.

Next:

Please go here to run an online scanner from ESET.

Note: You will need to use nternet explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following:

  • Any problems encountered?
  • Eset scan results.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Possible rootkit.d

Unread postby ingots » March 11th, 2009, 4:52 pm

Okay! Things are looking better in general.

WinHelp2002's DelDomains.inf is installed

AdobeReader 7.0 and J2SERuntime Environment 5.0 are uninstalled
Adobe Reader 9.1 and J2SE Runtime Environment 6 Update 12 are intalled.

I cannot run the ESET scanner. After I OK the ActiveX, I get an IE Security Warning that says, "Windows has blocked this software because it can't verify the publisher. Name: OnlineScanner.cab Publisher: Unknown publisher." Clicked the OK button just closes out the Warning. I couldn't figure out how to trick IE into taking it thru Tools/Options/ Content/Publishers. :oops:

RSIT logfile:

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-03-11 16:44:01
Microsoft Windows XP Professional Service Pack 3
System drive C: has 195 GB (86%) free of 226 GB
Total RAM: 958 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:07 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\DISC\DiscGui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\HP_Administrator.HP\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10820 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD46FAB6-EE50-441F-B27B-8B50B3CC4A8C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2005-09-27 1060864]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe [2005-09-27 61440]
""= []
"PCDrProfiler"= []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-08 49512]
"URLLSTCK.exe"=c:\Program Files\Norton Internet Security\UrlLstCk.exe [2005-03-30 22656]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-03-10 100056]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-11 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall getPlus(R) for Adobe"=C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\java.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-11 15:50:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-11 15:50:34 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Adobe
2009-03-11 15:49:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-11 15:49:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-11 15:47:17 ----D---- C:\Program Files\NOS
2009-03-11 15:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-03-11 15:41:01 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Sun
2009-03-11 15:40:14 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-11 09:15:33 ----D---- C:\rsit
2009-03-11 07:54:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Malwarebytes
2009-03-11 01:49:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Macromedia
2009-03-11 01:40:57 ----RSHD---- C:\cmdcons
2009-03-11 01:34:59 ----ASH---- C:\Documents and Settings\HP_Administrator.HP\Application Data\desktop.ini
2009-03-11 01:34:53 ----SD---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Microsoft
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Symantec
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Real
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Intuit
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Identities
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Digital Interactive Systems Corporation
2009-03-11 01:31:03 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-03-10 23:49:24 ----D---- C:\Program Files\SymNetDrv
2009-03-10 23:42:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-10 23:33:17 ----D---- C:\WINDOWS\Prefetch
2009-03-10 23:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-10 23:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-10 23:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 23:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-10 23:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-10 23:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-10 23:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-10 23:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-10 23:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-10 23:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-10 23:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-10 23:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-10 23:23:39 ----D---- C:\WINDOWS\system32\scripting
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\en
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\bits
2009-03-10 23:06:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-03-10 23:06:39 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-03-10 23:06:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-03-10 23:06:18 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slserv.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slgen.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-03-10 23:06:12 ----N---- C:\WINDOWS\system32\setupn.exe
2009-03-10 23:06:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-03-10 23:06:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-03-10 23:06:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-03-10 23:06:06 ----N---- C:\WINDOWS\system32\qutil.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagent.dll
2009-03-10 23:06:04 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-03-10 23:06:01 ----N---- C:\WINDOWS\system32\onex.dll
2009-03-10 23:05:58 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napstat.exe
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-03-10 23:05:51 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-03-10 23:05:50 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\mssha.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-03-10 23:05:22 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-03-10 23:05:18 ----A---- C:\WINDOWS\006352_.tmp
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-03-10 23:05:14 ----N---- C:\WINDOWS\system32\credssp.dll
2009-03-10 23:05:11 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-03-10 23:05:10 ----N---- C:\WINDOWS\system32\azroles.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-03-10 23:05:06 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-03-10 23:02:15 ----D---- C:\WINDOWS\system32\PreInstall
2009-03-10 22:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-10 22:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-03-10 22:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-10 22:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-10 22:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-10 22:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-03-10 22:40:26 ----D---- C:\WINDOWS\system32\en-US
2009-03-10 22:37:08 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-03-10 22:35:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-10 22:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-03-10 22:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-03-09 21:16:26 ----D---- C:\WINDOWS\ERUNT
2009-03-09 21:11:27 ----D---- C:\SDFix
2009-03-09 10:50:42 ----SHD---- C:\Config.Msi
2009-03-05 08:45:48 ----D---- C:\Program Files\Trend Micro
2009-03-04 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-04 19:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-04 18:56:07 ----D---- C:\Program Files\Common Files\PC Tools
2009-03-04 18:56:03 ----D---- C:\Program Files\Spyware Doctor
2009-03-04 18:56:03 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-04 13:31:31 ----SHD---- C:\WINDOWS\CSC
2009-03-04 00:00:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-25 23:16:27 ----D---- C:\sj753
2009-02-25 23:15:19 ----D---- C:\col5377
2009-02-24 23:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$

======List of files/folders modified in the last 1 months======

2009-03-11 16:24:34 ----D---- C:\WINDOWS\Temp
2009-03-11 16:12:00 ----D---- C:\WINDOWS\Help
2009-03-11 15:56:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-11 15:56:22 ----SHD---- C:\WINDOWS\Installer
2009-03-11 15:56:20 ----D---- C:\WINDOWS\system32
2009-03-11 15:51:00 ----D---- C:\Program Files\Adobe
2009-03-11 15:50:40 ----D---- C:\Program Files\Common Files
2009-03-11 15:50:02 ----D---- C:\WINDOWS\WinSxS
2009-03-11 15:47:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-11 15:47:17 ----D---- C:\Program Files
2009-03-11 15:44:25 ----D---- C:\WINDOWS
2009-03-11 15:43:40 ----D---- C:\WINDOWS\Registration
2009-03-11 15:43:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-11 15:42:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-11 15:41:13 ----D---- C:\Program Files\Java
2009-03-11 07:54:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-11 01:41:19 ----RASH---- C:\boot.ini
2009-03-11 01:40:57 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-03-11 01:40:55 ----D---- C:\WINDOWS\setup.pss
2009-03-11 01:39:22 ----AD---- C:\WINDOWS\system32\pcintro
2009-03-11 01:34:51 ----D---- C:\Documents and Settings
2009-03-11 01:32:42 ----RASH---- C:\BOOT.BAK
2009-03-11 01:31:14 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-11 01:26:19 ----A---- C:\WINDOWS\system.ini
2009-03-11 00:11:30 ----SD---- C:\WINDOWS\Tasks
2009-03-11 00:08:35 ----D---- C:\Program Files\Symantec
2009-03-10 23:59:53 ----D---- C:\WINDOWS\I386
2009-03-10 23:58:28 ----D---- C:\Program Files\Common Files\Services
2009-03-10 23:58:17 ----D---- C:\WINDOWS\system32\ras
2009-03-10 23:58:01 ----D---- C:\WINDOWS\system32\icsxml
2009-03-10 23:58:00 ----D---- C:\WINDOWS\system32\ias
2009-03-10 23:56:46 ----RD---- C:\WINDOWS\Web
2009-03-10 23:56:46 ----D---- C:\WINDOWS\addins
2009-03-10 23:56:42 ----D---- C:\WINDOWS\Media
2009-03-10 23:56:31 ----D---- C:\WINDOWS\Cursors
2009-03-10 23:56:29 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-03-10 23:56:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-03-10 23:56:25 ----AHDC---- C:\WINDOWS\$NtUninstallKB896688$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896422$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB893066$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB892050$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-03-10 23:56:20 ----RHD---- C:\MSOCache
2009-03-10 23:55:58 ----RSD---- C:\WINDOWS\assembly
2009-03-10 23:55:58 ----RD---- C:\WINDOWS\Offline Web Pages
2009-03-10 23:50:00 ----D---- C:\Program Files\Norton Internet Security
2009-03-10 23:41:27 ----HD---- C:\WINDOWS\inf
2009-03-10 23:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-10 23:41:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-10 23:41:04 ----D---- C:\Program Files\Messenger
2009-03-10 23:40:54 ----A---- C:\WINDOWS\imsins.BAK
2009-03-10 23:40:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 23:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-10 23:37:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-10 23:33:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-10 23:33:10 ----A---- C:\WINDOWS\setuplog.txt
2009-03-10 23:32:38 ----D---- C:\WINDOWS\system32\Setup
2009-03-10 23:32:38 ----D---- C:\WINDOWS\ime
2009-03-10 23:32:37 ----D---- C:\WINDOWS\system32\wbem
2009-03-10 23:32:37 ----D---- C:\WINDOWS\AppPatch
2009-03-10 23:32:36 ----RSD---- C:\WINDOWS\Fonts
2009-03-10 23:31:56 ----D---- C:\WINDOWS\security
2009-03-10 23:23:57 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-10 23:23:40 ----D---- C:\WINDOWS\system32\usmt
2009-03-10 23:23:38 ----D---- C:\WINDOWS\PeerNet
2009-03-10 23:23:38 ----D---- C:\Program Files\Movie Maker
2009-03-10 23:23:24 ----D---- C:\WINDOWS\system32\Restore
2009-03-10 23:23:23 ----D---- C:\WINDOWS\system32\npp
2009-03-10 23:23:23 ----D---- C:\WINDOWS\mui
2009-03-10 23:23:22 ----D---- C:\WINDOWS\msagent
2009-03-10 23:23:20 ----D---- C:\WINDOWS\srchasst
2009-03-10 23:23:19 ----D---- C:\Program Files\NetMeeting
2009-03-10 23:23:17 ----D---- C:\WINDOWS\system32\Com
2009-03-10 23:23:14 ----D---- C:\Program Files\Windows NT
2009-03-10 23:23:14 ----D---- C:\Program Files\Outlook Express
2009-03-10 23:23:10 ----D---- C:\Program Files\Common Files\System
2009-03-10 23:22:53 ----D---- C:\WINDOWS\system32\oobe
2009-03-10 23:22:51 ----D---- C:\WINDOWS\system
2009-03-10 23:19:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-10 23:19:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-10 23:14:06 ----AD---- C:\WINDOWS\ehome
2009-03-10 23:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-03-10 23:01:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-03-10 22:52:56 ----HD---- C:\hp
2009-03-10 22:52:55 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2009-03-10 22:50:58 ----D---- C:\Program Files\Internet Explorer
2009-03-10 22:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-10 22:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-10 22:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-03-10 22:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-03-10 22:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-10 22:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-03-10 22:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-03-10 22:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-03-10 22:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-03-10 22:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-03-10 22:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-03-10 22:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-03-10 22:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-10 22:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-10 22:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-10 22:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-10 22:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-10 22:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-03-10 22:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-10 22:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-10 22:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-03-10 22:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-10 22:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-03-10 22:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-10 22:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-03-10 22:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-03-10 22:40:36 ----D---- C:\WINDOWS\system32\config
2009-03-10 22:40:06 ----HDC---- C:\WINDOWS\ie7
2009-03-10 22:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-03-10 22:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-03-10 22:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-03-10 22:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-03-10 22:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-03-10 22:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-03-10 22:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-03-10 22:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-03-10 22:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-03-10 22:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-03-10 22:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-03-10 22:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-03-10 22:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-03-10 22:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-03-10 22:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-03-10 22:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-03-10 22:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-03-10 22:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-03-10 22:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-03-10 22:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-03-10 22:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-03-10 22:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-03-10 22:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-03-10 22:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-03-10 22:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-03-10 22:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-03-10 22:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-03-10 22:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-03-10 22:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-03-10 22:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-03-10 22:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-03-10 22:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-03-10 22:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-03-10 22:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-03-10 22:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-03-10 22:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-03-10 22:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-03-10 22:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-03-10 22:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-03-10 22:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-03-10 22:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-03-10 22:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-03-10 22:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-03-10 22:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-03-10 22:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-03-10 22:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-03-10 22:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-03-10 22:26:11 ----D---- C:\Program Files\Windows Media Player
2009-03-10 22:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-03-10 22:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-03-10 22:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-03-10 22:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-03-10 22:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-03-10 22:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-03-10 22:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-03-10 22:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-03-10 22:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-03-10 22:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-03-10 22:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-03-10 22:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-03-10 22:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-03-10 22:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-03-10 22:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-03-10 22:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-03-10 22:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-03-09 22:17:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-04 19:46:22 ----D---- C:\WINDOWS\network diagnostic
2009-03-04 12:03:04 ----D---- C:\6a971ded06646a105f683b
2009-03-03 09:19:10 ----SHD---- C:\RECYCLER
2009-02-25 17:00:05 ----A---- C:\WINDOWS\hpfccopy.INI
2009-02-20 16:19:44 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 36352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-30 3644928]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-17 100480]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-16 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-16 220928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090303.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-16 703232]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-08 185704]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-06-13 239264]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-08 177512]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 ISSVC;ISSvc; c:\Program Files\Norton Internet Security\ISSVC.exe [2005-03-30 83584]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2005-10-07 128112]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-02-25 992864]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-03 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2008-01-08 83304]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------
ingots
Regular Member
 
Posts: 15
Joined: March 5th, 2009, 8:43 am

Re: Possible rootkit.d

Unread postby Dakeyras » March 11th, 2009, 5:41 pm

Hi :)

OK no problem re the online scanner, we will try a alternative one:

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

This online tuturial will help explain how to use the aforementioned online scan.

Note: Even if nothing found I would still like to view the results.

Next:

Please make sure that RSIT.exe is still on the Desktop.(if not inform myself straight away please)

  • Double click once on RSIT.exe
  • RSIT will start running, at the disclaimer click on Continue.
  • When done, 1 log will be produced.
  • Post that in your next reply.

When completed the above, please post back the following:

  • Any problems encountered?
  • Kaspersky scan results.
  • A new RSIT Log.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Possible rootkit.d

Unread postby ingots » March 11th, 2009, 9:51 pm

Here you go!

- no new problems

- Kaspersky report: Took about 3 hours. Looks like it found something.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, March 11, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, March 11, 2009 23:09:05
Records in database: 1890092
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 166283
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 03:12:13


File name / Threat name / Threats count
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Trojan-Spy.HTML.Bayfraud.ev 1

The selected area was scanned.


RSIT report:

Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-03-11 21:46:25
Microsoft Windows XP Professional Service Pack 3
System drive C: has 195 GB (86%) free of 226 GB
Total RAM: 958 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:32 PM, on 3/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\HP_Administrator.HP\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [Uninstall getPlus(R) for Adobe] "C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1noarp
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10589 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD46FAB6-EE50-441F-B27B-8B50B3CC4A8C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2005-09-27 1060864]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe [2005-09-27 61440]
""= []
"PCDrProfiler"= []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-08 49512]
"URLLSTCK.exe"=c:\Program Files\Norton Internet Security\UrlLstCk.exe [2005-03-30 22656]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-03-10 100056]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-11 148888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall getPlus(R) for Adobe"=C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\java.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-11 15:50:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-11 15:50:34 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Adobe
2009-03-11 15:49:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-11 15:49:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-11 15:47:17 ----D---- C:\Program Files\NOS
2009-03-11 15:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-03-11 15:41:01 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Sun
2009-03-11 15:40:14 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-11 09:15:33 ----D---- C:\rsit
2009-03-11 07:54:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Malwarebytes
2009-03-11 01:49:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Macromedia
2009-03-11 01:40:57 ----RSHD---- C:\cmdcons
2009-03-11 01:34:59 ----ASH---- C:\Documents and Settings\HP_Administrator.HP\Application Data\desktop.ini
2009-03-11 01:34:53 ----SD---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Microsoft
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Symantec
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Real
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Intuit
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Identities
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Digital Interactive Systems Corporation
2009-03-11 01:31:03 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-03-10 23:49:24 ----D---- C:\Program Files\SymNetDrv
2009-03-10 23:42:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-10 23:33:17 ----D---- C:\WINDOWS\Prefetch
2009-03-10 23:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-10 23:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-10 23:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 23:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-10 23:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-10 23:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-10 23:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-10 23:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-10 23:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-10 23:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-10 23:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-10 23:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-10 23:23:39 ----D---- C:\WINDOWS\system32\scripting
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\en
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\bits
2009-03-10 23:06:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-03-10 23:06:39 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-03-10 23:06:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-03-10 23:06:18 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slserv.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slgen.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-03-10 23:06:12 ----N---- C:\WINDOWS\system32\setupn.exe
2009-03-10 23:06:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-03-10 23:06:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-03-10 23:06:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-03-10 23:06:06 ----N---- C:\WINDOWS\system32\qutil.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagent.dll
2009-03-10 23:06:04 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-03-10 23:06:01 ----N---- C:\WINDOWS\system32\onex.dll
2009-03-10 23:05:58 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napstat.exe
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-03-10 23:05:51 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-03-10 23:05:50 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\mssha.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-03-10 23:05:22 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-03-10 23:05:18 ----A---- C:\WINDOWS\006352_.tmp
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-03-10 23:05:14 ----N---- C:\WINDOWS\system32\credssp.dll
2009-03-10 23:05:11 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-03-10 23:05:10 ----N---- C:\WINDOWS\system32\azroles.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-03-10 23:05:06 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-03-10 23:02:15 ----D---- C:\WINDOWS\system32\PreInstall
2009-03-10 22:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-10 22:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-03-10 22:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-10 22:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-10 22:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-10 22:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-03-10 22:40:26 ----D---- C:\WINDOWS\system32\en-US
2009-03-10 22:37:08 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-03-10 22:35:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-10 22:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-03-10 22:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-03-09 21:16:26 ----D---- C:\WINDOWS\ERUNT
2009-03-09 21:11:27 ----D---- C:\SDFix
2009-03-09 10:50:42 ----SHD---- C:\Config.Msi
2009-03-05 08:45:48 ----D---- C:\Program Files\Trend Micro
2009-03-04 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-04 19:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-04 18:56:07 ----D---- C:\Program Files\Common Files\PC Tools
2009-03-04 18:56:03 ----D---- C:\Program Files\Spyware Doctor
2009-03-04 18:56:03 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-04 13:31:31 ----SHD---- C:\WINDOWS\CSC
2009-03-04 00:00:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-25 23:16:27 ----D---- C:\sj753
2009-02-25 23:15:19 ----D---- C:\col5377
2009-02-24 23:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$

======List of files/folders modified in the last 1 months======

2009-03-11 21:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-11 21:44:26 ----D---- C:\WINDOWS
2009-03-11 21:27:16 ----D---- C:\WINDOWS\Temp
2009-03-11 18:02:39 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-11 16:12:00 ----D---- C:\WINDOWS\Help
2009-03-11 15:56:22 ----SHD---- C:\WINDOWS\Installer
2009-03-11 15:56:20 ----D---- C:\WINDOWS\system32
2009-03-11 15:51:00 ----D---- C:\Program Files\Adobe
2009-03-11 15:50:40 ----D---- C:\Program Files\Common Files
2009-03-11 15:50:02 ----D---- C:\WINDOWS\WinSxS
2009-03-11 15:47:18 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-11 15:47:17 ----D---- C:\Program Files
2009-03-11 15:43:40 ----D---- C:\WINDOWS\Registration
2009-03-11 15:43:32 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-11 15:41:13 ----D---- C:\Program Files\Java
2009-03-11 07:54:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-11 01:41:19 ----RASH---- C:\boot.ini
2009-03-11 01:40:57 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-03-11 01:40:55 ----D---- C:\WINDOWS\setup.pss
2009-03-11 01:39:22 ----AD---- C:\WINDOWS\system32\pcintro
2009-03-11 01:34:51 ----D---- C:\Documents and Settings
2009-03-11 01:32:42 ----RASH---- C:\BOOT.BAK
2009-03-11 01:31:14 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-11 01:26:19 ----A---- C:\WINDOWS\system.ini
2009-03-11 00:11:30 ----SD---- C:\WINDOWS\Tasks
2009-03-11 00:08:35 ----D---- C:\Program Files\Symantec
2009-03-10 23:59:53 ----D---- C:\WINDOWS\I386
2009-03-10 23:58:28 ----D---- C:\Program Files\Common Files\Services
2009-03-10 23:58:17 ----D---- C:\WINDOWS\system32\ras
2009-03-10 23:58:01 ----D---- C:\WINDOWS\system32\icsxml
2009-03-10 23:58:00 ----D---- C:\WINDOWS\system32\ias
2009-03-10 23:56:46 ----RD---- C:\WINDOWS\Web
2009-03-10 23:56:46 ----D---- C:\WINDOWS\addins
2009-03-10 23:56:42 ----D---- C:\WINDOWS\Media
2009-03-10 23:56:31 ----D---- C:\WINDOWS\Cursors
2009-03-10 23:56:29 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-03-10 23:56:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-03-10 23:56:25 ----AHDC---- C:\WINDOWS\$NtUninstallKB896688$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896422$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB893066$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB892050$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-03-10 23:56:20 ----RHD---- C:\MSOCache
2009-03-10 23:55:58 ----RSD---- C:\WINDOWS\assembly
2009-03-10 23:55:58 ----RD---- C:\WINDOWS\Offline Web Pages
2009-03-10 23:50:00 ----D---- C:\Program Files\Norton Internet Security
2009-03-10 23:41:27 ----HD---- C:\WINDOWS\inf
2009-03-10 23:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-10 23:41:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-10 23:41:04 ----D---- C:\Program Files\Messenger
2009-03-10 23:40:54 ----A---- C:\WINDOWS\imsins.BAK
2009-03-10 23:40:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 23:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-10 23:37:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-10 23:33:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-10 23:33:10 ----A---- C:\WINDOWS\setuplog.txt
2009-03-10 23:32:38 ----D---- C:\WINDOWS\system32\Setup
2009-03-10 23:32:38 ----D---- C:\WINDOWS\ime
2009-03-10 23:32:37 ----D---- C:\WINDOWS\system32\wbem
2009-03-10 23:32:37 ----D---- C:\WINDOWS\AppPatch
2009-03-10 23:32:36 ----RSD---- C:\WINDOWS\Fonts
2009-03-10 23:31:56 ----D---- C:\WINDOWS\security
2009-03-10 23:23:57 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-10 23:23:40 ----D---- C:\WINDOWS\system32\usmt
2009-03-10 23:23:38 ----D---- C:\WINDOWS\PeerNet
2009-03-10 23:23:38 ----D---- C:\Program Files\Movie Maker
2009-03-10 23:23:24 ----D---- C:\WINDOWS\system32\Restore
2009-03-10 23:23:23 ----D---- C:\WINDOWS\system32\npp
2009-03-10 23:23:23 ----D---- C:\WINDOWS\mui
2009-03-10 23:23:22 ----D---- C:\WINDOWS\msagent
2009-03-10 23:23:20 ----D---- C:\WINDOWS\srchasst
2009-03-10 23:23:19 ----D---- C:\Program Files\NetMeeting
2009-03-10 23:23:17 ----D---- C:\WINDOWS\system32\Com
2009-03-10 23:23:14 ----D---- C:\Program Files\Windows NT
2009-03-10 23:23:14 ----D---- C:\Program Files\Outlook Express
2009-03-10 23:23:10 ----D---- C:\Program Files\Common Files\System
2009-03-10 23:22:53 ----D---- C:\WINDOWS\system32\oobe
2009-03-10 23:22:51 ----D---- C:\WINDOWS\system
2009-03-10 23:19:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-10 23:19:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-10 23:14:06 ----AD---- C:\WINDOWS\ehome
2009-03-10 23:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-03-10 23:01:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-03-10 22:52:56 ----HD---- C:\hp
2009-03-10 22:52:55 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2009-03-10 22:50:58 ----D---- C:\Program Files\Internet Explorer
2009-03-10 22:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-10 22:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-10 22:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-03-10 22:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-03-10 22:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-10 22:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-03-10 22:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-03-10 22:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-03-10 22:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-03-10 22:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-03-10 22:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-03-10 22:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-03-10 22:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-10 22:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-10 22:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-10 22:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-10 22:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-10 22:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-03-10 22:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-10 22:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-10 22:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-03-10 22:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-10 22:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-03-10 22:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-10 22:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-03-10 22:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-03-10 22:40:36 ----D---- C:\WINDOWS\system32\config
2009-03-10 22:40:06 ----HDC---- C:\WINDOWS\ie7
2009-03-10 22:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-03-10 22:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-03-10 22:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-03-10 22:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-03-10 22:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-03-10 22:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-03-10 22:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-03-10 22:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-03-10 22:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-03-10 22:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-03-10 22:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-03-10 22:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-03-10 22:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-03-10 22:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-03-10 22:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-03-10 22:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-03-10 22:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-03-10 22:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-03-10 22:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-03-10 22:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-03-10 22:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-03-10 22:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-03-10 22:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-03-10 22:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-03-10 22:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-03-10 22:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-03-10 22:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-03-10 22:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-03-10 22:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-03-10 22:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-03-10 22:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-03-10 22:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-03-10 22:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-03-10 22:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-03-10 22:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-03-10 22:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-03-10 22:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-03-10 22:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-03-10 22:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-03-10 22:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-03-10 22:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-03-10 22:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-03-10 22:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-03-10 22:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-03-10 22:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-03-10 22:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-03-10 22:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-03-10 22:26:11 ----D---- C:\Program Files\Windows Media Player
2009-03-10 22:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-03-10 22:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-03-10 22:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-03-10 22:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-03-10 22:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-03-10 22:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-03-10 22:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-03-10 22:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-03-10 22:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-03-10 22:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-03-10 22:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-03-10 22:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-03-10 22:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-03-10 22:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-03-10 22:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-03-10 22:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-03-10 22:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-03-09 22:17:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-04 19:46:22 ----D---- C:\WINDOWS\network diagnostic
2009-03-04 12:03:04 ----D---- C:\6a971ded06646a105f683b
2009-03-03 09:19:10 ----SHD---- C:\RECYCLER
2009-02-25 17:00:05 ----A---- C:\WINDOWS\hpfccopy.INI
2009-02-20 16:19:44 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 36352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-30 3644928]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-17 100480]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-16 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-16 220928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090303.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-16 703232]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-08 185704]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-06-13 239264]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-08 177512]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 ISSVC;ISSvc; c:\Program Files\Norton Internet Security\ISSVC.exe [2005-03-30 83584]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2005-10-07 128112]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-02-25 992864]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-03 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2008-01-08 83304]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-03-03 33176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------
ingots
Regular Member
 
Posts: 15
Joined: March 5th, 2009, 8:43 am

Re: Possible rootkit.d

Unread postby ingots » March 12th, 2009, 7:42 am

Dakeyras,

I just updated the Hewlett-Packard software, so I re-ran RSIT. Here's a fresh log:


Logfile of random's system information tool 1.05 (written by random/random)
Run by HP_Administrator at 2009-03-12 07:39:14
Microsoft Windows XP Professional Service Pack 3
System drive C: has 194 GB (86%) free of 226 GB
Total RAM: 958 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:39:18 AM, on 3/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdateMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\DISC\DiscGui.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
c:\windows\system\hpsysdrv.exe
C:\Documents and Settings\HP_Administrator.HP\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 10785 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{BD46FAB6-EE50-441F-B27B-8B50B3CC4A8C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-11 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2006-12-09 1157120]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2005-10-07 218736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-03 77312]
"HPHUPD08"=c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2005-09-27 1060864]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdateMgr.exe [2005-09-27 61440]
""= []
"PCDrProfiler"= []
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2008-01-08 49512]
"URLLSTCK.exe"=c:\Program Files\Norton Internet Security\UrlLstCk.exe [2005-03-30 22656]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"Symantec NetDriver Monitor"=C:\PROGRA~1\SYMNET~1\SNDMon.exe [2009-03-10 100056]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-11 148888]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
KODAK Software Updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Updates from HP.lnk - C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-14 46080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9bfa3e-53e6-11da-9f04-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2009-03-12 07:29:07 ----D---- C:\SystemRoot
2009-03-12 07:27:48 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\WinBatch
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\java.exe
2009-03-11 15:56:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-11 15:50:40 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-03-11 15:50:34 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Adobe
2009-03-11 15:49:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-11 15:49:32 ----D---- C:\Program Files\Common Files\Adobe
2009-03-11 15:47:17 ----D---- C:\Program Files\NOS
2009-03-11 15:47:17 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-03-11 15:41:01 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Sun
2009-03-11 15:40:14 ----D---- C:\WINDOWS\system32\appmgmt
2009-03-11 09:15:33 ----D---- C:\rsit
2009-03-11 07:54:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Malwarebytes
2009-03-11 01:49:12 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Macromedia
2009-03-11 01:40:57 ----RSHD---- C:\cmdcons
2009-03-11 01:34:59 ----ASH---- C:\Documents and Settings\HP_Administrator.HP\Application Data\desktop.ini
2009-03-11 01:34:53 ----SD---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Microsoft
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Symantec
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Real
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Intuit
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Identities
2009-03-11 01:34:53 ----D---- C:\Documents and Settings\HP_Administrator.HP\Application Data\Digital Interactive Systems Corporation
2009-03-11 01:31:03 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-03-10 23:49:24 ----D---- C:\Program Files\SymNetDrv
2009-03-10 23:42:38 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-03-10 23:33:17 ----D---- C:\WINDOWS\Prefetch
2009-03-10 23:30:16 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-10 23:30:08 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-10 23:30:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-10 23:29:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-03-10 23:29:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-03-10 23:29:41 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-03-10 23:29:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-03-10 23:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-03-10 23:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-03-10 23:29:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-03-10 23:29:04 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-03-10 23:28:48 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-10 23:23:39 ----D---- C:\WINDOWS\system32\scripting
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\en
2009-03-10 23:23:38 ----D---- C:\WINDOWS\system32\bits
2009-03-10 23:06:42 ----N---- C:\WINDOWS\system32\wmphoto.dll
2009-03-10 23:06:39 ----N---- C:\WINDOWS\system32\wlanapi.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2009-03-10 23:06:37 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tspkg.dll
2009-03-10 23:06:27 ----N---- C:\WINDOWS\system32\tsgqec.dll
2009-03-10 23:06:19 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2009-03-10 23:06:18 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slserv.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slrundll.exe
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slgen.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slextspk.dll
2009-03-10 23:06:16 ----N---- C:\WINDOWS\system32\slcoinst.dll
2009-03-10 23:06:12 ----N---- C:\WINDOWS\system32\setupn.exe
2009-03-10 23:06:10 ----N---- C:\WINDOWS\system32\s3gnb.dll
2009-03-10 23:06:09 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2009-03-10 23:06:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2009-03-10 23:06:06 ----N---- C:\WINDOWS\system32\qutil.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qcliprov.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagentrt.dll
2009-03-10 23:06:05 ----N---- C:\WINDOWS\system32\qagent.dll
2009-03-10 23:06:04 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2009-03-10 23:06:01 ----N---- C:\WINDOWS\system32\onex.dll
2009-03-10 23:05:58 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napstat.exe
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napmontr.dll
2009-03-10 23:05:52 ----N---- C:\WINDOWS\system32\napipsec.dll
2009-03-10 23:05:51 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2009-03-10 23:05:50 ----A---- C:\WINDOWS\system32\msxml6.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2009-03-10 23:05:49 ----N---- C:\WINDOWS\system32\mssha.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcperf.exe
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\mmcex.dll
2009-03-10 23:05:37 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kmsvc.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdpash.dll
2009-03-10 23:05:33 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2009-03-10 23:05:32 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\smtpapi.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\rwnh.dll
2009-03-10 23:05:24 ----N---- C:\WINDOWS\system32\comsdupd.exe
2009-03-10 23:05:22 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\faxpatch.exe
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapqec.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2009-03-10 23:05:18 ----N---- C:\WINDOWS\system32\eapphost.dll
2009-03-10 23:05:18 ----A---- C:\WINDOWS\006352_.tmp
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappgnui.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eappcfg.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2009-03-10 23:05:17 ----N---- C:\WINDOWS\system32\eapolqec.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3ui.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3svc.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3msm.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2009-03-10 23:05:16 ----N---- C:\WINDOWS\system32\dot3api.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsroam.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2009-03-10 23:05:15 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2009-03-10 23:05:14 ----N---- C:\WINDOWS\system32\credssp.dll
2009-03-10 23:05:11 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2009-03-10 23:05:10 ----N---- C:\WINDOWS\system32\azroles.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2009-03-10 23:05:09 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2009-03-10 23:05:06 ----N---- C:\WINDOWS\system32\aaclient.dll
2009-03-10 23:02:15 ----D---- C:\WINDOWS\system32\PreInstall
2009-03-10 22:47:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958690_0$
2009-03-10 22:47:14 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2_0$
2009-03-10 22:47:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-03-10 22:46:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-03-10 22:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-03-10 22:43:50 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-03-10 22:40:26 ----D---- C:\WINDOWS\system32\en-US
2009-03-10 22:37:08 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-03-10 22:35:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-03-10 22:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2009-03-10 22:30:27 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-03-09 21:16:26 ----D---- C:\WINDOWS\ERUNT
2009-03-09 21:11:27 ----D---- C:\SDFix
2009-03-09 10:50:42 ----SHD---- C:\Config.Msi
2009-03-05 08:45:48 ----D---- C:\Program Files\Trend Micro
2009-03-04 19:59:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-04 19:59:24 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-04 18:56:07 ----D---- C:\Program Files\Common Files\PC Tools
2009-03-04 18:56:03 ----D---- C:\Program Files\Spyware Doctor
2009-03-04 18:56:03 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-03-04 13:31:31 ----SHD---- C:\WINDOWS\CSC
2009-03-04 00:00:24 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-25 23:16:27 ----D---- C:\sj753
2009-02-25 23:15:19 ----D---- C:\col5377
2009-02-24 23:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$

======List of files/folders modified in the last 1 months======

2009-03-12 07:38:17 ----D---- C:\WINDOWS\Temp
2009-03-12 07:37:07 ----D---- C:\WINDOWS
2009-03-12 07:36:44 ----D---- C:\Program Files\Common Files
2009-03-12 07:36:44 ----D---- C:\Program Files
2009-03-12 07:36:15 ----D---- C:\WINDOWS\Registration
2009-03-12 07:36:09 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-12 07:34:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-12 07:34:18 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-12 07:33:30 ----SHD---- C:\WINDOWS\Installer
2009-03-12 07:33:19 ----D---- C:\Program Files\Hewlett-Packard
2009-03-12 07:31:51 ----D---- C:\WINDOWS\WinSxS
2009-03-12 07:27:49 ----D---- C:\WINDOWS\system32\drivers
2009-03-12 07:26:58 ----HD---- C:\WINDOWS\inf
2009-03-12 07:26:49 ----HD---- C:\hp
2009-03-12 07:23:03 ----D---- C:\WINDOWS\system32
2009-03-12 07:21:55 ----A---- C:\WINDOWS\system32\hpzjrd01.dll
2009-03-11 22:04:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-11 16:12:00 ----D---- C:\WINDOWS\Help
2009-03-11 15:51:00 ----D---- C:\Program Files\Adobe
2009-03-11 15:41:13 ----D---- C:\Program Files\Java
2009-03-11 01:41:19 ----RASH---- C:\boot.ini
2009-03-11 01:40:57 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-03-11 01:40:55 ----D---- C:\WINDOWS\setup.pss
2009-03-11 01:39:22 ----AD---- C:\WINDOWS\system32\pcintro
2009-03-11 01:34:51 ----D---- C:\Documents and Settings
2009-03-11 01:32:42 ----RASH---- C:\BOOT.BAK
2009-03-11 01:31:14 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-11 01:26:19 ----A---- C:\WINDOWS\system.ini
2009-03-11 00:11:30 ----SD---- C:\WINDOWS\Tasks
2009-03-11 00:08:35 ----D---- C:\Program Files\Symantec
2009-03-10 23:59:53 ----D---- C:\WINDOWS\I386
2009-03-10 23:58:28 ----D---- C:\Program Files\Common Files\Services
2009-03-10 23:58:17 ----D---- C:\WINDOWS\system32\ras
2009-03-10 23:58:01 ----D---- C:\WINDOWS\system32\icsxml
2009-03-10 23:58:00 ----D---- C:\WINDOWS\system32\ias
2009-03-10 23:56:46 ----RD---- C:\WINDOWS\Web
2009-03-10 23:56:46 ----D---- C:\WINDOWS\addins
2009-03-10 23:56:42 ----D---- C:\WINDOWS\Media
2009-03-10 23:56:31 ----D---- C:\WINDOWS\Cursors
2009-03-10 23:56:29 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
2009-03-10 23:56:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB901214$
2009-03-10 23:56:25 ----AHDC---- C:\WINDOWS\$NtUninstallKB896688$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896422$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB896358$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB893066$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB892050$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-03-10 23:56:23 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-03-10 23:56:22 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-03-10 23:56:20 ----RHD---- C:\MSOCache
2009-03-10 23:55:58 ----RSD---- C:\WINDOWS\assembly
2009-03-10 23:55:58 ----RD---- C:\WINDOWS\Offline Web Pages
2009-03-10 23:50:00 ----D---- C:\Program Files\Norton Internet Security
2009-03-10 23:41:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-03-10 23:41:19 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-10 23:41:04 ----D---- C:\Program Files\Messenger
2009-03-10 23:40:54 ----A---- C:\WINDOWS\imsins.BAK
2009-03-10 23:40:49 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 23:40:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-03-10 23:37:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-10 23:33:57 ----A---- C:\WINDOWS\OEWABLog.txt
2009-03-10 23:33:10 ----A---- C:\WINDOWS\setuplog.txt
2009-03-10 23:32:38 ----D---- C:\WINDOWS\system32\Setup
2009-03-10 23:32:38 ----D---- C:\WINDOWS\ime
2009-03-10 23:32:37 ----D---- C:\WINDOWS\system32\wbem
2009-03-10 23:32:37 ----D---- C:\WINDOWS\AppPatch
2009-03-10 23:32:36 ----RSD---- C:\WINDOWS\Fonts
2009-03-10 23:31:56 ----D---- C:\WINDOWS\security
2009-03-10 23:23:57 ----D---- C:\WINDOWS\system32\inetsrv
2009-03-10 23:23:40 ----D---- C:\WINDOWS\system32\usmt
2009-03-10 23:23:38 ----D---- C:\WINDOWS\PeerNet
2009-03-10 23:23:38 ----D---- C:\Program Files\Movie Maker
2009-03-10 23:23:24 ----D---- C:\WINDOWS\system32\Restore
2009-03-10 23:23:23 ----D---- C:\WINDOWS\system32\npp
2009-03-10 23:23:23 ----D---- C:\WINDOWS\mui
2009-03-10 23:23:22 ----D---- C:\WINDOWS\msagent
2009-03-10 23:23:20 ----D---- C:\WINDOWS\srchasst
2009-03-10 23:23:19 ----D---- C:\Program Files\NetMeeting
2009-03-10 23:23:17 ----D---- C:\WINDOWS\system32\Com
2009-03-10 23:23:14 ----D---- C:\Program Files\Windows NT
2009-03-10 23:23:14 ----D---- C:\Program Files\Outlook Express
2009-03-10 23:23:10 ----D---- C:\Program Files\Common Files\System
2009-03-10 23:22:53 ----D---- C:\WINDOWS\system32\oobe
2009-03-10 23:22:51 ----D---- C:\WINDOWS\system
2009-03-10 23:19:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-03-10 23:19:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-03-10 23:14:06 ----AD---- C:\WINDOWS\ehome
2009-03-10 23:02:14 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-03-10 23:01:10 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-03-10 22:52:55 ----D---- C:\Program Files\PC-Doctor 5 for Windows
2009-03-10 22:50:58 ----D---- C:\Program Files\Internet Explorer
2009-03-10 22:47:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-03-10 22:46:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-03-10 22:46:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-03-10 22:46:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-03-10 22:46:21 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-03-10 22:45:54 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-03-10 22:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2009-03-10 22:45:38 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-03-10 22:45:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-03-10 22:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-03-10 22:45:07 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-03-10 22:44:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2009-03-10 22:44:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-03-10 22:44:39 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-03-10 22:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-03-10 22:44:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-03-10 22:44:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-03-10 22:44:07 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2009-03-10 22:43:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-03-10 22:43:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-03-10 22:43:23 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2009-03-10 22:43:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-03-10 22:43:09 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-03-10 22:42:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-03-10 22:42:36 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$
2009-03-10 22:42:25 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2009-03-10 22:40:36 ----D---- C:\WINDOWS\system32\config
2009-03-10 22:40:06 ----HDC---- C:\WINDOWS\ie7
2009-03-10 22:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-03-10 22:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-03-10 22:33:26 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2009-03-10 22:33:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2009-03-10 22:33:12 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2009-03-10 22:33:05 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2009-03-10 22:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-03-10 22:32:40 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2009-03-10 22:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2009-03-10 22:32:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2009-03-10 22:32:14 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2009-03-10 22:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2009-03-10 22:31:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2009-03-10 22:31:26 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2009-03-10 22:31:06 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2009-03-10 22:30:58 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2009-03-10 22:30:47 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2009-03-10 22:30:39 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2009-03-10 22:30:22 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2009-03-10 22:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2009-03-10 22:30:07 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2009-03-10 22:29:59 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2009-03-10 22:29:51 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2009-03-10 22:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2009-03-10 22:29:34 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2009-03-10 22:29:25 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2009-03-10 22:29:18 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2009-03-10 22:29:11 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2009-03-10 22:29:03 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2009-03-10 22:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2009-03-10 22:28:45 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2009-03-10 22:28:36 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2009-03-10 22:28:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2009-03-10 22:28:21 ----HDC---- C:\WINDOWS\$NtUninstallKB924496$
2009-03-10 22:28:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2009-03-10 22:28:02 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2009-03-10 22:27:54 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2009-03-10 22:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2009-03-10 22:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2009-03-10 22:27:28 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2009-03-10 22:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2009-03-10 22:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2009-03-10 22:27:02 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2009-03-10 22:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2009-03-10 22:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2009-03-10 22:26:35 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2009-03-10 22:26:26 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2009-03-10 22:26:11 ----D---- C:\Program Files\Windows Media Player
2009-03-10 22:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2009-03-10 22:25:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-03-10 22:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2009-03-10 22:25:16 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2009-03-10 22:25:09 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2009-03-10 22:24:58 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2009-03-10 22:24:48 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2009-03-10 22:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2009-03-10 22:24:34 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2009-03-10 22:19:24 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2009-03-10 22:19:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2009-03-10 22:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2009-03-10 22:19:00 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2009-03-10 22:18:50 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2009-03-10 22:18:39 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2009-03-10 22:18:30 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2009-03-10 22:18:14 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2009-03-09 22:17:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-03-04 19:46:22 ----D---- C:\WINDOWS\network diagnostic
2009-03-04 12:03:04 ----D---- C:\6a971ded06646a105f683b
2009-03-03 09:19:10 ----SHD---- C:\RECYCLER
2009-02-25 17:00:05 ----A---- C:\WINDOWS\hpfccopy.INI
2009-02-20 16:19:44 ----D---- C:\Documents and Settings\All Users\Application Data\ZoomBrowser

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-10 36352]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2007-03-28 266552]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-30 3644928]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-03 22784]
R3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-03 19200]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-03 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-03 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-03 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-14 1313792]
R3 CXFALCON;Conexant Falcon II NTSC Video Capture; C:\WINDOWS\system32\drivers\cxfalcon.sys [2005-08-17 100480]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-16 1038208]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2004-12-16 220928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090311.003\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2007-03-28 11480]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2007-03-28 171928]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2007-03-28 37016]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20090303.001\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2007-03-28 47192]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2007-03-28 18904]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-16 703232]
R3 WN5301;LIteon Wireless PCI Network Adapter Service; C:\WINDOWS\system32\DRIVERS\wn5301.sys [2005-10-05 468768]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-03 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-14 376832]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-07-25 100032]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2008-01-08 185704]
R2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2006-06-13 239264]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2008-01-08 177512]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-10-11 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 ISSVC;ISSvc; c:\Program Files\Norton Internet Security\ISSVC.exe [2005-03-30 83584]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-11 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2007-04-05 128160]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZIPM12.EXE [2007-08-09 73728]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2007-03-28 206552]
R2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2005-02-25 992864]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-03 316544]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2008-01-08 83304]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-07-25 2119360]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SAVScan;SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2005-08-26 198368]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]

-----------------EOF-----------------
ingots
Regular Member
 
Posts: 15
Joined: March 5th, 2009, 8:43 am

Re: Possible rootkit.d

Unread postby Dakeyras » March 12th, 2009, 8:22 am

Hi :)

Do you use the Microsoft Office's Outlook Personal Store feature at all ? The infection flagged by the online scan relates to a infected/Phishing Email in the guise of a official Ebay Email. Which it is not!

My advice is either delete the outlook.pst folder via opening Microsoft OutLook and or if you do use the aforementioned delete all emails from Ebay that look similair to this.

Next:

Congratulations your computer now appears to be malware free!

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Next:

Now I just have a few tasks for your good self and some advice etc.

OTCleanIt:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

Reset the System Restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >> System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
  • Next click Start >> Run... and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed Norton Internet Security automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advice you run a complete scan with this also once per week.

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Make your Internet Explorer safer:

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above.

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions ? feel free to ask, if not stay safe! :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Possible rootkit.d

Unread postby ingots » March 12th, 2009, 10:35 am

Excellent!
Thank you SO much for the help! :salute: It it very much appreciated.

-I often get fake emails that appear to be from Ebay, and I typically just delete them. Maybe I opened one by mistake - for instance, when I was expecting a real email from Ebay. I'll kill off everything from Ebay except what I know is real (bid confirmations, etc)

- I'll run OTCleanIt and set the System Restore point. If anything unusual happens, I'll post back.

Again, thanks for all your work. The threats in the online world are getting so numerous and complex, it's hard to keep up with. I'm glad there are prople like yourself who do such a good job. Other than my obvious computer issues, it has been a pleasure!

Bob
ingots
Regular Member
 
Posts: 15
Joined: March 5th, 2009, 8:43 am

Re: Possible rootkit.d

Unread postby Dakeyras » March 12th, 2009, 11:03 am

Hi :)

You are very welcome indeed! A sincere pleasure to be of assistance.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Possible rootkit.d

Unread postby Gary R » March 13th, 2009, 9:51 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21869
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 35 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware