Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My computer has become especially sluggish lately.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My computer has become especially sluggish lately.

Unread postby budertv » December 10th, 2010, 1:50 pm

My computer has become especially sluggish lately. Perhaps I or someone who has used my computer clicked something he or she shouldn't have.
At any rate, startup is taking longer than usual and shutdown is taking a lot longer than it should. AOL seems to be losing files and asking for file downloads and restarts. Internet Explorer is running especially slow and has been popping up a display which says a website wants to open web content using this program on your computer. The program is said to Microsoft Search Enhancement Pack and looks legit. I believe I said allow when it first displayed but it keeps coming back.

Here is the HijackThis logfile

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:24 AM, on 12/9/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\jureg.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE
C:\Program Files\Common Files\aol\1288566314\ee\aolsoftware.exe
C:\Program Files\Spyware Doctor\BDT\FGuard.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\AOL Desktop 9.6a\waol.exe
C:\Program Files\AOL Desktop 9.6a\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\AOL Desktop 9.6a\AOLBrowser\aolbrowser.exe
C:\Windows\System32\mobsync.exe
C:\Users\Terry\Desktop\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Bing Bar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O3 - Toolbar: @C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Task Catcher] C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Bing Bar] "C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1288566314\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WLMailPlugin] C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL Desktop 9.6a\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/static/m/cab/2.6. ... ontrol.CAB
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} -
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} (Diagnostics ActiveX WebControl) - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13971 bytes


Here is the Installed Programs Listing

32 Bit HP CIO Components Installer
7-Zip 4.57
ActiveCheck component for HP Active Support Library
Adobe Acrobat 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Product/Adobe Studio Update 10/2001
Adobe Reader 9.4.1
Adobe Type Manager 4.1
AnswerWorks 4.0 Runtime - English
AOL Mail and AIM Gadget
AOL Uninstaller (Choose which Products to Remove)
Atlantis Quest
Audacity 1.2.6
BD/HD Advisor 1.0
Bing Bar
Bing Bar Platform
Bochs 2.3.6 (remove only)
Browser Defender 3.0
Comcast Universal Caller ID
Comcast Universal Caller ID
D3DX10
Download Updater (AOL LLC)
Enhanced Multimedia Keyboard Solution
Garmin City Navigator North America NT 2008
Garmin City Navigator North America NT 2010.10 Update
Garmin USB Drivers
Google Gears
Google Update Helper
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Active Support Library 32 bit components
HP Advisor
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 11.0
HP Easy Setup - Frontend
HP Imaging Device Functions 11.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
HP Photosmart Essential 3.5
HP Picasso Media Center Add-In
HP Product Detection
HP Smart Web Printing 4.60
HP Solution Center 13.0
HP Update
HPAsset component for HP Active Support Library
HTC Driver Installer
HTC Sync
Intel(R) Network Connections Drivers
Intel® Viiv™ Software
Internet Explorer (Enable DEP)
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Malwarebytes' Anti-Malware
Maxthon2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Age of Empires Gold
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Default Manager
Microsoft Office Home and Student 60 day trial
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Network Magic
NVIDIA Drivers
OCR Software by I.R.I.S. 11.0
oggcodecs 0.71.0946
OpenOffice.org 3.2
Opera 10.63
Orion 7.6 DEMO
Pandora
Pandora
PC Tools Anti-Spam Toolbar
PC Tools Internet Security 8.0
Personal Ancestral File 5
Personal Ancestral File Companion 5.2
Pretty Good Solitaire version 12.1.0
PVSonyDll
Python 2.5
Ra's Revenge
RealArcade
Realtek High Definition Audio Driver
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
RTC Client API v1.2
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Shop for HP Supplies
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Sudoku
System Requirements Lab
Task Catcher
Uniblue DriverScanner 2009
Uniblue DriverScanner 2009
Uniblue PowerSuite 2009
Uniblue PowerSuite 2009
Uniblue RegistryBooster
Uniblue SpeedUpMyPC 2009
Uniblue SpeedUpMyPC 2009
Uniblue System Tweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
WeatherBug Gadget
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
Windows Installer Clean Up
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Messenger
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPatrol
Yahoo! Widgets
ZSoft Uninstaller 2.4.1
Zynga Toolbar
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am
Advertisement
Register to Remove

Re: My computer has become especially sluggish lately.

Unread postby turtledove » December 13th, 2010, 3:44 pm

Hello budertv and welcome to the forums :)

I am turtledove, and will be assisting you with your log.
If you still need assistance, please do the following:

*Print all instructions or Copy to Notepad for reference. Some fixes may require you be off line to do.
*Please note, unless I'm notified ahead of time, this topic will close if there is not a response in 3 Days.
*Place a link to this thread in your Favorites/Bookmarks for easily returning here.
*Please respond until I give the all clear, as absence of symptoms does NOT always mean Clean.
*Please do not run any other tools/scans unless requested* Do not install/uninstall anything unless requested
**Please be sure you have read [b]Malware Removal Forum Guidelines and Rules especially P2P Policy. Please REMOVE Those File Sharing Programs.
*If you can do the above all should go well.
*If you do not understand a step, please STOP and ASK before proceeding*

**All fixes are for this computer and the current issues on it. Please Do Not use these instructions on another issue or computer.**

Please Note: For Vista Users: You need to right click on the programs I have you run, and select Run As Administrator.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Since it has been some time since your above post, please post the following logs. I will go over the new logs and return as soon as possible.

Next Step: Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.

Post
RSIT log.txt and info.txt
Any other problems

Thank you,
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: My computer has become especially sluggish lately.

Unread postby budertv » December 13th, 2010, 6:50 pm

In anticipation of perhaps needing to backup my data, I did download and install 2 backup programs since I submitted the first set of data displayed above- neither did the job I wanted and I uninstalled both. Also UniBlue's Registry booster ran and a number of errors were fixed. I also uninstalled all Java programs and installed the latest version from Oracle.

Here are the 2 logs from RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Terry at 2010-12-13 16:29:12
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 252 GB (54%) free of 468 GB
Total RAM: 3071 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:29:50 PM, on 12/13/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\jureg.exe
C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\aol\1288566314\ee\aolsoftware.exe
C:\Program Files\Spyware Doctor\BDT\FGuard.exe
C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Terry\Desktop\RSIT\RSIT.exe
C:\Program Files\trend micro\Terry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Task Catcher] C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1288566314\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [WLMailPlugin] C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12772 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\User_Feed_Synchronization-{3A86639F-7517-48BC-A083-91FCCECEED06}.job
C:\Windows\tasks\User_Feed_Synchronization-{8FB52CDC-6D29-4CC9-BE21-7E46743981AD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-09-24 522192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22 1320272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b13ec3e-999a-4b70-b9cb-2617b8323822}]
Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-07-23 2734688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7b13ec3e-999a-4b70-b9cb-2617b8323822} - Zynga Toolbar - C:\Program Files\Zynga\tbZyn1.dll [2010-07-23 2734688]
{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22 1320272]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-09-24 522192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-20 1008184]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-02-22 54672]
"Task Catcher"=C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe [2005-11-14 136760]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-14 13793824]
"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-11-19 598016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"HostManager"=C:\Program Files\Common Files\AOL\1288566314\ee\AOLSoftware.exe [2010-03-08 41800]
"PCTools FGuard"=C:\Program Files\Spyware Doctor\BDT\FGuard.exe [2010-09-24 108496]
"ISTray"=C:\Program Files\PC Tools Security\pctsGui.exe [2010-09-29 1588184]
"Nektra OEAPI"=C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe [2008-07-21 86016]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-11-17 329096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-20 202240]
"WLMailPlugin"=C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe [2010-08-10 97240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FXUtility]
C:\Program Files\FixYa\FixYaUtility.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-11 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE [2007-05-07 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Terry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-12-13 16:29:12 ----D---- C:\rsit
2010-12-12 10:39:50 ----D---- C:\Program Files\Common Files\Java
2010-12-12 10:38:52 ----A---- C:\Windows\system32\javaws.exe
2010-12-12 10:38:52 ----A---- C:\Windows\system32\javaw.exe
2010-12-12 10:38:52 ----A---- C:\Windows\system32\java.exe
2010-12-12 10:38:23 ----D---- C:\Program Files\Java
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1749.tmp
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1748.tmp
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1747.tmp
2010-12-11 21:44:33 ----D---- C:\ProgramData\NCH Swift Sound
2010-12-11 21:32:51 ----D---- C:\Program Files\NCH Swift Sound
2010-12-11 21:31:46 ----D---- C:\ProgramData\NCH Software
2010-12-11 21:30:52 ----D---- C:\Users\Terry\AppData\Roaming\NCH Software
2010-12-11 21:00:12 ----A---- C:\Windows\system32\LogVss.txt
2010-12-11 21:00:12 ----A---- C:\Windows\system32\LogMsg.txt
2010-12-11 21:00:00 ----D---- C:\C Disk Backup schedule
2010-12-11 20:38:26 ----A---- C:\Windows\system32\drivers\eufs.sys
2010-12-11 20:37:19 ----A---- C:\Windows\system32\drivers\eudskacs.sys
2010-12-11 20:37:18 ----A---- C:\Windows\system32\drivers\eubakup.sys
2010-12-11 20:37:16 ----A---- C:\Windows\system32\drivers\EuDisk.sys
2010-12-11 20:36:57 ----D---- C:\Program Files\EASEUS
2010-12-08 18:52:02 ----D---- C:\Program Files\Trend Micro
2010-12-08 18:32:59 ----D---- C:\ProgramData\InstallMate
2010-12-07 19:57:02 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-05 01:36:19 ----D---- C:\Program Files\QuickTime
2010-12-03 11:47:49 ----ASH---- C:\hiberfil.sys
2010-11-21 16:54:02 ----A---- C:\mbam-error.txt
2010-11-20 19:50:16 ----D---- C:\.jagex_cache_32
2010-11-19 00:36:01 ----D---- C:\Program Files\AOL Desktop 9.6a
2010-11-18 23:55:54 ----D---- C:\Program Files\AOL Desktop 9.6
2010-11-16 21:49:08 ----A---- C:\Windows\system32\jgpl400.dll
2010-11-16 21:49:08 ----A---- C:\Windows\system32\jgdw400.dll

======List of files/folders modified in the last 1 months======

2010-12-13 16:29:40 ----D---- C:\Windows\Prefetch
2010-12-13 16:29:36 ----D---- C:\Windows\Temp
2010-12-13 16:17:13 ----AD---- C:\ProgramData\TEMP
2010-12-13 07:50:40 ----D---- C:\Program Files\PC Tools Security
2010-12-13 07:41:02 ----SHD---- C:\Windows\Installer
2010-12-13 07:40:25 ----SHD---- C:\System Volume Information
2010-12-13 07:30:13 ----D---- C:\Windows
2010-12-12 10:39:50 ----D---- C:\Program Files\Common Files
2010-12-12 10:38:52 ----AD---- C:\Windows\System32
2010-12-12 10:38:33 ----A---- C:\Windows\system32\deployJava1.dll
2010-12-12 10:38:23 ----D---- C:\Program Files
2010-12-12 10:15:29 ----D---- C:\Windows\system32\config
2010-12-12 10:01:02 ----D---- C:\Program Files\Yahoo!
2010-12-12 09:59:40 ----D---- C:\Program Files\HP
2010-12-12 08:43:49 ----SHD---- C:\Boot
2010-12-11 23:47:36 ----D---- C:\Windows\inf
2010-12-11 23:47:36 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-11 21:44:33 ----HD---- C:\ProgramData
2010-12-11 21:33:16 ----D---- C:\Windows\system32\Tasks
2010-12-11 20:38:26 ----D---- C:\Windows\system32\drivers
2010-12-11 20:38:22 ----D---- C:\Windows\system32\catroot
2010-12-10 10:03:31 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 16:38:20 ----SD---- C:\Windows\Downloaded Program Files
2010-12-08 23:48:28 ----D---- C:\Program Files\Safari
2010-12-08 14:01:49 ----D---- C:\Windows\Minidump
2010-12-08 05:46:26 ----D---- C:\Windows\winsxs
2010-12-08 05:43:01 ----D---- C:\ProgramData\Apple Computer
2010-12-08 05:42:14 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-08 05:38:10 ----D---- C:\Windows\system32\catroot2
2010-12-03 14:20:12 ----D---- C:\Windows\Tasks
2010-12-03 14:20:12 ----D---- C:\Windows\system32\spool
2010-12-03 14:20:12 ----D---- C:\Windows\system32\Msdtc
2010-12-03 14:20:12 ----D---- C:\Windows\system32\drivers\etc
2010-12-03 14:20:12 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-03 14:20:08 ----D---- C:\Windows\system32\wbem
2010-12-03 14:20:08 ----D---- C:\Windows\registration
2010-11-30 17:05:07 ----RSD---- C:\Windows\Fonts
2010-11-28 08:38:14 ----D---- C:\ProgramData\DriverScanner
2010-11-24 22:00:26 ----D---- C:\Users\Terry\AppData\Roaming\QuickScan
2010-11-24 10:19:51 ----D---- C:\Program Files\Internet Explorer
2010-11-21 16:54:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-20 09:57:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-19 00:38:43 ----D---- C:\Users\Terry\AppData\Roaming\AOL
2010-11-19 00:38:14 ----D---- C:\Program Files\Common Files\aol
2010-11-19 00:36:01 ----D---- C:\Program Files\Common Files\aolshare
2010-11-19 00:35:59 ----D---- C:\ProgramData\AOL
2010-11-18 22:45:22 ----D---- C:\ProgramData\AOL Downloads
2010-11-18 12:57:20 ----D---- C:\Users\Terry\AppData\Roaming\Apple Computer
2010-11-18 00:39:26 ----A---- C:\Windows\system32\AOLParconLink.exe
2010-11-16 21:49:01 ----A---- C:\Windows\system32\msvcr71.dll
2010-11-16 21:49:01 ----A---- C:\Windows\system32\msvcp71.dll
2010-11-14 23:51:55 ----D---- C:\Program Files\Windows Mail
2010-11-14 23:30:12 ----A---- C:\Windows\system32\mrt.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2010-08-18 237632]
R0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS.sys [2010-07-16 338880]
R0 pctEFA;PC Tools Extended File Attributes; C:\Windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys [2010-08-26 51984]
R0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys [2010-08-26 68880]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-10-05 249616]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-12-25 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\Windows\system32\drivers\PCTAppEvent.sys [2010-09-30 159936]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-05-16 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-05-16 26424]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-15 218752]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-14 9790624]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys [2010-09-03 87400]
R3 pctNdisMP;PC Tools Driver; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
R3 pctplfw;pctplfw; \??\C:\Windows\System32\drivers\pctplfw.sys [2010-10-05 123712]
R3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-08-27 70536]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 59392]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-29 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-20 16896]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EuDisk;EASEUS Disk Enumerator; C:\Windows\system32\DRIVERS\EuDisk.sys [2010-11-27 188296]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 pctNDIS;PC Tools Firewall Intermediate Filter Service; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-08-26 33552]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-09-24 235472]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-14 211488]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools Security\pctsSvc.exe [2010-09-29 1145304]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-03-30 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-09-01 26624]
S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ATMsrvc;ATM Service; C:\Windows\System32\ATMsrvc.exe [2000-05-24 15360]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-12-13 16:29:55

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest 2 - Tournament Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Swarm\Uninstall.exe"
-->"C:\Program Files\HP Games\Tank-o-Box\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Product/Adobe Studio Update 10/2001-->"C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader 9.4.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Adobe Type Manager 4.1-->C:\Windows\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Atlantis Quest-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Atlantis Quest.rguninst" "AddRemove"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BD/HD Advisor 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\Setup.exe" -uninstall
Bochs 2.3.6 (remove only)-->"C:\Program Files\Bochs-2.3.6\Uninstall.exe"
Browser Defender 3.0-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Comcast Universal Caller ID-->msiexec /qb /x {0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
Comcast Universal Caller ID-->MsiExec.exe /I{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Express Burn Disc Burning Software-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Garmin City Navigator North America NT 2008-->MsiExec.exe /X{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}
Garmin City Navigator North America NT 2010.10 Update-->MsiExec.exe /X{301CC8D1-FE75-41ED-9B11-41F006110950}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Gears-->MsiExec.exe /I{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4-->C:\Program Files\HP\Digital Imaging\{C8732DC3-1736-44b2-B741-2D636DE58605}\setup\hpzscr01.exe -datfile hposcr31.dat -onestop
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
Internet Explorer (Enable DEP)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon2-->C:\Users\Terry\AppData\Roaming\Maxthon2\Mx2Uninstall.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{AA027AE9-DD20-4677-AA72-D760A358320B}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Network Magic-->C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Pandora-->msiexec /qb /x {C09683A5-B834-6F63-4C54-06512BFB75F4}
Pandora-->MsiExec.exe /I{C09683A5-B834-6F63-4C54-06512BFB75F4}
PC Tools Anti-Spam Toolbar-->MsiExec.exe /I{6527051E-8939-4639-9690-800B3442E610}
PC Tools Internet Security 8.0-->C:\Program Files\PC Tools Security\unins000.exe /LOG
Personal Ancestral File 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe"
Personal Ancestral File Companion 5.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}\setup.exe" -l0x9 -uninst -removeonly
Pretty Good Solitaire version 12.1.0-->"C:\Program Files\goodsol\unins000.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Ra's Revenge-->C:\PROGRA~1\RA'SRE~1\UNWISE.EXE C:\PROGRA~1\RA'SRE~1\INSTALL.LOG
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Sudoku-->"C:\Program Files\Common Files\MimarSinan\Installation Information\{FB5055E4-9BE1-425F-B40A-33E43E9460DA}\{C8A522A9-9CBA-4AD3-80E9-EE3DD9BCA3A2}\SudokuSetup.exe" REMOVE=TRUE MODIFY=FALSE
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Task Catcher-->C:\Windows\uninst.exe -f"C:\Program Files\BillP Studios\Task Catcher\DeIsL1.isu" -c"C:\Program Files\BillP Studios\Task Catcher\_ISREG32.DLL"
Uniblue DriverScanner 2009-->"C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uniblue PowerSuite 2009-->"C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue PowerSuite 2009-->C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe
Uniblue RegistryBooster-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_6b094708\grmnusb.inf
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{294BF709-D758-4363-8D75-01479AD20927}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPatrol-->C:\PROGRA~2\INSTAL~1\{00781~1\Setup.exe /remove /q0
ZSoft Uninstaller 2.4.1-->C:\Program Files\ZSoft\Uninstaller\uninst.exe
Zynga Toolbar-->C:\PROGRA~1\Zynga\UNWISE.EXE /U C:\PROGRA~1\Zynga\INSTALL.LOG

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Antispyware
AS: Windows Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 336591
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100506012028.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion-m9047
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 336571
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100506011805.115000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion-m9047
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 336491
Source Name: Service Control Manager
Time Written: 20100505124606.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 336489
Source Name: Service Control Manager
Time Written: 20100505124605.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 336409
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100505124525.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Pavilion-m9047
Event Code: 3023
Message: The update cannot be started because all of the content sources were excluded by site path rules, or removed from the index configuration.

Context: Application, SystemIndex Catalog

Details:
Incorrect function.
(0x00000001)

Record Number: 40543
Source Name: Microsoft-Windows-Search
Time Written: 20090925063344.000000-000
Event Type: Warning
User:

Computer Name: Pavilion-m9047
Event Code: 3013
Message: The entry <C:\USERS\TERRY\APPDATA\LOCAL\MICROSOFT\WINDOWS\TEMPORARY INTERNET FILES\LOW\CONTENT.IE5\MZ2DSISM\DESKTOP.INI> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Record Number: 40542
Source Name: Microsoft-Windows-Search
Time Written: 20090925063336.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 3036
Message: The content source <iehistory://{s-1-5-21-362305424-3442624318-3226673317-1001}/> cannot be accessed.

Context: Application, SystemIndex Catalog

Details:
The filtering was stopped because of a user action, such as stopping the crawl. (0x80040d54)

Record Number: 40541
Source Name: Microsoft-Windows-Search
Time Written: 20090925063255.000000-000
Event Type: Warning
User:

Computer Name: Pavilion-m9047
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d89478b6-fc5d-4461-91b1-3f84f8427ad4}
Record Number: 40539
Source Name: VSS
Time Written: 20090925052851.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 8194
Message: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005. This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
Gathering Writer Data

Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {d89478b6-fc5d-4461-91b1-3f84f8427ad4}
Record Number: 40537
Source Name: VSS
Time Written: 20090924230636.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2163773

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 149590
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727011241.022961-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x215f699

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 149589
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727011219.997961-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x215f699
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 52678

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 149588
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727011219.997961-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x21588be

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 149587
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727011152.021961-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x2158527

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 149586
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100727011152.019961-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Windows Live\Shared
"PCBRAND"=Pavilion
"PLATFORM"=HPD
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am

Re: My computer has become especially sluggish lately.

Unread postby turtledove » December 14th, 2010, 4:13 am

Good day budertv,

Thank you for the logs. These will take some time to analyze. I will post instructions as soon as possible.
While I investigate please read the following information and link(s).

Please Note: Use of Registry Cleaners/Optimizers
Registry Cleaners + "Tweak" Tools

Re. Uniblue Prodcts

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies can speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

Discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/ ... ng_13.html
I Personally, advise removing Uniblue from your system.


Thank you
turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: My computer has become especially sluggish lately.

Unread postby turtledove » December 15th, 2010, 2:17 am

Good evening budertv,


Please copy these to notepad or print for easy reference.

Optional Fix

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything bad. This may change,read Viewpoint to Plunge Into Adware.

I recommend that you remove the Viewpoint products; however, decide for yourself.

To uninstall the the Viewpoint components :
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight >>Viewpoint component<< , click Remove.


    How to prevent it from being recreated every time you run the AOL software:
    • Open AOL
    • Go to Help on the toolbar
    • Select About AOL
    • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.



----------------------------------

Fix HijackThis entries

Run HijackThis

If using Vista, you must right click (hijackthis.exe) and choose "Run As Administrator".
  • If you are on the Main Menu page... Click "Do a system scan only"
  • If you are on the "scan & fix stuff" page... Press the Scan...button.
  • When the scan finishes...Place a check mark next to the following entries (if they are still present)
  • Note: Only check those items listed below.
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll -->> Has tracking abilities.
    O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
    O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyn1.dll
    O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} -
    O15 - Trusted Zone: http://*.mcafee.com


  • After checking these items... CLOSE ALL open windows except HijackThis.
  • Click the Fix Checked ...button...to remove the entries you checked.
  • Choose YES...when prompted to fix the selected items.
  • Once it has fixed them, close HijackThis and reboot your computer normally.



----------------------------------

Open Malwarebytes
Open Malwarebytes and selct the Logs Tab.
Please open the last log that showed anything removed as it appears from your RSIT log, the program needed a reboot.
Please post the latest date log (not error report) here.


----------------------------------

Please download GMER Rootkit Scanner from Here.
  • Right click the .exe file and chose Run as Administrator. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All << (don't miss this one)
    See image below, Click the image to enlarge it
    Image


  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


----------------------------------
Run RSIT

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, one log will open:
  • log.txt will be opened maximized.

  • Please post the contents oflog.txt.


----------------------------------

Post:
Last Malwarebytes scan
GMER log
New RSIT log.txt
Any new problems?

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: My computer has become especially sluggish lately.

Unread postby budertv » December 15th, 2010, 7:12 pm

Hi turtledove,

I Ran the HijackThis Scan and checked/fixed the 8 items you specified.

In the next step:

"Open Malwarebytes
Open Malwarebytes and selct the Logs Tab.
Please open the last log that showed anything removed as it appears from your RSIT log, the program needed a reboot.
Please post the latest date log (not error report) here."

I was not able to understand the substep

"Please open the last log that showed anything removed as it appears from your RSIT log, the program needed a reboot."

Nonetheless, the first and next to last logs in the MalwareBytes Logs Tab specified that items were "Quarantined and deleted successfully".

I'm going to post both here in case they are what you want to see.

3/15/2010 12:52:45 PM
mbam-log-2010-03-15 (12-52-45).txt

Malwarebytes' Anti-Malware 1.44
Database version: 3871
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

3/15/2010 12:52:45 PM
mbam-log-2010-03-15 (12-52-45).txt


Scan type: Quick Scan
Objects scanned: 155793
Time elapsed: 8 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 114
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\funwebproducts.datacontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f8ecf4f-3646-4c3a-8881-8e138ffcaf70} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d292-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8e6f1832-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{938aa51a-996c-4884-98ce-80dd16a5c9da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9571378-68a1-443d-b082-284f960c6d17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{adb01e81-3c79-4272-a0f1-7b2be7a782dc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b813095c-81c0-4e40-aa14-67520372b987} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9d7be3e-141a-4c85-8cd6-32461f3df2c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{cff4ce82-3aa2-451f-9b77-7165605fb835} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9fffb27-d62a-4d64-8cec-1ff006528805} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproductsinstaller.start.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Terry\AppData\Roaming\ErrorRepairTool (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Users\Terry\AppData\Roaming\ErrorRepairTool\Log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\Terry\AppData\Roaming\ErrorRepairTool\Log\2008 May 17 - 10_45_16 PM_871.log (Rogue.ErrorRepairTool) -> Quarantined and deleted successfully.
C:\Users\Terry\Local Settings\Temporary Internet Files\pse_350_enu.exe (Trojan.Agent) -> Quarantined and deleted successfully.


11/21/2010 5:32:57 PM
mbam-log-2010-11-21 (17-32-57).txt


Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 5166

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

11/21/2010 5:32:57 PM
mbam-log-2010-11-21 (17-32-57).txt

Scan type: Quick scan
Objects scanned: 211784
Time elapsed: 14 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.



I am going to wait for further instructions before I proceed farther.

budertv
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am

Re: My computer has become especially sluggish lately.

Unread postby turtledove » December 16th, 2010, 2:53 am

Good Day budertv,

MBAM logs are a bit past, but lets be sure it didn't miss something besides that trojan.
Please print or copy these to Notepad for easy reference.
You will need to Right Click the programs to run as Administrator.

Caution:
If my suspicions are correct, you may have to restore your computer to factory settings or Reformat and Reinstall if you have the Retail version. Please let me know which option you have available- A Restore Partition or Retail Disc.
If uncertain let me know the Brand and model number to your computer.

**I would advise backing up important data to another drive, or CD/DVD. once clean, scan each file before using it again.


----------------------------------
Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Double Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image


  • Follow the prompts to Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe


----------------------------------

ComboFix
Please download ImageComboFix.exe... © Copyrighted to sUBs. Save it to your desktop. <<--- IMPORTANT!! .

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Right-click on ComboFix.exe then choose Run as Administrator & follow the prompts
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

** Enable your Antivirus and Firewall, before connecting to the Internet again! **


----------------------------------
Post
Any redirects when you search? How is computer, and do you have one of the reinstall options I asked about above?
C:\ComboFix.txt

Thank you


turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: My computer has become especially sluggish lately.

Unread postby budertv » December 16th, 2010, 10:25 pm

Hello turtledove,

Concerning Recovery to original factory condition:
I have a D: drive on my system which is a recovery drive to original factory condition. I also have a Vista Home Premium CD that I should be able to rebuild from.

To complicate matters further, my hard drive sounds like it is going to go out soon. I have ordered a replacement drive and an external hard drive and a Window 7 Upgrade CD.

I ran ERUNT and backed up my registry. Then I ran ComboFix - it went thru about 50 stages and then displayed the log which I am posting below.
Following ComboFix, I did a shutdown and then a startup. I got popup dialog boxes from WinPatrol saying there were new startup programs and asking if that was OK - yes or no. When I said no, WinPatrol said are you sure as the address was indicative of the OS, so then I said yes. I think I got 3 of those. I also ran a Spyware Doctor scan. The scan found 21 Trojan downloader infections and 1 trojan infection and I then asked Spyware Doctor to fix those and it reported that it did.

Here is the ComboFix log:

ComboFix 10-12-16.02 - Terry 12/16/2010 18:59:38.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1825 [GMT -6:00]
Running from: c:\users\Terry\Desktop\ComboFix\ComboFix.exe
AV: Internet Security Anti-Virus *Disabled/Updated* {2F668A56-D5E0-2DF1-A0AE-CB1284F42AB2}
AV: Spyware Doctor with AntiVirus *Disabled/Updated* {4B694ADE-7483-249D-0C31-75A6862F2FF4}
FW: Internet Security Firewall *Disabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Internet Security Anti-Spyware *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Spyware Doctor *Disabled/Updated* {F008AB3A-52B9-2B13-3681-4ED4FDA86549}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - system32: deleted 206 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files\AntiSpywareApp(0)

.
((((((((((((((((((((((((( Files Created from 2010-11-17 to 2010-12-17 )))))))))))))))))))))))))))))))
.

2010-12-17 01:11 . 2010-12-17 01:11 -------- d-----w- c:\users\Jody\AppData\Local\temp
2010-12-17 01:11 . 2010-12-17 01:11 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-12-17 01:11 . 2010-12-17 01:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-17 01:11 . 2010-12-17 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-15 02:51 . 2010-12-15 02:51 -------- d-----w- c:\users\Jody\AppData\Roaming\Spam Monitor
2010-12-14 16:26 . 2009-08-03 21:07 373104 ----a-w- c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
2010-12-14 16:26 . 2009-06-25 19:20 1446264 ----a-w- c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-12-13 22:29 . 2010-12-13 22:29 -------- d-----w- C:\rsit
2010-12-12 16:39 . 2010-12-12 16:39 -------- d-----w- c:\program files\Common Files\Java
2010-12-12 16:38 . 2010-12-12 16:38 -------- d-----w- c:\program files\Java
2010-12-12 15:48 . 2010-12-12 15:48 0 ----a-w- c:\windows\system32\REN1749.tmp
2010-12-12 15:48 . 2010-12-12 15:48 0 ----a-w- c:\windows\system32\REN1748.tmp
2010-12-12 15:48 . 2010-12-12 15:48 0 ----a-w- c:\windows\system32\REN1747.tmp
2010-12-12 03:44 . 2010-12-12 03:44 -------- d-----w- c:\programdata\NCH Swift Sound
2010-12-12 03:32 . 2010-12-12 03:32 -------- d-----w- c:\program files\NCH Swift Sound
2010-12-12 03:31 . 2010-12-12 03:31 -------- d-----w- c:\programdata\NCH Software
2010-12-12 03:30 . 2010-12-12 03:38 -------- d-----w- c:\users\Terry\AppData\Roaming\NCH Software
2010-12-12 03:00 . 2010-12-12 10:11 -------- d-----w- C:\C Disk Backup schedule
2010-12-12 02:38 . 2009-12-02 18:21 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2010-12-12 02:37 . 2009-12-02 18:20 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2010-12-12 02:37 . 2009-12-02 18:20 27016 ----a-w- c:\windows\system32\drivers\eubakup.sys
2010-12-12 02:37 . 2009-12-02 18:20 123784 ----a-w- c:\windows\system32\drivers\EuDisk.sys
2010-12-12 02:36 . 2010-12-15 02:23 -------- d-----w- c:\program files\EASEUS
2010-12-09 16:13 . 2010-12-09 16:13 388096 ----a-r- c:\users\Terry\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-09 00:52 . 2010-12-13 22:29 -------- d-----w- c:\program files\Trend Micro
2010-12-09 00:32 . 2010-12-09 00:32 -------- d-----w- c:\programdata\InstallMate
2010-12-08 01:57 . 2010-12-08 01:57 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-05 14:50 . 2010-12-05 14:50 -------- d-----w- c:\users\Terry\AppData\Local\PackageAware
2010-11-29 02:32 . 2010-11-29 02:32 -------- d-----w- c:\users\Terry\AppData\Local\assembly
2010-11-24 15:21 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-21 01:50 . 2010-11-21 01:50 -------- d-----w- C:\.jagex_cache_32
2010-11-19 05:55 . 2010-11-19 05:57 -------- d-----w- c:\program files\AOL Desktop 9.6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-12 16:38 . 2010-05-19 04:18 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-18 06:39 . 2010-10-31 23:06 58696 ----a-w- c:\windows\system32\AOLParconLink.exe
2010-11-17 03:49 . 2008-01-23 10:16 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-17 03:49 . 2008-01-23 10:16 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-10-19 00:08 . 2010-10-19 00:08 3584 ----a-r- c:\users\Terry\AppData\Roaming\Microsoft\Installer\{121634B0-2F4A-11D3-ADA3-00C04F52DD53}\Icon386ED4E3.exe
2010-10-05 16:11 . 2010-11-05 23:58 123712 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2010-10-05 16:10 . 2010-11-05 23:59 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-30 13:58 . 2010-11-05 23:59 159936 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-24 17:19 . 2010-01-14 02:13 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-24 17:19 . 2009-11-01 21:08 743376 ----a-w- c:\windows\PCTBDRes.dll
2010-09-24 17:19 . 2009-11-01 21:08 1914832 ----a-w- c:\windows\PCTBDCore.dll
2010-09-24 17:19 . 2010-01-14 02:13 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-23 05:47 . 2010-09-23 05:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-23 05:32 . 2010-09-23 05:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-23 05:21 . 2010-10-21 13:17 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WLMailPlugin"="c:\program files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe" [2010-08-10 97240]
"AOL Fast Start"="c:\program files\AOL Desktop 9.6a\AOL.EXE" [2010-11-17 42320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-02-22 54672]
"Task Catcher"="c:\progra~1\BILLPS~1\TASKCA~1\tasktrap.exe" [2005-11-14 136760]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-14 13793824]
"Mobile Connectivity Suite"="c:\program files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" [2009-11-19 598016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"HostManager"="c:\program files\Common Files\AOL\1288566314\ee\AOLSoftware.exe" [2010-03-08 41800]
"PCTools FGuard"="c:\program files\Spyware Doctor\BDT\FGuard.exe" [2010-09-24 108496]
"Nektra OEAPI"="c:\program files\Common Files\PC Tools\Outlook Express API\Launcher.exe" [2008-07-21 86016]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-11-17 329096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [2009-11-25 27648]
Pandora.lnk - c:\program files\Pandora\Pandora.exe [2009-12-1 95232]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Terry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\users\Terry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-12 02:56 133104 ----atw- c:\users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-04-29 21:39 1090952 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-09-18 136176]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
R3 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-12-02 15240]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
R3 pctNDIS;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
R3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw.sys [2010-10-05 123712]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-08-27 70536]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-08-26 33552]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2008-01-21 16896]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-12-02 27016]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-12-02 21896]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-08-18 237632]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-08-26 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-08-26 68880]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-10-05 249616]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-09-24 235472]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
S2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-09-30 159936]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-10 24576]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-09-03 87400]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
S3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]


--- Other Services/Drivers In Memory ---

*Deregistered* - MPFP
*Deregistered* - pctfw2
*Deregistered* - pctmp
*Deregistered* - PCTSDInjDriver32
*Deregistered* - pctssipc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-18 03:03]

2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-18 03:03]

2010-12-16 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2010-09-14 13:25]

2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{3A86639F-7517-48BC-A083-91FCCECEED06}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{8FB52CDC-6D29-4CC9-BE21-7E46743981AD}.job
- c:\windows\system32\msfeedssync.exe [2010-10-12 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/home.php?ref=home
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
FF - ProfilePath - c:\users\Terry\AppData\Roaming\Mozilla\Firefox\Profiles\c3h2zyxy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aolTB50CL-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Search Defender
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com//login.php
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Browser Defender Toolbar: {cb84136f-9c44-433a-9048-c5cd9df1dc16} - c:\program files\Spyware Doctor\BDT\Firefox
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Firefox Showcase: {89506680-e3f4-484c-a2c0-ed711d481eda} - %profile%\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
FF - Ext: Clear History: nadir.kadem@gmail.com - %profile%\extensions\nadir.kadem@gmail.com
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Castle Age Toolbar: {aac4043a-8832-4abe-9963-35377f30b8e6} - %profile%\extensions\{aac4043a-8832-4abe-9963-35377f30b8e6}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - (no file)
MSConfigStartUp-FXUtility - c:\program files\FixYa\FixYaUtility.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-16 19:12
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-16 19:21:17
ComboFix-quarantined-files.txt 2010-12-17 01:21

Pre-Run: 264,945,434,624 bytes free
Post-Run: 267,661,856,768 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6,68
- - End Of File - - 154770A2EEC50355373F01AC15685208
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am

Re: My computer has become especially sluggish lately.

Unread postby turtledove » December 17th, 2010, 1:52 am

Good day budertv,

Thanks for the log. Lets get a better look here.
Copy or print these for easy reference.
Remember Right click, Run as Administrator.
The scan logs will need separate posts to fit
If any problems, please ask before proceeding.


----------------------------------
ESET online scanner


Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Hold down Control then click on the following link to open a new window to ESET online scanner
  • Then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


----------------------------------
Please Download SysProt Antirootkit from one of the links below.


  • Extract (unzip) its contents to your desktop.
  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select all items.
    See images below.

    Image

  • And check Hidden objects only at the bottom.
    Image

  • At the bottom of the window.Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.


----------------------------------
Update Adobe Reader
Your version of Adobe Reader is out-of-date. There are serious security issues with older versions of Adobe Reader.
I'm not asking you to update any Adobe Acrobat installation... this can be quite costly. I am going to insist that you update your Adobe Reader software.
Then use the Reader for viewing PDF files... you can use the Acrobat software for your other needs.

Please download the current version of Adobe Reader...Copyright © Adobe Systems Inc.
Please UNCHECK the box for the: Free McAfee® Security Scan Plus.
  1. Click the yellow "Download now"... button. If you don't already have Adobe DLM... you may recieve a prompt.
    Adobe DLM software removal instructions available here...if wanted.
  2. The Adobe installer will check your system and begin the installation process. Use the default installation parameters.
  3. When the installation is complete... Close and re-open your Internet browser.

An alternate to Adobe Reader, you could try the free (for personal use) Foxit-Reader. It's a smaller download and when installed, uses less resources than Adobe Reader. Note: Let me know if interested in Foxit-Reader and I will provide safe download and installation instructions.


----------------------------------

RSIT (Random's System Information Tool)

  • Ensure rsit.exe is on your desktop
  • Click the Windows Start then Run
  • Copy/paste the following into the run box & click OK, Do not include the word Quote:
  • "%userprofile%\desktop\rsit.exe" /info

  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt <<will be maximized and info.txt <<will be minimized
  • Copy & paste the contents of both logs in your next reply




Post
ESET log.txt
SysProt log
New set from RSIT - info.txt and log.txt

Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: My computer has become especially sluggish lately.

Unread postby budertv » December 18th, 2010, 10:15 pm

Hello turtledove,
I had difficulties with the RSIT processing. There is no Start - Run capability per se on my Vista machine as far as I know.
In the end, I renamed the old info.txt file in order to get a new one.

UPS delivered my new external drive and my Windows 7 disk but my new internal drive is not here yet.

ESET log.txt

C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined
C:\Users\Terry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-11b0de88 probably a variant of Win32/Agent.FXHNPDJ trojan deleted - quarantined
C:\Users\Terry\AppData\Roaming\Uniblue\Registry Booster2\RB_Setup_7_4_2010.exe a variant of Win32/RegistryBooster application deleted - quarantined
C:\Users\Terry\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application deleted - quarantined
C:\Users\Terry\Downloads\registryboosterplb.exe Win32/RegistryBooster application deleted - quarantined

SysProt log

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 95073000
Module End: 9507E000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9507E000
Module End: 95086000
Hidden: Yes

******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: A13E83F0
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwAlpcConnectPort
Address: A13E7D7C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwAssignProcessToJobObject
Address: A13E7E3A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwConnectPort
Address: A13E7E82
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateFile
Address: A13E7F3A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcess
Address: A13E8BCC
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateProcessEx
Address: A13E8C58
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateSection
Address: A13E7FBA
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateThread
Address: A13E8CE8
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwDebugActiveProcess
Address: A13E800A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwDeleteFile
Address: A13E8052
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwDeleteKey
Address: A13E809A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwDeleteValueKey
Address: A13E80E2
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwDuplicateObject
Address: A13E812C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwFsControlFile
Address: A13E8176
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwLoadDriver
Address: A13E81C0
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwMapViewOfSection
Address: A13E8236
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenFile
Address: A13E827E
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenKey
Address: A13E82CE
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenSection
Address: A13E8316
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwOpenThread
Address: A13E835E
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwProtectVirtualMemory
Address: A13E843E
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwRequestWaitReplyPort
Address: A13E83A6
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwRestoreKey
Address: A13E8486
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwResumeThread
Address: A13E84D4
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwSecureConnectPort
Address: A13E85C0
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetInformationFile
Address: A13E851C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetSecurityObject
Address: A13E866C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwSetValueKey
Address: A13E856C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwSuspendProcess
Address: A13E86B6
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwSystemDebugControl
Address: A13E86FE
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwTerminateProcess
Address: A13E8746
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwWriteFile
Address: A13E8794
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwWriteVirtualMemory
Address: A13E87DC
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateThreadEx
Address: A13E8D8A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

Function Name: ZwCreateUserProcess
Address: A13E8B5C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No IRP Hooks found

******************************************************************************************
******************************************************************************************
Ports:
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59288
Remote Address: HP00226436E97B:MICROSOFT-DS
Type: TCP
Process: System
State: ESTABLISHED

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59266
Remote Address: JODY-HP-PC:NETBIOS-SSN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59263
Remote Address: HP00226436E97B:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59261
Remote Address: HP00226436E97B:9100
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59259
Remote Address: HP00226436E97B:NETBIOS-SSN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:53445
Remote Address: C6.59.85AE.STATIC.THEPLANET.COM:HTTP
Type: TCP
Process: C:\Program Files\PC Tools Security\pctsSvc.exe
State: CLOSE_WAIT

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PAVILION-M9047:53918
Remote Address: LOCALHOST:53917
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PAVILION-M9047:53917
Remote Address: LOCALHOST:53918
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PAVILION-M9047:53915
Remote Address: LOCALHOST:53914
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PAVILION-M9047:53914
Remote Address: LOCALHOST:53915
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED

Local Address: PAVILION-M9047:52793
Remote Address: LOCALHOST:5037
Type: TCP
Process: C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
State: ESTABLISHED

Local Address: PAVILION-M9047:10635
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
State: LISTENING

Local Address: PAVILION-M9047:5037
Remote Address: LOCALHOST:52793
Type: TCP
Process: C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
State: ESTABLISHED

Local Address: PAVILION-M9047:5037
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
State: LISTENING

Local Address: PAVILION-M9047:49162
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING

Local Address: PAVILION-M9047:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PAVILION-M9047:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING

Local Address: PAVILION-M9047:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\spoolsv.exe
State: LISTENING

Local Address: PAVILION-M9047:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PAVILION-M9047:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PAVILION-M9047:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING

Local Address: PAVILION-M9047:9000
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PAVILION-M9047:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PAVILION-M9047:MS-WBT-SERVER
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PAVILION-M9047:1196
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: LISTENING

Local Address: PAVILION-M9047:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING

Local Address: PAVILION-M9047:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:56034
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:427
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA

Local Address: PAVILION-M9047:64835
Remote Address: NA
Type: UDP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: NA

Local Address: PAVILION-M9047:58501
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\aol\acs\AOLacsd.exe
State: NA

Local Address: PAVILION-M9047:56035
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:51756
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:62292
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:49152
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:4459
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA

Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA

Local Address: PAVILION-M9047:1196
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA

Local Address: PAVILION-M9047:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:427
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:138
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA

Local Address: PAVILION-M9047:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA

Local Address: PAVILION-M9047:68
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA

Local Address: PAVILION-M9047:67
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA

******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied

Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied


New set from RSIT - info.txt and log.txt

info.txt logfile of random's system information tool 1.08 2010-12-18 18:28:49

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest 2 - Tournament Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Swarm\Uninstall.exe"
-->"C:\Program Files\HP Games\Tank-o-Box\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Product/Adobe Studio Update 10/2001-->"C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Adobe Type Manager 4.1-->C:\Windows\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Atlantis Quest-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Atlantis Quest.rguninst" "AddRemove"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BD/HD Advisor 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\Setup.exe" -uninstall
Bochs 2.3.6 (remove only)-->"C:\Program Files\Bochs-2.3.6\Uninstall.exe"
Browser Defender 3.0-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Comcast Universal Caller ID-->msiexec /qb /x {0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
Comcast Universal Caller ID-->MsiExec.exe /I{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EASEUS Todo Backup 1.1-->"C:\Program Files\EASEUS\EASEUS Todo Backup 1.1\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ERUNT 1.1j-->C:\Users\Terry\Desktop\ERUNT\unins000.exe
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Express Burn Disc Burning Software-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Garmin City Navigator North America NT 2008-->MsiExec.exe /X{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}
Garmin City Navigator North America NT 2010.10 Update-->MsiExec.exe /X{301CC8D1-FE75-41ED-9B11-41F006110950}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Gears-->MsiExec.exe /I{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4-->C:\Program Files\HP\Digital Imaging\{C8732DC3-1736-44b2-B741-2D636DE58605}\setup\hpzscr01.exe -datfile hposcr31.dat -onestop
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
Internet Explorer (Enable DEP)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon2-->C:\Users\Terry\AppData\Roaming\Maxthon2\Mx2Uninstall.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{AA027AE9-DD20-4677-AA72-D760A358320B}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Network Magic-->C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Pandora-->msiexec /qb /x {C09683A5-B834-6F63-4C54-06512BFB75F4}
Pandora-->MsiExec.exe /I{C09683A5-B834-6F63-4C54-06512BFB75F4}
PC Tools Anti-Spam Toolbar-->MsiExec.exe /I{6527051E-8939-4639-9690-800B3442E610}
PC Tools Internet Security 8.0-->C:\Program Files\PC Tools Security\unins000.exe /LOG
Personal Ancestral File 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe"
Personal Ancestral File Companion 5.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}\setup.exe" -l0x9 -uninst -removeonly
Pretty Good Solitaire version 12.1.0-->"C:\Program Files\goodsol\unins000.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Ra's Revenge-->C:\PROGRA~1\RA'SRE~1\UNWISE.EXE C:\PROGRA~1\RA'SRE~1\INSTALL.LOG
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Seagate DiscWizard-->MsiExec.exe /X{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Sudoku-->"C:\Program Files\Common Files\MimarSinan\Installation Information\{FB5055E4-9BE1-425F-B40A-33E43E9460DA}\{C8A522A9-9CBA-4AD3-80E9-EE3DD9BCA3A2}\SudokuSetup.exe" REMOVE=TRUE MODIFY=FALSE
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Task Catcher-->C:\Windows\uninst.exe -f"C:\Program Files\BillP Studios\Task Catcher\DeIsL1.isu" -c"C:\Program Files\BillP Studios\Task Catcher\_ISREG32.DLL"
Uniblue DriverScanner 2009-->"C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uniblue PowerSuite 2009-->"C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue PowerSuite 2009-->C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe
Uniblue RegistryBooster-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_6b094708\grmnusb.inf
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{294BF709-D758-4363-8D75-01479AD20927}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPatrol-->C:\PROGRA~2\INSTAL~1\{00781~1\Setup.exe /remove /q0
ZSoft Uninstaller 2.4.1-->C:\Program Files\ZSoft\Uninstaller\uninst.exe
Zynga Toolbar-->C:\PROGRA~1\Zynga\UNWISE.EXE /U C:\PROGRA~1\Zynga\INSTALL.LOG

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Antispyware
AS: Windows Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 341502
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100528155819.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion-m9047
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 341478
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100528155559.562801-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion-m9047
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 341419
Source Name: Service Control Manager
Time Written: 20100528155354.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 341414
Source Name: Service Control Manager
Time Written: 20100528155353.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 341413
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100528155244.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Pavilion-m9047
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 41995
Source Name: Microsoft-Windows-WMI
Time Written: 20091012192944.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 6001
Message: The winlogon notification subscriber <Sens> failed a notification event.
Record Number: 41960
Source Name: Microsoft-Windows-Winlogon
Time Written: 20091012125754.000000-000
Event Type: Warning
User:

Computer Name: Pavilion-m9047
Event Code: 1000
Message: Faulting application svchost.exe_ProfSvc, version 6.0.6001.18000, time stamp 0x47918b89, faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc, exception code 0xc0000096, fault offset 0x0003ca9b, process id 0x424, application start time 0x01ca4aa6b33a6e06.
Record Number: 41955
Source Name: Application Error
Time Written: 20091012090137.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 41949
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091011191432.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 41944
Source Name: Microsoft-Windows-WMI
Time Written: 20091011191325.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d045d9
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 52207

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151877
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014429.332844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d01416

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 151876
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014408.309844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d01416
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 52195

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151875
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014408.309844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1c130a1

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 151874
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806011212.845844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1c130a1
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 51795

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151873
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806011158.427844-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Windows Live\Shared
"PCBRAND"=Pavilion
"PLATFORM"=HPD
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------


Logfile of random's system information tool 1.08 (written by random/random)
Run by Terry at 2010-12-18 18:28:41
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 253 GB (54%) free of 468 GB
Total RAM: 3071 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:46 PM, on 12/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\jureg.exe
C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\aol\1288566314\ee\aolsoftware.exe
C:\Program Files\Spyware Doctor\BDT\FGuard.exe
C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Terry\Desktop\RSIT\RSIT.exe
C:\Program Files\trend micro\Terry.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/home.php?ref=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Task Catcher] C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1288566314\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe
O4 - HKLM\..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WLMailPlugin] C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
O4 - Startup: Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12401 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\User_Feed_Synchronization-{3A86639F-7517-48BC-A083-91FCCECEED06}.job
C:\Windows\tasks\User_Feed_Synchronization-{8FB52CDC-6D29-4CC9-BE21-7E46743981AD}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-09-24 522192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22 1320272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22 1320272]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-09-24 522192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-02-22 54672]
"Task Catcher"=C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe [2005-11-14 136760]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-14 13793824]
"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-11-19 598016]
"HostManager"=C:\Program Files\Common Files\AOL\1288566314\ee\AOLSoftware.exe [2010-03-08 41800]
"PCTools FGuard"=C:\Program Files\Spyware Doctor\BDT\FGuard.exe [2010-09-24 108496]
"Nektra OEAPI"=C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe [2008-07-21 86016]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-11-17 329096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"ISTray"=C:\Program Files\PC Tools Security\pctsGui.exe [2010-09-29 1588184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2009-10-16 1325936]
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2009-10-16 904840]
"Seagate Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2009-10-16 136544]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WLMailPlugin"=C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe [2010-08-10 97240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-11 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE [2007-05-07 1273856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Terry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-12-18 12:28:14 ----A---- C:\Windows\system32\AutoPartNt.exe
2010-12-18 08:53:38 ----D---- C:\ProgramData\Seagate
2010-12-18 08:53:34 ----A---- C:\Windows\system32\drivers\timntr.sys
2010-12-18 08:53:34 ----A---- C:\Windows\system32\drivers\tifsfilt.sys
2010-12-18 08:50:14 ----A---- C:\Windows\system32\drivers\snapman.sys
2010-12-18 08:50:02 ----A---- C:\Windows\system32\drivers\tdrpman.sys
2010-12-18 08:49:37 ----D---- C:\Program Files\Seagate
2010-12-18 08:49:37 ----D---- C:\Program Files\Common Files\Seagate
2010-12-17 19:45:00 ----SHD---- C:\Config.Msi
2010-12-17 12:27:39 ----D---- C:\Program Files\ESET
2010-12-17 02:00:29 ----D---- C:\Program Files\Common Files\FDRLab
2010-12-17 01:03:05 ----ASH---- C:\hiberfil.sys
2010-12-16 19:21:36 ----SHD---- C:\$RECYCLE.BIN
2010-12-16 19:21:22 ----A---- C:\ComboFix.txt
2010-12-16 18:57:17 ----A---- C:\Windows\zip.exe
2010-12-16 18:57:17 ----A---- C:\Windows\SWSC.exe
2010-12-16 18:57:17 ----A---- C:\Windows\SWREG.exe
2010-12-16 18:57:17 ----A---- C:\Windows\sed.exe
2010-12-16 18:57:17 ----A---- C:\Windows\PEV.exe
2010-12-16 18:57:17 ----A---- C:\Windows\NIRCMD.exe
2010-12-16 18:57:17 ----A---- C:\Windows\MBR.exe
2010-12-16 18:57:17 ----A---- C:\Windows\grep.exe
2010-12-16 18:57:13 ----D---- C:\Windows\ERDNT
2010-12-16 18:57:12 ----D---- C:\ComboFix
2010-12-16 18:51:52 ----D---- C:\Qoobox
2010-12-16 18:51:05 ----A---- C:\Windows\SWXCACLS.exe
2010-12-13 16:29:12 ----D---- C:\rsit
2010-12-12 10:39:50 ----D---- C:\Program Files\Common Files\Java
2010-12-12 10:38:52 ----A---- C:\Windows\system32\javaws.exe
2010-12-12 10:38:52 ----A---- C:\Windows\system32\javaw.exe
2010-12-12 10:38:52 ----A---- C:\Windows\system32\java.exe
2010-12-12 10:38:23 ----D---- C:\Program Files\Java
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1749.tmp
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1748.tmp
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1747.tmp
2010-12-11 21:44:33 ----D---- C:\ProgramData\NCH Swift Sound
2010-12-11 21:32:51 ----D---- C:\Program Files\NCH Swift Sound
2010-12-11 21:31:46 ----D---- C:\ProgramData\NCH Software
2010-12-11 21:30:52 ----D---- C:\Users\Terry\AppData\Roaming\NCH Software
2010-12-11 21:00:12 ----A---- C:\Windows\system32\LogVss.txt
2010-12-11 21:00:12 ----A---- C:\Windows\system32\LogMsg.txt
2010-12-11 21:00:00 ----D---- C:\C Disk Backup schedule
2010-12-11 20:38:26 ----A---- C:\Windows\system32\drivers\eufs.sys
2010-12-11 20:37:19 ----A---- C:\Windows\system32\drivers\eudskacs.sys
2010-12-11 20:37:18 ----A---- C:\Windows\system32\drivers\eubakup.sys
2010-12-11 20:37:16 ----A---- C:\Windows\system32\drivers\EuDisk.sys
2010-12-11 20:36:57 ----D---- C:\Program Files\EASEUS
2010-12-08 18:52:02 ----D---- C:\Program Files\Trend Micro
2010-12-08 18:32:59 ----D---- C:\ProgramData\InstallMate
2010-12-07 19:57:02 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-05 01:36:19 ----D---- C:\Program Files\QuickTime
2010-11-21 16:54:02 ----A---- C:\mbam-error.txt
2010-11-20 19:50:16 ----D---- C:\.jagex_cache_32
2010-11-19 00:36:01 ----D---- C:\Program Files\AOL Desktop 9.6a

======List of files/folders modified in the last 1 months======

2010-12-18 18:28:44 ----D---- C:\Windows\Temp
2010-12-18 18:11:03 ----D---- C:\Windows\Prefetch
2010-12-18 18:02:19 ----AD---- C:\ProgramData\TEMP
2010-12-18 17:33:43 ----D---- C:\Program Files\PC Tools Security
2010-12-18 17:33:39 ----D---- C:\Windows
2010-12-18 17:07:17 ----AD---- C:\Windows\System32
2010-12-18 11:39:53 ----D---- C:\Windows\inf
2010-12-18 11:39:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-18 08:53:43 ----SHD---- C:\Windows\Installer
2010-12-18 08:53:38 ----D---- C:\ProgramData
2010-12-18 08:53:35 ----D---- C:\Windows\system32\drivers
2010-12-18 08:49:37 ----D---- C:\Program Files\Common Files
2010-12-18 08:49:37 ----D---- C:\Program Files
2010-12-18 08:48:39 ----SHD---- C:\System Volume Information
2010-12-18 08:16:42 ----D---- C:\Windows\system32\catroot2
2010-12-17 19:45:59 ----D---- C:\Program Files\Common Files\Adobe
2010-12-17 19:45:54 ----D---- C:\ProgramData\Adobe
2010-12-17 19:45:53 ----D---- C:\Program Files\Adobe
2010-12-17 10:50:55 ----D---- C:\Windows\Minidump
2010-12-17 02:13:45 ----D---- C:\Windows\system32\config
2010-12-17 00:52:28 ----A---- C:\Windows\ntbtlog.txt
2010-12-16 19:12:23 ----A---- C:\Windows\system.ini
2010-12-16 19:12:01 ----D---- C:\Windows\system32\drivers\etc
2010-12-16 19:03:50 ----D---- C:\Windows\AppPatch
2010-12-15 15:27:21 ----D---- C:\Program Files\Zynga
2010-12-15 07:21:57 ----D---- C:\Windows\system32\catroot
2010-12-15 07:21:56 ----D---- C:\Windows\winsxs
2010-12-15 07:07:13 ----SD---- C:\Users\Terry\AppData\Roaming\Microsoft
2010-12-12 10:38:33 ----A---- C:\Windows\system32\deployJava1.dll
2010-12-12 10:01:02 ----D---- C:\Program Files\Yahoo!
2010-12-12 09:59:40 ----D---- C:\Program Files\HP
2010-12-12 08:43:49 ----D---- C:\Boot
2010-12-11 21:33:16 ----D---- C:\Windows\system32\Tasks
2010-12-10 10:03:31 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 16:38:20 ----SD---- C:\Windows\Downloaded Program Files
2010-12-08 23:48:28 ----D---- C:\Program Files\Safari
2010-12-08 05:43:01 ----D---- C:\ProgramData\Apple Computer
2010-12-08 05:42:14 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-03 14:20:12 ----D---- C:\Windows\Tasks
2010-12-03 14:20:12 ----D---- C:\Windows\system32\spool
2010-12-03 14:20:12 ----D---- C:\Windows\system32\Msdtc
2010-12-03 14:20:12 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-03 14:20:08 ----D---- C:\Windows\system32\wbem
2010-12-03 14:20:08 ----D---- C:\Windows\registration
2010-11-30 17:05:07 ----RSD---- C:\Windows\Fonts
2010-11-28 08:38:14 ----D---- C:\ProgramData\DriverScanner
2010-11-24 22:00:26 ----D---- C:\Users\Terry\AppData\Roaming\QuickScan
2010-11-24 10:19:51 ----D---- C:\Program Files\Internet Explorer
2010-11-21 16:54:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-20 09:57:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-19 00:38:43 ----D---- C:\Users\Terry\AppData\Roaming\AOL
2010-11-19 00:38:14 ----D---- C:\Program Files\Common Files\aol
2010-11-19 00:36:01 ----D---- C:\Program Files\Common Files\aolshare
2010-11-19 00:35:59 ----D---- C:\ProgramData\AOL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2009-12-02 27016]
R0 EUFS;EUFS; C:\Windows\system32\drivers\eufs.sys [2009-12-02 21896]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2010-08-18 237632]
R0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS.sys [2010-07-16 338880]
R0 pctEFA;PC Tools Extended File Attributes; C:\Windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-12-18 132224]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2010-12-18 368480]
R0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys [2010-08-26 51984]
R0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys [2010-08-26 68880]
R0 timounter;Seagate DiscWizard Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-12-18 441760]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-10-05 249616]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-12-25 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\Windows\system32\drivers\PCTAppEvent.sys [2010-09-30 159936]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-05-16 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-05-16 26424]
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2010-12-18 44384]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-15 218752]
R3 EuDisk;EASEUS Disk Enumerator; C:\Windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-14 9790624]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys [2010-09-03 87400]
R3 pctNdisMP;PC Tools Driver; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
R3 pctplfw;pctplfw; \??\C:\Windows\System32\drivers\pctplfw.sys [2010-10-05 123712]
R3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-08-27 70536]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 59392]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-29 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-20 16896]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EUDSKACS;EUDSKACS; \??\C:\Windows\system32\drivers\eudskacs.sys [2009-12-02 15240]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 pctNDIS;PC Tools Firewall Intermediate Filter Service; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-08-26 33552]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-09-24 235472]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-14 211488]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools Security\pctsSvc.exe [2010-09-29 1145304]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 431456]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-03-30 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-09-01 26624]
S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ATMsrvc;ATM Service; C:\Windows\System32\ATMsrvc.exe [2000-05-24 15360]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]

-----------------EOF-----------------


Thank you turtledove for all of your help.
budertv
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am

Re: My computer has become especially sluggish lately.

Unread postby budertv » December 18th, 2010, 10:29 pm

Here is the info.txt part

info.txt logfile of random's system information tool 1.08 2010-12-18 18:28:49

======Uninstall list======

-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest 2 - Tournament Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Swarm\Uninstall.exe"
-->"C:\Program Files\HP Games\Tank-o-Box\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Product/Adobe Studio Update 10/2001-->"C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Adobe Type Manager 4.1-->C:\Windows\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Atlantis Quest-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Atlantis Quest.rguninst" "AddRemove"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BD/HD Advisor 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\Setup.exe" -uninstall
Bochs 2.3.6 (remove only)-->"C:\Program Files\Bochs-2.3.6\Uninstall.exe"
Browser Defender 3.0-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Comcast Universal Caller ID-->msiexec /qb /x {0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
Comcast Universal Caller ID-->MsiExec.exe /I{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EASEUS Todo Backup 1.1-->"C:\Program Files\EASEUS\EASEUS Todo Backup 1.1\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ERUNT 1.1j-->C:\Users\Terry\Desktop\ERUNT\unins000.exe
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Express Burn Disc Burning Software-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Garmin City Navigator North America NT 2008-->MsiExec.exe /X{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}
Garmin City Navigator North America NT 2010.10 Update-->MsiExec.exe /X{301CC8D1-FE75-41ED-9B11-41F006110950}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Gears-->MsiExec.exe /I{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4-->C:\Program Files\HP\Digital Imaging\{C8732DC3-1736-44b2-B741-2D636DE58605}\setup\hpzscr01.exe -datfile hposcr31.dat -onestop
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
Internet Explorer (Enable DEP)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon2-->C:\Users\Terry\AppData\Roaming\Maxthon2\Mx2Uninstall.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{AA027AE9-DD20-4677-AA72-D760A358320B}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Network Magic-->C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Pandora-->msiexec /qb /x {C09683A5-B834-6F63-4C54-06512BFB75F4}
Pandora-->MsiExec.exe /I{C09683A5-B834-6F63-4C54-06512BFB75F4}
PC Tools Anti-Spam Toolbar-->MsiExec.exe /I{6527051E-8939-4639-9690-800B3442E610}
PC Tools Internet Security 8.0-->C:\Program Files\PC Tools Security\unins000.exe /LOG
Personal Ancestral File 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe"
Personal Ancestral File Companion 5.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}\setup.exe" -l0x9 -uninst -removeonly
Pretty Good Solitaire version 12.1.0-->"C:\Program Files\goodsol\unins000.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Ra's Revenge-->C:\PROGRA~1\RA'SRE~1\UNWISE.EXE C:\PROGRA~1\RA'SRE~1\INSTALL.LOG
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Seagate DiscWizard-->MsiExec.exe /X{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Sudoku-->"C:\Program Files\Common Files\MimarSinan\Installation Information\{FB5055E4-9BE1-425F-B40A-33E43E9460DA}\{C8A522A9-9CBA-4AD3-80E9-EE3DD9BCA3A2}\SudokuSetup.exe" REMOVE=TRUE MODIFY=FALSE
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Task Catcher-->C:\Windows\uninst.exe -f"C:\Program Files\BillP Studios\Task Catcher\DeIsL1.isu" -c"C:\Program Files\BillP Studios\Task Catcher\_ISREG32.DLL"
Uniblue DriverScanner 2009-->"C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uniblue PowerSuite 2009-->"C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue PowerSuite 2009-->C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe
Uniblue RegistryBooster-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_6b094708\grmnusb.inf
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{294BF709-D758-4363-8D75-01479AD20927}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPatrol-->C:\PROGRA~2\INSTAL~1\{00781~1\Setup.exe /remove /q0
ZSoft Uninstaller 2.4.1-->C:\Program Files\ZSoft\Uninstaller\uninst.exe
Zynga Toolbar-->C:\PROGRA~1\Zynga\UNWISE.EXE /U C:\PROGRA~1\Zynga\INSTALL.LOG

======Security center information======

AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Antispyware
AS: Windows Defender
AS: Norton Internet Security (outdated)

======System event log======

Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 341502
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100528155819.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion-m9047
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.

Record Number: 341478
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100528155559.562801-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Pavilion-m9047
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 341419
Source Name: Service Control Manager
Time Written: 20100528155354.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 341414
Source Name: Service Control Manager
Time Written: 20100528155353.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 341413
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100528155244.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: Pavilion-m9047
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 41995
Source Name: Microsoft-Windows-WMI
Time Written: 20091012192944.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 6001
Message: The winlogon notification subscriber <Sens> failed a notification event.
Record Number: 41960
Source Name: Microsoft-Windows-Winlogon
Time Written: 20091012125754.000000-000
Event Type: Warning
User:

Computer Name: Pavilion-m9047
Event Code: 1000
Message: Faulting application svchost.exe_ProfSvc, version 6.0.6001.18000, time stamp 0x47918b89, faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc, exception code 0xc0000096, fault offset 0x0003ca9b, process id 0x424, application start time 0x01ca4aa6b33a6e06.
Record Number: 41955
Source Name: Application Error
Time Written: 20091012090137.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 41949
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091011191432.000000-000
Event Type: Error
User:

Computer Name: Pavilion-m9047
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 41944
Source Name: Microsoft-Windows-WMI
Time Written: 20091011191325.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d045d9
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 52207

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151877
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014429.332844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d01416

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 151876
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014408.309844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d01416
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 52195

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151875
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014408.309844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.

Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1c130a1

Logon Type: 3

This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 151874
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806011212.845844-000
Event Type: Audit Success
User:

Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 3

New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1c130a1
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x0
Process Name: -

Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 51795

Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151873
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806011158.427844-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Windows Live\Shared
"PCBRAND"=Pavilion
"PLATFORM"=HPD
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\

-----------------EOF-----------------


Thanks again,
budertv
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am

Re: My computer has become especially sluggish lately.

Unread postby turtledove » December 18th, 2010, 11:42 pm

Good Day budertv,
You're most welcome :)

Thank you for the logs. I want to get another opinion on what EST found. Please follow the instructions carefully.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"



Please run a few searches, view a few known safe sites, and let me know if you are having any problems running any programs as well. Then we will proceed from your information you give on how things are working and the new log.

Post
Log from Roootkit Unkooker
Any issues as asked above in internet use or programs having problems
Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: My computer has become especially sluggish lately.

Unread postby turtledove » December 18th, 2010, 11:49 pm

Important Note: Please do not allow PCTools scanner to clean at the moment until I verify the ESET results.
Thank you

turtledove
User avatar
turtledove
Retired Graduate
 
Posts: 4398
Joined: February 13th, 2006, 3:26 am
Location: California

Re: My computer has become especially sluggish lately.

Unread postby budertv » December 19th, 2010, 4:23 pm

Post 1 or Rootkit Unhooker

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #4
==============================================
>Drivers
==============================================
0x90404000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 9793536 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 186.76 )
0x92A0B000 C:\Windows\system32\DRIVERS\xchal.sys 5693440 bytes (ViXS Systems Inc., ViXS XCode Support Library)
0x8200C000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x8200C000 PnpManager 3903488 bytes
0x8200C000 RAW 3903488 bytes
0x8200C000 WMIxWDM 3903488 bytes
0x94A04000 C:\Windows\system32\drivers\RTKVHDA.sys 2740224 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x9DEE0000 Win32k 2109440 bytes
0x9DEE0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8A809000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x82C01000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x9440E000 C:\Windows\system32\DRIVERS\HSX_DP.sys 1056768 bytes (Conexant Systems, Inc., HSF_DP driver)
0x82E0C000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804DD000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA40FF000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x94510000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 741376 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA3609000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x826A3000 C:\Windows\system32\drivers\pctEFA.sys 675840 bytes (PC Tools, PC Tools Extended File Attributes)
0x90D5D000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x92404000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80602000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x924E5000 C:\Windows\system32\DRIVERS\xcfe.sys 471040 bytes (ViXS Systems Inc., ViXS XCode AVStream Driver Front-End Library)
0x82775000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80413000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA3724000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x82F11000 C:\Windows\system32\DRIVERS\timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0x8A952000 C:\Windows\system32\DRIVERS\tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0x92F79000 C:\Windows\system32\DRIVERS\xcmem.sys 360448 bytes (ViXS Systems Inc., ViXS XCode Memory Init Library)
0x8264C000 C:\Windows\system32\drivers\pctDS.sys 356352 bytes (PC Tools, PC Tools Data Store)
0xA407C000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x9E120000 C:\Windows\System32\ATMFD.DLL 311296 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x92558000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 311296 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x80759000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x94E0E000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806BD000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x8049C000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x9460D000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x82DB5000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8260F000 C:\Windows\system32\drivers\PCTCore.sys 249856 bytes (PC Tools, PC Tools KDS Core Driver)
0x94F03000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x82D37000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9477C000 C:\Windows\System32\drivers\pctgntdi.sys 241664 bytes (PC Tools, PC Tools Generic TDI Driver)
0x94EC8000 C:\Windows\system32\Drivers\vmm.sys 241664 bytes (Microsoft Corporation, Virtual Machine Monitor)
0xA4003000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8A919000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x82D72000 C:\Windows\system32\DRIVERS\e1e6032.sys 229376 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0x94736000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x823C5000 ACPI_HAL 208896 bytes
0x823C5000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9607000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x8068B000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x94E56000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x925A4000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x94CA1000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x82D0C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x924B8000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA36C9000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x94FA9000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA4054000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x82F7C000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80714000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x92491000 C:\Windows\system32\DRIVERS\xcbda.sys 159744 bytes (ViXS Systems Inc., ViXS XCode Windows AVStream Minidriver)
0xA40D9000 C:\Windows\system32\drivers\PCTAppEvent.sys 155648 bytes (PC Tools, PC Tools App Monitor Driver)
0x94CCE000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x9467B000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x82FA3000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xA37DC000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x94D39000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x925D3000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8A9B3000 C:\Windows\system32\DRIVERS\snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0x807D7000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x805E1000 C:\Windows\System32\drivers\pctplfw.sys 118784 bytes (PC Tools, PC Tools FW Plugin Driver)
0x947B7000 \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys 118784 bytes
0xA3791000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x82EF6000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x947D4000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA37AE000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x92FD1000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA403C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x94F49000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x94659000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x94D5A000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xB963A000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x94E91000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x94DC7000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x94F75000 C:\Windows\system32\DRIVERS\usbcir.sys 90112 bytes (Microsoft Corporation, USB Consumer IR Driver for eHome)
0xA37C7000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x946C1000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x94F60000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x92FE9000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x805CD000 C:\Windows\system32\drivers\pctNdis-PacketFilter.sys 81920 bytes (PC Tools, PC Tools NDIS - Packet Filter)
0x946AD000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x94DE5000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0xA3711000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x94F96000 C:\Windows\system32\drivers\RTSTOR.SYS 77824 bytes (Realtek Semiconductor Corp., Realtek USB Mass Storage Driver for Vista)
0x82748000 C:\Windows\system32\drivers\TfSysMon.sys 77824 bytes (PC Tools, ThreatFire System Monitor)
0x94EB5000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x82FC4000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8A9E1000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x9476B000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80483000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8275B000 C:\Windows\system32\drivers\TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0x805BD000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x94D7C000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0xA36B9000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x807BF000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x945D2000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x947EF000 C:\Windows\System32\drivers\pctplsg.sys 65536 bytes (PC Tools, PC Tools SG Plugin Driver)
0x946DC000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x82FF0000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x94D0A000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8A9D2000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8073B000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x9469E000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x827E6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x945F0000 C:\Windows\system32\DRIVERS\VMNetSrv.sys 61440 bytes (Microsoft Corporation, Virtual Machine Network Services Driver)
0x8074A000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x945E2000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9E170000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x94711000 C:\Windows\system32\DRIVERS\circlass.sys 57344 bytes (Microsoft Corporation, Consumer IR Class Driver for eHome)
0x94EA7000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x94DA7000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x807AA000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x94FD1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x945C5000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x94702000 C:\Windows\system32\DRIVERS\pctNdis.sys 53248 bytes (PC Tools, PC Tools NDIS Driver)
0x94729000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8067E000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA41E7000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x94600000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x94D2D000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x82E00000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x94FDE000 C:\Windows\System32\Drivers\dump_dumpata.sys 45056 bytes
0x94F8B000 C:\Windows\system32\DRIVERS\hidir.sys 45056 bytes (Microsoft Corporation, Infrared Miniport Driver for Input Devices)
0x946EC000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x946F7000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x94D9C000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x94670000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x9464E000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x94D19000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x82FDC000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x82DAA000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x94FF1000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x9471F000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA36F3000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x94F3F000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA36FD000 C:\Windows\system32\DRIVERS\pnarp.sys 40960 bytes (Pure Networks, Inc., Address Resolution Protocol Driver)
0xA3707000 C:\Windows\system32\DRIVERS\purendis.sys 40960 bytes (Pure Networks, Inc., NDIS Relay Driver)
0xA41DD000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x94E00000 C:\Windows\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xB9650000 C:\Windows\system32\DRIVERS\WSDPrint.sys 40960 bytes (Microsoft Corporation, Web Services Print Device Driver)
0xA40CA000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x8A9F2000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x94CF3000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x94D73000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x94DB5000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0xB9665000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xA3600000 C:\Program Files\PC Tools Security\PCTSDInj32.sys 36864 bytes (PC Tools, UM Injection Driver)
0x8276C000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x94DBE000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9E100000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x82FE7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80703000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x94E88000 C:\Windows\system32\drivers\ws2ifsl.sys 36864 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0x807CF000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x80494000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x94FE9000 C:\Windows\System32\Drivers\dump_atapi.sys 32768 bytes
0x94DDD000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8070C000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x94D8C000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x94D94000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x94400000 C:\Windows\system32\DRIVERS\serscan.sys 32768 bytes (Microsoft Corporation, Serial Imaging Device Driver)
0x8A9AB000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA41F3000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x94D03000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x94D26000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x807A3000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x8040C000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x94CFC000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x807B8000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x946D6000 C:\Windows\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xA40D5000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x924E2000 C:\Windows\system32\DRIVERS\BdaSup.SYS 12288 bytes (Microsoft Corporation, Microsoft BDA Driver Support Library)
0xA40D3000 C:\Windows\System32\Drivers\MCSTRM.SYS 8192 bytes (RealNetworks, Inc., RealNetworks Virtual Path Manager®)
0x90D5B000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 186.76 )
0x9470F000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x94D71000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
!-->[Hidden] C:\Qoobox\BackEnv\AppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cache.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Cookies.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Desktop.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Favorites.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\History.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalAppData.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\LocalSettings.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Music.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\NetHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Personal.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Pictures.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\PrintHood.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Programs.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\Recent.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SendTo.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SetPath.bat
!-->[Hidden] C:\Qoobox\BackEnv\StartMenu.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\StartUp.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\SysPath.dat
!-->[Hidden] C:\Qoobox\BackEnv\Templates.folder.dat
!-->[Hidden] C:\Qoobox\BackEnv\VikPev00
!-->[Hidden] C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\FNNQR5AD\v=5;m=2;l=280;cxt=30000117_0;kw=;ts=344161;smuid=PJ_Vn6AP2DPXzLBWuLKBLvp80_ogM6c2ZzLvkSqq;p=ui=PJ_Vn6AP2DPXzLBWuLKBLvp80_ogM6c2ZzLvkSqq;tr=EU-mGyEw2FZ;tm=0-0[1]f
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x820B47AA-->820B47B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC8A0, Type: Inline - RelativeJump 0x820B88A0-->820B8923 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC984, Type: Inline - RelativeCall 0x820B8984-->FDAF9815 [unknown_code_page]
ntkrnlpa.exe+0x000ACA34, Type: Inline - RelativeCall 0x820B8A34-->D3A40E80 [unknown_code_page]
ntkrnlpa.exe+0x000ACAA4, Type: Inline - RelativeJump 0x820B8AA4-->820B8A2B [ntkrnlpa.exe]
ntkrnlpa.exe+0x000ACB34, Type: Inline - RelativeJump 0x820B8B34-->820B8ABC [ntkrnlpa.exe]
[1820]RtHDVCpl.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[1820]RtHDVCpl.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[1820]RtHDVCpl.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[1820]RtHDVCpl.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[1828]WinPatrol.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[1828]WinPatrol.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[1828]WinPatrol.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[1828]WinPatrol.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[2460]BDTUpdateService.exe-->advapi32.dll-->CreateServiceW, Type: IAT modification 0x0042C04C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x0042C07C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x0042C084-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0042C078-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0042C070-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x0042C1B4-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x0042C1D0-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x0042C16C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x0042C254-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0042C130-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x6D641258-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x6D641268-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x6D641274-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x6D641254-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x6D64125C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x768E1C04-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x768E1B34-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x768E1CB8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x768E1B54-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x768E1CFC-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x768E1B2C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x768E1CC8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am

Re: My computer has become especially sluggish lately.

Unread postby budertv » December 19th, 2010, 4:25 pm

Post 2 or Rootkit Unhooker

[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x0042C07C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x0042C084-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0042C078-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x0042C070-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->CreateFileA, Type: IAT modification 0x0042C1B4-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x0042C1D0-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x0042C16C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x0042C254-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0042C130-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x6D641258-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x6D641268-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x6D641274-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x6D641254-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x6D64125C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x768E1C04-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x768E1B34-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x768E1CB8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x768E1B54-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x768E1CFC-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x768E1B2C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x768E1CC8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2460]BDTUpdateService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->00000000 [AcGenral.dll]
[2460]BDTUpdateService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2772]FsynSrvStarter.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[2772]FsynSrvStarter.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[2772]FsynSrvStarter.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00426268-->00000000 [shimeng.dll]
[2772]FsynSrvStarter.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[2772]FsynSrvStarter.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[2772]FsynSrvStarter.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[2772]FsynSrvStarter.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[2772]FsynSrvStarter.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[2772]FsynSrvStarter.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[2772]FsynSrvStarter.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[2772]FsynSrvStarter.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[2796]svchost.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x010010FC-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x01001100-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->OpenProcessToken, Type: IAT modification 0x0100113C-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x01001130-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->RegDisablePredefinedCacheEx, Type: IAT modification 0x01001118-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->RegisterServiceCtrlHandlerW, Type: IAT modification 0x01001134-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x0100112C-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x01001128-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->SetEntriesInAclW, Type: IAT modification 0x0100110C-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x01001110-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->SetSecurityDescriptorGroup, Type: IAT modification 0x01001108-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->SetSecurityDescriptorOwner, Type: IAT modification 0x01001104-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->SetServiceStatus, Type: IAT modification 0x01001138-->00000000 [msvcrt.dll]
[2796]svchost.exe-->advapi32.dll-->StartServiceCtrlDispatcherW, Type: IAT modification 0x01001114-->00000000 [msvcrt.dll]
[2796]svchost.exe-->kernel32.dll-->ActivateActCtx, Type: IAT modification 0x0100109C-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x01001074-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->CreateActCtxW, Type: IAT modification 0x01001008-->00000000 [advapi32.dll]
[2796]svchost.exe-->kernel32.dll-->DeactivateActCtx, Type: IAT modification 0x01001090-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->DelayLoadFailureHook, Type: IAT modification 0x01001018-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->ExitProcess, Type: IAT modification 0x01001050-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x01001004-->00000000 [advapi32.dll]
[2796]svchost.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x01001084-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x0100104C-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x01001044-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x01001038-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x01001034-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x01001098-->00000000 [wsock32.dll]
[2796]svchost.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x01001028-->00000000 [ntdll.dll]
[2796]svchost.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0100108C-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x0100105C-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0100103C-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x01001030-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x01001068-->00000000 [unknown_code_page]
[2796]svchost.exe-->kernel32.dll-->HeapSetInformation, Type: IAT modification 0x01001000-->00000000 [advapi32.dll]
[2796]svchost.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x01001080-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0100101C-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->LCMapStringW, Type: IAT modification 0x01001010-->00000000 [unknown_code_page]
[2796]svchost.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x0100107C-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x01001094-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->LocalAlloc, Type: IAT modification 0x01001078-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->LocalFree, Type: IAT modification 0x01001070-->00000000 [wsock32.dll]
[2796]svchost.exe-->kernel32.dll-->lstrcmpiW, Type: IAT modification 0x010010AC-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->lstrcmpW, Type: IAT modification 0x010010A4-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x01001014-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0100102C-->00000000 [ntdll.dll]
[2796]svchost.exe-->kernel32.dll-->RegisterWaitForSingleObject, Type: IAT modification 0x01001020-->00000000 [ntdll.dll]
[2796]svchost.exe-->kernel32.dll-->ReleaseActCtx, Type: IAT modification 0x0100100C-->00000000 [advapi32.dll]
[2796]svchost.exe-->kernel32.dll-->SetErrorMode, Type: IAT modification 0x01001060-->00000000 [unknown_code_page]
[2796]svchost.exe-->kernel32.dll-->SetProcessAffinityUpdateMode, Type: IAT modification 0x01001054-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x01001024-->00000000 [ntdll.dll]
[2796]svchost.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x01001088-->00000000 [ws2_32.dll]
[2796]svchost.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x01001040-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x01001048-->00000000 [kernel32.dll]
[2796]svchost.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x0100106C-->00000000 [wsock32.dll]
[2796]svchost.exe-->ntdll.dll-->RtlAllocateHeap, Type: IAT modification 0x01001158-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlCopySid, Type: IAT modification 0x0100114C-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlFreeHeap, Type: IAT modification 0x01001148-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlImageNtHeader, Type: IAT modification 0x01001160-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlInitializeCriticalSection, Type: IAT modification 0x0100116C-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlInitializeSid, Type: IAT modification 0x0100115C-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlLengthRequiredSid, Type: IAT modification 0x01001154-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlSetProcessIsCritical, Type: IAT modification 0x01001164-->00000000 [unknown_code_page]
[2796]svchost.exe-->ntdll.dll-->RtlSubAuthorityCountSid, Type: IAT modification 0x01001150-->00000000 [hpzipt12.dll]
[2796]svchost.exe-->ntdll.dll-->RtlSubAuthoritySid, Type: IAT modification 0x01001144-->00000000 [msvcrt.dll]
[2796]svchost.exe-->ntdll.dll-->RtlUnhandledExceptionFilter, Type: IAT modification 0x01001168-->00000000 [unknown_code_page]
[2848]pctsSvc.exe-->shell32.dll-->kernel32.dll-->QueueUserWorkItem, Type: IAT modification 0x768E11AC-->00000000 [pctsSvc.exe]
[3484]TaskTrap.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[3484]TaskTrap.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[3484]TaskTrap.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[3484]TaskTrap.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[3752]ehtray.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[3752]ehtray.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[3752]ehtray.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[3752]ehtray.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[3760]DiscWizardMonitor.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[3760]DiscWizardMonitor.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[3760]DiscWizardMonitor.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[3760]DiscWizardMonitor.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[376]schtasks.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[376]schtasks.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[376]schtasks.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[376]schtasks.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[3772]TimounterMonitor.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[3772]TimounterMonitor.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[3772]TimounterMonitor.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[3772]TimounterMonitor.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[3844]Generic.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[3844]Generic.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[3844]Generic.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0046910C-->00000000 [shimeng.dll]
[3844]Generic.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[3844]Generic.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[3844]Generic.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[3844]Generic.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[3844]Generic.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[3844]Generic.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[3844]Generic.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[3844]Generic.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[4296]pctsGui.exe-->kernel32.dll+0x0004C928, Type: Inline - PushRet 0x7720C928-->00000000 [unknown_code_page]
[4296]pctsGui.exe-->shell32.dll-->kernel32.dll-->QueueUserWorkItem, Type: IAT modification 0x768E11AC-->00000000 [pctsGui.exe]
[4332]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4332]taskeng.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4332]taskeng.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4332]taskeng.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4424]HTCVBTServer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[4424]HTCVBTServer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[4424]HTCVBTServer.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004560A4-->00000000 [AcLayers.dll]
[4424]HTCVBTServer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x004561B8-->00000000 [shimeng.dll]
[4424]HTCVBTServer.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->00000000 [shimeng.dll]
[4424]HTCVBTServer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[4424]HTCVBTServer.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4424]HTCVBTServer.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4424]HTCVBTServer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[4424]HTCVBTServer.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4424]HTCVBTServer.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4424]HTCVBTServer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[4424]HTCVBTServer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[4440]ehmsas.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4440]ehmsas.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4440]ehmsas.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4440]ehmsas.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4444]firefox.exe-->ntdll.dll-->LdrLoadDll, Type: Inline - RelativeJump 0x77BF9390-->00000000 [firefox.exe]
[4444]firefox.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4444]firefox.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4444]firefox.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4444]firefox.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4472]hpqtra08.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[4472]hpqtra08.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[4472]hpqtra08.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0041B164-->00000000 [shimeng.dll]
[4472]hpqtra08.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[4472]hpqtra08.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4472]hpqtra08.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4472]hpqtra08.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[4472]hpqtra08.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4472]hpqtra08.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4472]hpqtra08.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[4472]hpqtra08.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[4480]epmworker.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[4480]epmworker.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[4480]epmworker.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x004681F0-->00000000 [AcLayers.dll]
[4480]epmworker.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00468060-->00000000 [shimeng.dll]
[4480]epmworker.exe-->kernel32.dll-->WinExec, Type: IAT modification 0x00468148-->00000000 [AcLayers.dll]
[4480]epmworker.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[4480]epmworker.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4480]epmworker.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4480]epmworker.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[4480]epmworker.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4480]epmworker.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4480]epmworker.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[4564]hpqbam08.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4564]hpqbam08.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4564]hpqbam08.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4564]hpqbam08.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4576]jusched.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4576]jusched.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4576]jusched.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4576]jusched.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4600]OSD.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4600]OSD.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4600]OSD.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4600]OSD.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4676]jureg.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4676]jureg.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4676]jureg.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4676]jureg.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4840]hpqste08.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4840]hpqste08.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4840]hpqste08.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4840]hpqste08.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4844]schedhlp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4844]schedhlp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4844]schedhlp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4844]schedhlp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4936]hpwuSchd2.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4936]hpwuSchd2.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4936]hpwuSchd2.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4936]hpwuSchd2.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4960]ClientInitiatedStarter.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[4960]ClientInitiatedStarter.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[4960]ClientInitiatedStarter.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00443288-->00000000 [shimeng.dll]
[4960]ClientInitiatedStarter.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[4960]ClientInitiatedStarter.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4960]ClientInitiatedStarter.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4960]ClientInitiatedStarter.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[4960]ClientInitiatedStarter.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4960]ClientInitiatedStarter.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[4960]ClientInitiatedStarter.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[4988]hpsysdrv.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[4988]hpsysdrv.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[4988]hpsysdrv.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[4988]hpsysdrv.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5380]nmctxth.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5380]nmctxth.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5380]nmctxth.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5380]nmctxth.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5588]nmapp.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5588]nmapp.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5588]nmapp.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5588]nmapp.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5664]Application Launcher.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[5664]Application Launcher.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[5664]Application Launcher.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x0047017C-->00000000 [AcLayers.dll]
[5664]Application Launcher.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00470154-->00000000 [shimeng.dll]
[5664]Application Launcher.exe-->kernel32.dll-->WinExec, Type: IAT modification 0x004701B0-->00000000 [AcLayers.dll]
[5664]Application Launcher.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[5664]Application Launcher.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5664]Application Launcher.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5664]Application Launcher.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[5664]Application Launcher.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5664]Application Launcher.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5664]Application Launcher.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[5716]FGuard.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5716]FGuard.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5716]FGuard.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5716]FGuard.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5724]launcher.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[5724]launcher.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[5724]launcher.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040C030-->00000000 [shimeng.dll]
[5724]launcher.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[5724]launcher.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5724]launcher.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5724]launcher.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[5724]launcher.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5724]launcher.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5728]WinPatrol.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5728]WinPatrol.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5728]WinPatrol.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5728]WinPatrol.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5752]hpqgpc01.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5752]hpqgpc01.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5752]hpqgpc01.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5752]hpqgpc01.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5864]logger.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[5864]logger.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[5864]logger.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[5864]logger.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5864]logger.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5864]logger.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[5864]logger.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5864]logger.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[5868]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77C814C0-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77C81500-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77C816EC-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->advapi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77C816A8-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->gdi32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77B610B4-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->shell32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x768E120C-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[5868]aolsoftware.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[5868]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->user32.dll-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x77D51260-->00000000 [tbdiag.dll]
[5868]aolsoftware.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[5868]aolsoftware.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[6060]WLMailApiAgent.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[6060]WLMailApiAgent.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[6060]WLMailApiAgent.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[6060]WLMailApiAgent.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[6104]CapabilityManager.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->00000000 [shimeng.dll]
[6104]CapabilityManager.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->00000000 [shimeng.dll]
[6104]CapabilityManager.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->00000000 [shimeng.dll]
[6104]CapabilityManager.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[6104]CapabilityManager.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[6104]CapabilityManager.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->00000000 [shimeng.dll]
[6104]CapabilityManager.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[6104]CapabilityManager.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[6104]CapabilityManager.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x704114B0-->00000000 [shimeng.dll]
[6104]CapabilityManager.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->00000000 [shimeng.dll]
[6692]plugin-container.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x00402008-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x00402010-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x00402014-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x0040200C-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x00402018-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x00402024-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0040202C-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->IsDebuggerPresent, Type: IAT modification 0x00402000-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0040201C-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x00402020-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x00402028-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x00402030-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x00402004-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
[6692]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x778814F3-->00000000 [xul.dll]
[7780]wuauclt.exe-->advapi32.dll-->AddAccessAllowedAce, Type: IAT modification 0x0040103C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->AllocateAndInitializeSid, Type: IAT modification 0x00401000-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->advapi32.dll-->CheckTokenMembership, Type: IAT modification 0x00401010-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->CopySid, Type: IAT modification 0x00401018-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->advapi32.dll-->DuplicateTokenEx, Type: IAT modification 0x0040100C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->FreeSid, Type: IAT modification 0x00401004-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->GetLengthSid, Type: IAT modification 0x00401034-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->advapi32.dll-->GetTokenInformation, Type: IAT modification 0x00401008-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->GetUserNameW, Type: IAT modification 0x00401030-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->InitializeAcl, Type: IAT modification 0x00401038-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->InitializeSecurityDescriptor, Type: IAT modification 0x00401040-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->IsValidSid, Type: IAT modification 0x00401014-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x0040104C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x0040101C-->00000000 [GdiPlus.dll]
[7780]wuauclt.exe-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x0040102C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x00401028-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x00401048-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x00401024-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x00401020-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->advapi32.dll-->SetSecurityDescriptorDacl, Type: IAT modification 0x00401044-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x004010C0-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->CompareStringW, Type: IAT modification 0x0040111C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x00401058-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->CreateFileMappingW, Type: IAT modification 0x004010A0-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x00401054-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->kernel32.dll-->CreateMutexW, Type: IAT modification 0x004010BC-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x00401068-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->kernel32.dll-->ExpandEnvironmentStringsW, Type: IAT modification 0x00401060-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->kernel32.dll-->FlushFileBuffers, Type: IAT modification 0x00401080-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->FreeLibrary, Type: IAT modification 0x00401130-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetCommandLineW, Type: IAT modification 0x0040112C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x004010C8-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x004010D4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x004010D8-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetDriveTypeW, Type: IAT modification 0x00401108-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x0040105C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetFileSize, Type: IAT modification 0x0040109C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetFileType, Type: IAT modification 0x00401110-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetLastError, Type: IAT modification 0x00401094-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetModuleFileNameW, Type: IAT modification 0x00401084-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x004010E4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetModuleHandleW, Type: IAT modification 0x00401118-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x00401140-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetProcessHeap, Type: IAT modification 0x00401120-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetStartupInfoW, Type: IAT modification 0x004010EC-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetSystemDirectoryW, Type: IAT modification 0x00401100-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetSystemInfo, Type: IAT modification 0x00401114-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetSystemTime, Type: IAT modification 0x00401090-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x004010D0-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x004010DC-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetTimeZoneInformation, Type: IAT modification 0x004010F8-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->GetVolumePathNameW, Type: IAT modification 0x0040110C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->HeapFree, Type: IAT modification 0x00401124-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x00401138-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->InterlockedDecrement, Type: IAT modification 0x0040108C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x004010F4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->InterlockedIncrement, Type: IAT modification 0x00401088-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x00401104-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x00401134-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->lstrlenW, Type: IAT modification 0x00401064-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->kernel32.dll-->MapViewOfFile, Type: IAT modification 0x004010A4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->OpenEventW, Type: IAT modification 0x0040113C-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->OutputDebugStringW, Type: IAT modification 0x00401074-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x004010E0-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->ReleaseMutex, Type: IAT modification 0x004010B4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->SetEndOfFile, Type: IAT modification 0x004010B0-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->SetFilePointer, Type: IAT modification 0x004010AC-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->SetLastError, Type: IAT modification 0x00401098-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x004010E8-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x004010F0-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->SystemTimeToTzSpecificLocalTime, Type: IAT modification 0x004010FC-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x004010CC-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x004010C4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->UnmapViewOfFile, Type: IAT modification 0x004010A8-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->VerifyVersionInfoW, Type: IAT modification 0x00401070-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->kernel32.dll-->WaitForSingleObject, Type: IAT modification 0x004010B8-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->kernel32.dll-->WideCharToMultiByte, Type: IAT modification 0x00401078-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->kernel32.dll-->WriteFile, Type: IAT modification 0x0040107C-->00000000 [PCTGMhk.dll]
[7780]wuauclt.exe-->ntdll.dll-->RtlUnwind, Type: IAT modification 0x004011E4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->user32.dll-->ChangeDisplaySettingsExA, Type: Inline - DirectJump 0x77866FE7-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->user32.dll-->ChangeDisplaySettingsExW, Type: Inline - DirectJump 0x778AA9E4-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->user32.dll-->IsWindow, Type: IAT modification 0x00401174-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->user32.dll-->PostMessageW, Type: IAT modification 0x00401178-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->user32.dll-->SetForegroundWindow, Type: Inline - DirectJump 0x7786B8A6-->00000000 [unknown_code_page]
[7780]wuauclt.exe-->user32.dll-->SetWindowPos, Type: Inline - DirectJump 0x778735E3-->00000000 [unknown_code_page]
budertv
Active Member
 
Posts: 12
Joined: December 9th, 2010, 11:34 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware