Hello turtledove,
I had difficulties with the RSIT processing. There is no Start - Run capability per se on my Vista machine as far as I know.
In the end, I renamed the old info.txt file in order to get a new one.
UPS delivered my new external drive and my Windows 7 disk but my new internal drive is not here yet.
ESET log.txt
C:\Program Files\Uniblue\RegistryBooster\Launcher.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan cleaned by deleting - quarantined
C:\Users\Terry\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-11b0de88 probably a variant of Win32/Agent.FXHNPDJ trojan deleted - quarantined
C:\Users\Terry\AppData\Roaming\Uniblue\Registry Booster2\RB_Setup_7_4_2010.exe a variant of Win32/RegistryBooster application deleted - quarantined
C:\Users\Terry\AppData\Roaming\Uniblue\RegistryBooster\_temp\ub.exe Win32/RegistryBooster application deleted - quarantined
C:\Users\Terry\Downloads\registryboosterplb.exe Win32/RegistryBooster application deleted - quarantined
SysProt log
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
No Hidden Processes found
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_dumpata.sys
Service Name: ---
Module Base: 95073000
Module End: 9507E000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: 9507E000
Module End: 95086000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwAllocateVirtualMemory
Address: A13E83F0
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwAlpcConnectPort
Address: A13E7D7C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwAssignProcessToJobObject
Address: A13E7E3A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwConnectPort
Address: A13E7E82
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateFile
Address: A13E7F3A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateProcess
Address: A13E8BCC
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateProcessEx
Address: A13E8C58
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateSection
Address: A13E7FBA
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateThread
Address: A13E8CE8
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwDebugActiveProcess
Address: A13E800A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwDeleteFile
Address: A13E8052
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwDeleteKey
Address: A13E809A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwDeleteValueKey
Address: A13E80E2
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwDuplicateObject
Address: A13E812C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwFsControlFile
Address: A13E8176
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwLoadDriver
Address: A13E81C0
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwMapViewOfSection
Address: A13E8236
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenFile
Address: A13E827E
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenKey
Address: A13E82CE
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenSection
Address: A13E8316
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwOpenThread
Address: A13E835E
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwProtectVirtualMemory
Address: A13E843E
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwRequestWaitReplyPort
Address: A13E83A6
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwRestoreKey
Address: A13E8486
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwResumeThread
Address: A13E84D4
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwSecureConnectPort
Address: A13E85C0
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwSetInformationFile
Address: A13E851C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwSetSecurityObject
Address: A13E866C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwSetValueKey
Address: A13E856C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwSuspendProcess
Address: A13E86B6
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwSystemDebugControl
Address: A13E86FE
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwTerminateProcess
Address: A13E8746
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwWriteFile
Address: A13E8794
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwWriteVirtualMemory
Address: A13E87DC
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateThreadEx
Address: A13E8D8A
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
Function Name: ZwCreateUserProcess
Address: A13E8B5C
Driver Base: A13D9000
Driver End: A13FF000
Driver Name: \??\C:\Windows\system32\drivers\PCTAppEvent.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
No IRP Hooks found
******************************************************************************************
******************************************************************************************
Ports:
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59288
Remote Address: HP00226436E97B:MICROSOFT-DS
Type: TCP
Process: System
State: ESTABLISHED
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59266
Remote Address: JODY-HP-PC:NETBIOS-SSN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59263
Remote Address: HP00226436E97B:HTTP
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59261
Remote Address: HP00226436E97B:9100
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:59259
Remote Address: HP00226436E97B:NETBIOS-SSN
Type: TCP
Process: [System Idle Process]
State: TIME_WAIT
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:53445
Remote Address: C6.59.85AE.STATIC.THEPLANET.COM:HTTP
Type: TCP
Process: C:\Program Files\PC Tools Security\pctsSvc.exe
State: CLOSE_WAIT
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:NETBIOS-SSN
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: PAVILION-M9047:53918
Remote Address: LOCALHOST:53917
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: PAVILION-M9047:53917
Remote Address: LOCALHOST:53918
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: PAVILION-M9047:53915
Remote Address: LOCALHOST:53914
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: PAVILION-M9047:53914
Remote Address: LOCALHOST:53915
Type: TCP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: ESTABLISHED
Local Address: PAVILION-M9047:52793
Remote Address: LOCALHOST:5037
Type: TCP
Process: C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
State: ESTABLISHED
Local Address: PAVILION-M9047:10635
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
State: LISTENING
Local Address: PAVILION-M9047:5037
Remote Address: LOCALHOST:52793
Type: TCP
Process: C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
State: ESTABLISHED
Local Address: PAVILION-M9047:5037
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
State: LISTENING
Local Address: PAVILION-M9047:49162
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\services.exe
State: LISTENING
Local Address: PAVILION-M9047:49157
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: PAVILION-M9047:49156
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\lsass.exe
State: LISTENING
Local Address: PAVILION-M9047:49155
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\spoolsv.exe
State: LISTENING
Local Address: PAVILION-M9047:49154
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: PAVILION-M9047:49153
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: PAVILION-M9047:49152
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\wininit.exe
State: LISTENING
Local Address: PAVILION-M9047:9000
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: PAVILION-M9047:5357
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: PAVILION-M9047:MS-WBT-SERVER
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: PAVILION-M9047:1196
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: LISTENING
Local Address: PAVILION-M9047:MICROSOFT-DS
Remote Address: 0.0.0.0:0
Type: TCP
Process: System
State: LISTENING
Local Address: PAVILION-M9047:EPMAP
Remote Address: 0.0.0.0:0
Type: TCP
Process: C:\Windows\System32\svchost.exe
State: LISTENING
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:56034
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:427
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:138
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: PAVILION-M9047.HSD1.IL.COMCAST.NET.:NETBIOS-NS
Remote Address: NA
Type: UDP
Process: System
State: NA
Local Address: PAVILION-M9047:64835
Remote Address: NA
Type: UDP
Process: C:\Program Files\Mozilla Firefox\firefox.exe
State: NA
Local Address: PAVILION-M9047:58501
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\aol\acs\AOLacsd.exe
State: NA
Local Address: PAVILION-M9047:56035
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:51756
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:SSDP
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:62292
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:49152
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:IPSEC-MSFT
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:4459
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:UPNP-DISCOVERY
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:SSDP
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: PAVILION-M9047:1196
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: PAVILION-M9047:500
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:427
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:138
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: PAVILION-M9047:123
Remote Address: NA
Type: UDP
Process: C:\Windows\System32\svchost.exe
State: NA
Local Address: PAVILION-M9047:68
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
Local Address: PAVILION-M9047:67
Remote Address: NA
Type: UDP
Process: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
State: NA
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl
Status: Access denied
Object: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl
Status: Access denied
New set from RSIT - info.txt and log.txt
info.txt logfile of random's system information tool 1.08 2010-12-18 18:28:49
======Uninstall list======
-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Blasterball 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Boggle Supreme\Uninstall.exe"
-->"C:\Program Files\HP Games\Bookworm Adventures\Uninstall.exe"
-->"C:\Program Files\HP Games\Cake Mania\Uninstall.exe"
-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\Crystal Maze\Uninstall.exe"
-->"C:\Program Files\HP Games\Diner Dash - Flo on the Go\Uninstall.exe"
-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
-->"C:\Program Files\HP Games\Final Drive Nitro\Uninstall.exe"
-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
-->"C:\Program Files\HP Games\JEOPARDY\Uninstall.exe"
-->"C:\Program Files\HP Games\Jewel Quest 2 - Tournament Edition\Uninstall.exe"
-->"C:\Program Files\HP Games\Luxor 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->"C:\Program Files\HP Games\My HP Game Console\Uninstall.exe"
-->"C:\Program Files\HP Games\Peggle\Uninstall.exe"
-->"C:\Program Files\HP Games\Penguins!\Uninstall.exe"
-->"C:\Program Files\HP Games\Poker Superstars 2\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer Pineapple Cup\Uninstall.exe"
-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files\HP Games\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"
-->"C:\Program Files\HP Games\Super Granny 3\Uninstall.exe"
-->"C:\Program Files\HP Games\Swarm\Uninstall.exe"
-->"C:\Program Files\HP Games\Tank-o-Box\Uninstall.exe"
-->"C:\Program Files\HP Games\The Treasures of Montezuma\Uninstall.exe"
-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
-->"C:\Program Files\HP Games\Wheel of Fortune\Uninstall.exe"
32 Bit HP CIO Components Installer-->MsiExec.exe /I{2614F54E-A828-49FA-93BA-45A3F756BFAA}
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Product/Adobe Studio Update 10/2001-->"C:\Program Files\InstallShield Installation Information\{73006B34-9743-4A39-AC37-38EDFCEB6DCE}\setup.exe"
Adobe Reader X-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AA0000000001}
Adobe Type Manager 4.1-->C:\Windows\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
AnswerWorks 4.0 Runtime - English-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}\setup.exe" -l0x9 -removeonly
AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Atlantis Quest-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "c:\Program Files\RealArcade\Installer\installerMain.clf" "c:\Program Files\RealArcade\Installer\uninstall\Atlantis Quest.rguninst" "AddRemove"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BD/HD Advisor 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\Setup.exe" -uninstall
Bochs 2.3.6 (remove only)-->"C:\Program Files\Bochs-2.3.6\Uninstall.exe"
Browser Defender 3.0-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe"
Comcast Universal Caller ID-->msiexec /qb /x {0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
Comcast Universal Caller ID-->MsiExec.exe /I{0B72559F-4EBC-FCBB-BF23-6D96D9AC423D}
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exe
EASEUS Todo Backup 1.1-->"C:\Program Files\EASEUS\EASEUS Todo Backup 1.1\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ERUNT 1.1j-->C:\Users\Terry\Desktop\ERUNT\unins000.exe
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Express Burn Disc Burning Software-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
Garmin City Navigator North America NT 2008-->MsiExec.exe /X{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}
Garmin City Navigator North America NT 2010.10 Update-->MsiExec.exe /X{301CC8D1-FE75-41ED-9B11-41F006110950}
Garmin USB Drivers-->MsiExec.exe /X{B1102A25-3AA3-446B-AA0F-A699B07A02FD}
Google Gears-->MsiExec.exe /I{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->"C:\Program Files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Experience Enhancements-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB5E289E-76BF-4251-9F3F-9B763F681AE0}\setup.exe" -l0x9 -removeonly
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Customer Participation Program 11.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP Imaging Device Functions 11.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4-->C:\Program Files\HP\Digital Imaging\{C8732DC3-1736-44b2-B741-2D636DE58605}\setup\hpzscr01.exe -datfile hposcr31.dat -onestop
HP Photosmart Essential 3.5-->C:\Program Files\HP\Digital Imaging\PhotosmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Product Detection-->MsiExec.exe /X{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
HP Smart Web Printing 4.60-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 13.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update-->MsiExec.exe /X{74DC0593-6BC6-4001-AD5F-D810AFB68D86}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HTC Driver Installer-->MsiExec.exe /X{6D6664A9-3342-4948-9B7E-034EFE366F0F}
HTC Sync-->MsiExec.exe /I{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}
Intel(R) Network Connections Drivers-->Prounstl.exe
Intel® Viiv™ Software-->MsiExec.exe /X{6E7BF6EC-C3E7-43A7-8A03-0D204E3EC01B} /qb!
Internet Explorer (Enable DEP)-->%windir%\system32\sdbinst.exe -u "C:\Windows\AppPatch\Custom\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb"
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Maxthon2-->C:\Users\Terry\AppData\Roaming\Maxthon2\Mx2Uninstall.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft Age of Empires Gold-->"C:\Program Files\Microsoft Games\Age of Empires\UNINSTAL.EXE" /runtemp
Microsoft Age of Empires II: The Conquerors Expansion-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTALX.EXE" /runtemp /addremove
Microsoft Age of Empires II-->"C:\Program Files\Microsoft Games\Age of Empires II\UNINSTAL.EXE" /runtemp /uninstall
Microsoft Office Home and Student 60 day trial-->c:\hp\bin\MSOffice\uninst2.cmd
Microsoft Search Enhancement Pack-->MsiExec.exe /X{06E6E30D-B498-442F-A943-07DE41D7F785}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft VC9 runtime libraries-->MsiExec.exe /I{AA027AE9-DD20-4677-AA72-D760A358320B}
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Network Magic-->C:\ProgramData\Pure Networks\Setup\nmsetup.exe /uninstall
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S. 11.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
oggcodecs 0.71.0946-->C:\Program Files\illiminable\oggcodecs\uninst.exe
OpenOffice.org 3.2-->MsiExec.exe /I{6ADD0603-16EF-400D-9F9E-486432835002}
Opera 10.63-->MsiExec.exe /X{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}
Pandora-->msiexec /qb /x {C09683A5-B834-6F63-4C54-06512BFB75F4}
Pandora-->MsiExec.exe /I{C09683A5-B834-6F63-4C54-06512BFB75F4}
PC Tools Anti-Spam Toolbar-->MsiExec.exe /I{6527051E-8939-4639-9690-800B3442E610}
PC Tools Internet Security 8.0-->C:\Program Files\PC Tools Security\unins000.exe /LOG
Personal Ancestral File 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D94A8E22-DF2B-4107-9E51-608A60A7671D}\Setup.exe"
Personal Ancestral File Companion 5.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}\setup.exe" -l0x9 -uninst -removeonly
Pretty Good Solitaire version 12.1.0-->"C:\Program Files\goodsol\unins000.exe"
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
Ra's Revenge-->C:\PROGRA~1\RA'SRE~1\UNWISE.EXE C:\PROGRA~1\RA'SRE~1\INSTALL.LOG
RealArcade-->"C:\Program Files\RealArcade\Installer\bin\gameinstaller.exe" "C:\Program Files\RealArcade\Installer\installerMain.clf" "C:\Program Files\RealArcade\Installer\uninstall\RealArcade.rguninst" "AddRemove"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A}
Seagate DiscWizard-->MsiExec.exe /X{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Segoe UI-->MsiExec.exe /I{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}
Snapfish Picture Mover-->MsiExec.exe /X{029B5901-1F27-4347-9923-E8ACC8F54E15}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
Sudoku-->"C:\Program Files\Common Files\MimarSinan\Installation Information\{FB5055E4-9BE1-425F-B40A-33E43E9460DA}\{C8A522A9-9CBA-4AD3-80E9-EE3DD9BCA3A2}\SudokuSetup.exe" REMOVE=TRUE MODIFY=FALSE
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Task Catcher-->C:\Windows\uninst.exe -f"C:\Program Files\BillP Studios\Task Catcher\DeIsL1.isu" -c"C:\Program Files\BillP Studios\Task Catcher\_ISREG32.DLL"
Uniblue DriverScanner 2009-->"C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{148D8B8A-8F96-4822-81EC-D510B626B7D5}\DriverScanner_Setup.exe
Uniblue PowerSuite 2009-->"C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue PowerSuite 2009-->C:\ProgramData\{73A13F1D-6204-49B5-8F6D-8687D3C7CA01}\PowerSuite2009.exe
Uniblue RegistryBooster-->"C:\Program Files\Uniblue\RegistryBooster\unins000.exe"
Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{942E4254-C25C-44BA-94FC-8777923F9E7B}\speedupmypc2009.exe
Uniblue System Tweaker-->"C:\Program Files\Uniblue\System Tweaker\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_6b094708\grmnusb.inf
Windows Installer Clean Up-->MsiExec.exe /I{121634B0-2F4A-11D3-ADA3-00C04F52DD53}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live Family Safety-->MsiExec.exe /I{294BF709-D758-4363-8D75-01479AD20927}
Windows Live Family Safety-->MsiExec.exe /X{F53D678E-238F-4A71-9742-08BB6774E9DC}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{61AD15B2-50DB-4686-A739-14FE180D4429}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Messenger-->MsiExec.exe /X{80956555-A512-4190-9CAD-B000C36D6B6B}
Windows Live Messenger-->MsiExec.exe /X{EB4DF488-AAEF-406F-A341-CB2AAA315B90}
Windows Live MIME IFilter-->MsiExec.exe /I{AF844339-2F8A-4593-81B3-9F4C54038C4E}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinPatrol-->C:\PROGRA~2\INSTAL~1\{00781~1\Setup.exe /remove /q0
ZSoft Uninstaller 2.4.1-->C:\Program Files\ZSoft\Uninstaller\uninst.exe
Zynga Toolbar-->C:\PROGRA~1\Zynga\UNWISE.EXE /U C:\PROGRA~1\Zynga\INSTALL.LOG
======Security center information======
AV: Norton Internet Security (outdated)
FW: Norton Internet Security (disabled)
AS: Antispyware
AS: Windows Defender
AS: Norton Internet Security (outdated)
======System event log======
Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 341502
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100528155819.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: Pavilion-m9047
Event Code: 4001
Message: WLAN AutoConfig service has successfully stopped.
Record Number: 341478
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100528155559.562801-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Pavilion-m9047
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
i8042prt
Record Number: 341419
Source Name: Service Control Manager
Time Written: 20100528155354.000000-000
Event Type: Error
User:
Computer Name: Pavilion-m9047
Event Code: 7022
Message: The HP CUE DeviceDiscovery Service service hung on starting.
Record Number: 341414
Source Name: Service Control Manager
Time Written: 20100528155353.000000-000
Event Type: Error
User:
Computer Name: Pavilion-m9047
Event Code: 10016
Message: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
Record Number: 341413
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100528155244.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
=====Application event log=====
Computer Name: Pavilion-m9047
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 41995
Source Name: Microsoft-Windows-WMI
Time Written: 20091012192944.000000-000
Event Type: Error
User:
Computer Name: Pavilion-m9047
Event Code: 6001
Message: The winlogon notification subscriber <Sens> failed a notification event.
Record Number: 41960
Source Name: Microsoft-Windows-Winlogon
Time Written: 20091012125754.000000-000
Event Type: Warning
User:
Computer Name: Pavilion-m9047
Event Code: 1000
Message: Faulting application svchost.exe_ProfSvc, version 6.0.6001.18000, time stamp 0x47918b89, faulting module RPCRT4.dll, version 6.0.6002.18024, time stamp 0x49f05bcc, exception code 0xc0000096, fault offset 0x0003ca9b, process id 0x424, application start time 0x01ca4aa6b33a6e06.
Record Number: 41955
Source Name: Application Error
Time Written: 20091012090137.000000-000
Event Type: Error
User:
Computer Name: Pavilion-m9047
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 41949
Source Name: Microsoft-Windows-CAPI2
Time Written: 20091011191432.000000-000
Event Type: Error
User:
Computer Name: Pavilion-m9047
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 41944
Source Name: Microsoft-Windows-WMI
Time Written: 20091011191325.000000-000
Event Type: Error
User:
=====Security event log=====
Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d045d9
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 52207
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151877
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014429.332844-000
Event Type: Audit Success
User:
Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d01416
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 151876
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014408.309844-000
Event Type: Audit Success
User:
Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1d01416
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 52195
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151875
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806014408.309844-000
Event Type: Audit Success
User:
Computer Name: Pavilion-m9047
Event Code: 4634
Message: An account was logged off.
Subject:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1c130a1
Logon Type: 3
This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer.
Record Number: 151874
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806011212.845844-000
Event Type: Audit Success
User:
Computer Name: Pavilion-m9047
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0
Logon Type: 3
New Logon:
Security ID: S-1-5-7
Account Name: ANONYMOUS LOGON
Account Domain: NT AUTHORITY
Logon ID: 0x1c130a1
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x0
Process Name: -
Network Information:
Workstation Name: JODY-HP-PC
Source Network Address: 192.168.1.102
Source Port: 51795
Detailed Authentication Information:
Logon Process: NtLmSsp
Authentication Package: NTLM
Transited Services: -
Package Name (NTLM only): NTLM V1
Key Length: 128
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 151873
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100806011158.427844-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"OnlineServices"=Online Services
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Common Files\Teleca Shared;C:\Program Files\Windows Live\Shared
"PCBRAND"=Pavilion
"PLATFORM"=HPD
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Terry at 2010-12-18 18:28:41
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 253 GB (54%) free of 468 GB
Total RAM: 3071 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:28:46 PM, on 12/18/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\jureg.exe
C:\Program Files\BillP Studios\Task Catcher\TaskTrap.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\aol\1288566314\ee\aolsoftware.exe
C:\Program Files\Spyware Doctor\BDT\FGuard.exe
C:\Program Files\Common Files\PC Tools\Outlook Express API\launcher.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\cmd.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Terry\Desktop\RSIT\RSIT.exe
C:\Program Files\trend micro\Terry.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.facebook.com/home.php?ref=homeR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll
R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Task Catcher] C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1288566314\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [PCTools FGuard] C:\Program Files\Spyware Doctor\BDT\FGuard.exe
O4 - HKLM\..\Run: [Nektra OEAPI] C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WLMailPlugin] C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe
O4 - Startup: Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 12401 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\User_Feed_Synchronization-{3A86639F-7517-48BC-A083-91FCCECEED06}.job
C:\Windows\tasks\User_Feed_Synchronization-{8FB52CDC-6D29-4CC9-BE21-7E46743981AD}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-10 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-09-24 522192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ef64538-8b54-4573-b48f-4d34b0238ab2}]
AOL Toolbar Loader - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22 1320272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-05-14 191792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-12-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ba00b7b1-0351-477a-b948-23e3ee5a73d4} - AOL Toolbar - C:\Program Files\AOL Toolbar\aoltb.dll [2010-01-22 1320272]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-09-24 522192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2008-03-25 49152]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"SunJavaUpdateReg"=C:\Windows\system32\jureg.exe [2008-02-22 54672]
"Task Catcher"=C:\PROGRA~1\BILLPS~1\TASKCA~1\tasktrap.exe [2005-11-14 136760]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"nmctxth"=C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [2008-05-16 648504]
"nmapp"=C:\Program Files\Pure Networks\Network Magic\nmapp.exe [2008-05-21 451896]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-08-14 13793824]
"Mobile Connectivity Suite"=C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe [2009-11-19 598016]
"HostManager"=C:\Program Files\Common Files\AOL\1288566314\ee\AOLSoftware.exe [2010-03-08 41800]
"PCTools FGuard"=C:\Program Files\Spyware Doctor\BDT\FGuard.exe [2010-09-24 108496]
"Nektra OEAPI"=C:\Program Files\Common Files\PC Tools\Outlook Express API\Launcher.exe [2008-07-21 86016]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-11-17 329096]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"ISTray"=C:\Program Files\PC Tools Security\pctsGui.exe [2010-09-29 1588184]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-10 35736]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-11-10 932288]
"DiscWizardMonitor.exe"=C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe [2009-10-16 1325936]
"AcronisTimounterMonitor"=C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe [2009-10-16 904840]
"Seagate Scheduler2 Service"=C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe [2009-10-16 136544]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 125952]
"WLMailPlugin"=C:\Program Files\PC Tools Security\SpamMonitor\PCTools Email Toolbars\WLMailApiAgent.exe [2010-08-10 97240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Terry\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-11 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Distillr\AcroTray.exe [2001-03-15 49254]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
C:\PROGRA~1\SNAPFI~1\SNAPFI~1.EXE [2007-05-07 1273856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Terry^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE []
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 months======
2010-12-18 12:28:14 ----A---- C:\Windows\system32\AutoPartNt.exe
2010-12-18 08:53:38 ----D---- C:\ProgramData\Seagate
2010-12-18 08:53:34 ----A---- C:\Windows\system32\drivers\timntr.sys
2010-12-18 08:53:34 ----A---- C:\Windows\system32\drivers\tifsfilt.sys
2010-12-18 08:50:14 ----A---- C:\Windows\system32\drivers\snapman.sys
2010-12-18 08:50:02 ----A---- C:\Windows\system32\drivers\tdrpman.sys
2010-12-18 08:49:37 ----D---- C:\Program Files\Seagate
2010-12-18 08:49:37 ----D---- C:\Program Files\Common Files\Seagate
2010-12-17 19:45:00 ----SHD---- C:\Config.Msi
2010-12-17 12:27:39 ----D---- C:\Program Files\ESET
2010-12-17 02:00:29 ----D---- C:\Program Files\Common Files\FDRLab
2010-12-17 01:03:05 ----ASH---- C:\hiberfil.sys
2010-12-16 19:21:36 ----SHD---- C:\$RECYCLE.BIN
2010-12-16 19:21:22 ----A---- C:\ComboFix.txt
2010-12-16 18:57:17 ----A---- C:\Windows\zip.exe
2010-12-16 18:57:17 ----A---- C:\Windows\SWSC.exe
2010-12-16 18:57:17 ----A---- C:\Windows\SWREG.exe
2010-12-16 18:57:17 ----A---- C:\Windows\sed.exe
2010-12-16 18:57:17 ----A---- C:\Windows\PEV.exe
2010-12-16 18:57:17 ----A---- C:\Windows\NIRCMD.exe
2010-12-16 18:57:17 ----A---- C:\Windows\MBR.exe
2010-12-16 18:57:17 ----A---- C:\Windows\grep.exe
2010-12-16 18:57:13 ----D---- C:\Windows\ERDNT
2010-12-16 18:57:12 ----D---- C:\ComboFix
2010-12-16 18:51:52 ----D---- C:\Qoobox
2010-12-16 18:51:05 ----A---- C:\Windows\SWXCACLS.exe
2010-12-13 16:29:12 ----D---- C:\rsit
2010-12-12 10:39:50 ----D---- C:\Program Files\Common Files\Java
2010-12-12 10:38:52 ----A---- C:\Windows\system32\javaws.exe
2010-12-12 10:38:52 ----A---- C:\Windows\system32\javaw.exe
2010-12-12 10:38:52 ----A---- C:\Windows\system32\java.exe
2010-12-12 10:38:23 ----D---- C:\Program Files\Java
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1749.tmp
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1748.tmp
2010-12-12 09:48:27 ----A---- C:\Windows\system32\REN1747.tmp
2010-12-11 21:44:33 ----D---- C:\ProgramData\NCH Swift Sound
2010-12-11 21:32:51 ----D---- C:\Program Files\NCH Swift Sound
2010-12-11 21:31:46 ----D---- C:\ProgramData\NCH Software
2010-12-11 21:30:52 ----D---- C:\Users\Terry\AppData\Roaming\NCH Software
2010-12-11 21:00:12 ----A---- C:\Windows\system32\LogVss.txt
2010-12-11 21:00:12 ----A---- C:\Windows\system32\LogMsg.txt
2010-12-11 21:00:00 ----D---- C:\C Disk Backup schedule
2010-12-11 20:38:26 ----A---- C:\Windows\system32\drivers\eufs.sys
2010-12-11 20:37:19 ----A---- C:\Windows\system32\drivers\eudskacs.sys
2010-12-11 20:37:18 ----A---- C:\Windows\system32\drivers\eubakup.sys
2010-12-11 20:37:16 ----A---- C:\Windows\system32\drivers\EuDisk.sys
2010-12-11 20:36:57 ----D---- C:\Program Files\EASEUS
2010-12-08 18:52:02 ----D---- C:\Program Files\Trend Micro
2010-12-08 18:32:59 ----D---- C:\ProgramData\InstallMate
2010-12-07 19:57:02 ----D---- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-12-05 01:36:19 ----D---- C:\Program Files\QuickTime
2010-11-21 16:54:02 ----A---- C:\mbam-error.txt
2010-11-20 19:50:16 ----D---- C:\.jagex_cache_32
2010-11-19 00:36:01 ----D---- C:\Program Files\AOL Desktop 9.6a
======List of files/folders modified in the last 1 months======
2010-12-18 18:28:44 ----D---- C:\Windows\Temp
2010-12-18 18:11:03 ----D---- C:\Windows\Prefetch
2010-12-18 18:02:19 ----AD---- C:\ProgramData\TEMP
2010-12-18 17:33:43 ----D---- C:\Program Files\PC Tools Security
2010-12-18 17:33:39 ----D---- C:\Windows
2010-12-18 17:07:17 ----AD---- C:\Windows\System32
2010-12-18 11:39:53 ----D---- C:\Windows\inf
2010-12-18 11:39:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-18 08:53:43 ----SHD---- C:\Windows\Installer
2010-12-18 08:53:38 ----D---- C:\ProgramData
2010-12-18 08:53:35 ----D---- C:\Windows\system32\drivers
2010-12-18 08:49:37 ----D---- C:\Program Files\Common Files
2010-12-18 08:49:37 ----D---- C:\Program Files
2010-12-18 08:48:39 ----SHD---- C:\System Volume Information
2010-12-18 08:16:42 ----D---- C:\Windows\system32\catroot2
2010-12-17 19:45:59 ----D---- C:\Program Files\Common Files\Adobe
2010-12-17 19:45:54 ----D---- C:\ProgramData\Adobe
2010-12-17 19:45:53 ----D---- C:\Program Files\Adobe
2010-12-17 10:50:55 ----D---- C:\Windows\Minidump
2010-12-17 02:13:45 ----D---- C:\Windows\system32\config
2010-12-17 00:52:28 ----A---- C:\Windows\ntbtlog.txt
2010-12-16 19:12:23 ----A---- C:\Windows\system.ini
2010-12-16 19:12:01 ----D---- C:\Windows\system32\drivers\etc
2010-12-16 19:03:50 ----D---- C:\Windows\AppPatch
2010-12-15 15:27:21 ----D---- C:\Program Files\Zynga
2010-12-15 07:21:57 ----D---- C:\Windows\system32\catroot
2010-12-15 07:21:56 ----D---- C:\Windows\winsxs
2010-12-15 07:07:13 ----SD---- C:\Users\Terry\AppData\Roaming\Microsoft
2010-12-12 10:38:33 ----A---- C:\Windows\system32\deployJava1.dll
2010-12-12 10:01:02 ----D---- C:\Program Files\Yahoo!
2010-12-12 09:59:40 ----D---- C:\Program Files\HP
2010-12-12 08:43:49 ----D---- C:\Boot
2010-12-11 21:33:16 ----D---- C:\Windows\system32\Tasks
2010-12-10 10:03:31 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 16:38:20 ----SD---- C:\Windows\Downloaded Program Files
2010-12-08 23:48:28 ----D---- C:\Program Files\Safari
2010-12-08 05:43:01 ----D---- C:\ProgramData\Apple Computer
2010-12-08 05:42:14 ----DC---- C:\Windows\system32\DRVSTORE
2010-12-03 14:20:12 ----D---- C:\Windows\Tasks
2010-12-03 14:20:12 ----D---- C:\Windows\system32\spool
2010-12-03 14:20:12 ----D---- C:\Windows\system32\Msdtc
2010-12-03 14:20:12 ----D---- C:\Windows\system32\CodeIntegrity
2010-12-03 14:20:08 ----D---- C:\Windows\system32\wbem
2010-12-03 14:20:08 ----D---- C:\Windows\registration
2010-11-30 17:05:07 ----RSD---- C:\Windows\Fonts
2010-11-28 08:38:14 ----D---- C:\ProgramData\DriverScanner
2010-11-24 22:00:26 ----D---- C:\Users\Terry\AppData\Roaming\QuickScan
2010-11-24 10:19:51 ----D---- C:\Program Files\Internet Explorer
2010-11-21 16:54:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-20 09:57:23 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-19 00:38:43 ----D---- C:\Users\Terry\AppData\Roaming\AOL
2010-11-19 00:38:14 ----D---- C:\Program Files\Common Files\aol
2010-11-19 00:36:01 ----D---- C:\Program Files\Common Files\aolshare
2010-11-19 00:35:59 ----D---- C:\ProgramData\AOL
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 EUBAKUP;EUBAKUP; C:\Windows\system32\drivers\eubakup.sys [2009-12-02 27016]
R0 EUFS;EUFS; C:\Windows\system32\drivers\eufs.sys [2009-12-02 21896]
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2010-08-18 237632]
R0 pctDS;PC Tools Data Store; C:\Windows\system32\drivers\pctDS.sys [2010-07-16 338880]
R0 pctEFA;PC Tools Extended File Attributes; C:\Windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2007-02-02 43528]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-12-18 132224]
R0 tdrpman;Acronis Try&Decide and Restore Points filter; C:\Windows\system32\DRIVERS\tdrpman.sys [2010-12-18 368480]
R0 TfFsMon;TfFsMon; C:\Windows\system32\drivers\TfFsMon.sys [2010-08-26 51984]
R0 TfSysMon;TfSysMon; C:\Windows\system32\drivers\TfSysMon.sys [2010-08-26 68880]
R0 timounter;Seagate DiscWizard Image Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-12-18 441760]
R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2010-10-05 249616]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2007-02-18 232816]
R2 MCSTRM;MCSTRM; C:\Windows\system32\drivers\MCSTRM.sys [2007-12-25 8413]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 PCTAppEvent;PCTAppEvent Driver; \??\C:\Windows\system32\drivers\PCTAppEvent.sys [2010-09-30 159936]
R2 pnarp;Pure Networks Device Discovery Driver; C:\Windows\system32\DRIVERS\pnarp.sys [2008-05-16 24888]
R2 purendis;Pure Networks Wireless Driver; C:\Windows\system32\DRIVERS\purendis.sys [2008-05-16 26424]
R2 tifsfilter;Seagate DiscWizard FS Filter; C:\Windows\system32\DRIVERS\tifsfilt.sys [2010-12-18 44384]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2008-01-15 218752]
R3 EuDisk;EASEUS Disk Enumerator; C:\Windows\system32\DRIVERS\EuDisk.sys [2009-12-02 123784]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-08-04 2744800]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-08-14 9790624]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver; \??\C:\Windows\system32\drivers\pctNdis-PacketFilter.sys [2010-09-03 87400]
R3 pctNdisMP;PC Tools Driver; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
R3 pctplfw;pctplfw; \??\C:\Windows\System32\drivers\pctplfw.sys [2010-10-05 123712]
R3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2010-08-27 70536]
R3 RTSTOR;USB Mass Storage Device; C:\Windows\system32\drivers\RTSTOR.SYS [2008-02-15 59392]
R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-20 9216]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-29 33588]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys [2008-01-20 16896]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-20 83328]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC); C:\Windows\system32\DRIVERS\xcbda.sys [2007-09-07 156928]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-20 5632]
S3 EUDSKACS;EUDSKACS; \??\C:\Windows\system32\drivers\eudskacs.sys [2009-12-02 15240]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-22 39272]
S3 grmnusb;grmnusb; C:\Windows\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HTCAND32;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-20 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-20 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-20 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-20 6016]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista; C:\Windows\system32\DRIVERS\netr73.sys [2009-05-24 501248]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\Windows\system32\DRIVERS\pcdrndisuio.sys []
S3 pctNDIS;PC Tools Firewall Intermediate Filter Service; C:\Windows\system32\DRIVERS\pctNdis.sys [2010-08-10 56536]
S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2010-08-26 33552]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-20 35328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-20 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-20 386616]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-09-24 235472]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896]
R2 HPBtnSrv;HP Chasis Button Service; c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-08-14 211488]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\PC Tools Security\pctsAuxs.exe [2010-03-15 366840]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\PC Tools Security\pctsSvc.exe [2010-09-29 1145304]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-05-14 249136]
R2 SgtSch2Svc;Seagate Scheduler2 Service; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 431456]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R3 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-09-17 136176]
S2 IntelDHSvcConf;Intel DH Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696]
S3 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-09-11 188416]
S3 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-20 21504]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-22 1493352]
S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2009-03-30 250616]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-09-11 75264]
S3 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-09-01 26624]
S3 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-09-11 167936]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-09-11 544256]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ATMsrvc;ATM Service; C:\Windows\System32\ATMsrvc.exe [2000-05-24 15360]
S4 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
-----------------EOF-----------------
Thank you turtledove for all of your help.
budertv