Google Redirect Problem

Hi

Uninstall Spybot - Search & Destroy 1.4

  • Click on Start > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Wait for the list of programs in the Add/Remove control panel to appear, then uninstall this outdated program:

    Spybot - Search & Destroy 1.4

Note: Please agree to remove all settings (if asked). You may have to reinstall the current installed version. I will get back to this in my last post.


SystemLook

This program should still be located on your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :reg
HKCU\Software\Microsoft\MediaPlayer\Health /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt


Disable Zonealarm Firewall

Right click on the Zonealarm icon in the System Tray and select Shutdown ZoneAlarm.

Note: It will start as normal after the computer has been rebooted.


Disable Microsoft Security Essentials

  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.


Combofix

This is hopefully the last time. :)

Open notepad and copy/paste the text in the codebox below into it:

Code: 
registry::
[-HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{4CA5663E-BA28-4BBE-AEBC-DBEAA4C7CEB0}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
folder::
C:\Program Files\Coupons

Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.

CFScriptB-4.gif


Your anti virus needs to be disabled before the following: Refer to the picture above, then save all work and close all programs including any open browsers(!) and drag CFScript onto zzz.exe (Combofix will reboot your computer during this fix).

If Combofix prompts you to upgrade, please allow it. Do not use your computer at all while Combofix is running.

When finished, it shall produce a log for you at C:\ComboFix.txt.


Please make sure Microsoft Security Essentials and Zonealarm is enabled after ComboFix has finished.


Continue to limit the use of this computer until we are completely finished.


To post:
  • the SystemLook log
  • the Combofix log
 
Here are the results of the new Systemlook scan:

SystemLook 04.09.10 by jpshortstuff
Log created at 16:01 on 25/12/2010 by HP_Administrator
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{88BCFD7B-E87A-49E0-953F-3DAA187C1FC9}]
(No values found)


-= EOF =-
 
Here is my new Combofix log:

ComboFix 10-12-25.01 - HP_Administrator 12/25/2010 16:13:14.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.447.138 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\zzz.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Coupons
c:\program files\Coupons\uninstall.exe
c:\windows\system32\Oeminfo.ini

.
((((((((((((((((((((((((( Files Created from 2010-11-25 to 2010-12-25 )))))))))))))))))))))))))))))))
.

2010-12-25 02:27 . 2010-11-10 02:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7CAE09A0-BA1C-4914-9D2C-2A37F342135A}\mpengine.dll
2010-12-24 02:43 . 2010-11-10 02:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-23 02:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-12-23 02:10 . 2010-12-23 02:11 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-18 22:45 . 2010-12-18 22:45 -------- d-----w- C:\rsit
2010-12-16 22:25 . 2010-12-16 22:28 -------- d-----w- c:\windows\system32\NtmsData
2010-12-13 03:22 . 2010-12-13 03:22 -------- d-----w- c:\program files\ERUNT
2010-12-05 04:23 . 2010-11-29 16:41 35136 ----a-w- c:\program files\Mozilla Firefox\plugins\np_gp.dll
2010-11-27 01:06 . 2010-11-27 01:06 -------- d-----w- c:\program files\Common Files\Java
2010-11-27 01:06 . 2010-11-27 01:06 73728 ----a-w- c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 23:42 . 2009-09-25 00:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:42 . 2009-09-25 00:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-27 01:06 . 2010-07-03 23:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-25 03:25 . 2010-10-25 03:25 165264 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2005-02-16 17:06 . 2006-11-24 20:39 218112 ----a-w- c:\program files\HijackThis.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-19_23.41.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-25 21:55 . 2010-12-25 21:55 16384 c:\windows\temp\Perflib_Perfdata_5b0.dat
+ 2010-12-23 02:11 . 2010-12-23 02:11 786432 c:\windows\Installer\555d245.msi
+ 2010-12-23 02:10 . 2010-12-23 02:10 479744 c:\windows\Installer\555d23e.msi
+ 2010-12-23 02:10 . 2010-12-23 02:10 301056 c:\windows\Installer\555d238.msi
+ 2007-10-30 00:41 . 2010-12-25 22:31 84697120 c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 919016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-03-20 90112]
"DiscUpdateManager"="c:\program files\DISC\DiscUpdMgr.exe" [2006-03-16 61440]
"DISCover"="c:\program files\DISC\DISCover.exe" [2006-03-16 1077248]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-02 77312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk
backup=c:\windows\pss\Updates From HP.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-12-15 18:18 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 23:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAgent]
2006-09-19 22:50 856064 ----a-w- c:\program files\Parental Controls\PCTHelp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 03:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-03-08 04:54 16010240 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"navapsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/9/2004 3:00 PM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-12-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://comcast.net/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\r1og734j.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-25 16:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-12-25 16:35:56
ComboFix-quarantined-files.txt 2010-12-25 22:35
ComboFix2.txt 2010-12-21 00:21
ComboFix3.txt 2010-12-20 15:41
ComboFix4.txt 2010-12-19 23:47
ComboFix5.txt 2010-12-25 22:08

Pre-Run: 139,769,049,088 bytes free
Post-Run: 139,759,886,336 bytes free

- - End Of File - - 118BD8ED6618BEA574CD958EB70A82C8
 
Hi. :)

I'm sorry for the delay.

We are not finished yet. :sad:


Out of date applications and operating system pose a security risk. They can be used by malware as means to infect a computer and or re-infect.

Start Firefox and click Apply downloaded updates or Check for updates from the Help menu. Follow the prompts to complete the update process.

Are you using the installed Netscape Browser? Then please update it, if not please uninstall it.
Please uninstall the outdated Adobe Reader 9.1.3. I will give you a link to download the updated version in my next post.
  • Click on Start > Run.
  • In the open text box copy/paste appwiz.cpl Then click Ok.
  • Wait for the list of programs in the Add/Remove control panel to appear, then uninstall Netscape and Adobe Reader.

You are using Windows XP Service Pack 2. Support for this service pack has ended, this means that Microsoft will not offer security updates for your system unless you update to Service Pack 3. Please update your operating system to SP3 and Internet Explorer to version 8, go to the Microsoft update site to get all the critical updates. Repeat this update process until no further important updates are offered.

Please post back a description of any problems while updating as described above.


Scan file with Virustotal

  • Please go to Virus Total
  • Click the Browse button and browse to the following file, then click Open:
    • C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir
  • Click Send File and wait for the scanning to complete.
    NOTE: If the file has already been analysed please click Reanalyse file now.
  • Please wait until the "Current Status:" changes to Finished, then copy the link from the address bar at the top of your browser and paste it into your next reply.


SystemLook

This program should still be located on your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :reg
HKCU\Software\Microsoft\MediaPlayer\Health /s
:file
C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt



Re-run RSIT (Random's System Information Tool)

This program should still be located on your desktop.

  • Click Start then Run
  • Copy/paste the following line into the run box & click OK:
    "%userprofile%\desktop\rsit.exe" /info
  • Click Continue at the disclaimer screen
  • Once it has finished, two logs will open, log.txt <<will be maximized and info.txt <<will be minimized
  • Copy & paste the contents of both logs in your next reply


Please post the following:
  • Has the computer done any automatic reboots since the Microsoft Security Essentials scan?
  • The link to the Virustotal scan.
  • The SystemLook log.
  • The RSIT logs.
 
No more automatic reboots. :)

I have uninstalled the 2 programs mentioned above, and I have also installed SP3. I will work on IE 8 tomorrow night.

Here is the Virustotal link: http://www.virustotal.com/file-scan...e7febabe5d0a0002cbf34b5b1a9c5d330e-1293422529

Here is the Systemlook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 22:03 on 26/12/2010 by HP_Administrator
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{40DC07B6-E19A-47B4-A6D9-C478623A9C24}]
(No values found)


========== file ==========

C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir - File found and opened.
MD5: E808DB1DC5CDC0E2EB106D533AEFBCAD
Created at 07:51 on 26/07/2004
Modified at 12:30 on 28/10/2005
Size: 560 bytes
Attributes: --a----
No version information available.

-= EOF =-

Here is the RSIT log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by HP_Administrator at 2010-12-26 22:04:15
Microsoft Windows XP Professional Service Pack 3
System drive C: has 131 GB (57%) free of 229 GB
Total RAM: 447 MB (11% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:05:15 PM, on 12/26/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DISCover.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Southwest Airlines\Ding\Ding.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\HP\KBD\KBD.EXE
C:\Documents and Settings\HP_Administrator\desktop\rsit.exe
C:\Program Files\trend micro\HP_Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdMgr.exe
O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7848 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-06-28 1615256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-15 249856]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2007-09-06 919016]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-22 237568]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DMAScheduler"=c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-03-20 90112]
"DiscUpdateManager"=C:\Program Files\DISC\DiscUpdMgr.exe [2006-03-15 61440]
"DISCover"=C:\Program Files\DISC\DISCover.exe [2006-03-15 1077248]
"AlwaysReady Power Message APP"=C:\WINDOWS\ARPWRMSG.EXE [2005-08-02 77312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-11-01 2508104]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-09-03 767312]
"IJNetworkScanUtility"=C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2010-08-23 206240]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 997408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-12-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-01 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAgent]
C:\Program Files\Parental Controls\PCTHelp.exe [2006-09-19 856064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-03-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-03-07 16010240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-12-15 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2006-05-14 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3
"ccISPwdSvc"=3
"ccEvtMgr"=2
"navapsvc"=2

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
DING!.lnk - C:\Program Files\Southwest Airlines\Ding\Ding.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-07 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\DISC\DISCover.exe"="C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System"
"C:\Program Files\DISC\DiscStreamHub.exe"="C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub"
"C:\Program Files\DISC\myFTP.exe"="C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-26 21:49:06 ----A---- C:\WINDOWS\OEWABLog.txt
2010-12-26 21:45:10 ----D---- C:\WINDOWS\Prefetch
2010-12-26 21:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-12-26 21:39:37 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-12-26 21:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-12-26 21:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-12-26 21:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-12-26 21:38:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-12-26 21:38:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-12-26 21:38:03 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-12-26 21:37:49 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-12-26 21:37:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-12-26 21:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-12-26 21:36:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-12-26 21:36:45 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-12-26 21:36:30 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-12-26 21:36:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-12-26 21:36:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-12-26 21:35:47 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-12-26 21:35:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-12-26 21:35:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-12-26 21:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-12-26 21:34:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-12-26 21:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-12-26 21:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-12-26 21:34:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-12-26 21:33:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-12-26 21:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-12-26 21:33:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-12-26 21:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-12-26 21:32:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-12-26 21:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-12-26 21:31:58 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-12-26 21:31:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-12-26 21:31:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-12-26 21:31:07 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-12-26 21:30:52 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-12-26 21:30:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-12-26 21:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-12-26 21:30:01 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2010-12-26 21:29:19 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-12-26 21:29:03 ----D---- C:\WINDOWS\LastGood.Tmp
2010-12-26 21:22:21 ----A---- C:\WINDOWS\setuplog.txt
2010-12-26 21:19:02 ----D---- C:\WINDOWS\system32\scripting
2010-12-26 21:19:00 ----D---- C:\WINDOWS\l2schemas
2010-12-26 21:18:58 ----D---- C:\WINDOWS\system32\en
2010-12-26 21:18:57 ----D---- C:\WINDOWS\system32\bits
2010-12-26 21:10:26 ----D---- C:\WINDOWS\network diagnostic
2010-12-26 21:02:03 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-12-26 20:52:00 ----N---- C:\WINDOWS\system32\aaclient.dll
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\agpcpq.sys
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\agp440.sys
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\adv11nt5.dll
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\adv09nt5.dll
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\adv08nt5.dll
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\adv07nt5.dll
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\adv05nt5.dll
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\adv02nt5.dll
2010-12-26 20:51:59 ----N---- C:\WINDOWS\system32\drivers\adv01nt5.dll
2010-12-26 20:51:56 ----N---- C:\WINDOWS\system32\drivers\amdagp.sys
2010-12-26 20:51:56 ----N---- C:\WINDOWS\system32\drivers\alim1541.sys
2010-12-26 20:51:52 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2010-12-26 20:51:52 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2010-12-26 20:51:51 ----N---- C:\WINDOWS\system32\drivers\atv10nt5.dll
2010-12-26 20:51:51 ----N---- C:\WINDOWS\system32\drivers\atv06nt5.dll
2010-12-26 20:51:51 ----N---- C:\WINDOWS\system32\drivers\atv04nt5.dll
2010-12-26 20:51:51 ----N---- C:\WINDOWS\system32\drivers\atv02nt5.dll
2010-12-26 20:51:51 ----N---- C:\WINDOWS\system32\drivers\atv01nt5.dll
2010-12-26 20:51:51 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2010-12-26 20:51:50 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2010-12-26 20:51:50 ----N---- C:\WINDOWS\system32\azroles.dll
2010-12-26 20:51:49 ----N---- C:\WINDOWS\system32\drivers\bthusb.sys
2010-12-26 20:51:49 ----N---- C:\WINDOWS\system32\drivers\bthprint.sys
2010-12-26 20:51:49 ----N---- C:\WINDOWS\system32\drivers\bthpan.sys
2010-12-26 20:51:49 ----N---- C:\WINDOWS\system32\drivers\bthmodem.sys
2010-12-26 20:51:49 ----N---- C:\WINDOWS\system32\drivers\bthenum.sys
2010-12-26 20:51:47 ----N---- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
2010-12-26 20:51:43 ----N---- C:\WINDOWS\system32\credssp.dll
2010-12-26 20:51:39 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2010-12-26 20:51:38 ----N---- C:\WINDOWS\system32\dimsroam.dll
2010-12-26 20:51:38 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2010-12-26 20:51:36 ----N---- C:\WINDOWS\system32\dot3ui.dll
2010-12-26 20:51:36 ----N---- C:\WINDOWS\system32\dot3svc.dll
2010-12-26 20:51:36 ----N---- C:\WINDOWS\system32\dot3msm.dll
2010-12-26 20:51:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2010-12-26 20:51:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2010-12-26 20:51:36 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2010-12-26 20:51:36 ----N---- C:\WINDOWS\system32\dot3api.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eapsvc.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eapqec.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eappprxy.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eapphost.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eappgnui.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eappcfg.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2010-12-26 20:51:32 ----N---- C:\WINDOWS\system32\eapolqec.dll
2010-12-26 20:51:30 ----N---- C:\WINDOWS\system32\faxpatch.exe
2010-12-26 20:51:30 ----A---- C:\WINDOWS\003147_.tmp
2010-12-26 20:51:25 ----N---- C:\WINDOWS\system32\drivers\gagp30kx.sys
2010-12-26 20:51:23 ----N---- C:\WINDOWS\system32\drivers\hidbth.sys
2010-12-26 20:51:22 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2010-12-26 20:51:16 ----N---- C:\WINDOWS\system32\comsdupd.exe
2010-12-26 20:51:12 ----N---- C:\WINDOWS\system32\rwnh.dll
2010-12-26 20:51:11 ----N---- C:\WINDOWS\system32\smtpapi.dll
2010-12-26 20:51:01 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2010-12-26 20:51:00 ----N---- C:\WINDOWS\system32\kbdpash.dll
2010-12-26 20:51:00 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2010-12-26 20:51:00 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2010-12-26 20:50:59 ----N---- C:\WINDOWS\system32\kmsvc.dll
2010-12-26 20:50:58 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2010-12-26 20:50:45 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2010-12-26 20:50:45 ----N---- C:\WINDOWS\system32\mmcex.dll
2010-12-26 20:50:45 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2010-12-26 20:50:44 ----N---- C:\WINDOWS\system32\mmcperf.exe
2010-12-26 20:50:28 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2010-12-26 20:50:28 ----N---- C:\WINDOWS\system32\mssha.dll
2010-12-26 20:50:25 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2010-12-26 20:50:25 ----N---- C:\WINDOWS\system32\msxml6r.dll
2010-12-26 20:50:25 ----N---- C:\WINDOWS\system32\msxml6.dll
2010-12-26 20:50:25 ----N---- C:\WINDOWS\system32\drivers\mutohpen.sys
2010-12-26 20:50:24 ----N---- C:\WINDOWS\system32\napstat.exe
2010-12-26 20:50:24 ----N---- C:\WINDOWS\system32\napmontr.dll
2010-12-26 20:50:24 ----N---- C:\WINDOWS\system32\napipsec.dll
2010-12-26 20:50:17 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2010-12-26 20:50:14 ----N---- C:\WINDOWS\system32\onex.dll
2010-12-26 20:50:11 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2010-12-26 20:50:09 ----N---- C:\WINDOWS\system32\qagentrt.dll
2010-12-26 20:50:09 ----N---- C:\WINDOWS\system32\qagent.dll
2010-12-26 20:50:08 ----N---- C:\WINDOWS\system32\qcliprov.dll
2010-12-26 20:50:07 ----N---- C:\WINDOWS\system32\qutil.dll
2010-12-26 20:50:06 ----N---- C:\WINDOWS\system32\rasqec.dll
2010-12-26 20:50:04 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2010-12-26 20:50:04 ----N---- C:\WINDOWS\system32\drivers\rfcomm.sys
2010-12-26 20:50:03 ----N---- C:\WINDOWS\system32\drivers\rndismpx.sys
2010-12-26 20:50:02 ----N---- C:\WINDOWS\system32\s3gnb.dll
2010-12-26 20:50:00 ----N---- C:\WINDOWS\system32\setupn.exe
2010-12-26 20:49:59 ----N---- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2010-12-26 20:49:58 ----N---- C:\WINDOWS\system32\slcoinst.dll
2010-12-26 20:49:58 ----N---- C:\WINDOWS\system32\drivers\sisagp.sys
2010-12-26 20:49:58 ----N---- C:\WINDOWS\system32\drivers\siint5.dll
2010-12-26 20:49:57 ----N---- C:\WINDOWS\system32\slserv.exe
2010-12-26 20:49:57 ----N---- C:\WINDOWS\system32\slrundll.exe
2010-12-26 20:49:57 ----N---- C:\WINDOWS\system32\slgen.dll
2010-12-26 20:49:57 ----N---- C:\WINDOWS\system32\slextspk.dll
2010-12-26 20:49:57 ----N---- C:\WINDOWS\system32\drivers\smbali.sys
2010-12-26 20:49:57 ----N---- C:\WINDOWS\slrundll.exe
2010-12-26 20:49:56 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2010-12-26 20:49:55 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2010-12-26 20:49:45 ----N---- C:\WINDOWS\system32\tspkg.dll
2010-12-26 20:49:45 ----N---- C:\WINDOWS\system32\tsgqec.dll
2010-12-26 20:49:45 ----N---- C:\WINDOWS\system32\drivers\uagp35.sys
2010-12-26 20:49:42 ----N---- C:\WINDOWS\system32\drivers\usbvideo.sys
2010-12-26 20:49:42 ----N---- C:\WINDOWS\system32\drivers\usb8023x.sys
2010-12-26 20:49:40 ----N---- C:\WINDOWS\system32\drivers\vchnt5.dll
2010-12-26 20:49:39 ----N---- C:\WINDOWS\system32\drivers\viaagp.sys
2010-12-26 20:49:38 ----N---- C:\WINDOWS\system32\drivers\wacompen.sys
2010-12-26 20:49:35 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2010-12-26 20:49:35 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2010-12-26 20:49:32 ----N---- C:\WINDOWS\system32\wlanapi.dll
2010-12-26 20:49:30 ----N---- C:\WINDOWS\system32\wmphoto.dll
2010-12-26 20:45:45 ----N---- C:\WINDOWS\system32\drivers\watv10nt.sys
2010-12-26 20:45:45 ----N---- C:\WINDOWS\system32\drivers\watv06nt.sys
2010-12-26 20:45:45 ----N---- C:\WINDOWS\system32\drivers\wadv11nt.sys
2010-12-26 20:45:45 ----N---- C:\WINDOWS\system32\drivers\wadv09nt.sys
2010-12-26 20:45:45 ----N---- C:\WINDOWS\system32\drivers\wadv08nt.sys
2010-12-26 20:45:45 ----N---- C:\WINDOWS\system32\drivers\wadv07nt.sys
2010-12-26 20:45:43 ----N---- C:\WINDOWS\system32\drivers\slwdmsup.sys
2010-12-26 20:45:43 ----N---- C:\WINDOWS\system32\drivers\slnthal.sys
2010-12-26 20:45:43 ----N---- C:\WINDOWS\system32\drivers\slntamr.sys
2010-12-26 20:45:43 ----N---- C:\WINDOWS\system32\drivers\slnt7554.sys
2010-12-26 20:45:41 ----N---- C:\WINDOWS\system32\drivers\s3gnbm.sys
2010-12-26 20:45:39 ----N---- C:\WINDOWS\system32\drivers\recagent.sys
2010-12-26 20:45:38 ----N---- C:\WINDOWS\system32\drivers\nv4_mini.sys
2010-12-26 20:45:38 ----N---- C:\WINDOWS\system32\drivers\ntmtlfax.sys
2010-12-26 20:45:37 ----N---- C:\WINDOWS\system32\drivers\mtxparhm.sys
2010-12-26 20:45:37 ----N---- C:\WINDOWS\system32\drivers\mtlstrm.sys
2010-12-26 20:45:37 ----N---- C:\WINDOWS\system32\drivers\mtlmnt5.sys
2010-12-26 20:45:36 ----N---- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2010-12-26 20:45:35 ----N---- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2010-12-26 20:45:35 ----N---- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinxsxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinxbxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atintuxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinttxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinsnxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinrvxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinraxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinpdxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinmdxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\atinbtxx.sys
2010-12-26 20:45:34 ----N---- C:\WINDOWS\system32\drivers\ati2mtaa.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1xsxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1xbxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1tuxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1ttxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1snxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1rvxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1raxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1pdxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1mdxx.sys
2010-12-26 20:45:33 ----N---- C:\WINDOWS\system32\drivers\ati1btxx.sys
2010-12-26 20:08:26 ----SHD---- C:\RECYCLER
2010-12-25 16:35:57 ----A---- C:\ComboFix.txt
2010-12-22 20:12:52 ----N---- C:\WINDOWS\system32\MpSigStub.exe
2010-12-22 20:10:43 ----D---- C:\Program Files\Microsoft Security Client
2010-12-22 20:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB914882$
2010-12-21 19:11:23 ----A---- C:\WINDOWS\system32\LuResult.txt
2010-12-20 18:05:10 ----D---- C:\WINDOWS\temp
2010-12-19 17:19:13 ----RASHD---- C:\cmdcons
2010-12-19 17:13:50 ----A---- C:\WINDOWS\PEV.exe
2010-12-19 17:13:50 ----A---- C:\WINDOWS\NIRCMD.exe
2010-12-19 17:13:50 ----A---- C:\WINDOWS\MBR.exe
2010-12-19 17:13:49 ----A---- C:\WINDOWS\zip.exe
2010-12-19 17:13:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-12-19 17:13:49 ----A---- C:\WINDOWS\SWSC.exe
2010-12-19 17:13:49 ----A---- C:\WINDOWS\SWREG.exe
2010-12-19 17:13:49 ----A---- C:\WINDOWS\sed.exe
2010-12-19 17:13:49 ----A---- C:\WINDOWS\grep.exe
2010-12-19 15:44:59 ----D---- C:\Qoobox
2010-12-19 13:00:12 ----A---- C:\TDSSKiller.2.4.12.0_19.12.2010_13.00.12_log.txt
2010-12-18 16:45:22 ----D---- C:\rsit
2010-12-16 16:25:28 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-12 21:22:30 ----D---- C:\Program Files\ERUNT

======List of files/folders modified in the last 1 months======

2010-12-26 22:04:55 ----D---- C:\Program Files\Trend Micro
2010-12-26 22:01:34 ----D---- C:\WINDOWS\system32
2010-12-26 22:01:02 ----D---- C:\WINDOWS\Debug
2010-12-26 22:01:01 ----AD---- C:\WINDOWS
2010-12-26 21:59:31 ----D---- C:\WINDOWS\Registration
2010-12-26 21:55:40 ----D---- C:\WINDOWS\Internet Logs
2010-12-26 21:54:03 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Apple Computer
2010-12-26 21:50:16 ----SD---- C:\WINDOWS\Tasks
2010-12-26 21:50:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-26 21:45:49 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-26 21:43:54 ----D---- C:\WINDOWS\system32\Setup
2010-12-26 21:43:54 ----D---- C:\WINDOWS\AppPatch
2010-12-26 21:43:53 ----D---- C:\WINDOWS\system32\wbem
2010-12-26 21:43:51 ----SD---- C:\WINDOWS\Fonts
2010-12-26 21:43:37 ----D---- C:\WINDOWS\system32\drivers
2010-12-26 21:43:37 ----D---- C:\Config.Msi
2010-12-26 21:42:51 ----D---- C:\WINDOWS\security
2010-12-26 21:42:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-26 21:40:04 ----HD---- C:\WINDOWS\inf
2010-12-26 21:39:55 ----D---- C:\WINDOWS\system32\dllcache
2010-12-26 21:39:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-12-26 21:39:09 ----D---- C:\Program Files\Outlook Express
2010-12-26 21:30:17 ----D---- C:\Program Files\Messenger
2010-12-26 21:26:13 ----RSD---- C:\WINDOWS\assembly
2010-12-26 21:20:13 ----D---- C:\WINDOWS\WinSxS
2010-12-26 21:19:29 ----D---- C:\WINDOWS\system32\inetsrv
2010-12-26 21:19:29 ----D---- C:\WINDOWS\ime
2010-12-26 21:19:29 ----D---- C:\WINDOWS\Help
2010-12-26 21:19:04 ----D---- C:\WINDOWS\system32\usmt
2010-12-26 21:19:04 ----D---- C:\WINDOWS\system32\en-US
2010-12-26 21:18:59 ----SHD---- C:\WINDOWS\Installer
2010-12-26 21:18:57 ----D---- C:\WINDOWS\PeerNet
2010-12-26 21:18:57 ----D---- C:\Program Files\Movie Maker
2010-12-26 21:14:00 ----D---- C:\WINDOWS\ServicePackFiles
2010-12-26 21:13:44 ----D---- C:\WINDOWS\system32\Restore
2010-12-26 21:13:44 ----D---- C:\WINDOWS\system32\npp
2010-12-26 21:13:44 ----D---- C:\WINDOWS\mui
2010-12-26 21:13:42 ----D---- C:\WINDOWS\msagent
2010-12-26 21:13:40 ----D---- C:\WINDOWS\srchasst
2010-12-26 21:13:39 ----D---- C:\Program Files\NetMeeting
2010-12-26 21:13:36 ----D---- C:\WINDOWS\system32\Com
2010-12-26 21:13:32 ----D---- C:\Program Files\Windows NT
2010-12-26 21:13:27 ----D---- C:\Program Files\Common Files\System
2010-12-26 21:13:03 ----D---- C:\WINDOWS\system32\oobe
2010-12-26 21:12:58 ----D---- C:\WINDOWS\system
2010-12-26 21:06:56 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-12-26 21:01:45 ----AD---- C:\WINDOWS\ehome
2010-12-26 20:15:37 ----D---- C:\Program Files\Common Files\Adobe
2010-12-26 20:15:37 ----D---- C:\Program Files\Adobe
2010-12-26 20:15:30 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-12-25 16:29:24 ----A---- C:\WINDOWS\system.ini
2010-12-25 16:29:04 ----D---- C:\WINDOWS\system32\drivers\etc
2010-12-25 16:28:11 ----D---- C:\Program Files
2010-12-25 16:22:07 ----D---- C:\Program Files\Common Files
2010-12-25 15:53:11 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-12-25 15:53:10 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-23 20:36:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-22 20:26:07 ----D---- C:\WINDOWS\Minidump
2010-12-22 20:11:06 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-12-22 20:08:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-21 19:19:09 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-12-21 19:19:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-20 19:27:43 ----D---- C:\SmartOnLine
2010-12-20 09:26:32 ----D---- C:\WINDOWS\ERDNT
2010-12-19 17:19:22 ----RASH---- C:\boot.ini
2010-12-19 12:55:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2010-12-19 12:55:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-12-19 12:55:17 ----D---- C:\Program Files\SUPERAntiSpyware
2010-12-16 16:29:04 ----SHD---- C:\System Volume Information
2010-12-16 16:25:21 ----D---- C:\WINDOWS\repair
2010-12-16 16:04:39 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-12-11 19:18:13 ----D---- C:\Program Files\Mozilla Firefox
2010-12-11 12:05:55 ----D---- C:\WINDOWS\pss
2010-12-04 22:23:51 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-12-04 18:40:34 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla
2010-12-04 18:35:22 ----HD---- C:\Program Files\InstallShield Installation Information
2010-12-04 18:35:21 ----D---- C:\Program Files\IEEA
2010-12-04 18:33:34 ----D---- C:\Program Files\IWillPass

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bb-run;Promise driver accelerator; C:\WINDOWS\system32\DRIVERS\bb-run.sys [2003-11-05 17408]
R0 ftsata2;ftsata2; C:\WINDOWS\system32\DRIVERS\ftsata2.sys [2005-06-29 175104]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2005-06-17 872064]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]
R0 srescan;srescan; C:\WINDOWS\system32\ZoneLabs\srescan.sys [2007-06-11 50416]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 KLIF;KLIF; C:\WINDOWS\system32\DRIVERS\klif.sys [2007-07-19 127768]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-10-24 165264]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2007-09-06 395080]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-09 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-09 55936]
R3 aracpi;aracpi; C:\WINDOWS\system32\DRIVERS\aracpi.sys [2005-08-02 22784]
R3 arkbcfltr;Microsoft PS2 Keyboard Filter; C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys [2005-08-02 5376]
R3 armoucfltr;Microsoft PS2 Mouse Filter; C:\WINDOWS\system32\DRIVERS\armoucfltr.sys [2005-08-02 4992]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ARPolicy;ARPolicy; C:\WINDOWS\system32\DRIVERS\arpolicy.sys [2005-08-02 10112]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-07 1480704]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-03-08 4246016]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-01-18 80512]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 arhidfltr;MS Ar HID Filter Driver; C:\WINDOWS\system32\DRIVERS\arhidfltr.sys [2005-08-02 19200]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 Dot4;MS IEEE-1284.4 Driver; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Scan Class Driver for IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-09 11008]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-03-03 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ARSVC;ARSVC; C:\WINDOWS\arservice.exe [2005-08-02 58880]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-07 405504]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-11-26 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-03-23 73728]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 11736]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-03 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2007-09-06 75304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S0 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
 
Here is the RSIT info.txt:

info.txt logfile of random's system information tool 1.08 2010-12-26 22:05:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5102}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe" /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Help Center 2.0-->MsiExec.exe /I{8FFC924C-ED06-44CB-8867-3CA778ECE903}
Adobe Premiere Elements 2.0-->msiexec /I {11C98E1A-EC91-4B38-B44C-C562292D8453}
Alien Outbreak 2-->"C:\Program Files\HP Games\Alien Outbreak 2\Uninstall.exe"
Ancient Sudoku-->"C:\Program Files\HP Games\Ancient Sudoku\Uninstall.exe"
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bejeweled 2 Deluxe-->"C:\Program Files\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Big Kahuna Reef-->"C:\Program Files\HP Games\Big Kahuna Reef\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 2 Remix-->"C:\Program Files\HP Games\Blasterball 2 Remix\Uninstall.exe"
Blasterball 2 Revolution-->"C:\Program Files\HP Games\Blasterball 2 Revolution\Uninstall.exe"
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
Bookworm Deluxe-->"C:\Program Files\HP Games\Bookworm Deluxe\Uninstall.exe"
Bots of Fun - 10 Great Robots Games!-->C:\PROGRA~1\20THCE~1\BOTSOF~1\UNWISE.EXE C:\PROGRA~1\20THCE~1\BOTSOF~1\INSTALL.LOG
Bounce Symphony-->"C:\Program Files\HP Games\Bounce Symphony\Uninstall.exe"
Canon Easy-WebPrint EX-->"C:\Program Files\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files\Canon\Easy-WebPrint EX\uninst.ini
Canon IJ Network Scan Utility-->"C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSU.exe" /UninstallRemove C:\Program Files\Canon\Canon IJ Network Scan Utility\uninst.ini
Canon IJ Network Tool-->C:\Program Files\Canon\Canon IJ Network Tool\CNMNUU.exe
Canon MP Navigator EX 3.1-->"C:\Program Files\Canon\MP Navigator EX 3.1\Maint.exe" /UninstallRemove C:\Program Files\Canon\MP Navigator EX 3.1\uninst.ini
Canon MX340 series MP Drivers-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series /L0x0009
Canon MX340 series User Registration-->C:\Program Files\Canon\IJEREG\MX340 series\UNINST.EXE
Canon Speed Dial Utility-->"C:\Program Files\Canon\Speed Dial Utility\uninst.exe" /UninstallRemove C:\Program Files\Canon\Speed Dial Utility\uninst.ini
Canon Utilities Easy-PhotoPrint EX-->C:\Program Files\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Utilities My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Utilities Solution Menu-->C:\Program Files\Canon\SolutionMenu\uninst.exe uninst.ini uinstrsc.dll
CCleaner-->"C:\Documents and Settings\HP_Administrator\CCleaner\uninst.exe"
Chuzzle Deluxe-->"C:\Program Files\HP Games\Chuzzle Deluxe\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
Diner Dash-->"C:\Program Files\HP Games\Diner Dash\Uninstall.exe"
DING!-->MsiExec.exe /X{84031A18-BA9A-4156-A74F-E05B52DDFCE2}
DISCover-->"C:\Program Files\DISC\uninstall.exe"
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /remove
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
ESET Online Scanner-->C:\WINDOWS\system32\OnlineScannerUninstaller.exe
Exam-->C:\Program Files\Exam\Uninstal.exe
Fairies-->"C:\Program Files\HP Games\Fairies\Uninstall.exe"
Family Feud-->"C:\Program Files\HP Games\Family Feud\Uninstall.exe"
FATE-->"C:\Program Files\HP Games\FATE\Uninstall.exe"
Flip Words-->"C:\Program Files\HP Games\Flip Words\Uninstall.exe"
Garmin TOPO U.S. 2008-->MsiExec.exe /X{47BA74C5-1890-4ED2-954A-AD11186D8E26}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
GIMP 2.4.4-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
Golf 2003-->C:\Program Files\Golf 2003\Uninstal.exe
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
GSP Sudoku-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0EFE9337-4BA0-4982-9D24-1844318B92C9}\Setup.exe" -l0x9 -removeonly
H&R Block Deluxe + Efile 2009-->MsiExec.exe /X{20292BBB-C7D7-4526-9E38-42C4A5C2A3A6}
Harry Potter and the Prisoner of Azkaban(TM)-->C:\Program Files\EA GAMES\Harry Potter and the Prisoner of Azkaban(TM)\EAUninstall.exe
Harry Potter II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7BF68B83-5057-4D4B-0093-28285EEB9EE3}\setup.exe" -l0x9 Uninstall
Harry Potter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F50AF3B-8997-4916-0095-99D63DDB785A}\setup.exe" -l0x9 Uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP Document Viewer 6.1-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Game Console-->"C:\Program Files\WildTangent\Apps\HP Game Console\Uninstall.exe"
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 6.0-->C:\Program Files\HP\Digital Imaging\{5D61626A-BD55-4e42-82EE-4AE89D8FD050}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Rhapsody-->C:\PROGRA~1\HPRHAP~1\Unwise32.exe /A C:\PROGRA~1\HPRHAP~1\install.log
HP Software Update-->MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Web Helper-->regsvr32 /u /s "C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll"
Insaniquarium Deluxe-->"C:\Program Files\HP Games\Insaniquarium Deluxe\Uninstall.exe"
iTunes-->MsiExec.exe /I{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Jewel Quest-->"C:\Program Files\HP Games\Jewel Quest\Uninstall.exe"
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Mah Jong Quest-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Antimalware-->MsiExec.exe /X{774088D4-0777-4D78-904D-E435B318F5D2}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2006-->"C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour-->MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Security Client-->MsiExec.exe /I{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Client\Setup.exe /x
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.6.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{27428D1B-8CBA-4EEA-B9C0-A23CA7B4FCC1}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Mystery Case Files-->"C:\Program Files\HP Games\Mystery Case Files\Uninstall.exe"
NETGEAR Live Parental Controls Management Utility 2.1.3-->"C:\Program Files\NETGEAR Live Parental Controls Management Utility\Uninstall.exe"
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
Parental Controls Helper Application-->"C:\Program Files\Parental Controls\PCTHelp.exe" /uninstall
PC-Doctor 5 for Windows-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
Poker Superstars-->"C:\Program Files\HP Games\Poker Superstars\Uninstall.exe"
Polar Bowler-->"C:\Program Files\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files\HP Games\Polar Golfer\Uninstall.exe"
Pro Media Director Version 1.1.1.1-->"C:\Program Files\Pelican Performance\Pro Media Director\unins000.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickTime-->MsiExec.exe /I{3D9892BB-A751-4E48-ADC8-E4289956CE1D}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9 -removeonly
Ricochet Lost Worlds-->"C:\Program Files\HP Games\Ricochet Lost Worlds\Uninstall.exe"
SCRABBLE-->"C:\Program Files\HP Games\SCRABBLE\Uninstall.exe"
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Slingo Deluxe-->"C:\Program Files\HP Games\Slingo Deluxe\Uninstall.exe"
Snowy The Bears Adventure-->"C:\Program Files\HP Games\Snowy The Bears Adventure\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Super Granny-->"C:\Program Files\HP Games\Super Granny\Uninstall.exe"
TaxCut Basic + Efile 2008-->MsiExec.exe /X{D81FBA6E-5492-4C46-BAE3-3A9242C27210}
TaxCut Premium 2006-->C:\PROGRA~1\TaxCut06\Program\removetc.exe
TaxCut Premium 2007-->MsiExec.exe /X{4732D4A0-5A47-44D8-9B84-B3BD4906D30D}
Tennis Titans-->"C:\Program Files\HP Games\Tennis Titans\Uninstall.exe"
The Sims 2-->C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
Tornado Jockey-->"C:\Program Files\HP Games\Tornado Jockey\Uninstall.exe"
Tradewinds-->"C:\Program Files\HP Games\Tradewinds\Uninstall.exe"
Typing-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Expert Software\Typing\DeIsL2.isu"
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb957258)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E070CDA4-A8DD-47FA-89A0-F5DA5D5DDFF9}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Vinny Payroll-->"C:\Program Files\Vinny Payroll\Uninstall.exe" "C:\Program Files\Vinny Payroll\Install_Log.txt"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\unyext.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: Microsoft Security Essentials
FW: ZoneAlarm Firewall (disabled)

======System event log======

Computer Name: GAINES2
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\GAINESHOME on the network \Device\NwlnkNb.
The data is the error code.

Record Number: 4476
Source Name: BROWSER
Time Written: 20100813041748.000000-300
Event Type: warning
User:

Computer Name: GAINES2
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 4475
Source Name: W32Time
Time Written: 20100812083209.000000-300
Event Type: warning
User:

Computer Name: GAINES2
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\GAINESHOME on the network \Device\NwlnkNb.
The data is the error code.

Record Number: 4448
Source Name: BROWSER
Time Written: 20100808085351.000000-300
Event Type: warning
User:

Computer Name: GAINES2
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 4447
Source Name: W32Time
Time Written: 20100808030350.000000-300
Event Type: warning
User:

Computer Name: GAINES2
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\GAINESHOME on the network \Device\NwlnkNb.
The data is the error code.

Record Number: 4446
Source Name: BROWSER
Time Written: 20100807220508.000000-300
Event Type: warning
User:

=====Application event log=====

Computer Name: GAINES2
Event Code: 100
Message: The C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
Error user loading hive C:\Documents and Settings\All Users\ntuser.dat
A required privilege is not held by the client service was installed.

Record Number: 23
Source Name: SNL HiveManager
Time Written: 20091218201506.000000-360
Event Type: warning
User:

Computer Name: GAINES2
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 13
Source Name: Application Hang
Time Written: 20091216204912.000000-360
Event Type: error
User:

Computer Name: GAINES2
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 12
Source Name: Application Hang
Time Written: 20091216204910.000000-360
Event Type: error
User:

Computer Name: GAINES2
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 11
Source Name: Application Hang
Time Written: 20091216204751.000000-360
Event Type: error
User:

Computer Name: GAINES2
Event Code: 1002
Message: Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 10
Source Name: Application Hang
Time Written: 20091216204751.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"tvdumpflags"=8
"asl.log"=Destination=file;OnFirstLog=command,environment,parent
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
 
Hi.

It looks like Zonealarm is disabled in the last RSIT log, please make sure it's enabled.

roadrunner23 said:
I will work on IE 8 tomorrow night.
Click to expand...

Good. :)

Remember that the IE8 update is offered from one of the visits to the Microsoft update site to get updates and to repeat this update process until no further important updates are offered. When done, please reboot your computer and continue with SystemLook below.


SystemLook

This program should still be located on your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :reg
HKCU\Software\Microsoft\MediaPlayer\Health /s
:contents
C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt
 
I have installed IE8 and all of the security updates.

Here is the Systemlook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 21:48 on 27/12/2010 by HP_Administrator
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{27655787-90C3-48C6-BC18-CD39940CFC50}]
(No values found)


========== contents ==========

C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vi - Unable to open file.

-= EOF =


Also, when I started the computer today, several requests for svhost access popped up on Zonealarm. Is this a problem.

By the way, how much more secure is a new computer with Windows7? I am trying to make a case for getting a new computer.
 
Hi.

roadrunner23 said:
Also, when I started the computer today, several requests for svhost access popped up on Zonealarm. Is this a problem.
Click to expand...
Well, "svhost" is the name of a bad file, but the name is very similar to "svchost" which is good.

  • Please open Zonealarm by right clicking the system tray icon and (left) click Show Zonealarm Control Center.
  • Click Alerts & Logs to the left, then click Log Viewer.
  • Look for sv(c)host in the lists around the time you started your computer. Look for the alert under both Firewall and Program (Alert Type drop down box).
  • Post back with the exact spelling to confirm if it was svhost or svchost alerts.

roadrunner23 said:
By the way, how much more secure is a new computer with Windows7? I am trying to make a case for getting a new computer.
Click to expand...
I have very little experience with Windows 7. It is more secure, but it's not possible for me to tell how much.


Firefox

It seems to me you missed updating Firefox?

Start Firefox and click the Help menu, then click Apply downloaded updates or Check for updates. Follow the prompts to complete the update process.

Did it update successfully or not?


SystemLook

This one will last much longer than the previous one(s).

This program should still be located on your desktop.
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code: 
    :reg
HKCU\Software\Microsoft\MediaPlayer\Health /s
:regfind
{27655787-90C3-48C6-BC18-CD39940CFC50}
{40DC07B6-E19A-47B4-A6D9-C478623A9C24}
{4CA5663E-BA28-4BBE-AEBC-DBEAA4C7CEB0}
:file
C:\WINDOWS\System32\svchost.exe
:filefind
svhost.exe
:contents
C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir
:comment
Make sure you copy *all* the text in this codebox.
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

    Note: The log can also be found on your Desktop entitled SystemLook.txt


Please post:
  • svhost/svchost?
  • Firefox?
  • SystemLook.txt
 
Last edited:
1. I checked Zonealarm, and it was actually svchost. Sorry about the typo.

2. The Firefox update indicated that there were no updates available.

3. Here is the Systemlook log:

SystemLook 04.09.10 by jpshortstuff
Log created at 18:42 on 28/12/2010 by HP_Administrator
Administrator - Elevation successful

========== reg ==========

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health]
(No values found)

[HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\Health\{BD7B3689-96B4-4FFB-8480-FB15C1274633}]
(No values found)


========== regfind ==========

Searching for "{27655787-90C3-48C6-BC18-CD39940CFC50}"
No data found.

Searching for "{40DC07B6-E19A-47B4-A6D9-C478623A9C24}"
No data found.

Searching for "{4CA5663E-BA28-4BBE-AEBC-DBEAA4C7CEB0}"
No data found.

========== file ==========

C:\WINDOWS\System32\svchost.exe - File found and opened.
MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
Created at 21:00 on 09/08/2004
Modified at 00:12 on 14/04/2008
Size: 14336 bytes
Attributes: --a----
FileDescription: Generic Host Process for Win32 Services
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
ProductVersion: 5.1.2600.5512
OriginalFilename: svchost.exe
InternalName: svchost.exe
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

========== filefind ==========

Searching for "svhost.exe"
No files found.

========== contents ==========

C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir - Opened succesfully.

;rev 110503
;United States
;Pavilion

[General]
Manufacturer=Hewlett-Packard Company
Model=HP Pavilion
supporturl=http://www.hp.com/support

[Support Information]
Line1="HP Customer Care Centers provide support"
Line2="for basic Windows XP questions."
Line3="Please refer to the Warranty and Support Guide"
Line4="for complete support information in your country."
Line5=""
Line6=""
Line7="In the United States, call 800-474-6836,"
Line8=""
Line9="Support is available 24 hours per day,"
Line10="7 days per week, and 365 days a year."

-= EOF =-
 
Hi

roadrunner23 said:
I checked Zonealarm, and it was actually svchost. Sorry about the typo.
Click to expand...
No problem. :)

It's normal for the firewall to ask about allowing svchost after major updates of windows.


Firefox

Start Firefox, click the Help menu and then click About Mozilla Firefox. If it does not say version 3.6.13 then please download the latest version from: http://www.mozilla.com/en-US/firefox/
Close Firefox and double click the downloaded file to install (overwrite) the current install.


Spybot - Search & Destroy?

Please start Spybot Search and Destroy from the start menu. Click Immunize in the section to the left, wait for Immunization to complete and close the program. If it does not work then please download and re-install Spybot S&D from the following link:
http://www.safer-networking.org/en/mirrors/index.html


Registry Cleaners + "Tweak" Tools

Uniblue RegistryBooster (seems not to be installed)

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies can speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

Read the following for more information:
http://forums.whatthetech.com/Regcleaner_t42862.html
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

Please delete the following file:
C:\Documents and Settings\HP_Administrator\Desktop\registrybooster.exe


Disable Zonealarm Firewall

Right click on the Zonealarm icon in the System Tray and select Shutdown ZoneAlarm.

Note: It will start as normal after the computer has been rebooted.


Disable Microsoft Security Essentials

  • Open MSE and go to Settings > Real Time Protection.
  • Then uncheck "Turn on real time protection".
  • Exit MSE when done.


Combofix

This one will be quick. :)

Open notepad and copy/paste the text in the codebox below into it:

Code: 
DEQUARANTINE::
C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir
QUIT::

Save the file as "CFScript.txt", and as Type: All Files (*.*) on your desktop.

CFScriptB-4.gif


Your anti virus needs to be disabled before the following: Refer to the picture above, then save all work and close all programs including any open browsers(!) and drag CFScript onto zzz.exe (Combofix will reboot your computer during this fix).

If Combofix prompts you to upgrade, please allow it. Do not use your computer at all while Combofix is running.

When finished, it shall produce a log for you at C:\ComboFix.txt.


Please make sure to enable Microsoft Security Essentials and Zonealarm after ComboFix has finished.



Please post:
  • Firefox?
  • Spybot?
  • the Combofix log
  • Give me an update of the performance of the computer.
 
Hi.

Combofix will not reboot your computer during the fix in my previous post. The only log given will be C:\DeQuarantine.txt, please post the contents of this log.
 
* I checked Firefox, and it is up to date.
* I removed and resinstalled Spybot and completed the Immunization
* I removed the file.
* Here is the Combofix log:

C:\Qoobox\Quarantine\C\WINDOWS\System32\Oeminfo.ini.vir -> C:\WINDOWS\System32\Oeminfo.ini ( 560 bytes )

The computer seems to be running much better. However, it is sometime slow to start up.
 
Hi.

You can defragment your system drive to achieve some better performance. I have included the instructions for this at the bottom of this post since it is a time consuming process and should be done last.

Please post back one more time to confirm that you have read this post so this case can be closed or if you have any further malware related questions. :)


Random Access Memory Advice

Total RAM: 447 MB
Click to expand...
Though Microsoft claims XP will run with this amount of system memory installed, it will run far better far better with 1-2 GB which are pretty cheap nowadays.

If you wish to upgrade the installed memory in your system, Crucial have a small scanner (Crucial System Scanner tool) which is perfectly safe to download and run. It will advise if your system can support any upgraded memory modules. They cater for the US/UK and Europe.


Uninstall ComboFix

Click on Start >> Run..., copy and paste the following line into the run box, then click OK:
ComboFix /Uninstall
Note: there's a space between "ComboFix" and "/Uninstall" and that this is the correct method to uninstall Combofix even if it is named differently.


Delete the following tools

TFC is a great tool for you to keep and use on a regular basis or you can delete it and use the installed CCleaner instead. Please delete the following tools (if still present):

dds.scr
RSIT.exe
RKUnhookerLE.exe
SystemLook.exe
TDSSKiller.zip
TDSSKiller.exe
SecurityCheck.exe
Norton_Removal_Tool.exe
MicrosoftFixit50195.exe


Adobe Reader

To install Adobe Reader:

  • Please go to this link Adobe Reader Download Link
  • On the right Untick McAfee® Security Scan Plus if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts. Uncheck any toolbars if offered.

Note: Adobe Reader is a large program and if you prefer a smaller program you can get Foxit 4.3.0 instead from http://www.foxitsoftware.com/downloads/index.php

If you decide to install Foxit 4.3.0 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes and click Decline to avoid installation of The Foxit Search Bar powered by Ask:
I accept the License Terms and want to install Foxit Toolbar
Make Ask.com my default search
Create desktop, quick launch and start menu icon to eBay << on a different screen than the two above.


Java

Go to Add/Remove programs in ControlPanel and uninstall:
Java Runtime Environment (JRE) 6 Update 22.

Please download JavaRa and unzip it to your desktop, you can delete the downloaded and unzipped files after running the tool as described below.

***Please close any instances of Internet Explorer before continuing!***

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location. (No need to post if no error.)

Download and install Java Runtime Environment (JRE) 6 Update 23 (~15Mb)


Your computer now appears to be malware free. The logs are clean. Good job!

Follow these simple steps to maintain your computer:


Windows updates

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately when they are offered.

  • Go to Start > Control Panel > Automatic Updates
    1. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
    2. Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
    3. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.


Keep your non-Microsoft applications updated as well:


Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it and install the suggested updates at least once a week.


Consider using the following programs to secure your computer further:


  • Install WinPatrol
    This is a lightweight system monitor. Download it from here and you can find information about how WinPatrol works here. Note that I do not recommend running this along with Teatimer (part of Spybot Search & Destroy).

  • Malwarebytes' Anti-Malware
    Update Malwarebytes Anti-Malware and perform a quick scan 1-2 times a week.

  • Spybot Search & Destroy
    Instructions are located here. Make sure you update, reimmunize & scan regularly.

  • Make use of the HOSTS file included with Spybot Search & Destroy
    Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
    Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy.
    • Run Spybot Search & Destroy.
    • Click on Mode, and then place a tick next to Advanced mode.
    • Click Yes.
    • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
    • Click on Add Spybot-S&D hosts list.

    Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
    • Click Start > Run
    • Type services.msc & click OK
    • In the list, find the service called DNS Client & double click on it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click OK & then close the Services window.

    For a more detailed explanation of the HOSTS file, click here.



It is ABSOLUTELY ESSENTIAL to keep Windows, Java, Adobe and all of your security programs up to date.


Read these articles to learn more about how to protect yourself while on the internet:



Defragment

To achieve some better performance defragment your drive. Go to Start > All programs/Program files > Accessories > System Tools> Disk Defragmenter.
Highlight the drive you installed XP on, usually C >click the Defragment button.

This will take a while. When finished shut down and restart.


Happy new year and safe surfing! :)
 
Okay, I have followed all of your instructions in the previous post. I installed Foxit because I received an error when trying to install Adobe.

I appreciate the tip on the extra memory. However, you had previously stated that this computer might not be safe for online banking in the future. Since the computer is now clean, do you think that it is safe for online banking, or should I use another computer?

This is the first time that I have had such a serious infection on my computer, and I can't thank you enough for your assistance. You, along with all of the other experts on this forum, are to be commended for doing such a great job of assisting us in getting the use of our computers back!

I can't thank you enough for your help.
 
Hi.

I'm sorry for the delay.

roadrunner23 said:
I appreciate the tip on the extra memory. However, you had previously stated that this computer might not be safe for online banking in the future. Since the computer is now clean, do you think that it is safe for online banking, or should I use another computer?
Click to expand...

You should use another computer. The only way you can trust this computer to do banking, shopping, credit card or other sensitive (password protected) activity is to reformat and reinstall the operating system.

This seems to be a HP computer. It probably has a recovery partition with software to restore the computer to the state it was delivered as new. You should be able to access this by typically pressing F11 during startup (before Windows start loading). During this "factory restore" process the system drive will be formatted. Every file created and program installed since the computer was new will disappear. Make sure you have made backups of files you do not want to lose and that you have license (backups or written) and installation media for the programs that need to be reinstalled.

If/when you restore your computer:
  • You have to re-apply all updates released by Microsoft since the computer was new. I prefer to download the service packs on another machine, transfer and install from a burned cd.
  • You also have to make sure you install a anti-virus software and enable the built-in Windows firewall before going online. Update the anti virus database immediately after connecting to the internet.
  • Then revisit http://update.microsoft.com repeatedly and install updates until no further important updates are offered.
  • Run Secunia Software Inspector and update the programs or uninstall outdated programs.

You should also refer to my previous post for Adobe/Foxit, Java, Automatic updates, Secunia, Winpatrol/Malwarebytes/Spybot. A 3rd party firewall should be installed last, then defragment.

After you have updated everything including all the security programs you installed, then you can start using the computer wisely on the internet. Here's a couple of topics with interesting/relevant information:
http://forums.spybot.info/showthread.php?t=279
http://forums.spybot.info/showthread.php?t=425

Please let me know if you have any further questions related to this malware case.

Thanks
 
roadrunner23 said:
One more thing......I am not sure if this is a problem, but chkdsk ran today and found several errors that it corrected.
Click to expand...

Sorry, I didn't see your post there. I doubt that this is malware related.

If chkdsk ran automatically at boot, then you can look for the log in the Application event log:

Click Start -> Run, and type:
eventvwr.msc

Select the Application Log and look for Winlogon entries around time of boot to locate and post the chkdsk log.
 
Here is the chkdsk log.

nformation 1/1/2011 6:17:43 PM iPod Service None 0 N/A GAINES2
Information 1/1/2011 6:14:07 PM SecurityCenter None 1800 N/A GAINES2
Information 1/1/2011 6:13:38 PM LightScribeService None 4 N/A GAINES2
Information 1/1/2011 6:13:32 PM Bonjour Service None 100 N/A GAINES2
Information 1/1/2011 6:13:29 PM ARSVC None 105 N/A GAINES2
Information 1/1/2011 6:12:54 PM Winlogon None 1001 N/A GAINES2

Once again, thank you so much for your daily help on this problem, especially during the holidays. Happy New Year!
 
Happy New Year! :)


  • Click Start, click Run..., type eventvwr.msc and press Enter
  • Event Viewer should open, click Application in the left pane, the application events should now be listed to the right.
  • Double click the following event to open the Event Properties window, click the copy icon
    evcopy.png
    on the right to copy the log:
    Information 1/1/2011 6:12:54 PM Winlogon None 1001 N/A GAINES2
  • Please paste the log in your next reply


Has chkdsk run automatically at startup (boot) since then?
 
You must log in or register to reply here.
Back
Top