Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - R3D

Pages: [1]
1
Analysis and Malware Removal / Nephew Shanes Laptop...
« on: August 08, 2011, 07:47:38 PM »
Hey ladies and gents, long time no see...   :angel:

I am having trouble helping my nephew with his laptop, as a lot ot security registries and other things are either off or missing, not sure...   That and I have been in the hospital for some time now...   No worries, it's life and I got Melanoma in a big way.   Hope you all are doing well!  The nurses love me here and I am helping them with their laptops and systems too, lol...  Anyways, lt me see if I got this right:

RSIT LOG

Logfile of random's system information tool 1.09 (written by random/random)
Run by ADMIN at 2011-08-08 13:02:20
WIN_7
System drive C: has 190 GB (85%) free of 224 GB
Total RAM: 1979 MB (63% free)

HijackThis download failed

======Listing Processes======


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-66298164-64744096-1098960028-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-66298164-64744096-1098960028-1000UA.job
C:\Windows\tasks\HPCeeScheduleForShane.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\90ts09k0.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647]
"Description"=RealJukebox Netscape Plugin
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660]
"Description"=RealNetworks(tm) RealPlayer Chrome Background Extension Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660]
"Description"=RealPlayer(tm) HTML5VideoShim Plug-In
"Path"=C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660]
"Description"=12.0.1.660
"Path"=C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
adapter@babylontc.com
mp3tubetoolbar@mp3tubetoolbar.com
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsjsrealplayerplugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
nprjplug.dll
nprpjplug.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
bing.xml.old
eBay.xml
google.xml
Mp3Tube.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
Download Accelerator Plus Integration - C:\Program Files (x86)\DAP\DAPIELoader64.dll [2011-03-24 398000]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-06-30 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [2011-07-19 386264]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2011-07-13 419768]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL [2010-05-13 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-07-21 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
Download Accelerator Plus Integration - C:\PROGRA~2\DAP\DAPIEL~1.DLL [2011-05-28 141568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-06-30 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll [2011-07-13 419768]
{9D425283-D487-4337-BAB6-AB8354A81457}
{46897C77-E7A6-4c33-BFFB-E9C2E2718942} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2009-09-30 825184]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-05 2046760]
"RtkOSD"=C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe [2010-01-12 995840]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [2010-01-29 6160928]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"HP Quick Launch"=C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-01-18 451072]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-03-05 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-03-05 391192]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-03-05 410648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2009-09-29 1685048]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"TkBellExe"=C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2011-07-19 273544]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-11-29 421888]
"NortonOnlineBackupReminder"=C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [2009-06-29 600936]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
"jswtrayutil"=C:\Program Files (x86)\NETGEAR\WNDA3100\jswtrayutil.exe []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
NETGEAR WNDA3100 Smart Wizard.lnk - C:\Program Files (x86)\NETGEAR\WNDA3100\WNDA3100.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-03-05 269824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB]
C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"VIDC.FPS1"=frapsv64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-08 13:02:21 ----D---- C:\Program Files\trend micro
2011-08-08 13:02:20 ----D---- C:\rsit
2011-08-05 14:47:57 ----A---- C:\Windows\system32\drivers\PCASp50a64.sys
2011-08-05 14:47:57 ----A---- C:\Windows\system32\drivers\PCAMp50a64.sys
2011-08-05 14:47:15 ----D---- C:\Program Files (x86)\NETGEAR
2011-08-05 14:47:04 ----D---- C:\ProgramData\NETGEAR
2011-08-05 14:39:08 ----D---- C:\Drivers
2011-08-04 21:14:44 ----D---- C:\Users\ADMIN\AppData\Roaming\Rovio
2011-08-04 19:46:31 ----D---- C:\Users\ADMIN\AppData\Roaming\U3
2011-08-02 23:27:33 ----D---- C:\Users\ADMIN\AppData\Roaming\HpUpdate
2011-08-02 23:24:44 ----D---- C:\Users\ADMIN\AppData\Roaming\Hewlett-Packard
2011-08-02 22:29:31 ----D---- C:\Users\ADMIN\AppData\Roaming\Mozilla
2011-08-02 22:25:40 ----D---- C:\Users\ADMIN\AppData\Roaming\WinRAR
2011-08-02 22:22:47 ----D---- C:\Users\ADMIN\AppData\Roaming\Real
2011-08-02 22:22:27 ----D---- C:\Users\ADMIN\AppData\Roaming\Identities
2011-08-02 22:22:19 ----SD---- C:\Users\ADMIN\AppData\Roaming\Microsoft
2011-08-02 22:22:19 ----D---- C:\Users\ADMIN\AppData\Roaming\Media Center Programs
2011-08-02 22:22:19 ----D---- C:\Users\ADMIN\AppData\Roaming\Macromedia
2011-08-01 20:29:33 ----A---- C:\Windows\ntbtlog.txt
2011-08-01 12:01:01 ----D---- C:\Windows\pss
2011-08-01 11:51:48 ----N---- C:\bootsqm.dat
2011-08-01 05:32:07 ----A---- C:\Windows\system32\wbload.dll
2011-08-01 05:32:01 ----N---- C:\Windows\SYSWOW64\wbsys.dll
2011-08-01 05:31:59 ----D---- C:\Program Files (x86)\Stardock
2011-08-01 05:10:27 ----HD---- C:\Program Files (x86)\InstallJammer Registry
2011-08-01 04:10:59 ----D---- C:\Program Files (x86)\RocketDock
2011-08-01 03:38:12 ----D---- C:\ProgramData\IObit
2011-08-01 03:36:52 ----D---- C:\Program Files (x86)\IObit
2011-08-01 01:32:18 ----D---- C:\ProgramData\STOPzilla!
2011-07-30 08:01:35 ----D---- C:\Windows\SYSWOW64\QuickTime
2011-07-23 23:50:44 ----A---- C:\PA207.DAT
2011-07-23 23:48:06 ----D---- C:\Windows\PixArt
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\msrating.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\msls31.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-07-22 22:33:31 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\wextract.exe
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\url.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\inseng.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\icardie.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2011-07-22 22:33:30 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\occache.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\mshta.exe
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2011-07-22 22:33:29 ----A---- C:\Windows\SYSWOW64\admparse.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\wininet.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\urlmon.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2011-07-22 22:33:28 ----A---- C:\Windows\system32\pngfilt.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\occache.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\msrating.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\msls31.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\mshtml.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\mshta.exe
2011-07-22 22:33:28 ----A---- C:\Windows\system32\jsproxy.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\jscript9.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\ieUnatt.exe
2011-07-22 22:33:28 ----A---- C:\Windows\system32\iertutil.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\ieakui.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\ieaksie.dll
2011-07-22 22:33:28 ----A---- C:\Windows\system32\admparse.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\wextract.exe
2011-07-22 22:33:27 ----A---- C:\Windows\system32\webcheck.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\url.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2011-07-22 22:33:27 ----A---- C:\Windows\system32\mshtmler.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\mshtmled.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\msfeedssync.exe
2011-07-22 22:33:27 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\licmgr10.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\jscript.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\inseng.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\imgutil.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\ieui.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\iesysprep.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\iesetup.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\iernonce.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\iepeers.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\ieframe.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\iedkcs32.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\ieapfltr.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\ieapfltr.dat
2011-07-22 22:33:27 ----A---- C:\Windows\system32\ieakeng.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\IEAdvpack.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\ie4uinit.exe
2011-07-22 22:33:27 ----A---- C:\Windows\system32\icardie.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\dxtrans.dll
2011-07-22 22:33:27 ----A---- C:\Windows\system32\dxtmsft.dll
2011-07-22 22:33:26 ----A---- C:\Windows\system32\vbscript.dll
2011-07-22 22:33:26 ----A---- C:\Windows\system32\msfeeds.dll
2011-07-22 22:33:26 ----A---- C:\Windows\system32\iexpress.exe
2011-07-22 22:31:37 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-07-22 22:31:37 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-07-22 22:31:36 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-07-22 22:31:36 ----A---- C:\Windows\system32\d3d10warp.dll
2011-07-22 22:31:36 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-07-22 22:31:36 ----A---- C:\Windows\system32\d3d10_1.dll
2011-07-22 22:31:36 ----A---- C:\Windows\system32\cdd.dll
2011-07-22 22:31:35 ----A---- C:\Windows\SYSWOW64\XpsRasterService.dll
2011-07-22 22:31:35 ----A---- C:\Windows\SYSWOW64\XpsGdiConverter.dll
2011-07-22 22:31:35 ----A---- C:\Windows\SYSWOW64\ExplorerFrame.dll
2011-07-22 22:31:35 ----A---- C:\Windows\SYSWOW64\d2d1.dll
2011-07-22 22:31:35 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-07-22 22:31:35 ----A---- C:\Windows\system32\XpsPrint.dll
2011-07-22 22:31:35 ----A---- C:\Windows\system32\FntCache.dll
2011-07-22 22:31:35 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-07-22 22:31:35 ----A---- C:\Windows\system32\d2d1.dll
2011-07-22 22:31:34 ----A---- C:\Windows\SYSWOW64\DWrite.dll
2011-07-22 22:31:33 ----A---- C:\Windows\system32\DWrite.dll
2011-07-22 22:31:32 ----A---- C:\Windows\SYSWOW64\XpsPrint.dll
2011-07-22 22:31:32 ----A---- C:\Windows\SYSWOW64\d3d10warp.dll
2011-07-22 22:31:32 ----A---- C:\Windows\SYSWOW64\d3d10_1core.dll
2011-07-22 22:31:32 ----A---- C:\Windows\SYSWOW64\d3d10_1.dll
2011-07-21 17:33:52 ----A---- C:\Windows\SYSWOW64\javaws.exe
2011-07-21 17:33:51 ----A---- C:\Windows\SYSWOW64\javaw.exe
2011-07-21 17:33:51 ----A---- C:\Windows\SYSWOW64\java.exe
2011-07-21 17:33:08 ----D---- C:\Program Files (x86)\Java
2011-07-20 10:53:56 ----D---- C:\Program Files\Bonjour
2011-07-20 10:53:56 ----D---- C:\Program Files (x86)\Bonjour
2011-07-19 02:47:37 ----A---- C:\Windows\SYSWOW64\rmoc3260.dll
2011-07-19 02:47:21 ----A---- C:\Windows\SYSWOW64\pndx5032.dll
2011-07-19 02:47:21 ----A---- C:\Windows\SYSWOW64\pndx5016.dll
2011-07-19 02:47:19 ----A---- C:\Windows\SYSWOW64\pncrt.dll
2011-07-19 02:47:09 ----D---- C:\Program Files (x86)\Real
2011-07-19 02:47:07 ----D---- C:\ProgramData\Real
2011-07-19 02:34:27 ----D---- C:\ProgramData\Windows Genuine Advantage
2011-07-18 16:54:55 ----A---- C:\Windows\system32\drivers\LNonPnP.sys
2011-07-15 23:00:34 ----D---- C:\Program Files (x86)\Babylon
2011-07-14 05:52:56 ----D---- C:\ProgramData\Logishrd
2011-07-12 17:01:59 ----D---- C:\ProgramData\UAB
2011-07-12 17:01:44 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2011-07-12 16:32:59 ----D---- C:\Windows\system32\SPReview
2011-07-12 16:31:15 ----D---- C:\Windows\system32\EventProviders
2011-07-12 15:31:03 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2011-07-12 15:31:03 ----A---- C:\Windows\system32\wow64win.dll
2011-07-12 15:31:03 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-12 15:31:03 ----A---- C:\Windows\system32\kernel32.dll
2011-07-12 15:31:03 ----A---- C:\Windows\system32\conhost.exe
2011-07-12 15:31:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-12 15:31:02 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-12 15:31:02 ----A---- C:\Windows\SYSWOW64\setup16.exe
2011-07-12 15:31:02 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2011-07-12 15:31:02 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2011-07-12 15:31:02 ----A---- C:\Windows\system32\wow64cpu.dll
2011-07-12 15:31:02 ----A---- C:\Windows\system32\wow64.dll
2011-07-12 15:31:02 ----A---- C:\Windows\system32\winsrv.dll
2011-07-12 15:31:02 ----A---- C:\Windows\system32\ntvdm64.dll
2011-07-12 15:31:01 ----A---- C:\Windows\SYSWOW64\wow32.dll
2011-07-12 15:31:01 ----A---- C:\Windows\SYSWOW64\instnm.exe
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-12 15:30:59 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-12 15:30:58 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-12 15:30:57 ----A---- C:\Windows\SYSWOW64\user.exe
2011-07-12 15:30:53 ----A---- C:\Windows\system32\win32k.sys
2011-07-12 11:34:00 ----A---- C:\Windows\system32\jdns_sd.dll
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dnssdX.dll
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dns-sd.exe
2011-07-12 11:34:00 ----A---- C:\Windows\system32\dnssd.dll
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\jdns_sd.dll
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dnssdX.dll
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dns-sd.exe
2011-07-12 11:20:54 ----A---- C:\Windows\SYSWOW64\dnssd.dll

======List of files/folders modified in the last 1 month======

2011-08-08 13:02:21 ----RD---- C:\Program Files
2011-08-08 12:31:19 ----SHD---- C:\System Volume Information
2011-08-05 14:50:55 ----AD---- C:\ProgramData\Temp
2011-08-05 14:49:26 ----HD---- C:\ProgramData
2011-08-05 14:49:18 ----D---- C:\Windows\Temp
2011-08-05 14:47:57 ----SHD---- C:\Windows\Installer
2011-08-05 14:47:57 ----SHD---- C:\Config.Msi
2011-08-05 14:47:57 ----D---- C:\Windows\system32\drivers
2011-08-05 14:47:53 ----D---- C:\Windows\inf
2011-08-05 14:47:49 ----D---- C:\Windows\system32\DriverStore
2011-08-05 14:47:49 ----D---- C:\Windows\system32\catroot
2011-08-05 14:47:15 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-08-05 14:47:15 ----D---- C:\Program Files (x86)
2011-08-05 14:44:22 ----D---- C:\Windows\Downloaded Installations
2011-08-05 14:38:52 ----A---- C:\ProgramData\HPWALog.txt
2011-08-03 08:22:45 ----D---- C:\Windows\Logs
2011-08-02 22:34:00 ----D---- C:\Program Files (x86)\Lame For Audacity
2011-08-02 22:26:55 ----D---- C:\Windows\system32\drivers\etc
2011-08-02 22:22:46 ----SHD---- C:\$Recycle.Bin
2011-08-02 22:22:19 ----RD---- C:\Users
2011-08-01 23:28:10 ----D---- C:\Windows\SYSWOW64\drivers
2011-08-01 23:28:09 ----D---- C:\Windows\System32
2011-08-01 23:24:33 ----D---- C:\Windows
2011-08-01 23:24:18 ----D---- C:\Windows\SysWOW64
2011-08-01 23:24:18 ----D---- C:\Program Files (x86)\Realtek
2011-08-01 23:13:30 ----HD---- C:\Program Files (x86)\Temp
2011-08-01 23:13:24 ----D---- C:\Windows\SYSWOW64\RTCOM
2011-08-01 23:08:53 ----D---- C:\Windows\system32\catroot2
2011-08-01 22:14:01 ----D---- C:\Windows\Cursors
2011-08-01 21:55:01 ----D---- C:\ProgramData\Recovery
2011-08-01 16:07:56 ----D---- C:\Windows\Tasks
2011-08-01 12:29:17 ----SD---- C:\ProgramData\Microsoft
2011-08-01 05:35:43 ----A---- C:\Windows\win.ini
2011-08-01 03:46:23 ----D---- C:\Windows\system32\Tasks
2011-08-01 03:38:23 ----D---- C:\Windows\Minidump
2011-08-01 03:38:23 ----D---- C:\Windows\debug
2011-08-01 03:38:01 ----D---- C:\Windows\Prefetch
2011-08-01 02:07:17 ----D---- C:\ProgramData\CyberLink
2011-08-01 02:05:18 ----D---- C:\Program Files (x86)\Common Files
2011-08-01 02:02:26 ----DC---- C:\Windows\system32\DRVSTORE
2011-08-01 01:55:40 ----D---- C:\Windows\system32\config
2011-08-01 00:13:20 ----D---- C:\Windows\system32\wbem
2011-08-01 00:12:13 ----D---- C:\ProgramData\Norton
2011-08-01 00:12:07 ----D---- C:\Program Files (x86)\DAP
2011-08-01 00:11:35 ----D---- C:\Program Files (x86)\Mozilla Firefox
2011-08-01 00:11:26 ----RSD---- C:\Windows\Fonts
2011-08-01 00:11:25 ----D---- C:\Windows\registration
2011-07-31 23:24:58 ----D---- C:\Program Files (x86)\Adobe
2011-07-31 23:24:53 ----D---- C:\ProgramData\Adobe
2011-07-31 23:16:26 ----D---- C:\Program Files\Common Files
2011-07-31 23:16:15 ----D---- C:\Program Files\Adobe
2011-07-25 15:53:19 ----D---- C:\ProgramData\WildTangent
2011-07-25 15:44:03 ----D---- C:\ProgramData\Skype
2011-07-25 09:22:45 ----D---- C:\Windows\rescache
2011-07-25 04:23:24 ----D---- C:\Windows\system32\FxsTmp
2011-07-24 16:47:31 ----D---- C:\Windows\winsxs
2011-07-24 16:45:00 ----D---- C:\Windows\SYSWOW64\migration
2011-07-24 16:45:00 ----D---- C:\Windows\SYSWOW64\en-US
2011-07-24 16:44:56 ----D---- C:\Windows\system32\migration
2011-07-24 16:44:56 ----D---- C:\Windows\system32\en-US
2011-07-24 16:44:56 ----D---- C:\Windows\PolicyDefinitions
2011-07-24 16:44:53 ----D---- C:\Program Files\Internet Explorer
2011-07-24 16:44:51 ----D---- C:\Program Files (x86)\Internet Explorer
2011-07-23 23:48:06 ----D---- C:\Windows\twain_32
2011-07-22 15:46:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-21 17:33:12 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2011-07-20 10:55:41 ----D---- C:\ProgramData\Apple Computer
2011-07-20 10:54:41 ----D---- C:\Program Files (x86)\QuickTime
2011-07-19 21:27:20 ----D---- C:\Windows\system32\drivers\UMDF
2011-07-19 21:27:19 ----D---- C:\ProgramData\Apple
2011-07-19 02:47:14 ----A---- C:\Windows\SYSWOW64\msvcr71.dll
2011-07-19 02:47:14 ----A---- C:\Windows\SYSWOW64\msvcp71.dll
2011-07-16 18:05:57 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2011-07-16 16:23:56 ----D---- C:\Program Files (x86)\AviSynth 2.5
2011-07-15 21:18:51 ----D---- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
2011-07-13 03:00:55 ----A---- C:\Windows\system32\MRT.exe
2011-07-12 17:01:38 ----RSD---- C:\Windows\assembly
2011-07-12 16:41:33 ----D---- C:\Windows\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-10-13 409624]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-13 214096]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [2009-08-29 433200]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [2010-04-21 221232]
R1 BHDrvx64;BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-07-22 1151096]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [2010-02-25 615040]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [2011-07-28 481912]
R1 IDSVia64;IDSVia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20110729.030\IDSvia64.sys [2011-07-04 488056]
R1 JSWPSLWF;JumpStart Wireless Filter Driver; C:\Windows\system32\DRIVERS\jswpslwfx.sys [2008-10-01 26624]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL) x64; C:\Windows\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS [2010-04-21 32304]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [2010-04-28 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [2010-05-05 451120]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 136824]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2010-03-05 10300800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2010-01-29 2260256]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110731.003\ENG64.SYS [2011-06-30 117880]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20110731.003\EX64.SYS [2011-06-30 2011768]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-11-27 295424]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver; C:\Windows\system32\DRIVERS\rtl8192se.sys [2010-01-19 1088544]
R3 SRTSP;Symantec Real Time Storage Protection x64; C:\Windows\System32\Drivers\NISx64\1108000.005\SRTSP64.SYS [2010-04-21 505392]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [2011-06-30 173104]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-05 316464]
S3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\agrsm64.sys [2009-06-10 1146880]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\smhwadb.sys [2009-12-23 31744]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-19 1394688]
S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2011-04-30 66840]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2011-04-30 60184]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2011-04-30 42776]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
S3 PCAMp50a64;PCAMp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50a64.sys [2006-11-28 43328]
S3 PCASp50a64;PCASp50a64 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50a64.sys [2006-11-28 41280]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-13 12352]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-13 109056]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal); C:\Windows\system32\DRIVERS\smhwdev.sys [2010-01-13 114432]
S3 smhwser;USB Device for Legacy Serial Communication (Normal); C:\Windows\system32\DRIVERS\smhwser.sys [2010-02-03 122624]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2011-05-10 51712]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-13 40448]
S3 WNDA3100;NETGEAR WNDA3100 USB2.0 Wireless Card Service; C:\Windows\system32\DRIVERS\WNDA31w7x.sys [2009-10-21 767488]
S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2009-07-13 679936]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys [2009-08-21 79976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]
R2 NIS;Norton Internet Security; C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe [2010-02-25 126392]
S3 jswpsapi;Jumpstart Wifi Protected Setup; C:\Program Files (x86)\NETGEAR\WNDA3100\jswpsapi.exe [2008-02-29 942080]
S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-05-25 37664]
S4 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2011-07-12 387944]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S4 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
S4 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-02-08 230968]
S4 HPWMISVC;HPWMISVC; C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-01-18 20480]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S4 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-05-29 1255736]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.09 2011-08-08 13:02:24

======Uninstall list======

 Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - RuneScape HD\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Seafight\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe"
-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FDB3B167-F4FA-461D-976F-286304A57B2A}
Adobe Download Assistant-->msiexec /qb /x {5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}
Adobe Download Assistant-->MsiExec.exe /I{5D90E53A-BD7C-8F32-9B82-7733D0F0BC8E}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
Adobe Shockwave Player-->MsiExec.exe /X{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}
Angry Birds Rio-->MsiExec.exe /I{4D634FB6-42BB-42AB-A37A-DCFF95CD654D}
Apple Application Support-->MsiExec.exe /I{B3575D00-27EF-49C2-B9E0-14B3D954E992}
Apple Mobile Device Support-->MsiExec.exe /I{439760BC-7737-4386-9B1D-A90A3E8A22EA}
Apple Software Update-->MsiExec.exe /I{C6579A65-9CAE-4B31-8B6B-3306E0630A66}
Audacity 1.3.13 (Unicode)-->"C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)\unins000.exe"
Bejeweled 2 Deluxe-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 3-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
Bonjour-->MsiExec.exe /X{CA0D2F09-F811-48D4-843E-C87696C6A9D9}
Build-a-lot 2-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"
Cake Mania-->"C:\Program Files (x86)\HP Games\Cake Mania\Uninstall.exe"
Chuzzle Deluxe-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
Cisco EAP-FAST Module-->MsiExec.exe /I{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}
Cisco LEAP Module-->MsiExec.exe /I{51C7AD07-C3F6-4635-8E8A-231306D810FE}
Cisco PEAP Module-->MsiExec.exe /I{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
DAP Plug-in for 64 Bit IE-->MsiExec.exe /I{E06AF9BE-E1D6-4867-8DBF-74E4BA32BBB3}
DAP Premium-->C:\Program Files (x86)\DAP Premium\Uninstal.exe
Diner Dash 2 Restaurant Rescue-->"C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
Dora's Carnival Adventure-->"C:\Program Files (x86)\HP Games\Dora's Carnival Adventure\Uninstall.exe"
Download Accelerator Plus (DAP)-->C:\PROGRA~2\DAP\DAPREMOVE.EXE
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Escape Rosecliff Island-->"C:\Program Files (x86)\HP Games\Escape Rosecliff Island\Uninstall.exe"
ESU for Microsoft Windows 7-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Faerie Solitaire-->"C:\Program Files (x86)\HP Games\Faerie Solitaire\Uninstall.exe"
FastStone Capture 6.9-->C:\Program Files (x86)\FastStone Capture\uninst.exe
FATE-->"C:\Program Files (x86)\HP Games\FATE\Uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{669A032D-4E28-3D11-BB26-8AD5D51EFE87}
HP Advisor-->MsiExec.exe /X{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP Quick Launch-->MsiExec.exe /I{10F539B1-31AF-43BF-9F0C-0EB66E918922}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17B4760F-334B-475D-829F-1A3E94A6A4E6}\setup.exe" -l0x9  -removeonly
HP Smart Web Printing-->msiexec /i{49A143E9-4A6A-43E7-86B1-388194C79248}
HP Software Framework-->MsiExec.exe /X{223E2363-6643-49CB-A062-59A9858EE8EE}
HP Support Assistant-->"C:\Program Files (x86)\InstallShield Installation Information\{495A8A3C-8FD0-4C46-9979-95C26181A1AB}\setup.exe" -runfromtemp -l0x0409 -removeonly
HP Update-->MsiExec.exe /X{D46D081B-F60E-467E-A7C4-117B70D76731}
HP User Guides 0178-->MsiExec.exe /X{9A4317FB-5775-4FB3-BDC9-995595106F1F}
HP Wireless Assistant-->MsiExec.exe /X{54CC7901-804D-4155-B353-21F0CC9112AB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Graphics Media Accelerator Driver-->C:\Program Files (x86)\Intel\Intel(R) Graphics Media Accelerator Driver\Uninstall\setup.exe -uninstall
Intel® Matrix Storage Manager-->C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall
Internet TV for Windows Media Center-->MsiExec.exe /X{9D318C86-AF4C-409F-A6AC-7183FF4CF424}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Jewel Quest 3-->"C:\Program Files (x86)\HP Games\Jewel Quest 3\Uninstall.exe"
Jewel Quest Solitaire 2-->"C:\Program Files (x86)\HP Games\Jewel Quest Solitaire 2\Uninstall.exe"
Junk Mail filter update-->MsiExec.exe /I{8E5233E1-7495-44FB-8DEB-4BE906D59619}
K-Lite Codec Pack 7.2.0 (Basic)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Office 64-bit Components 2007-->MsiExec.exe /X{90120000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Shared 64-bit MUI (English) 2007-->MsiExec.exe /X{90120000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570-->MsiExec.exe /X{8338783A-0968-3B85-AFC7-BAAE0A63DC50}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft Visual C++ Run Time  Lib Setup-->MsiExec.exe /I{AAF4238F-7C29-451D-9925-C753271A5728}
Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
Microsoft Xbox 360 Accessories 1.2-->MsiExec.exe /X{D9C50188-12D5-4D3E-8F00-682346C2AA5F}
Microsoft XNA Framework Redistributable 3.1-->MsiExec.exe /I{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}
Microsoft_VC80_ATL_x86_x64-->MsiExec.exe /I{925D058B-564A-443A-B4B2-7E90C6432E55}
Microsoft_VC80_ATL_x86-->MsiExec.exe /I{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}
Microsoft_VC80_CRT_x86_x64-->MsiExec.exe /I{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}
Microsoft_VC80_CRT_x86-->MsiExec.exe /I{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}
Microsoft_VC80_MFC_x86_x64-->MsiExec.exe /I{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}
Microsoft_VC80_MFC_x86-->MsiExec.exe /I{D1A19B02-817E-4296-A45B-07853FD74D57}
Microsoft_VC80_MFCLOC_x86_x64-->MsiExec.exe /I{1E9FC118-651D-4934-97BE-E53CAE5C7D45}
Microsoft_VC80_MFCLOC_x86-->MsiExec.exe /I{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}
Microsoft_VC90_ATL_x86_x64-->MsiExec.exe /I{8557397C-A42D-486F-97B3-A2CBC2372593}
Microsoft_VC90_ATL_x86-->MsiExec.exe /I{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}
Microsoft_VC90_CRT_x86_x64-->MsiExec.exe /I{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}
Microsoft_VC90_CRT_x86-->MsiExec.exe /I{08D2E121-7F6A-43EB-97FD-629B44903403}
Microsoft_VC90_MFC_x86_x64-->MsiExec.exe /I{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}
Microsoft_VC90_MFC_x86-->MsiExec.exe /I{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}
Microsoft_VC90_MFCLOC_x86_x64-->MsiExec.exe /I{90BF0360-A1DB-4599-A643-95AB90A52C1E}
Microsoft_VC90_MFCLOC_x86-->MsiExec.exe /I{B6D38690-755E-4F40-A35A-23F8BC2B86AC}
Mozilla Firefox 5.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
muvee Reveal-->MsiExec.exe /X{43BA31BA-04BD-2EA3-0A60-A9C54E06D3F2}
Mystery P.I. - The New York Fortune-->"C:\Program Files (x86)\HP Games\Mystery P.I. - The New York Fortune\Uninstall.exe"
Netflix in Windows Media Center-->MsiExec.exe /X{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}
NETGEAR RangeMax Duo Wireless-N USB Adapter WNDA3100-->C:\Program Files (x86)\InstallShield Installation Information\{C0100D9E-2372-45E2-BDA5-BD18F9B03298}\setup.exe -runfromtemp -l0x0409
Norton Internet Security-->C:\Program Files (x86)\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\A5E82D02\17.8.0.5\InstStub.exe /X
Norton Online Backup-->MsiExec.exe /X{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}
Paint.NET v3.5.8-->MsiExec.exe /X{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB3}
Penguins!-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
Plants vs. Zombies-->"C:\Program Files (x86)\HP Games\Plants vs. Zombies\Uninstall.exe"
Poker Superstars III-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"
Polar Bowler-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
QuickTime-->MsiExec.exe /I{57752979-A1C9-4C02-856B-FBB27AC4E02C}
RealNetworks - Microsoft Visual C++ 2008 Runtime-->MsiExec.exe /X{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}
RealPlayer-->C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek Ethernet Controller Driver For Windows 7-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Realtek USB 2.0 Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{96AE7E41-E34E-47D0-AC07-1091A8127911}\setup.exe" -runfromtemp -l0x0009 -removeonly
REALTEK Wireless LAN Software-->C:\Program Files (x86)\InstallShield Installation Information\{901F0D4C-009D-1112-8DE4-03599E7B0C5C}\Install.exe -uninst -l0x9
RealUpgrade 1.1-->MsiExec.exe /I{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}
Recovery Manager-->"C:\Program Files (x86)\InstallShield Installation Information\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}\setup.exe" /z-uninstall
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A

2
Jokes / The old man outside heaven
« on: February 10, 2011, 10:08:38 PM »
One fine day at the pearly gates to heaven, St. Peter was checking people in and the gates opened for now apparent reason, and out
stepped Jesus.  He said, "St. Peter, of all, you have been most faithful these past millenia, by helping to check people into heaven.
I came to give you a break for the next few millenia..."  St. Peter crossed himself, thanked Jesus profusely and proceeded into heaven for his
well deserved "rest".
Jesus started checking people into heaven and all was going well, until he noticed an old man just up the way, ALSO
checking people before they arrived to the gates.  This unnerved Jesus a little, so when there was a break in people arriving, he decided to
go and talk to the man.  He asked the old man, "Kind sir, why are you checking people before the gates of heaven?  this is better left to myself and St. Peter."
The old man replied in a shaky old voice, "Well, I am looking for my son.  He is everything to me..."  Jesus took pity on the old man and
said, "Perhaps you can tell me a little bit about your son, and maybe I can help you to find him?"  The old man replied, "That would be wonderful!"
he wrung his hands and began, "Well, my son is a very kind and wonderful boy.  He would never harm a fly.  He has dark hair, and an almost
peaceful look on his face at all times.  Oh!  He also has a hole in each hand and each foot!"
Jesus' eyes open wide and he blurts out, "Father?!?!?"
The old man looks up into Jesus' eyes, his own eyes welling with tears, "PINNOCHIO?!?!"   :hysterical:

3
Jokes / Rope Joke
« on: February 10, 2011, 09:48:25 PM »
So...   three ropes walk into a bar...

the first one, cocky and bold, walks up to the bartender and says,
"My friends and I are parched my good friend, please set us up with a round of drinks!".
The bartender looks up slowly from wiping the inside of a mug and says, in a dry weathered voice,
"Son, are you a rope?"
The rope smiles and says why yes sir!  I am a rope and my friends and I....."
The bartender interrupts and says, "We don't serve ropes here..."
The rope walks back to his friends a bit shaken and tells them the bad news.
The second rope says wait right here, I'LL take care of this..."
The second rope walks up to the bartender, slaps a Fifty dollar bill onto the bar and tells the bartender,
"Perhaps you didn't hear my good friend Mr. Grant!?!?  We would like a round of drinks please!"
The bartender slowly raises his head and says, yet again, "Son, are you a rope?"
"why yes sir, I am a rope!  And proud of it!", winks to his friends...
to which the bartender replied again, "We don't serve ropes here..."
The rope pockets the fifty and storms back to his friends clearly agitated,
"Look guys!  This bartender is nuts, let's get out of here!"
The last rope says, "let me give it a try?"
The last rope ties himself up and messes up his hair (fibers) and hobbles over to the bartender...
"Excuse me sir?  Could you please set my friends and I up with a round of drinks?"
The bartender says, "Son, are you a rope?"
The rope exclaims, "No sir!  I'm a frayed knot!"  Ba-DUM-DUM--TSH!   :hysterical:

4
FYI - Recently, or rather, it is hard to tell, Microsoft put out this update (KB976902).
My system ran it automatically and when I returned from being away, all internet was down.  I had to roll back my system prior to the update to restore internet connectivity.  There is a lot of controversy about this update and it would be wise to have a definitive answer to all of the questions surrounding this update.

I just wanted to start a thread on this subject and see if someone can pull up more solid info on this problem and make everyone aware.

Thank you, and good luck!   :thumbsup:

5
Analysis and Malware Removal / Friend of mine needs help...
« on: July 04, 2008, 02:42:58 AM »
First, Howdy to those who know me, and hello to those who don't.  Been awhile, I know...  Been real busy lately and working my fingers to the bone, so to speak...

Anyways, a friend of mine needed help in recovering his system.  He has dialup and I told him he needed to have his system cleaned well.  He finally has the time, but I fear for his system,  :shock:   heheh...   HJT logs below:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:33:48 PM, on 7/3/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DoScan.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.couldnotfind.com/search_page.html?&account_id=3054
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://start.earthlink.net/start?id=1
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [3dfx Tools] rundll32.exe 3dfxCmn.dll,CMNUpdateOnBoot
O4 - HKLM\..\Run: [3dfx Task Manager] "C:\Program Files\3dfx Interactive\3dfx Tools\Apps\3dfxMan.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Network Host Service] tjlyrau32.exe
O4 - HKLM\..\Run: [274c10a9] rundll32.exe "C:\WINDOWS\System32\tfynvaxn.dll",b
O4 - HKLM\..\Run: [mmsass] mmdmm.exe
O4 - HKLM\..\Run: [Repair Registry Pro] C:\Program Files\Repair Registry Pro\RepairRegistryPro.exe -s
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [BM247f2335] Rundll32.exe "C:\WINDOWS\System32\pnfsvfds.dll",s
O4 - HKLM\..\RunServices: [Network Host Service] tjlyrau32.exe
O4 - HKLM\..\RunServices: [mmsass] mmdmm.exe
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://198.143.5.92/12601660/adult_chat.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 7862 bytes

Thank you very much for any help you can offer.    :thumbsup:

6
First let me begin by saying HI to everyone taht knows me here.  (I know, been awhile...)  I have been really busy at school, training, finding another new job, lol, and working hard as well.

Anyways, I'll get right to it and save the niceties for another thread...  I haven't checked my brother's system in awhile, and I knew it probably had some junk on it, but this stuff on it now is really tough.  Let em give you a rundown on what I have noticed so far...

I cannot see some drives in Disk Management.  it varies too, awhile ago it was the CD drives, and now it doesn't show the HDDs, but the CD drives show now...  odd, I know...

Next, I cannot install .NET properly.  I ripped it out with software and regitry configuring and such, and also tried a tool for this, and I got rid of it, but after I install the .NET 1.1, after restart, it goes back to being "bad".  This prohibits other software from being installed if it relies on .NET...

Next, The AV (Symantec 10 Corporate w/Firewall) pops up occasionally when scanning using another scanning tool, IE., - Ewido, Adaware (what's up with them now?), etc...  It tries to clean, and usually quarantines these random files.  I delete them after since they are not system or needed files, of course...

Next, Diskeeper will not run, I think, because of the problem with seeing the drive and/or the location of C:...  Could be something else, but I do not want to run defrag on his system unless I am sure it is clean.

Finally, his system is slower than it should be, (what else is new?  lol), and it is not sending anything out via the NIC, afaik, and I do not notice any obvious processes running rampant.

So, without further ado, here are his HijackThis logs:
________________________________________
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11:34:19 AM, on 4/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\EPSON\ESM2\eEBSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Eriks Files\HijackThis\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: run=
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O6 "USB001" /M "Stylus C84"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Background Monitor.lnk = C:\Program Files\EPSON\ESM2\STMS.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1176415002471
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF0636A0-9B94-49EF-A206-7735E7421B36}: NameServer = 68.87.76.178,68.87.66.196
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\EPSON\ESM2\eEBSVC.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Unknown owner - C:\Program Files\NavNT\rtvscan.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe

--
End of file - 7711 bytes
________________________________________

I certainly hope you can help.  So does my bro, heheh...  If all else fails, I may just wipe the system and reinstall, but my bro lost his Keys and such, so I will be hard pressed to run with that procedure...  *sigh

Thanks a lot guys!  If I am not really busy, I will post much more here, (than the occasional support call), heheh...   8)

7
Analysis and Malware Removal / My logs, or rather my fathers...
« on: August 20, 2006, 03:54:24 AM »
This is a new popup that I can't find in HJT.  I even found reference to random files that are supposed to be generated, but do not see them in HJT or in services running...

Thanks in advance!

Logfile of HijackThis v1.99.1
Scan saved at 9:22:03 PM, on 8/19/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Common Files\HQManager\hqdecsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\ORL\VNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\program files\support.com\bin\tgcmd.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINNT\system32\ctfmon.exe
C:\FDIW\UpdtChk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Dell\Software\Admin\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = javascript:resizeTo(1024,768);moveTo(0,0);document.location.href='http://www.msn.com/'
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Merriam-Webster Collegiate BHO - {8C918A35-0240-4685-B486-23B226536056} - C:\WINNT\_MWCTB.DLL
O3 - Toolbar: Merriam-Webster Collegiate Toolbar - {E9903977-FFCE-4827-A9D7-A325A0F87F18} - C:\WINNT\_MWCTB.DLL
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\ORL\VNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "c:\program files\support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Field Data Internet Update Check.lnk = C:\FDIW\UpdtChk.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Collegiate &Dictionary - res://C:\WINNT\_MWCTB.DLL/23/219
O8 - Extra context menu item: Collegiate &Encyclopedia - res://C:\WINNT\_MWCTB.DLL/23/236
O8 - Extra context menu item: Collegiate &Thesaurus - res://C:\WINNT\_MWCTB.DLL/23/220
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: S&panish-English Dictionary - res://C:\WINNT\_MWCTB.DLL/23/237
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINNT\System32\shdocvw.dll (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://eagent.farmersinsurance.com/PLA/eAgent/eAuto/commonActiveX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tricklers/AWS/MiniBugTransporter.cab?
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {354D91A8-E3C9-491F-BB89-0FB27DEEED86} (ImgXTwain6.ImgXTwain) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXTwain61.cab
O16 - DPF: {45EEDB84-57BC-4FBD-8065-7AB8E971B545} (ImgXDialog6.ImgXDialog) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgXDialog61.cab
O16 - DPF: {5F05A225-0F66-43DE-89E4-6FFD589C4F01} (OC web Installer) - http://www.aebn.net/ws/DownloadCoach/dc5/files/objectCubeInstall.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125498711593
O16 - DPF: {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} (Atalasoft ImgXCtrl6.ImgXCtrl (CAB)) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/ImgX61.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - https://eagent.farmersinsurance.com/PLA/eAgent/scv/commonActiveX/msxml4.cab
O16 - DPF: {D4E3D5D9-9959-482D-9D5A-C74880E7FB74} (Merriam-Webster Unabridged Toolbar) - http://www.merriam-webstercollegiate.com/toolbar/install/webinstall.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: High Quality Decompress Service (HQDecompressService) - xxxcodec.com - C:\Program Files\Common Files\HQManager\hqdecsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\ORL\VNC\WinVNC.exe" -service (file missing)

Please PM me as well if you have an answer or steps to take...

More info from other post located here:  http://www.landzdown.com/index.php?topic=10175.0

8
Anyone else come across this new threat?  My father somehow got it on his system, (Don't ask; don't tell, lol), and I am having a tough time finding the culprit with HijackThis.  Any input is greatly appreciated...

I will update this post with a screenshot if I can...   8)

Pages: [1]