Text only | Text with Images

LandzDown Forum

Security => Analysis and Malware Removal => Topic started by: JDBush61 on February 12, 2012, 02:29:34 AM

Title: Need help analyzing my HP laptop
Post by: JDBush61 on February 12, 2012, 02:29:34 AM
Hello everyone,

Great forum! Been reading your forum for some time now, and am always very impressed with the advice and help offered here.

I have a 2008 HP laptop that I think may be infected with malware. Trojans, viruses, keyloggers, rootkits, etc. ... not quite sure, yet it recently runs strange. Sorry for being vague, yet I know no other way to describe it. I run my installed anti-spy/anti-malware/security programs (Norton 360, SUPERAntiSpyware, MBAM), and the scans all come back saying that the system is clean with no infections. However, I am still paranoid (and, a basic newbie when it comes to diagnosing my computer).

Per instructions that I have read here in other threads, I have uninstalled the CCleaner program that I used to use, and HAVE installed the recommended Win Patrol program from BillP. In addition, I recently defragged, ran "chkdsk", and did my best to clean up this computer.

Anyway, I hope that you can help me (step-by-step) completely analyze this laptop to make sure nothing malicious is lurking in the background.

All help greatly appreciated!

- JDBush61

Title: Re: Need help analyzing my HP laptop
Post by: MikeW on February 12, 2012, 09:18:39 AM
Hi, Quickest way to get started is to follow the log posting instructions here -

http://www.landzdown.com/analysis-and-malware-removal/log-posting-instructions/
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 12, 2012, 11:48:34 AM
Quote from: MikeW on February 12, 2012, 09:18:39 AM
Hi, Quickest way to get started is to follow the log posting instructions here -

http://www.landzdown.com/analysis-and-malware-removal/log-posting-instructions/

Hello MikeW,

Thanks much for your reply, and I understand your instructions. However, I quickly ran into a small problem. Since I do not have HijackThis previously installed, I jumped to Step 3: "...please download DDS.scr by sUBs and save it to your desktop." The instructions on the link page state that I should save the DDS.scr to my desktop, yet the download offered no option for that. The only option was to "Run" the program, which I tried, yet then a new screen appeared stating that my computer could not open the file because it could not recognize the program that created it, and would I like to pick a program to open DDS.scr. Thus, two problems with Step 3, can't save it to my desktop, and can't run it.

So, should I first maybe download and install HijackThis to my laptop, then "...reboot, and then "download Random's System Information Tool (RSIT) by random/random and save it to your desktop", as is stated in Step 2, and proceed from there?

I want to follow the steps correctly, so any advice is greatly appreciated.

Once again, thanks for your reply!

- JDBush61
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 12, 2012, 03:20:48 PM
Hi, JDBush61.  Welcome to LandzDown Forum.

With IE8, right-click the link and select "Save target as". 

As to CCleaner, it wasn't necessary to remove it, rather we don't advise using the registry cleaner portion of CCleaner unless you have the knowledge to use it wisely.

In addition, since you have MBAM installed, please do the following: 

Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 12, 2012, 10:07:53 PM
Quote from: Corrine on February 12, 2012, 03:20:48 PM
Hi, JDBush61.  Welcome to LandzDown Forum.

With IE8, right-click the link and select "Save target as". 

As to CCleaner, it wasn't necessary to remove it, rather we don't advise using the registry cleaner portion of CCleaner unless you have the knowledge to use it wisely.

In addition, since you have MBAM installed, please do the following: 
  • Click Start > Run and copy and paste the following into the Run box and press OK:
    %AppData%\Malwarebytes\Malwarebytes' Anti-Malware\Logs
  • Please post the latest log here too. It will be the one with the most recent date.

Hi Corrine!

Thank you for your prompt reply. For DDS.scr, my computer did not offer "Save target as" as an option. The options it offers for that file (program?) are as follows:

Open link in new tab
Open link in new window
Open link in incognito window
Save link as...
Copy link address
Inspect element

I tried the "Save link as..." , yet nothing seemed to happen. (?)

So, I proceeded to Step 4 and ran Security Check by screen317. Below, please find the results of that scan, as well as the results of an MBAM scan that I ran last night. Hope that I am doing things in order, as I worry that you still need to see the requested DDS.scr data.

Results of screen317's Security Check version 0.99.31 
Windows XP Service Pack 3 x86   
Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled! 
Norton 360     
Antivirus up to date! 
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware     
Java(TM) 6 Update 30 
Adobe Reader 9 Adobe Reader out of date!
````````````````````````````````
Process Check: 
objlist.exe by Laurent
Norton ccSvcHst.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe 
``````````End of Log````````````


___________________________________________________________
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.12.02

Windows XP Service Pack 3 x86 NTFS (Safe Mode)

2/12/2012 6:03:33 PM
mbam-log-2012-02-12 (18-03-33).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 231932
Time elapsed: 35 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
Title: Re: Need help analyzing my HP laptop
Post by: winchester73 on February 12, 2012, 10:33:09 PM
Just to confirm, as I have IE8 on this box, and the link works as intended ... when you click on this you should be presented with the options of "Run", "Save" and "Cancel" ...

Link (http://download.bleepingcomputer.com/sUBs/dds.scr)

Are you NOT getting those options?
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 12, 2012, 10:51:00 PM
Quote from: winchester73 on February 12, 2012, 10:33:09 PM
Just to confirm, as I have IE8 on this box, and the link works as intended ... when you click on this you should be presented with the options of "Run", "Save" and "Cancel" ...

Link (http://download.bleepingcomputer.com/sUBs/dds.scr)

Are you NOT getting those options?

Hello winchester73,

I was using Google Chrome, so I just now switched to IE8 and yes, it did off "Run", "Save", and "Cancel" as options. My mistake for not trying this with IE8 before!

So, I saved the target to my desktop, yet I am unsure as to what to do next. I clicked on the file, yet the same "cannot open" message box appeared stating that it did not recognize the program that created it. So I tried to open it with MSWord, and with "Wordpad", yet in both cases the font is unreadable.

Not sure what I'm doing wrong.
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 12, 2012, 11:04:54 PM
Just to clarify:

When I double click on the DDS.srv file (now sitting on my desktop) the command window does not appear as is stated it should in "A", nor do the DDS.txt & Attach.txt log files appear.

I only get a pop-up message telling me that Windows cannot open the file because it needs to know the program which created it.

Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 13, 2012, 12:47:21 AM
Hi, JDBush61.

Did you change the File Type when you saved DDS.scr?  If so, delete the copy from your desktop and save a new copy.

Should you continue to have problems, give RSIT a try, being sure to allow RSIT to download HijackThis when prompted.
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 13, 2012, 01:07:12 AM
Hi Corrine,

I did not change the File Type when saving the DDS.scr, but I understand your question, as I typed "DDS.srv" instead of "DDS.scr" in my post shown above. Sorry about that! With that aside, I did delete copies from my desktop and tried it numerous times, yet always the same results; i.e., Windows wanted to open the file, instead of the balck command box appearing and then scanning my computer.

I am now at my office, and I tested the DDS.scr file link here on my Sony laptop and the link works as described! Thus, there must be something misconfigured (?) (maybe) on my HP laptop at home? Or, a bug that is preventing the DDS.scr file from opening correctly?

As per your advice, I will try again when I get home later today, and if there is still a problem I will give RSIT a go (with the downloaded HijackThis when prompted).

Thanks again so much for your time!!

- JDBush61
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 13, 2012, 01:28:42 AM
Not to worry, JDBush61.  We'll get things squared away as best we can!

Since you know the copy of DDS.scr you tested at your office is working, you could copy it to a USB or other media to transport to your  home computer. 

You may also want to do the same with HijackThis and RSIT, "just in case". 

HijackThis:  http://free.antivirus.com/hijackthis/
RSIT:  http://images.malwareremoval.com/random/RSIT.exe
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 13, 2012, 05:59:04 PM
Quote from: Corrine on February 13, 2012, 01:28:42 AM
Not to worry, JDBush61.  We'll get things squared away as best we can!

Since you know the copy of DDS.scr you tested at your office is working, you could copy it to a USB or other media to transport to your  home computer. 

You may also want to do the same with HijackThis and RSIT, "just in case". 

HijackThis:  http://free.antivirus.com/hijackthis/
RSIT:  http://images.malwareremoval.com/random/RSIT.exe

Hi Corrine,

Per your advice, I tried to transfer the working DDS.scr file from my Sony box to this HP laptop via my external hard drive, yet once again, the file failed to work as planned once I got it to my desktop.

With that aside, I successfully downloaded and installed HighjackThis. I next downlaoded the RSIT executable and ran it. Below, please find the RSIT "log.txt" and the "info.txt". I'm very interested to get your reply once you have had time to look at these files.

- JDBush61

Logfile of random's system information tool 1.09 (written by random/random)
Run by hp at 2012-02-14 02:43:28
Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (25%) free of 53 GB
Total RAM: 503 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:43:56 AM, on 2/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\Novadigm\ManagementAgent\nvdkit.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\hp\Desktop\RSIT.exe
C:\Program Files\trend micro\hp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.kpu-m.ac.jp:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [] 
O4 - HKUS\S-1-5-19\..\RunOnce: []  (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: []  (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: []  (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: []  (User 'Default user')
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260752190546
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258349540156
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe
O23 - Service: PC Angel (PCA) - Unknown owner - C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe (file missing)
O23 - Service: Radia Management Agent (rma) - Unknown owner - C:/Novadigm/ManagementAgent/nvdkit.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 11755 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003UA.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-920554140-1452882638-782118763-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-920554140-1452882638-782118763-1003.job
C:\WINDOWS\tasks\SmartDefrag_Startup.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{4A8F4CFB-E03B-4265-81DB-20389E914523}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2012-02-12 425680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-08-31 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll [2011-12-09 436152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\5.2.0.13\IPS\IPSBHO.DLL [2011-03-31 210872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
HP Credential Manager for ProtectTools - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll [2005-03-03 50688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\5.2.0.13\coIEPlg.dll [2011-12-09 436152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-05-06 716800]
"PTHOSTTR"=C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE [2006-02-14 122880]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-01-18 1028096]
"CognizanceTS"=C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll [2003-12-23 17920]
"Cpqset"=C:\Program Files\HPQ\Default Settings\cpqset.exe [2006-01-26 172094]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-02-14 454656]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-08-31 122940]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2006-01-19 1236992]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-05-08 131072]
"Recguard"=C:\WINDOWS\Sminst\Recguard.exe [2005-12-20 1187840]
"Scheduler"=C:\WINDOWS\SMINST\Scheduler.exe [2006-02-15 892928]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-08-20 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-08-20 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-08-20 137752]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2005-11-08 184320]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-01-16 421736]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2012-01-31 400480]
"TkBellExe"=C:\program files\real\realplayer\update\realsched.exe [2012-02-12 296056]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
""=1 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-01-21 4617600]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"Google Update"=C:\Documents and Settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 136176]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2011-05-05 551296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll [2005-07-26 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2011-07-19 113024]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
AsWlnPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0
"DisableTaskMgr"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\SMINST\Scheduler.exe"="C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler "
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\BUFFALO\BroadStationUtility\LPSETUP.exe"="C:\Program Files\BUFFALO\BroadStationUtility\LPSETUP.exe:*:Enabled:BUFFALO ƒuƒ[ƒhƒXƒe[ƒVƒ‡ƒ" IPÝ'胆[ƒeƒBƒŠƒeƒB"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2012-02-14 02:43:28 ----D---- C:\rsit
2012-02-14 02:34:22 ----D---- C:\Program Files\Trend Micro
2012-02-12 18:51:47 ----ASH---- C:\hiberfil.sys
2012-02-12 15:22:17 ----A---- C:\WINDOWS\system32\javaws.exe
2012-02-12 15:22:17 ----A---- C:\WINDOWS\system32\javaw.exe
2012-02-12 15:22:17 ----A---- C:\WINDOWS\system32\java.exe
2012-02-12 02:22:11 ----D---- C:\Program Files\Common Files\xing shared
2012-02-12 02:21:39 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2012-02-12 02:20:14 ----A---- C:\WINDOWS\system32\pndx5032.dll
2012-02-12 02:20:14 ----A---- C:\WINDOWS\system32\pndx5016.dll
2012-02-12 02:20:11 ----A---- C:\WINDOWS\system32\pncrt.dll
2012-02-11 23:14:28 ----D---- C:\Documents and Settings\hp\Application Data\IObit
2012-02-11 22:26:08 ----D---- C:\Documents and Settings\hp\Application Data\WinPatrol
2012-02-11 22:24:25 ----D---- C:\Program Files\BillP Studios
2012-02-11 22:24:24 ----D---- C:\Documents and Settings\All Users\Application Data\InstallMate
2012-02-11 21:07:54 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2012-02-10 01:31:28 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2012-02-10 00:05:05 ----A---- C:\WINDOWS\ntbtlog.txt
2012-02-06 02:39:14 ----D---- C:\Documents and Settings\hp\Application Data\SUPERAntiSpyware.com
2012-02-02 14:05:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-01-31 06:50:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2012-01-29 16:59:31 ----D---- C:\WINDOWS\CSC
2012-01-29 15:10:34 ----D---- C:\WINDOWS\pss
2012-01-23 08:19:26 ----D---- C:\Program Files\iPod
2012-01-23 08:19:01 ----D---- C:\Program Files\iTunes
2012-01-23 08:07:01 ----D---- C:\Program Files\QuickTime
2012-01-22 23:07:01 ----D---- C:\Documents and Settings\hp\Application Data\Skype
2012-01-22 23:05:26 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2012-01-17 07:54:24 ----D---- C:\Program Files\Bonjour

======List of files/folders modified in the last 1 month======

2012-02-14 02:42:58 ----D---- C:\WINDOWS\Prefetch
2012-02-14 02:42:45 ----D---- C:\WINDOWS\Temp
2012-02-14 02:34:51 ----SHD---- C:\WINDOWS\Installer
2012-02-14 02:34:22 ----D---- C:\Program Files
2012-02-13 19:55:58 ----D---- C:\WINDOWS\SMINST
2012-02-13 19:54:16 ----SHD---- C:\System Volume Information
2012-02-13 19:54:11 ----D---- C:\WINDOWS
2012-02-13 08:08:30 ----SD---- C:\WINDOWS\Tasks
2012-02-12 18:42:30 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-12 18:40:18 ----D---- C:\WINDOWS\system32\drivers
2012-02-12 15:46:17 ----D---- C:\Program Files\Common Files\Java
2012-02-12 15:45:50 ----D---- C:\WINDOWS\system32
2012-02-12 15:22:42 ----D---- C:\Program Files\Java
2012-02-12 11:00:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-12 03:48:36 ----D---- C:\Program Files\Yahoo!
2012-02-12 03:46:40 ----D---- C:\Documents and Settings\hp\Application Data\Apple Computer
2012-02-12 03:10:41 ----D---- C:\WINDOWS\SxsCaPendDel
2012-02-12 02:53:20 ----D---- C:\Program Files\Adobe
2012-02-12 02:53:12 ----D---- C:\Program Files\Common Files\Adobe AIR
2012-02-12 02:23:32 ----D---- C:\Documents and Settings\hp\Application Data\Real
2012-02-12 02:22:25 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2012-02-12 02:22:23 ----D---- C:\Program Files\Real
2012-02-12 02:22:11 ----D---- C:\Program Files\Common Files
2012-02-12 01:44:29 ----HD---- C:\WINDOWS\inf
2012-02-10 01:31:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-02-09 20:37:51 ----D---- C:\Program Files\Mozilla Firefox
2012-02-07 05:55:07 ----RASH---- C:\boot.ini
2012-02-06 05:23:31 ----A---- C:\WINDOWS\win.ini
2012-02-06 05:23:31 ----A---- C:\WINDOWS\system.ini
2012-02-06 02:39:12 ----D---- C:\Program Files\SUPERAntiSpyware
2012-02-02 14:06:15 ----D---- C:\WINDOWS\SoftwareDistribution
2012-02-01 20:16:24 ----D---- C:\WINDOWS\system32\drivers\N360
2012-01-31 06:47:54 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-01-31 06:47:22 ----RSD---- C:\WINDOWS\assembly
2012-01-31 06:44:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-01-31 06:39:53 ----D---- C:\Program Files\Common Files\System
2012-01-31 06:35:11 ----HD---- C:\WINDOWS\$hf_mig$
2012-01-24 09:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2012-01-23 22:35:40 ----D---- C:\WINDOWS\Debug
2012-01-23 22:35:37 ----D---- C:\WINDOWS\Minidump
2012-01-23 08:19:23 ----D---- C:\Program Files\Common Files\Apple
2012-01-23 08:04:47 ----D---- C:\Program Files\Safari
2012-01-22 23:37:58 ----D---- C:\Program Files\Common Files\Adobe
2012-01-22 23:37:56 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2012-01-17 07:56:15 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-17 07:52:41 ----D---- C:\WINDOWS\WinSxS
2012-01-17 07:38:26 ----D---- C:\Program Files\Apple Software Update

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 DRVMCDB;DRVMCDB; C:\WINDOWS\System32\Drivers\DRVMCDB.SYS [2005-08-30 88752]
R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2007-02-13 277784]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-01-26 20576]
R0 SymDS;Symantec Data Store; C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMDS.SYS [2011-01-27 340088]
R0 SymEFA;Symantec Extended File Attributes; C:\WINDOWS\system32\drivers\N360\0502000.00D\SYMEFA.SYS [2011-03-15 744568]
R1 BHDrvx86;BHDrvx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys []
R1 BUFADPT;BUFADPT; \??\C:\WINDOWS\system32\BUFADPT.SYS []
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0502000.00D\SRTSPX.SYS [2011-03-31 50168]
R1 SymIRON;Symantec Iron Driver; C:\WINDOWS\system32\drivers\N360\0502000.00D\Ironx86.SYS [2011-01-27 136312]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0502000.00D\SYMTDI.SYS [2011-04-21 369784]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-08-31 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-08-31 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-08-31 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-08-31 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-08-31 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-08-31 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-08-31 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-30 1155584]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-23 1391104]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-08-05 45312]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2011-07-06 27888]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120210.002\IDSxpx86.sys []
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120213.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20120213.002\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0502000.00D\SRTSP.SYS [2011-03-31 516216]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-01-18 220640]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 mbamchameleon;mbamchameleon; \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys []
S3 MEMSWEEP2;MEMSWEEP2; \??\C:\WINDOWS\system32\8F.tmp []
S3 PROCEXP151;PROCEXP151; \??\C:\WINDOWS\system32\Drivers\PROCEXP151.SYS []
S3 QV2KUX;Casio Digital Camera; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 SABProcEnum;SABProcEnum; \??\C:\Program Files\Internet Explorer\SABProcEnum.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-08-02 42496]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-10-24 55144]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe [2011-04-17 130008]
R2 rma;Radia Management Agent; C:/Novadigm/ManagementAgent/nvdkit.exe []
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2006-01-19 18944]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-01-16 821608]
S2 PCA;PC Angel; C:\WINDOWS\TEMP\UPDATE\SMINST\PCAngel.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-10-06 33752]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2012-02-14 02:44:08

======Uninstall list======

-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{26DE0F0B-9CF1-4796-A1B5-01B912E35B46}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{27F00C63-449B-2FAB-CBE8-24AB80E17449}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe Flash Player 11 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe -maintain activex
Adobe Reader 9.5.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A95000000001}
Agere Systems HDA Modem-->agrsmdel
Apple Application Support-->MsiExec.exe /I{343666E2-A059-48AC-AD67-230BF74E2DB2}
Apple Mobile Device Support-->MsiExec.exe /I{8153ED9A-C94A-426E-9880-5E6775C08B62}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Bonjour-->MsiExec.exe /X{79155F2B-9895-49D7-8612-D92580E0DE5B}
Broadcom 440x 10/100 Integrated Controller-->MsiExec.exe /X{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}
Broadcom 802.11 Wireless LAN Adapter-->"C:\Program Files\Broadcom\Broadcom 802.11\Driver\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11\Driver"
Broadcom Wireless Utility-->"C:\Program Files\Broadcom\Broadcom 802.11\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11_App\UninstallInfo" /rootdir="C:\Program Files\Broadcom\Broadcom 802.11"
Chinese Traditional Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-2448-0000-900000000003}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EndNote-->C:\PROGRA~1\EndNote\UNWISE.EXE C:\PROGRA~1\EndNote\INSTALL.LOG
GearDrvs-->MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2633952)-->"C:\WINDOWS\$NtUninstallKB2633952$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Backup & Recovery Manager Pre-Load Module-->C:\swsetup\UNWISE.EXE C:\swsetup\INSTALL.LOG
HP Backup and Recovery Manager Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}\setup.exe" -l0x9  -uninst  -removeonly
HP BIOS Configuration for ProtectTools 2.00 G1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AE052EF7-2640-48D7-8915-69B810D975CB}\Setup.exe" -l0x9  biosuninst
HP Credential Manager for ProtectTools-->MsiExec.exe /X{B9F4C05D-E42F-4E9A-A73F-FDD9355319FB}
HP ev2200 Driver Package-->MsiExec.exe /X{65984EC6-923E-4B5A-83AB-0DF265DDB5E0}
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9  -removeonly
HP Notebook Accessories Product Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A7AD8CEF-72D7-4FE4-8A14-DDD09DC86074}\setup.exe" -l0x9  -removeonly
HP ProtectTools Security Manager 2.00 C3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}\setup.exe" -l0x9  -removeonly hpquninst
HP Quick Launch Buttons 6.00 H1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\setup.exe" -l0x9  -removeonly uninst
HP Smart Card Security for ProtectTools 5.00 D4-->C:\Program Files\Hewlett-Packard\HP Smart Card Security for ProtectTools\ahpunset.exe -{0515803B-5068-4599-8666-963E143C7381}
HP Update-->MsiExec.exe /X{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}
HP Wireless Assistant 2.00 E1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9  hpquninst
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe"  REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
ISI ResearchSoft - Export Helper-->C:\PROGRA~1\COMMON~1\Risxtd\_UNINST.EXE
Japanese Fonts Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-900000000003}
Java(TM) 6 Update 30-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Malwarebytes Anti-Malware version 1.60.1.1000-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB2656353)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {98333358-268C-4164-B6D4-C96DF5153727}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {AAA19365-932B-49BD-8138-BE28CEE9C4B4}
Microsoft Office 2007 Service Pack 3 (SP3)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6E107EB7-8B55-48BF-ACCB-199F86A2CD93}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {1FF96026-A04A-4C3E-B50A-BB7022654D0F}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {71F055E8-E2C6-4214-BB3D-BFE03561B89E}
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Norton 360-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\562C4DD5\5.2.0.13\InstStub.exe /X /ARP
QuickTime-->MsiExec.exe /I{7BE15435-2D3E-4B58-867F-9C75BED0208C}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->c:\program files\real\realplayer\Update\r1puninst.exe RealNetworks|RealPlayer|15.0
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {F6F5AC31-9833-3E77-AC8E-8E910CAB39AE} /qb+ REBOOTPROMPT=""
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A0D5F849-D9D5-48ED-99D0-C74D7BFA6A09}
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {AEA16A27-0B97-4670-818F-A98D06EC0A6F}
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {0EF0D4FB-BB23-4515-AAEA-1240AC2DA525}
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5A8732F0-C20F-4A9B-A2A9-66FE7A586C35}
Security Update for Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2618444)-->"C:\WINDOWS\ie8updates\KB2618444-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2476687)-->"C:\WINDOWS\$NtUninstallKB2476687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479628)-->"C:\WINDOWS\$NtUninstallKB2479628$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
S
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 13, 2012, 06:25:43 PM
Hello Corrine,

I just notice that the second log file ""info.txt" got cut off. Very sorry about that!
Here is the remaining portion of that file.


Security Update for Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485376)-->"C:\WINDOWS\$NtUninstallKB2485376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503658)-->"C:\WINDOWS\$NtUninstallKB2503658$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2506223)-->"C:\WINDOWS\$NtUninstallKB2506223$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2511455)-->"C:\WINDOWS\$NtUninstallKB2511455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276)-->"C:\WINDOWS\$NtUninstallKB2536276$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2584146)-->"C:\WINDOWS\$NtUninstallKB2584146$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2585542)-->"C:\WINDOWS\$NtUninstallKB2585542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2598479)-->"C:\WINDOWS\$NtUninstallKB2598479$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2603381)-->"C:\WINDOWS\$NtUninstallKB2603381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2618451)-->"C:\WINDOWS\$NtUninstallKB2618451$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2619339)-->"C:\WINDOWS\$NtUninstallKB2619339$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2620712)-->"C:\WINDOWS\$NtUninstallKB2620712$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2624667)-->"C:\WINDOWS\$NtUninstallKB2624667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2631813)-->"C:\WINDOWS\$NtUninstallKB2631813$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2633171)-->"C:\WINDOWS\$NtUninstallKB2633171$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2639417)-->"C:\WINDOWS\$NtUninstallKB2639417$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2646524)-->"C:\WINDOWS\$NtUninstallKB2646524$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Speccy-->"C:\Program Files\Speccy\uninst.exe"
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{48CF6549-B45D-4313-9927-EFCCC8A3493F} /l1033
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B7873DF5-9E1C-45EE-8895-D29C6AE01202}
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {48202D27-A6D4-4264-A184-51A6E8AD7C40}
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {C20964A7-5181-45E5-9E82-72F5D400DEBF}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {567103D1-96CD-4B76-93B9-2681A187DEFF}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {0451F231-E3E3-4943-AB9F-58EB96171784}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Update for Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Update for Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Update for Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol-->C:\DOCUME~1\ALLUSE~1\APPLIC~1\INSTAL~2\{00781~1\Setup.exe /remove /q0

======Security center information======

AV: Norton 360
FW: Norton 360

======System event log======

Computer Name: HP-PC-BUSH
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 1010
Source Name: Disk
Time Written: 20120124032217.000000+540
Event Type: warning
User:

Computer Name: HP-PC-BUSH
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 1009
Source Name: Disk
Time Written: 20120124032213.000000+540
Event Type: warning
User:

Computer Name: HP-PC-BUSH
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 1008
Source Name: Disk
Time Written: 20120124032208.000000+540
Event Type: warning
User:

Computer Name: HP-PC-BUSH
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 1007
Source Name: Disk
Time Written: 20120124032204.000000+540
Event Type: warning
User:

Computer Name: HP-PC-BUSH
Event Code: 51
Message: An error was detected on device \Device\Harddisk0\D during a paging operation.

Record Number: 1006
Source Name: Disk
Time Written: 20120124032200.000000+540
Event Type: warning
User:

=====Application event log=====

Computer Name: HP-PC-BUSH
Event Code: 100
Message: DNS Message from «ZERO ADDRESS»:0 to «ZERO ADDRESS»:0 length 0 too short

Record Number: 45963
Source Name: Bonjour Service
Time Written: 20111014070814.000000+540
Event Type: error
User:

Computer Name: HP-PC-BUSH
Event Code: 1517
Message: Windows saved user HP-PC-BUSH\hp registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 45798
Source Name: Userenv
Time Written: 20111005012020.000000+540
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HP-PC-BUSH
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use. 



Record Number: 45764
Source Name: Userenv
Time Written: 20111001115549.000000+540
Event Type: warning
User: HP-PC-BUSH\hp

Computer Name: HP-PC-BUSH
Event Code: 1517
Message: Windows saved user HP-PC-BUSH\hp registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 45481
Source Name: Userenv
Time Written: 20110830091357.000000+540
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HP-PC-BUSH
Event Code: 1020
Message: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.

Record Number: 45158
Source Name: ASP.NET 2.0.50727.0
Time Written: 20110810085857.000000+540
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\HPQ\IAM\bin;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"USERPART"=E:
"asl.log"=Destination=file
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 14, 2012, 12:19:28 AM
Hi, JDBush61.  Well done!

With RAM only 10% free, you're not using WinPatrol to its full potential.  You have a lot of unnecessary programs running at startup that I doubt you use frequently and could just as easily access from a desktop shortcut or Quick Launch.

To restore the correct screen file association for .scr, I suggest running "SCR File Association Fix".  Just follow the instructions at http://www.dougknox.com/xp/file_assoc.htm.

Please follow these instructions carefully.

Download ComboFix from one of the following locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

!!! IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your antivirus and anti-malware security applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you are unsure how to disable your security software, see the instructions in this topic at Tech Support Forum:  How to disable your security applications (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).

Now, please run ComboFix:
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 14, 2012, 01:28:00 AM
Hi Corrine, thanks so much for your quick reply!

I am now at my office (running on Japan time here), so I will follow your most recent suggestions once I get home.

As to the RAM only being 10% free, that was a concern of mine as well. I downloaded the WinPatrol program to my HP box only a few days ago (I plan on downloading it to my Vaio box later today as well), and I have yet to spend ANY time configuring the settings (i.e., none! haha) So, any insights as to how I should configure WinPatrol to really take advantage of the program will be truly appreciated. I do wish to free up as much RAM as possible, and yes, probably most of the startup programs that are always running I rarely use and would be very happy to do the quick launch approach.

However, being somewhat of a novice in all things "computer", I look at my Task Manager box and have no idea what startup programs can be/should be stopped. I basically use that laptop for web surfing, e-mails, and MSWord & PowerPoint programs (I'm an editor by trade), and I rarely use many of the other programs installed on that box. I would really love some advice as to how to go through that laptop and clean out all the fluff & clutter that may be taking up memory usage or causing slowdowns.

I will surely do the "SCR File Association Fix" when I get home, and then report back to you on that.

I will also run the ComboFix program as you suggested. However, I do have a question. Did you suggest that I perform that step because you noticed viruses/malware or other malicious things in my RSIT log files? Just wondering, not second guessing! ;)

By the way, the more I read through the threads on this forum, the more impressed I become. I read Golden's recent post, and your responses, about anti-virus/maleware software, and it now has me thinking. To be honest, I had never researched anything about MSE, and even more surprisingly, I had never before seen ESET referred to on any other forum (I probably just missed it). I went to the ESET homepage and thier software looks very impressive. Has me wondering if I should consider a change when my Norton 360 expires in about 6 months. I understood from your response in Golden's thread that you don't usually like recommending anti-virus/security software, one way or the other, yet I would be very interested to know your personal opinion in relation to Norton vs ESET. Anyway, great forum, and sorry for briefly branching off here on a different topic. I really appreciate your kind help!
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 14, 2012, 02:19:45 AM
Hi, JDBush61. 

You're welcome.  Time zones, work schedules and real life can make communications difficult at times.  Even so, we'll manage. 

Thank you for the kind words about our little help forum, lovingly referred to as LzD. :)

There are a couple of entries in your log that look "strange" since there is not enough information to determine what they are.  With the help of ComboFix, I'm hoping that there will be a much clearer picture.  In addition, ComboFix is excellent at removing "left overs".

You are wise in not making changes to your computer if you do not know what the end result will be.  We'll take a closer look at your start-up list later in the process. 

You are correct.  Although I will comment if I am aware of "issues" with a particular software program, whether it be an antivirus or other program, it is your computer not mine and it isn't up to me to push my preferences on you or anyone else.  That said, yes, I do have favorites and particularly like ESET.  Although any security software can have false/positives (incorrectly identifying a legitimate file as malware), ESET has very few f/p's.
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 14, 2012, 08:01:26 PM
Quote from: Corrine on February 14, 2012, 02:19:45 AM
Hi, JDBush61. 

You're welcome.  Time zones, work schedules and real life can make communications difficult at times.  Even so, we'll manage. 

Thank you for the kind words about our little help forum, lovingly referred to as LzD. :)

There are a couple of entries in your log that look "strange" since there is not enough information to determine what they are.  With the help of ComboFix, I'm hoping that there will be a much clearer picture.  In addition, ComboFix is excellent at removing "left overs".

You are wise in not making changes to your computer if you do not know what the end result will be.  We'll take a closer look at your start-up list later in the process. 

You are correct.  Although I will comment if I am aware of "issues" with a particular software program, whether it be an antivirus or other program, it is your computer not mine and it isn't up to me to push my preferences on you or anyone else.  That said, yes, I do have favorites and particularly like ESET.  Although any security software can have false/positives (incorrectly identifying a legitimate file as malware), ESET has very few f/p's.

Hello Corrine,

First, I followed your instructions to restore the correct screen file association for .scr, and that went successfully. I did not try again to download and run the DDS.scr file, as you did not request that I do, and I imagined that the RSIT logs maybe gave you similar information.

Moving on from there, I followed all of the ComboFix instructions to a "t", and everything seemed to go well. Below, please find the data of the ComboFix.txt log that was generated. By the way, I now have many new files, logs, and programs sitting on my desktop (and probably located elsewhere on this machine); e.g., ComboFix, RSIT, HijackThis, and the SecurityCheck.exe file. Should these now be deleted from my machine, or should I keep them all for later reference/use?

Anyway, here is the ComboFix log. Very eager to learn what you suggest for next steps. Also, much thanks for your reply regarding security software. In addition, I am looking forward to your opinion regarding the start-up list, yet first things first.

ComboFix 12-02-13.01 - hp 02/15/2012   4:12.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.117 [GMT 9:00]
Running from: c:\documents and settings\hp\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0411.exe
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-14 to 2012-02-14  )))))))))))))))))))))))))))))))
.
.
2012-02-13 17:43 . 2012-02-13 17:44   --------   d-----w-   C:\rsit
2012-02-13 17:34 . 2012-02-13 17:34   388096   ----a-r-   c:\documents and settings\hp\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-13 17:34 . 2012-02-13 17:43   --------   d-----w-   c:\program files\Trend Micro
2012-02-12 06:22 . 2011-11-09 18:27   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2012-02-11 17:22 . 2012-02-11 17:22   --------   d-----w-   c:\program files\Common Files\xing shared
2012-02-11 16:45 . 2012-02-11 16:45   --------   d-----w-   c:\documents and settings\hp\Local Settings\Application Data\Secunia PSI
2012-02-11 14:14 . 2012-02-11 14:14   --------   d-----w-   c:\documents and settings\hp\Application Data\IObit
2012-02-11 13:26 . 2012-02-11 13:26   --------   d-----w-   c:\documents and settings\hp\Application Data\WinPatrol
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\program files\BillP Studios
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
2012-02-11 12:07 . 2012-02-11 12:43   24064   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2012-02-09 16:31 . 2011-12-10 06:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-05 17:39 . 2012-02-05 17:39   --------   d-----w-   c:\documents and settings\hp\Application Data\SUPERAntiSpyware.com
2012-01-31 22:42 . 2012-02-01 11:15   --------   d-----w-   c:\windows\system32\drivers\N360\0502000.00D
2012-01-22 23:19 . 2012-01-22 23:19   --------   d-----w-   c:\program files\iPod
2012-01-22 23:19 . 2012-01-22 23:20   --------   d-----w-   c:\program files\iTunes
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-22 23:07 . 2012-01-22 23:09   --------   d-----w-   c:\program files\QuickTime
2012-01-22 14:07 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\hp\Application Data\Skype
2012-01-22 14:05 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
2012-01-16 22:54 . 2012-01-16 22:54   --------   d-----w-   c:\program files\Bonjour
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2006-02-28 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2006-02-28 12:00   1859584   ----a-w-   c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2006-02-28 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-30 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-11 296056]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-1-23 184320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0502000.00D\symds.sys [2/1/2012 7:43 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0502000.00D\symefa.sys [2/1/2012 7:43 AM 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20120207.003\BHDrvx86.sys [2/9/2012 2:50 PM 820344]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 1:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 6:55 AM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0502000.00D\ironx86.sys [2/1/2012 7:43 AM 136312]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 8:38 AM 116608]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 9:00 PM 14336]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\5.2.0.13\ccsvchst.exe [2/1/2012 7:42 AM 130008]
R2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 2:34 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20120211.002\IDSXpx86.sys [2/15/2012 3:28 AM 356280]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2/11/2012 9:07 PM 24064]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8F.tmp --> c:\windows\system32\8F.tmp [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ      ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:57]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003Core.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003UA.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-14 c:\windows\Tasks\User_Feed_Synchronization-{4A8F4CFB-E03B-4265-81DB-20389E914523}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = cache.kpu-m.ac.jp:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 04:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????W???? ?n??|?????? ??4B?*Spammer*?hB? ????W?
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\5.2.0.13\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\5.2.0.13\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8F.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
.
- - - - - - - > 'explorer.exe'(3360)
c:\windows\system32\WININET.dll
c:\program files\NORTON 360\ENGINE\5.2.0.13\Microsoft.VC90.CRT\MSVCR90.dll
c:\program files\HPQ\IAM\Bin\SFSShell.dll
c:\program files\HPQ\IAM\bin\ItMsg.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\DllHost.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\HPQ\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2012-02-15  04:34:20 - machine was rebooted
ComboFix-quarantined-files.txt  2012-02-14 19:34
.
Pre-Run: 13,640,892,416 bytes free
Post-Run: 13,705,936,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C2267A991F8E9EC0E2AAA4436E7854FA
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 15, 2012, 12:30:12 AM
Hi, JDBush61. 

Please confirm that you ran Sophos Anti-Rootkit software.

Regarding the downloaded files on your desktop, please leave ComboFix until I give you removal instructions for it.  As to the others:
Adobe Reader is out of date and has had numerous security updates.  Either install the latest version of Adobe Reader from http://www.adobe.com/products/reader/ or switch to an alternate PDF reader.  There are a number of open source readers available from http://pdfreaders.org/.  Others include Nitro Reader (http://www.nitropdf.com/free/index.htm) and Sumatra PDF (http://blog.kowalczyk.info/software/sumatrapdf/free-pdf-reader.html).  Personally, I have been using Sumatra PDF for several years and have found it to be not only a smaller/lighter option but also not nearly the target of malware.

Edit Note:  Oracle Java was just updated today to Java 6u31 and includes critical security updates.  Please install that or upgrade to Java 7u3, which appears is no longer developer prevue.  You can get Java SE 7u3 from http://www.oracle.com/technetwork/java/javase/downloads/jre-7u3-download-1501631.html (select Windows x86 Offline   19.38 MB     jre-7u3-windows-i586.exe).  After installation, check that Java 6u30 was uninstalled.  If not, please remove it.

Custom CFScript

Note: The following instructions were created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Code Select

Folder::
C:\Documents and Settings\hp\Application Data\IObit

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 15, 2012, 02:28:08 AM
In case you've already seen my reply, please note the edit note adding the information about the Java update. :)
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 15, 2012, 10:51:33 PM
Quote from: Corrine on February 15, 2012, 02:28:08 AM
In case you've already seen my reply, please note the edit note adding the information about the Java update. :)

Hi Corrine,

Thanks for your reply and follow-up, and sorry for this belated reply.

To answer your first question from the previous post, yes, I did run the Sophos anti-rootkit software when I was stumbling around on my own before joining the LzD forum. I only ran a scan with that software, and I don't remember doing anything else with it. I think that I removed all of that software (and whatever log it produced) from this computer after trying it. Well, I hope that I did.

This morning, I followed your instructions and removed the SecurityCheck and RSIT related stuff, and uninstalled the HijackThis program. In addition, I downloaded and installed "Adobe Reader X (10.1.2)" and "Java SE 7u3".

Next, I did a double-check:

Start> Contol Panel> Add or Remove Programs> ... and noticed that Java 6u30 was still there, so I deleted it. An odd thing happened. The WinPatrol Scotty dog window popped up and asked me if I wanted to install a Java 6-related add on to IE, and being worried, I clicked "no" (as I assumed something malicious was trying to add itself again, plus, I assumed that only Java 7 items should now be on my box. I hope that was correct.

Then, still in "Add or Remorve Programs", I noticed Adobe 9 related items there, such as the "Chinese fonts" for Adobe 9 and "Japanese fonts" for Adobe 9. So, I deleted those also. All items should now be Adobe X-related, yes? Also, "Adobe Air", "Adobe Flash Player 11 ActiveX", and "getplus(R) for Adobe" are all listed there as well, yet with no file size (MB) information. In addition, there is a file named "Acrobat.com" ... Size: 1.63MB. Are those rogue files? Are they needed? (yup, I'm still very much a novice! ;))

Now for the real problem. I want to follow your ComboFix steps, yet now the red and white ComboFix icon is missing from my desktop. (?) Where it went, I have no idea. The Combofix log file is still there, yet no ComboFix.exe icon to drag the notepad file to. Hmmmmm, so I went to Start> Windows Search> and found:

ComboFixLog.txt   C:\Documents...   15KB   Text Document
ComboFix.txt         C:\                        15KB   Text Document
ComboFix-quarantined-files.txt   C:\Qoobox   1KB   Text Document

I then found the Qoobox folder, and inside, there is another folder named "BackEnv".
However, when I try to open that folder, a window pops up stating "Access is denied".

Anyway, with all of that aside, what should I do next? Should I once-again download the ComboFix.exe executable to my desktop to try and run your requested Notepad text?

I'm at a little bit of a loss at this point.

- JDBush61





Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 16, 2012, 01:19:27 AM
Once again, a critical security update, this time to Adobe Flash Player.  Be sure to UNCHECK the option to install McAfee Security Scan.  You need to update both IE and non-IE browsers.  http://get.adobe.com/flashplayer/

Quote from: JDBush61Should I once-again download the ComboFix.exe executable to my desktop to try and run your requested Notepad text?
See, you aren't so lost after all.  Yes, that is what you need to do.  I suspect you got a bit carried away cleaning off your desktop. 

We'll take a closer look at the programs on your computer shortly. In fact. after you run ComboFix and post that log, please provide an extra ComboFix report:
Copy and paste the report into a new reply for me to review.
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 16, 2012, 03:55:39 AM
Quote from: Corrine on February 16, 2012, 01:19:27 AM
Once again, a critical security update, this time to Adobe Flash Player.  Be sure to UNCHECK the option to install McAfee Security Scan.  You need to update both IE and non-IE browsers.  http://get.adobe.com/flashplayer/

Quote from: JDBush61Should I once-again download the ComboFix.exe executable to my desktop to try and run your requested Notepad text?
See, you aren't so lost after all.  Yes, that is what you need to do.  I suspect you got a bit carried away cleaning off your desktop. 

We'll take a closer look at the programs on your computer shortly. In fact. after you run ComboFix and post that log, please provide an extra ComboFix report:

       
  • Push the "Windows Key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box:
    C:\Qoobox\Add-Remove Programs.txt
  • click Ok
Copy and paste the report into a new reply for me to review.

Hi Corrine,

I did the critical update to the Adobe Flash Player, and updated IE and the GoogleChrome browser.
I did not see any box related to McAfee software to "uncheck", yet there was a box asking to add the Google Chrome browser.

That aside, I downloaded ComboFix.exe again, and then dragged the CFScript.txt file to it and ran the program (the log filw is shown below). I also followed your instructions ("Windows Key" + "R") and then manually typed  C:\Qoobox\Add-Remove Programs.txt into the Run box that appeared. It quickly generated another log, and I will post that log in my next reply. However, was that second log a "ComboFix" log as well?

Also, when I was running ComboFix.exe with the CFScript.txt file, the WinPatrol window popped up before the program had completely finished (before it had generated the log), and the WinPatrol message said:

! A change has been detected in your Internet Explorer Search Page.
Your new page is http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
If this is ok, then click Yes or press Enter,
Click No or press Esc and we'll restore your page to
http://www.google.com.

Not expecting the WinPatrol screen, and not knowing if ComboFix had generated the detected change, or not, I just clicked "No". Was that OK? WinPatrol popped up yesterday also when I was performing my first ComboFix scan, and asked my to make decisions that I did not feel informed enough to make. So that is maybe a problem.

Here is the first CFScript.txt log info:

ComboFix 12-02-15.01 - hp 02/16/2012  11:55:07.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.503.175 [GMT 9:00]
Running from: c:\documents and settings\hp\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\hp\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2012-01-16 to 2012-02-16  )))))))))))))))))))))))))))))))
.
.
2012-02-16 01:09 . 2012-01-11 19:06   3072   -c----w-   c:\windows\system32\dllcache\iacenc.dll
2012-02-16 01:09 . 2012-01-11 19:06   3072   ------w-   c:\windows\system32\iacenc.dll
2012-02-16 00:45 . 2012-02-16 00:53   --------   d-----w-   c:\windows\system32\drivers\N360\0600010.002
2012-02-15 21:46 . 2012-02-15 21:46   --------   d-----w-   c:\program files\Common Files\Java
2012-02-15 21:42 . 2012-02-15 21:42   637848   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-02-13 17:34 . 2012-02-15 20:55   --------   d-----w-   c:\program files\Trend Micro
2012-02-12 06:22 . 2012-02-15 21:42   141312   ----a-w-   c:\windows\system32\javacpl.cpl
2012-02-11 17:22 . 2012-02-11 17:22   --------   d-----w-   c:\program files\Common Files\xing shared
2012-02-11 16:45 . 2012-02-11 16:45   --------   d-----w-   c:\documents and settings\hp\Local Settings\Application Data\Secunia PSI
2012-02-11 14:14 . 2012-02-11 14:14   --------   d-----w-   c:\documents and settings\hp\Application Data\IObit
2012-02-11 13:26 . 2012-02-11 13:26   --------   d-----w-   c:\documents and settings\hp\Application Data\WinPatrol
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\program files\BillP Studios
2012-02-11 13:24 . 2012-02-11 13:24   --------   d-----w-   c:\documents and settings\All Users\Application Data\InstallMate
2012-02-11 12:07 . 2012-02-11 12:43   24064   ----a-w-   c:\windows\system32\drivers\mbamchameleon.sys
2012-02-09 16:31 . 2011-12-10 06:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-05 17:39 . 2012-02-05 17:39   --------   d-----w-   c:\documents and settings\hp\Application Data\SUPERAntiSpyware.com
2012-01-22 23:19 . 2012-01-22 23:19   --------   d-----w-   c:\program files\iPod
2012-01-22 23:19 . 2012-01-22 23:20   --------   d-----w-   c:\program files\iTunes
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2012-01-22 23:09 . 2012-01-22 23:09   159744   ----a-w-   c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2012-01-22 23:07 . 2012-01-22 23:09   --------   d-----w-   c:\program files\QuickTime
2012-01-22 14:07 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\hp\Application Data\Skype
2012-01-22 14:05 . 2012-01-31 13:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 02:38 . 2011-06-27 03:59   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-16 00:50 . 2010-05-06 01:04   60872   ----a-w-   c:\windows\system32\S32EVNT1.DLL
2012-02-16 00:50 . 2010-05-06 01:04   141944   ----a-w-   c:\windows\system32\drivers\SYMEVENT.SYS
2012-02-15 21:42 . 2010-06-01 06:26   567696   ----a-w-   c:\windows\system32\deployJava1.dll
2012-01-12 16:53 . 2006-02-28 12:00   1859968   ----a-w-   c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2006-02-28 12:00   916992   ----a-w-   c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2006-02-28 12:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2006-02-28 12:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2006-02-28 12:00   385024   ----a-w-   c:\windows\system32\html.iec
2011-11-25 21:57 . 2006-02-28 12:00   293376   ----a-w-   c:\windows\system32\winsrv.dll
2011-11-18 12:35 . 2006-02-28 12:00   60416   ----a-w-   c:\windows\system32\packager.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-02-14_19.28.07   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-16 02:14 . 2012-02-16 02:14   16384              c:\windows\Temp\Perflib_Perfdata_394.dat
+ 2006-02-28 12:00 . 2012-02-16 01:17   79782              c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2012-01-03 23:18   79782              c:\windows\system32\perfc009.dat
- 2006-02-28 12:00 . 2011-11-04 19:20   66560              c:\windows\system32\mshtmled.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   66560              c:\windows\system32\mshtmled.dll
- 2006-11-07 12:03 . 2011-11-04 19:20   55296              c:\windows\system32\msfeedsbs.dll
+ 2006-11-07 12:03 . 2011-12-17 19:46   55296              c:\windows\system32\msfeedsbs.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   25600              c:\windows\system32\jsproxy.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   25600              c:\windows\system32\jsproxy.dll
+ 2012-02-16 00:46 . 2011-11-24 01:50   32888              c:\windows\system32\drivers\N360\0600010.002\srtspx.sys
- 2009-06-12 06:36 . 2011-11-04 19:20   12800              c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-12 06:36 . 2011-12-17 19:46   12800              c:\windows\system32\dllcache\xpshims.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   66560              c:\windows\system32\dllcache\mshtmled.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   66560              c:\windows\system32\dllcache\mshtmled.dll
- 2007-10-10 23:55 . 2011-11-04 19:20   55296              c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-10-10 23:55 . 2011-12-17 19:46   55296              c:\windows\system32\dllcache\msfeedsbs.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   43520              c:\windows\system32\dllcache\licmgr10.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   43520              c:\windows\system32\dllcache\licmgr10.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   25600              c:\windows\system32\dllcache\jsproxy.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   25600              c:\windows\system32\dllcache\jsproxy.dll
- 2008-01-28 05:48 . 2012-01-30 21:46   35088              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   35088              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   18704              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   18704              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   20240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   20240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   17304              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   35736              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   88992              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   94608              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   49064              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   17824              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   63912              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   64928              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   63384              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   12800              c:\windows\ie8updates\KB2647516-IE8\xpshims.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   66560              c:\windows\ie8updates\KB2647516-IE8\mshtmled.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   55296              c:\windows\ie8updates\KB2647516-IE8\msfeedsbs.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   43520              c:\windows\ie8updates\KB2647516-IE8\licmgr10.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   25600              c:\windows\ie8updates\KB2647516-IE8\jsproxy.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   37888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Pres#\dab766b18e6fe0a8f53a93c56be7b40e\System.Windows.Presentation.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\31b65443e56a470d199f293085576e05\System.Web.DynamicData.Design.ni.dll
+ 2012-02-16 03:03 . 2012-02-16 03:03   94208              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\89dfd3999ad1d72c59243d7b4bf40d5a\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-02-16 01:21 . 2012-02-16 01:21   47104              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3aa4296d4aa01fe0533de2c15f818d5f\PresentationFontCache.ni.exe
+ 2012-02-16 01:19 . 2012-02-16 01:19   39424              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\820acb71782d9cd006800b3ac7e1ca53\PresentationCFFRasterizer.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   55296              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Vsa\d07f0222f62dbed7898a6e2e909d407a\Microsoft.Vsa.ni.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   77824              c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   81920              c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   81920              c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   32768              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   12800              c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   28672              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   77824              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   36864              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   77824              c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   13312              c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   10752              c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   72192              c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   69120              c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   8192              c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2012-02-16 00:45 . 2011-11-03 02:03   4782              c:\windows\system32\drivers\N360\0600010.002\SymVTcer.dat
+ 2012-02-16 01:16 . 2012-02-16 01:16   7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   7168              c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5632              c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   6656              c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   8192              c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   113664              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048              c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   105984              c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   105984              c:\windows\system32\url.dll
+ 2006-02-28 12:00 . 2012-02-16 01:17   466062              c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2012-01-03 23:18   466062              c:\windows\system32\perfh009.dat
- 2006-02-28 12:00 . 2011-11-04 19:20   206848              c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   206848              c:\windows\system32\occache.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   611840              c:\windows\system32\mstime.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   611840              c:\windows\system32\mstime.dll
+ 2006-11-07 12:03 . 2011-12-17 19:46   602112              c:\windows\system32\msfeeds.dll
- 2006-11-07 12:03 . 2011-11-04 19:20   602112              c:\windows\system32\msfeeds.dll
+ 2012-02-16 02:34 . 2012-02-16 02:38   250016              c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
+ 2012-02-16 02:34 . 2012-02-16 02:38   335520              c:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.dll
+ 2012-02-15 21:42 . 2012-02-15 21:42   224136              c:\windows\system32\javaws.exe
+ 2012-02-15 21:42 . 2012-02-15 21:42   173960              c:\windows\system32\javaw.exe
+ 2012-02-15 21:42 . 2012-02-15 21:42   173960              c:\windows\system32\java.exe
+ 2006-02-28 12:00 . 2011-12-17 19:46   184320              c:\windows\system32\iepeers.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   184320              c:\windows\system32\iepeers.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   387584              c:\windows\system32\iedkcs32.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   387584              c:\windows\system32\iedkcs32.dll
+ 2006-02-28 12:00 . 2011-12-16 12:23   174080              c:\windows\system32\ie4uinit.exe
- 2006-02-28 12:00 . 2011-11-04 11:24   174080              c:\windows\system32\ie4uinit.exe
+ 2008-01-23 17:37 . 2012-02-16 01:43   289296              c:\windows\system32\FNTCACHE.DAT
- 2008-01-23 17:37 . 2011-12-17 22:44   289296              c:\windows\system32\FNTCACHE.DAT
+ 2012-02-16 00:46 . 2011-11-17 03:37   345208              c:\windows\system32\drivers\N360\0600010.002\symtdiv.sys
+ 2012-02-16 00:46 . 2011-11-17 03:37   388216              c:\windows\system32\drivers\N360\0600010.002\symtdi.sys
+ 2012-02-16 00:46 . 2011-11-17 03:37   318584              c:\windows\system32\drivers\N360\0600010.002\symnets.sys
+ 2012-02-16 00:46 . 2011-11-24 02:23   905336              c:\windows\system32\drivers\N360\0600010.002\SymEFA.sys
+ 2012-02-16 00:46 . 2011-08-16 06:51   340088              c:\windows\system32\drivers\N360\0600010.002\SymDS.sys
+ 2012-02-16 00:46 . 2011-11-24 01:50   574584              c:\windows\system32\drivers\N360\0600010.002\srtsp.sys
+ 2012-02-16 00:46 . 2011-11-17 03:17   149624              c:\windows\system32\drivers\N360\0600010.002\Ironx86.sys
+ 2012-02-16 00:46 . 2011-11-04 23:59   132744              c:\windows\system32\drivers\N360\0600010.002\ccSetx86.sys
- 2006-02-28 12:00 . 2011-11-04 19:20   916992              c:\windows\system32\dllcache\wininet.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   916992              c:\windows\system32\dllcache\wininet.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   105984              c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   105984              c:\windows\system32\dllcache\url.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   206848              c:\windows\system32\dllcache\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   206848              c:\windows\system32\dllcache\occache.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   611840              c:\windows\system32\dllcache\mstime.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   611840              c:\windows\system32\dllcache\mstime.dll
+ 2007-10-10 23:55 . 2011-12-17 19:46   602112              c:\windows\system32\dllcache\msfeeds.dll
- 2007-10-10 23:55 . 2011-11-04 19:20   602112              c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 06:36 . 2011-11-04 19:20   247808              c:\windows\system32\dllcache\ieproxy.dll
+ 2009-06-12 06:36 . 2011-12-17 19:46   247808              c:\windows\system32\dllcache\ieproxy.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   184320              c:\windows\system32\dllcache\iepeers.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   184320              c:\windows\system32\dllcache\iepeers.dll
- 2010-06-08 18:17 . 2011-11-04 19:20   743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-08 18:17 . 2011-12-17 19:46   743424              c:\windows\system32\dllcache\iedvtool.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   387584              c:\windows\system32\dllcache\iedkcs32.dll
- 2006-02-28 12:00 . 2011-11-04 11:24   174080              c:\windows\system32\dllcache\ie4uinit.exe
+ 2006-02-28 12:00 . 2011-12-16 12:23   174080              c:\windows\system32\dllcache\ie4uinit.exe
+ 2012-02-15 21:46 . 2012-02-15 21:46   176128              c:\windows\Installer\c968f.msi
+ 2012-02-15 21:41 . 2012-02-15 21:41   938496              c:\windows\Installer\c967f.msi
- 2008-01-28 05:48 . 2012-01-30 21:46   888080              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   888080              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   272648              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   272648              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   922384              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   922384              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   845584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   845584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   217864              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2008-01-28 05:48 . 2012-01-30 21:46   217864              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   249232              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   394136              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   103848              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   183696              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   104344              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   937920              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\adobearm.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   102808              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   755088              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   296344              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   205720              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   916992              c:\windows\ie8updates\KB2647516-IE8\wininet.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   105984              c:\windows\ie8updates\KB2647516-IE8\url.dll
+ 2012-02-16 01:32 . 2010-07-05 13:16   382840              c:\windows\ie8updates\KB2647516-IE8\spuninst\updspapi.dll
+ 2012-02-16 01:32 . 2010-07-05 13:15   231288              c:\windows\ie8updates\KB2647516-IE8\spuninst\spuninst.exe
+ 2012-02-16 01:32 . 2011-11-04 19:20   206848              c:\windows\ie8updates\KB2647516-IE8\occache.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   611840              c:\windows\ie8updates\KB2647516-IE8\mstime.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   602112              c:\windows\ie8updates\KB2647516-IE8\msfeeds.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   247808              c:\windows\ie8updates\KB2647516-IE8\ieproxy.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   184320              c:\windows\ie8updates\KB2647516-IE8\iepeers.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   743424              c:\windows\ie8updates\KB2647516-IE8\iedvtool.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   387584              c:\windows\ie8updates\KB2647516-IE8\iedkcs32.dll
+ 2012-02-16 01:32 . 2011-11-04 11:24   174080              c:\windows\ie8updates\KB2647516-IE8\ie4uinit.exe
+ 2012-02-16 03:02 . 2012-02-16 03:02   321536              c:\windows\assembly\NativeImages_v2.0.50727_32\WsatConfig\edc5691acfb65ac37f49de2ec497083a\WsatConfig.ni.exe
+ 2012-02-16 01:32 . 2012-02-16 01:32   240128              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\4ad8369d6a60765d7e9b43cdf9023f41\WindowsFormsIntegration.ni.dll
+ 2012-02-16 01:32 . 2012-02-16 01:32   447488              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\68f4157e570c77df653057c0583395bd\UIAutomationClient.ni.dll
+ 2012-02-16 03:07 . 2012-02-16 03:07   400896              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\c2a12bd4056b44f8005a7eb3af161e6a\System.Xml.Linq.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   129536              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\fc63b434b2f253cd27625487f7b02ac0\System.Web.Routing.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   202240              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\67877f896b2b0e42286e838fe307f3fd\System.Web.RegularExpressions.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   859648              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\86650d4fb220f94f25bb5da42a03d454\System.Web.Extensions.Design.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   328704              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\654465871e547e131668874de7c60b8c\System.Web.Entity.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   301056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\f0d6895f6e709d425cb5da6053c603d2\System.Web.Entity.Design.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   547328              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\3f3b7dc7208e302e39a2dfb5b2cb953b\System.Web.DynamicData.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\e9cddd213343f15d611b14620d649bb0\System.Web.Abstractions.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   627200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\11dcb806c92f55111f5fa9f1a90e3bdd\System.ServiceProcess.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   679936              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\5fb9981f4147b537b53be9d58bf4e9b4\System.Security.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   311296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   621056              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Net\a4b2b1ee81acd843970d9a81b281f1c1\System.Net.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   998400              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\a2a14380e8c9149d5b212d0100ef588a\System.Management.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   330752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e3436edde657a5111d39d5b2eecf9715\System.Management.Instrumentation.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   381440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\974ded7dd3bca225a1b90de778846c78\System.IO.Log.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   212992              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\01eba24390736a59c39becd825b5756e\System.IdentityModel.Selectors.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   280064              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   627712              c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
+ 2012-02-16 01:28 . 2012-02-16 01:28   208384              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\e9ae7ae6d1e9edc7aaf819889cd1c692\System.Drawing.Design.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   455680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\78a370dc153011708dd9e4cb0e606bfc\System.DirectoryServices.Protocols.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   881152              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\6e644fc7464d9fe23fc9cd6001296f2f\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   939008              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\bac39be66bb9f987c1948b766833f8e6\System.Data.Services.Client.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   354816              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\2b5ecd231320e57010043c408783d80b\System.Data.Services.Design.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   756736              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\4ac9ac2326720485aefd4d79d2024945\System.Data.Entity.Design.ni.dll
+ 2012-02-16 03:03 . 2012-02-16 03:03   135680              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\d504d550fd0a6994fcb1466ea7be92af\System.Data.DataSetExtensions.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   971264              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   141312              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\28637135c6939e74450bbbf110b12643\System.Configuration.Install.ni.dll
+ 2012-02-16 03:03 . 2012-02-16 03:03   633856              c:\windows\assembly\NativeImages_v2.0.50727_32\System.AddIn\958b5c0114d664ab5ba72575c301e2ea\System.AddIn.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   366080              c:\windows\assembly\NativeImages_v2.0.50727_32\SMSvcHost\4dcff3b0e79fc27e31549bb2af00efb5\SMSvcHost.ni.exe
+ 2012-02-16 03:02 . 2012-02-16 03:02   256000              c:\windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\bd3bfd5b6ef659dac4d6cccb34577d33\SMDiagnostics.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   320512              c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\edec83be646eb52204c991371751a428\ServiceModelReg.ni.exe
+ 2012-02-16 01:23 . 2012-02-16 01:23   258048              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\52015457bc28e7a9a563d9eab8ab0015\PresentationFramework.Royale.ni.dll
+ 2012-02-16 01:22 . 2012-02-16 01:22   224768              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\46a680814559114706a33282e9df4b7a\PresentationFramework.Classic.ni.dll
+ 2012-02-16 01:22 . 2012-02-16 01:22   368128              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2713754549b1114c9152d33efe5f72c7\PresentationFramework.Aero.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   539648              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1552f18ca434c1dca6d082df476d089a\PresentationFramework.Luna.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   133632              c:\windows\assembly\NativeImages_v2.0.50727_32\MSBuild\7c51497b188c82e2ccbe6315549ce023\MSBuild.ni.exe
+ 2012-02-16 02:56 . 2012-02-16 02:56   386560              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f0f6dd614d294295c5d8386cc4192034\Microsoft.Transactions.Bridge.Dtc.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   144384              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\fd1338828beec8737fed8f50f4fcc567\Microsoft.Build.Utilities.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   175104              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\0d5f999c4b7e51151548c37c676c1b8e\Microsoft.Build.Utilities.v3.5.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   839680              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\792168ce8fe03a3db43e12cf736cf91e\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   222720              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Con#\0a5277c34ddc1f55df1defb4231e814f\Microsoft.Build.Conversion.v3.5.ni.dll
+ 2012-02-16 02:56 . 2012-02-16 02:56   410112              c:\windows\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\a8df37aadb089f1f34d3d2f103966fbc\ComSvcConfig.ni.exe
+ 2012-02-16 01:38 . 2012-02-16 01:38   842240              c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\25ce400b547f517258c8afb0480390ea\AspNetMMCExt.ni.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   839680              c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   835584              c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   114688              c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048              c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   131072              c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   303104              c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048              c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   372736              c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   626688              c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   401408              c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   188416              c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   970752              c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   745472              c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   425984              c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   110592              c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   659456              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   372736              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   110592              c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   749568              c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   655360              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   348160              c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   507904              c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   261632              c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   113664              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   258048              c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   486400              c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2006-02-28 12:00 . 2011-11-04 19:20   1212416              c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   1212416              c:\windows\system32\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   5979136              c:\windows\system32\mshtml.dll
+ 2006-10-17 02:57 . 2011-12-17 19:46   2000384              c:\windows\system32\iertutil.dll
- 2006-10-17 02:57 . 2011-11-04 19:20   2000384              c:\windows\system32\iertutil.dll
+ 2008-10-15 03:24 . 2012-01-12 16:53   1859968              c:\windows\system32\dllcache\win32k.sys
- 2006-02-28 12:00 . 2011-11-04 19:20   1212416              c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   1212416              c:\windows\system32\dllcache\urlmon.dll
+ 2006-02-28 12:00 . 2011-12-17 19:46   5979136              c:\windows\system32\dllcache\mshtml.dll
+ 2007-10-10 23:55 . 2011-12-17 19:46   2000384              c:\windows\system32\dllcache\iertutil.dll
- 2007-10-10 23:55 . 2011-11-04 19:20   2000384              c:\windows\system32\dllcache\iertutil.dll
+ 2011-10-25 18:39 . 2011-10-25 18:39   3186688              c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2012-02-15 21:24 . 2012-02-15 21:24   2295808              c:\windows\Installer\1ed6dbb.msi
+ 2011-10-30 13:54 . 2011-10-30 13:54   2748416              c:\windows\Installer\11d44f.msp
+ 2012-02-03 06:13 . 2012-02-03 06:13   4988928              c:\windows\Installer\11d447.msp
- 2008-01-28 05:48 . 2012-01-30 21:46   1172240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   1172240              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-01-28 05:48 . 2012-02-16 01:13   1165584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2008-01-28 05:48 . 2012-01-30 21:45   1165584              c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   2215312              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   1189004              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\JSByteCodeWin.bin
+ 2011-06-06 03:55 . 2011-06-06 03:55   6543768              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 03:55 . 2011-06-06 03:55   1240992              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 03:55 . 2011-06-06 03:55   1480600              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2012-02-16 01:32 . 2011-11-04 19:20   1212416              c:\windows\ie8updates\KB2647516-IE8\urlmon.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   5978112              c:\windows\ie8updates\KB2647516-IE8\mshtml.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   2000384              c:\windows\ie8updates\KB2647516-IE8\iertutil.dll
+ 2012-02-16 01:19 . 2012-02-16 01:19   3325440              c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\174c2f776741812aed02c337bbcd1dae\WindowsBase.ni.dll
+ 2012-02-16 01:32 . 2012-02-16 01:32   1049600              c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\94f5164ff4f664c5e4e7fb4c3af1abad\UIAutomationClientsideProviders.ni.dll
+ 2012-02-16 01:18 . 2012-02-16 01:18   7953408              c:\windows\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
+ 2012-02-16 01:31 . 2012-02-16 01:31   5450752              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
+ 2012-02-16 03:07 . 2012-02-16 03:07   1356288              c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\c4c671c737b553db8e07664816475333\System.WorkflowServices.ni.dll
+ 2012-02-16 03:07 . 2012-02-16 03:07   1908224              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\248ea47105ff4af6ee75e6fdd5b450a1\System.Workflow.Runtime.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   4514304              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\80a288b6611668160334668cc2608e4a\System.Workflow.ComponentModel.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   2992640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\4c27548df5897320840ee0d65db38742\System.Workflow.Activities.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   1840640              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\e9ba004858dcdb5958d86f26f043f85a\System.Web.Services.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   2209280              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\030cde14924eefebc06c240dbfe093a4\System.Web.Mobile.ni.dll
+ 2012-02-16 03:06 . 2012-02-16 03:06   2405888              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6379c8ca8ae11effb415139990923ff1\System.Web.Extensions.ni.dll
+ 2012-02-16 01:30 . 2012-02-16 01:30   1917440              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Speech\e456140d5d6c43d7383bd36d3f9e12c6\System.Speech.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   1706496              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\285dfbf2380436e187cb624bd1cd4683\System.ServiceModel.Web.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   2345472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
+ 2012-02-16 01:29 . 2012-02-16 01:29   1035776              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\d51e6bb07124a1d780d1e024858e0dc1\System.Printing.ni.dll
+ 2012-02-16 01:38 . 2012-02-16 01:38   1070080              c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\8ef05061cd205c4f2a8583d97f32a603\System.IdentityModel.ni.dll
+ 2012-02-16 01:28 . 2012-02-16 01:28   1587200              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   1116672              c:\windows\assembly\NativeImages_v2.0.50
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 16, 2012, 04:01:59 AM
Sorry! That file got cut off. Here is the remaining portion:

+ 2012-02-16 03:04 . 2012-02-16 03:04   1116672              c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\77d0e93f024055d04c07cc2700b4c590\System.DirectoryServices.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   1801216              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\707a05a7d5a8d99dd56d1d50311a60d2\System.Deployment.ni.dll
+ 2012-02-16 01:24 . 2012-02-16 01:24   6616576              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   2510336              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\857300fa64d09c69125451fd8894f3da\System.Data.SqlXml.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   1328128              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\e9d4a1fb13572c769ddd9b86e55baab4\System.Data.Services.ni.dll
+ 2012-02-16 01:24 . 2012-02-16 01:24   2516480              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3d9c33f71d15a3e2e240092a244eba3\System.Data.Linq.ni.dll
+ 2012-02-16 03:04 . 2012-02-16 03:04   9924096              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\424160369b301ccd1b6fd86265611955\System.Data.Entity.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   2295296              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\0a6d6717e76be12295711ff02c7aa1d4\System.Core.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   2128896              c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\33cdfb4c322a528260016ac759230501\ReachFramework.ni.dll
+ 2012-02-16 01:23 . 2012-02-16 01:23   1657856              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a6def83aee1aaf3336675ce58ac09013\PresentationUI.ni.dll
+ 2012-02-16 01:19 . 2012-02-16 01:19   1451008              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\59cd6ce5a254006179eee92952cd2272\PresentationBuildTasks.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1712128              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
+ 2012-02-16 02:56 . 2012-02-16 02:56   1093120              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\f7071f9a1c0523540f6aa7f11c302fb6\Microsoft.Transactions.Bridge.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   2332160              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.JScript\806b1d127ed3e906db972751e87585c4\Microsoft.JScript.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1966080              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\912789fd859e0887e10a935cade08e72\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1620992              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\6c1d3eec78906cc2a2ecffb013114c50\Microsoft.Build.Tasks.ni.dll
+ 2012-02-16 03:02 . 2012-02-16 03:02   1888768              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\d6edd4b4619a9052d3dfe50c3067d5e0\Microsoft.Build.Engine.ni.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   3186688              c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   2048000              c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5025792              c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5062656              c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2012-01-03 23:17 . 2012-01-03 23:17   5246976              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   5246976              c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2012-02-16 01:17 . 2012-02-16 01:17   2933248              c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
- 2012-01-03 23:18 . 2012-01-03 23:18   4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2012-02-16 01:16 . 2012-02-16 01:16   4550656              c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2008-02-01 05:31 . 2012-02-16 01:34   52550552              c:\windows\system32\MRT.exe
+ 2006-11-07 12:03 . 2011-12-18 05:46   11082240              c:\windows\system32\ieframe.dll
+ 2007-10-10 23:55 . 2011-12-18 05:46   11082240              c:\windows\system32\dllcache\ieframe.dll
+ 2012-01-03 17:44 . 2012-01-03 17:44   15929344              c:\windows\Installer\1ed6dbc.msp
+ 2011-06-06 03:55 . 2011-06-06 03:55   24731544              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2012-02-16 01:32 . 2011-11-04 19:20   11081728              c:\windows\ie8updates\KB2647516-IE8\ieframe.dll
+ 2012-02-16 01:30 . 2012-02-16 01:30   12430848              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
+ 2012-02-16 03:05 . 2012-02-16 03:05   11817472              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
+ 2012-02-16 02:55 . 2012-02-16 02:55   17403904              c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1cdcd6d97627d345d5ff446e6ec88b97\System.ServiceModel.ni.dll
+ 2012-02-16 01:27 . 2012-02-16 01:27   10683392              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\7c8f8fb506c32500acc1b6190d054f26\System.Design.ni.dll
+ 2012-02-16 01:22 . 2012-02-16 01:22   14328320              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5060105fb9e169399fe45600b1e9215e\PresentationFramework.ni.dll
+ 2012-02-16 01:20 . 2012-02-16 01:20   12215808              c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\0665bba8c9962deadc418881eb3a2a2a\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2006-02-14 122880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1028096]
"CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-30 122940]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-01-19 1236992]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-05-08 131072]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-02-15 892928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-20 137752]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-02-11 296056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-26 434080]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2008-1-23 184320]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2005-07-25 18:41   40960   ----a-w-   c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0600010.002\SymDS.sys [2/16/2012 9:46 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0600010.002\SymEFA.sys [2/16/2012 9:46 AM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\BASHDefs\20111201.001\BHDrvx86.sys [2/16/2012 9:46 AM 820344]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0600010.002\ccSetx86.sys [2/16/2012 9:46 AM 132744]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 1:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 6:55 AM 67664]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0600010.002\Ironx86.sys [2/16/2012 9:46 AM 149624]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 8:38 AM 116608]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [2/28/2006 9:00 PM 14336]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe [2/16/2012 9:46 AM 138248]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/10/2012 2:34 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.1.2\Definitions\IPSDefs\20111130.012\IDSXpx86.sys [2/16/2012 9:46 AM 356280]
S2 rma;Radia Management Agent;c:\novadigm\ManagementAgent\nvdkit.exe [9/19/2005 9:02 AM 1968446]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2/11/2012 9:07 PM 24064]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\8F.tmp --> c:\windows\system32\8F.tmp [?]
S3 PROCEXP151;PROCEXP151;\??\c:\windows\system32\Drivers\PROCEXP151.SYS --> c:\windows\system32\Drivers\PROCEXP151.SYS [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance   REG_MULTI_SZ      ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 08:57]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003Core.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-920554140-1452882638-782118763-1003UA.job
- c:\documents and settings\hp\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-09 13:36]
.
2012-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-920554140-1452882638-782118763-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 08:45]
.
2012-02-16 c:\windows\Tasks\User_Feed_Synchronization-{4A8F4CFB-E03B-4265-81DB-20389E914523}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = cache.kpu-m.ac.jp:3128
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-16 12:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????W????Z?n??|?P???? ??4B?*Spammer*?hB? ????W?
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.0.1.2\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.0.1.2\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\8F.tmp"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rma]
"ImagePath"="C:/Novadigm/ManagementAgent/nvdkit.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
c:\program files\HPQ\IAM\Bin\ASChnl.dll
c:\program files\HPQ\IAM\Bin\ItMsg.dll
.
Completion time: 2012-02-16  12:18:06
ComboFix-quarantined-files.txt  2012-02-16 03:17
ComboFix2.txt  2012-02-14 19:34
.
Pre-Run: 13,504,593,920 bytes free
Post-Run: 13,461,102,592 bytes free
.
- - End Of File - - 8CA6E341CE18D014D46697013BECEDC6
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 16, 2012, 04:05:40 AM
Here is the Windows + R log that you requested (C:\Qoobox\Add-Remove Programs.txt). I hope that I performed this scan correctly.

Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.2)
Agere Systems HDA Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
Broadcom 802.11 Wireless LAN Adapter
Broadcom Wireless Utility
Critical Update for Windows Media Player 11 (KB959772)
EndNote
GearDrvs
getPlus(R) for Adobe
Google Chrome
Google Toolbar for Internet Explorer
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup & Recovery Manager Pre-Load Module
HP Backup and Recovery Manager Installer
HP BIOS Configuration for ProtectTools 2.00 G1
HP Broadband Wireless Tour
HP Credential Manager for ProtectTools
HP ev2200 Driver Package
HP Help and Support
HP Notebook Accessories Product Tour
HP ProtectTools Security Manager 2.00 C3
HP Quick Launch Buttons 6.00 H1
HP Smart Card Security for ProtectTools 5.00 D4
HP Update
HP User Guides 0015
HP Wireless Assistant 2.00 E1
Intel(R) Graphics Media Accelerator Driver
InterVideo DVD Check
InterVideo WinDVD
ISI ResearchSoft - Export Helper
iTunes
Java Auto Updater
Java(TM) 7 Update 3
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Norton 360
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealUpgrade 1.1
Recuva
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic Update Manager
SoundMAX
Speccy
SUPERAntiSpyware
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597998) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinPatrol
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 16, 2012, 08:58:34 PM
Hi, JDBush61.

How is your computer running now?  After your response, I will provide uninstall instructions for ComboFix.

QuoteHowever, was that second log a "ComboFix" log as well?
Yes, but as you can see, it was a log of installed programs.  I wanted to double-check that list.

QuoteAlso, when I was running ComboFix.exe with the CFScript.txt file, the WinPatrol window popped up before the program had completely finished (before it had generated the log), and the WinPatrol message said:

! A change has been detected in your Internet Explorer Search Page.
Your new page is http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
If this is ok, then click Yes or press Enter,
Click No or press Esc and we'll restore your page to
http://www.google.com.

Not expecting the WinPatrol screen, and not knowing if ComboFix had generated the detected change, or not, I just clicked "No". Was that OK? WinPatrol popped up yesterday also when I was performing my first ComboFix scan, and asked my to make decisions that I did not feel informed enough to make. So that is maybe a problem.

This is where we start the education process of WinPatrol!

One of the areas that WinPatrol monitors is the home/start page.  If a program makes changes to that page, WinPatrol alerts you and gives you the option to prevent the change.  In the process of cleaning, ComboFix made the change to the "default" setting and WinPatrol provided the option to not make that change.

When we began this process you wrote:

QuoteHowever, being somewhat of a novice in all things "computer", I look at my Task Manager box and have no idea what startup programs can be/should be stopped. I basically use that laptop for web surfing, e-mails, and MSWord & PowerPoint programs (I'm an editor by trade), and I rarely use many of the other programs installed on that box. I would really love some advice as to how to go through that laptop and clean out all the fluff & clutter that may be taking up memory usage or causing slowdowns.

I am in the process of creating a more detailed tutorial in our WinPatrol forum since Start Up Programs: Remove, Add, Disable (http://www.landzdown.com/how-to%27s-tips-information/start-up-programs-remove-add-disable/) provides general information.
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 17, 2012, 01:36:43 AM
Hi Corrine, thanks for your reply.


How is your computer running now?  After your response, I will provide uninstall instructions for ComboFix.

>>> Well, I guess OK. However, it is still acting strange. For example, start up is slow, Microsoft IE loads slow, and when I click the red "x" (top right corner) to quit IE it sometimes quits slowly; i.e., the screen drags slowly from top to bottom as the program closes. Also, I can "hear" my hard disk running all the time, and it often sounds like it is "cycling up" (high RPMs) and then cycling down. As if some program is running in the background and controlling it. The laptop is a 2008 build (not so old), and I don't remember hearing the hard drive spinning all the time like I can now. That's one of the reasons I suspected malware or a virus/rootkit had taken control. Also, I don't understand what could be robbing all the RAM memory (only 10% available). My first computer was a MAC Performa that I purchased in '95. That box, although great for its day, is a dinosaur compared to my 2008 HP in terms of CPU and memory.

I thought to myself "Gee, is this laptop just getting tired, or dying a slow death?" Could be, I suppose.

By the way, this morning I ran a Norton 306 (version 6) "quick scan" out of habit, and it detected the ComboFix.exe as a "Trojan,ADH.2" and quarantined it. Thus, it disappeared from my desktop, which explains why it disappeared the first time as well, as I must have ran Norton at that time as well. You mentioned that you were going to explain to me how to uninstall  ComboFix, yet I think that my Norton activity has maybe messed that up? Looking forward to your next advice, and my sincere apologies if I'm repeatedly doing stupid novice things.

However, was that second log a "ComboFix" log as well?
Yes, but as you can see, it was a log of installed programs.  I wanted to double-check that list.

>>> I understand. What did you learn by checking that list? Anything of interest?


I am in the process of creating a more detailed tutorial in our WinPatrol forum since Start Up Programs: Remove, Add, Disable provides general information.

>>> I understand. So Corrine, where do we stand now? Did the logs show you that my laptop was infected in any way with malware/viruses/rootkits, etc.?
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 17, 2012, 02:24:11 AM
Hi, JDBush61.

Indeed, I recall when I purchased a desktop with Windows XP and a 4 GB hard drive.  I (naively) thought that was the last computer I'd ever need.  Wow, 4 GB!  Little did I know or imagine what was in store.  Generally, the normal lifespan of a laptop is expected to be 4-5 years, less in business environments. 

No, I didn't see anything unusual in the list of installed programs. 

It took me longer than I expected, but I did finally finish the new tutorial: Reviewing Start-Up Programs (http://www.landzdown.com/how-to%27s-tips-information/reviewing-start-up-programs/new/#new)

You indicated previously that the scans you ran did not show anything and I am not seeing signs of malware but that doesn't mean I didn't miss something in the logs.  So, let's get one more opinion.  Please go here (http://www.eset.com/onlinescan/) to run an on-line scan from ESET.
After we see the results, we'll take care of ComboFix.
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 19, 2012, 05:19:37 PM
Quote from: Corrine on February 17, 2012, 02:24:11 AM
Hi, JDBush61.

Indeed, I recall when I purchased a desktop with Windows XP and a 4 GB hard drive.  I (naively) thought that was the last computer I'd ever need.  Wow, 4 GB!  Little did I know or imagine what was in store.  Generally, the normal lifespan of a laptop is expected to be 4-5 years, less in business environments.

No, I didn't see anything unusual in the list of installed programs. 

It took me longer than I expected, but I did finally finish the new tutorial: Reviewing Start-Up Programs (http://www.landzdown.com/how-to%27s-tips-information/reviewing-start-up-programs/new/#new)

Hi Corrine, please forgive this late reply. Got sidetracked over the weekend. Please know that I truly appreciate all the time you have spent on my behalf!


So yeah, me too. I thought this 2008 HP would be all I needed for a while, yet then again, I tend to stick with my current hardware/software too long before updating (I used that '95 MAC Performa for close to 10 years before finally getting rid of it). Now, my Sony Vaio laptop (Windows 7 64 bit, Intel i5, 300GB HD) is making this HP look like a dinosaur in many ways. Question: When you say "less in a business environment", is that purely due to work machines being "on" for many more hours of the day than a home computer?

I read your nice tutorial (thank you), and I will start looking into my startup programs. Something is still robbing/hogging the RAM, so I very much suspect that I may not have things configured correctly -- or, deeper problems. This box is still acting up and being somewhat tempermental. Slow page loads and closes (dragging), and other odd stuff. For example, I will click once, then nothing happens for a second or three, and then I "hear" two or three clicks, and then a page will open or a program will open after a multi-second hesitation. Hard drive still audibly loud and spinning (sometimes constantly, like now, and sometimes cycling up and down in rpms).

So, here is the ESET online scan log that you requested. Looking forward to your further advice (ComboFix uninstall, etc., etc.).

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64fb5f9dc7730b4dbb4e6608855b379d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-18 12:36:43
# local_time=2012-02-18 09:36:43 (+0900, Tokyo Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 224351 224351 0 0
# compatibility_mode=3589 16777189 100 74 127974 80222604 0 0
# compatibility_mode=8192 67108863 100 0 962 962 0 0
# scanned=72266
# found=0
# cleaned=0
# scan_time=4896

Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 19, 2012, 08:20:33 PM
JDBush61.

Confirmation by ESET that all looks good!  Please do the following to implement cleanup procedures and also to reset System Restore points:

First, restore ComboFix from Norton Quarantine, following the instructions at Managing Norton 360 Quarantine Items | Antivirus Support (http://www.sytru.com/support/127), selecting Restore & Exclude under Actions.
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).


[Note: If this doesn't work, download ComboFix to your desktop again and then follow the uninstall instructions.)

QuoteQuestion: When you say "less in a business environment", is that purely due to work machines being "on" for many more hours of the day than a home computer?

Not only being "on" for 8-10 hours per day but also generally getting a heavier workout, not merely checking e-mail, surfing the web and handling a few Word or Power Point files. :)

As to the "sluggishness", keep in mind that your Sony Vaio laptop has 4 GB RAM compared to the HP with 503 MB.  RAM is not expensive (as illustrated by selecting the model of your HP laptop here (http://www.archmemory.com/memory.cfm/HP-RAM-Pavilion-Notebooks-19984) and following the instructions at, for example, How to Add Memory to an HP Pavilion Notebook | eHow.com (http://www.ehow.com/how_7168863_add-memory-hp-pavilion-notebook.html)).  You could also take it to a reputable, local TechShop (no idea about what is available in Japan).  It really depends on how long you want to keep that laptop to justify any expense.  The end of extended support for Windows XP is April 8, 2014.

Another consideration is that the laptop may need a different kind of cleaning -- that is the ports or cooling vents may be clogged with dirt & dust.  Although canned air can be used, the only problem with that is spraying too with the canned air may result in liquid in the fan blades, causing them to seize.  (Do NOT use a vacuum cleaner as it can end up causing damage by sucking the dust and debris into fragile parts.)

Although ComboFix would have cleaned Temp Files, it wouldn't hurt to periodically run TFC (Temp File Cleaner) followed by Defragment of your hard drive.  The instructions for TFC:

Download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
The instructions to defrag your computer:
Please let me know if you have any questions.
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 20, 2012, 01:13:22 AM
Hi Corrine,

I actually encountered a little difficulty uninstalling ComboFix, yet I think that I was ultimately successful. First, I went to the Norton Quarantine and performed the Restore & Exclude. Once finished, the red & white ComboFix installer icon failed to reappear on my desktop, yet I did cut and paste ComboFix /Uninstall into the run box and clicked OK. A message popped up saying that the files (program?) could not be found. Next, I once-again downloaded the file from BleepingComputer and the icon then appeared on the desktop. I tried the ComboFix /Uninstall once more, and again I got the pop-up window stating no file could be found. Realizing that the icon was an installer link, I then double-clicked the icon (wasn't sure what else to do) and ComboFix began to run and produce another log file. Hope that was OK (beads of sweat then developing on my foorehead). I saved the log file to my desktop, and will post it if you would like to see it. Next, still concentrating on the uninstall, I once more pasted ComboFix /Uninstall into the run box, and this time "success"!... with a small pop-up window stating that it had successfully unistalled.

I did not have time to download the TFC temp file cleaner and run it, yet I will do that and also defrag later today when I get home.

By the way, I opened WinPatrol and ran the log related to the start-up programs. A lot of info there. I opened the SYSTEMLOOKUP Startup List link that you provided, yet then began to get confused ( :wink:). I will do more reading.

Finally, do you have any more thoughts regarding making more RAM available? I did a little reading about virtual memory and pagefiles, and then got even more confused. That HP box has a "D" partition (around 3GB) for backup and recovery, and it is nearly 100% full. Is that normal? Is there a way to clean up that drive, or should it be just left alone?

- JDB
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 20, 2012, 01:28:04 AM
Oh, and I forgot to address your other advice!

Quote from: Corrine on February 19, 2012, 08:20:33 PM
As to the "sluggishness", keep in mind that your Sony Vaio laptop has 4 GB RAM compared to the HP with 503 MB.  RAM is not expensive (as illustrated by selecting the model of your HP laptop here (http://www.archmemory.com/memory.cfm/HP-RAM-Pavilion-Notebooks-19984) and following the instructions at, for example, How to Add Memory to an HP Pavilion Notebook | eHow.com (http://www.ehow.com/how_7168863_add-memory-hp-pavilion-notebook.html)).  You could also take it to a reputable, local TechShop (no idea about what is available in Japan).  It really depends on how long you want to keep that laptop to justify any expense.  The end of extended support for Windows XP is April 8, 2014.

All great points! However, I don't quite understand the persistent "sluggishness" that I am still often experiencing. My '95 MAC always ran lickity-split, even when it was in its golden years, so I don't see why the 503MB HP would be running so sluggish.

>>>>>>>>>>>
Another consideration is that the laptop may need a different kind of cleaning -- that is the ports or cooling vents may be clogged with dirt & dust.  Although canned air can be used, the only problem with that is spraying too with the canned air may result in liquid in the fan blades, causing them to seize.  (Do NOT use a vacuum cleaner as it can end up causing damage by sucking the dust and debris into fragile parts.)
>>>>>>>>>>>

Do you suppose that what I am hearing (the constant loud spinning/cycling) is actually a cooling problem (dirty ports/vents and a hard working fan)? There must be a way to access all of those components from the underside of the laptop, so I will inspect those areas when I get home. I have never before tried canned air on anything, and yes, I will keep the vaccuum cleaner unplugged. ;)
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 20, 2012, 03:33:00 AM
Hi, "JDB".  :)

Nice job on following through with the ComboFix uninstall!    :thumbsup:

I'm not finding a corresponding document for Windows XP.  However, the D drive is generally the recovery partition and should not be used for backup.  This document is for Windows Vista:  http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01555992&cc=us&lc=en&dlc=en

If you do not get "Your system is low on virtual memory" error messages, I would leave the virtual memory and page file size alone.

In the event it may help others, why don't we move the WinPatrol discussion to the WinPatrol Help & Information (http://www.landzdown.com/winpatrol-help-information/) forum. 

Mechanical parts wear out, JDB.  The loud spinning could also be a sign that one of the fans is wearing out.  Use caution with the canned air though -- don't hold the can and spray & spray & spray.  Shutdown the laptop, turn it over & use little bursts.  If you don't see any dust coming out, stop.  (The beginning of this video will show you what I mean:  http://youtu.be/q9zTf2JuxNI) If you can see a lot of collected dirt through the openings, then more thorough cleaning may be needed. 
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 21, 2012, 12:55:51 AM
Quote from: Corrine on February 20, 2012, 03:33:00 AM
Hi, "JDB".  :)

Nice job on following through with the ComboFix uninstall!    :thumbsup:

I'm not finding a corresponding document for Windows XP.  However, the D drive is generally the recovery partition and should not be used for backup.  This document is for Windows Vista:  http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01555992&cc=us&lc=en&dlc=en

If you do not get "Your system is low on virtual memory" error messages, I would leave the virtual memory and page file size alone.

In the event it may help others, why don't we move the WinPatrol discussion to the WinPatrol Help & Information (http://www.landzdown.com/winpatrol-help-information/) forum. 

Mechanical parts wear out, JDB.  The loud spinning could also be a sign that one of the fans is wearing out.  Use caution with the canned air though -- don't hold the can and spray & spray & spray.  Shutdown the laptop, turn it over & use little bursts.  If you don't see any dust coming out, stop.  (The beginning of this video will show you what I mean:  http://youtu.be/q9zTf2JuxNI) If you can see a lot of collected dirt through the openings, then more thorough cleaning may be needed.

Hi Corrine,

This morning, I downloaded (to the desktop) the TFC program and ran ran it from there. All appeared to go well, and a reboot was initiated after the temp files were cleaned out. I then performed a defrag, and although there were few fragmented files, it took the better part of 30 minutes for the defrag to complete. Is that normal?

So, the laptop does seem to be running quicker now, in general, yet I still suspect that I have many files or programs or (??) that need to be cleaned out and tossed in the trash. I have yet to delve into the start-up advice that you kindly sent, nor have I had much time to investigate and configure the WinPatrol program. As per your suggestion, I will move all further discussion regarding WinPatrol to the link that you supplied for the other thread.

By the way, you are absolutely correct about the D drive ("HP_RECOVERY (D:)"). My mistake. It is actually only for recovery, not backup. I do not remember ever backing anything up to that drive, yet its current state is: Size: 3.66GB, Available Free Space: 99MB, % Free Space: 2%. Since I did burn recovery CDs from that computer when I first purchased it, is that drive (partition?) even still needed? And if it is, is there a way to clean up that drive? (and is a clean-up even needed?) Just thinking on my own as to how to free up more RAM, because I still cannot understand what is hogging/robbing it. Maybe my Norton 360 program?

Sorry for so many new-guy questions! I will go back to doing more reading!

Oh, one final note. I did download the Secunia PSI program to that box this morning before leaving for the office. I ran the program and the results came back 99% up-to-date, with 1 end-of-life program detected. So maybe my Adobe, Java, and other programs are currently in a good state. I also followed the link to your personal site and read the update advisories that you posted. Nice site!... and now bookmarked on both of my machines. ;)

- John
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on February 21, 2012, 01:24:44 AM
Hi, John! 

It took a while, but I'm glad we're on a first-name basis now. :)

Actually, 30 minutes is a good time for the defrag to complete.  If you are spending a lot of time on this laptop or notice it slowing down, you should consider running TFC followed by a defrag.  You may also want to run the Disk Cleanup Tool.  Before running, create a fresh restore point and then include the option to remove all restore points except the most recent restore point:  Description of the Disk Cleanup Tool in Windows XP (http://support.microsoft.com/kb/310312).

As to "HP_Recovery (D:)", even though you created recovery CD's, I would leave it.  If one should fail, you would have the other to fall back on.

Could your Norton 360 program be slowing things down?  It is possible.  I have personally never used Norton.  You mentioned early on that you were considering changing programs when it was time to renew your license.  In the event you decide to do that, if you pick another paid A/V program, most have a trial so you can see how it works on your system.  You'll need to uninstall Norton before trying a different program though.

Great job with Secunia PSI and thank you for the compliment about my "Security Garden".

Don't hesitate to ask additional questions!

Regards,

Corrine
Title: Re: Need help analyzing my HP laptop
Post by: JDBush61 on February 21, 2012, 04:24:48 AM
Quote from: Corrine on February 21, 2012, 01:24:44 AM
Hi, John! 

It took a while, but I'm glad we're on a first-name basis now. :)

Actually, 30 minutes is a good time for the defrag to complete.  If you are spending a lot of time on this laptop or notice it slowing down, you should consider running TFC followed by a defrag.  You may also want to run the Disk Cleanup Tool.  Before running, create a fresh restore point and then include the option to remove all restore points except the most recent restore point:  Description of the Disk Cleanup Tool in Windows XP (http://support.microsoft.com/kb/310312).

As to "HP_Recovery (D:)", even though you created recovery CD's, I would leave it.  If one should fail, you would have the other to fall back on.

Could your Norton 360 program be slowing things down?  It is possible.  I have personally never used Norton.  You mentioned early on that you were considering changing programs when it was time to renew your license.  In the event you decide to do that, if you pick another paid A/V program, most have a trial so you can see how it works on your system.  You'll need to uninstall Norton before trying a different program though.

Great job with Secunia PSI and thank you for the compliment about my "Security Garden".

Don't hesitate to ask additional questions!

Regards,

Corrine

Hi Corrine,

Thanks for your reply, and please know that I cannot thank you enough for the extensive amount of personal time you spent walking me through all the cleanup/analysis procedures! Strange, yet I don't quite remember how I stumbled accross this forum, however, I now feel very blessed that I did.  :D

I will now pay much closer attention to program updates, disk clean-ups, and system maintenance in general. After all of your help, I feel much more comfortable about the current performance of my HP laptop at home, yet I still want to deeply investigate the start-up programs, as well as what other things might be cluttering up the RAM, system speed, and the machine in general. Still does not feel 100% normal, yet as you mentioned previously, that laptop might just be getting old and wearing out. I still haven't had time to check the cooling ports and the fan, yet will jump on that pronto. I will also create a new restore point and delete the previous ones when I get home tonight.

Once again, thank you so very much for your time and kind efforts on my behalf! Truly amazing, and I learned A LOT!.  :flowers:

Best regards,

- John
Title: Re: Need help analyzing my HP laptop
Post by: Corrine on March 01, 2012, 01:45:03 AM
Hi, John.

If all is well with  your computer now, you can delete Security Check from your desktop and then do the following:

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal (https://www.paypal.com/cgi-bin/webscr?cmd=_donations&business=combofix%40live%2ecom&item_name=ComboFix&no_shipping=0&no_note=1&tax=0&currency_code=USD&bn=PP%2dDonationsBF&charset=UTF%2d8).


I think we covered all your questions, but please don't hesitate to let us know if something else comes up.
Text only | Text with Images