• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.
Sign in to follow this  
Followers 0
blubop

system restore problems

8 posts in this topic

My system restore under Windows Vista seems to have stopped working. It seems to go through the proper processes through the restart but then I get the following error message:

 

"System restore did not complete successfully."

"An unspecified error occurred during system restore."

 

Here's the Hijack This log:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:24:11 PM, on 12/4/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16916)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\WINDOWS\System32\jureg.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\wpcumi.exe

C:\Windows\system32\schtasks.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\hp\kbd\kbd.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunes.exe

C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matt\Documents\Downloads\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome?lnkctr=mhWN&lnkce=sntWi

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe

O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8006 bytes

 

 

 

 

 

Thanks all...

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

 

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Hi,

 

I'm nasdaq

 

Have you had to remove some malware recently.?

 

===

 

Random's System Information Tool (RSIT)

 

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.

  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

 

These reports are long, please post the contents of both logs (in separate post) in your next reply.

Share this post


Link to post
Share on other sites

Hey nas,

 

ty for your help. I haven't had any serious malware problems lately that I'm aware of. But I can't be sure. I only realized I had this problem after some problems that resulted after I installed some system updates and later tried to roll back my setup. Here are the logs you asked for:

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Matt at 2009-12-11 02:03:14

Microsoft® Windows Vista™ Home Premium

System drive C: has 314 GB (67%) free of 468 GB

Total RAM: 3070 MB (56% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:03:34 AM, on 12/11/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

 

Running processes:

C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wuauclt.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\WINDOWS\System32\wpcumi.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Windows\ehome\ehmsas.exe

C:\hp\kbd\kbd.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\BitTorrent\bittorrent.exe

C:\Program Files\eMusic Download Manager\xulrunner\xulrunner.exe

C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Matt\Documents\Downloads\RSIT.exe

C:\Program Files\trend micro\Matt.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome?lnkctr=mhWN&lnkce=sntWi

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE

O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe

O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\System32\msconfig.exe" /auto

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent

O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll

O13 - Gopher Prefix:

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe

O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe

O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8790 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\AWC AutoSweep.job

C:\Windows\tasks\AWC Startup.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-611076269-38195463-178661245-1000.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-611076269-38195463-178661245-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-611076269-38195463-178661245-1000UA.job

C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Matt.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]

Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]

Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-23 1006264]

"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]

"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]

"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]

"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]

"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-01-07 1496968]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]

"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]

"MSConfig"=C:\WINDOWS\System32\msconfig.exe [2006-11-02 222208]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]

"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-05 198160]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Launcher"=C:\Windows\SMINST\launcher.exe [2007-04-03 44168]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"=C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-07 133104]

"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]

"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]

"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-02-19 202064]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]

C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-07-31 472568]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]

C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"LogonHoursAction"=2

"DontDisplayLogonHoursWarnings"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

======File associations======

 

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2009-12-11 02:03:20 ----D---- C:\Program Files\trend micro

2009-12-11 02:03:14 ----D---- C:\rsit

2009-12-10 03:04:46 ----A---- C:\Windows\system32\nshhttp.dll

2009-12-10 03:04:42 ----A---- C:\Windows\system32\httpapi.dll

2009-12-09 07:05:33 ----A---- C:\Windows\system32\winhttp.dll

2009-12-09 07:05:24 ----A---- C:\Windows\system32\mshtml.dll

2009-12-09 07:05:23 ----A---- C:\Windows\system32\wininet.dll

2009-12-09 07:05:23 ----A---- C:\Windows\system32\urlmon.dll

2009-12-09 07:05:23 ----A---- C:\Windows\system32\iertutil.dll

2009-12-09 07:05:23 ----A---- C:\Windows\system32\ieframe.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\occache.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\msfeedssync.exe

2009-12-09 07:05:22 ----A---- C:\Windows\system32\msfeedsbs.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\msfeeds.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\jsproxy.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\ieUnatt.exe

2009-12-09 07:05:22 ----A---- C:\Windows\system32\ieui.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\iesysprep.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\iesetup.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\iepeers.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\iedkcs32.dll

2009-12-09 07:05:22 ----A---- C:\Windows\system32\ie4uinit.exe

2009-12-09 07:05:21 ----A---- C:\Windows\system32\iernonce.dll

2009-12-09 07:02:46 ----A---- C:\Windows\system32\rastls.dll

2009-12-09 07:02:46 ----A---- C:\Windows\system32\raschap.dll

2009-12-05 02:19:23 ----D---- C:\Users\Matt\AppData\Roaming\Skype

2009-12-05 02:19:00 ----D---- C:\Program Files\Common Files\Skype

2009-12-05 02:18:59 ----RD---- C:\Program Files\Skype

2009-12-05 02:07:35 ----A---- C:\Windows\system32\rmoc3260.dll

2009-12-05 02:07:30 ----A---- C:\Windows\system32\pndx5032.dll

2009-12-05 02:07:30 ----A---- C:\Windows\system32\pndx5016.dll

2009-12-05 02:07:28 ----D---- C:\Program Files\Common Files\xing shared

2009-12-05 02:07:16 ----A---- C:\Windows\system32\pncrt.dll

2009-12-04 19:50:31 ----D---- C:\Program Files\Microsoft

2009-12-04 19:27:48 ----D---- C:\ProgramData\Office Genuine Advantage

2009-12-04 17:20:32 ----A---- C:\Windows\system32\jscript.dll

2009-12-04 16:06:14 ----A---- C:\Windows\system32\mshtmler.dll

2009-12-04 16:06:14 ----A---- C:\Windows\system32\mshtmled.dll

2009-12-04 16:06:14 ----A---- C:\Windows\system32\icardie.dll

2009-12-04 16:06:14 ----A---- C:\Windows\system32\admparse.dll

2009-12-04 16:06:13 ----A---- C:\Windows\system32\msls31.dll

2009-12-04 16:06:13 ----A---- C:\Windows\system32\imgutil.dll

2009-12-04 16:06:13 ----A---- C:\Windows\system32\ieakeng.dll

2009-12-04 16:06:13 ----A---- C:\Windows\system32\dxtmsft.dll

2009-12-04 16:06:13 ----A---- C:\Windows\system32\corpol.dll

2009-12-04 16:06:12 ----A---- C:\Windows\system32\msrating.dll

2009-12-04 16:06:12 ----A---- C:\Windows\system32\licmgr10.dll

2009-12-04 16:06:12 ----A---- C:\Windows\system32\inseng.dll

2009-12-04 16:06:12 ----A---- C:\Windows\system32\ieaksie.dll

2009-12-04 16:06:12 ----A---- C:\Windows\system32\dxtrans.dll

2009-12-04 16:06:11 ----A---- C:\Windows\system32\WinFXDocObj.exe

2009-12-04 16:06:11 ----A---- C:\Windows\system32\wextract.exe

2009-12-04 16:06:11 ----A---- C:\Windows\system32\webcheck.dll

2009-12-04 16:06:11 ----A---- C:\Windows\system32\mstime.dll

2009-12-04 16:06:11 ----A---- C:\Windows\system32\ieakui.dll

2009-12-04 16:06:11 ----A---- C:\Windows\system32\advpack.dll

2009-12-04 16:06:10 ----A---- C:\Windows\system32\vbscript.dll

2009-12-04 16:06:10 ----A---- C:\Windows\system32\url.dll

2009-12-04 16:06:10 ----A---- C:\Windows\system32\pngfilt.dll

2009-12-04 16:06:10 ----A---- C:\Windows\system32\ieapfltr.dll

2009-12-04 16:06:08 ----A---- C:\Windows\system32\SetIEInstalledDate.exe

2009-12-04 16:06:08 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe

2009-12-04 16:06:08 ----A---- C:\Windows\system32\PDMSetup.exe

2009-12-04 16:06:08 ----A---- C:\Windows\system32\mshta.exe

2009-12-04 16:06:08 ----A---- C:\Windows\system32\iexpress.exe

2009-12-04 16:01:12 ----A---- C:\Windows\system32\jureg.exe

2009-12-04 16:01:12 ----A---- C:\Windows\system32\javaws.exe

2009-12-04 16:01:12 ----A---- C:\Windows\system32\javaw.exe

2009-12-04 16:01:12 ----A---- C:\Windows\system32\java.exe

2009-11-30 15:37:03 ----D---- C:\Program Files\7-Zip

2009-11-28 00:08:28 ----D---- C:\Users\Matt\AppData\Roaming\NwDocx

2009-11-28 00:08:08 ----D---- C:\Users\Matt\AppData\Roaming\Docx2Rtf

2009-11-25 03:01:45 ----A---- C:\Windows\system32\tzres.dll

2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml6r.dll

2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml6.dll

2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml3r.dll

2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml3.dll

2009-11-24 08:58:02 ----D---- C:\Program Files\Lame for Audacity

2009-11-24 08:56:16 ----D---- C:\Program Files\Audacity

2009-11-19 02:59:09 ----D---- C:\ProgramData\Real

2009-11-16 20:11:47 ----D---- C:\Program Files\Torrent Harvester

 

======List of files/folders modified in the last 1 months======

 

2009-12-11 02:03:33 ----D---- C:\Windows\Prefetch

2009-12-11 02:03:20 ----RD---- C:\Program Files

2009-12-11 02:03:20 ----D---- C:\Windows\Temp

2009-12-11 02:02:42 ----D---- C:\Users\Matt\AppData\Roaming\BitTorrent

2009-12-11 01:40:46 ----SHD---- C:\System Volume Information

2009-12-10 10:16:40 ----D---- C:\Windows\System32

2009-12-10 10:16:40 ----D---- C:\Windows\inf

2009-12-10 10:16:40 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-12-10 10:11:11 ----D---- C:\Windows\SMINST

2009-12-10 07:25:32 ----D---- C:\Windows\winsxs

2009-12-10 07:25:07 ----D---- C:\Windows\system32\catroot

2009-12-10 07:22:52 ----D---- C:\Windows\system32\migration

2009-12-10 07:22:52 ----D---- C:\Windows\system32\en-US

2009-12-10 07:22:52 ----D---- C:\Windows\system32\drivers

2009-12-10 07:22:52 ----D---- C:\Program Files\Windows Mail

2009-12-10 07:22:52 ----D---- C:\Program Files\Internet Explorer

2009-12-10 03:06:44 ----SHD---- C:\Windows\Installer

2009-12-10 03:05:16 ----D---- C:\Windows\system32\catroot2

2009-12-06 20:19:05 ----D---- C:\Windows\system32\Tasks

2009-12-06 20:19:04 ----D---- C:\Windows\Tasks

2009-12-05 11:50:29 ----D---- C:\Program Files\IObit

2009-12-05 08:01:46 ----D---- C:\Users\Matt\AppData\Roaming\skypePM

2009-12-05 02:19:00 ----D---- C:\Program Files\Common Files

2009-12-05 02:18:59 ----D---- C:\ProgramData\Skype

2009-12-05 02:07:47 ----D---- C:\Users\Matt\AppData\Roaming\Real

2009-12-05 02:07:36 ----D---- C:\Program Files\Common Files\Real

2009-12-05 01:54:49 ----D---- C:\WINDOWS

2009-12-05 01:53:15 ----D---- C:\Windows\system32\RTCOM

2009-12-05 01:41:47 ----D---- C:\Windows\system32\wbem

2009-12-05 01:41:47 ----D---- C:\Windows\system32\spool

2009-12-05 01:41:46 ----RD---- C:\Windows\Offline Web Pages

2009-12-05 01:41:46 ----D---- C:\Windows\system32\CodeIntegrity

2009-12-05 01:12:09 ----SD---- C:\Windows\Downloaded Program Files

2009-12-04 19:58:10 ----HD---- C:\ProgramData

2009-12-04 19:58:03 ----D---- C:\ProgramData\NVIDIA

2009-12-04 19:50:41 ----D---- C:\Program Files\Common Files\microsoft shared

2009-12-04 19:38:20 ----D---- C:\Windows\Panther

2009-12-04 19:34:53 ----D---- C:\Windows\PolicyDefinitions

2009-12-04 16:08:32 ----D---- C:\Windows\Debug

2009-12-04 16:03:46 ----D---- C:\Windows\system32\zh-TW

2009-12-04 16:03:46 ----D---- C:\Windows\system32\zh-HK

2009-12-04 16:03:46 ----D---- C:\Windows\system32\tr-TR

2009-12-04 16:03:46 ----D---- C:\Windows\system32\sv-SE

2009-12-04 16:03:46 ----D---- C:\Windows\system32\pt-BR

2009-12-04 16:03:46 ----D---- C:\Windows\system32\nl-NL

2009-12-04 16:03:46 ----D---- C:\Windows\system32\nb-NO

2009-12-04 16:03:46 ----D---- C:\Windows\system32\ko-KR

2009-12-04 16:03:46 ----D---- C:\Windows\system32\it-IT

2009-12-04 16:03:46 ----D---- C:\Windows\system32\he-IL

2009-12-04 16:03:46 ----D---- C:\Windows\system32\fr-FR

2009-12-04 16:03:46 ----D---- C:\Windows\system32\fi-FI

2009-12-04 16:03:46 ----D---- C:\Windows\system32\es-ES

2009-12-04 16:03:45 ----D---- C:\Windows\system32\el-GR

2009-12-04 16:03:45 ----D---- C:\Windows\system32\de-DE

2009-12-04 16:03:45 ----D---- C:\Windows\system32\da-DK

2009-12-04 16:03:45 ----D---- C:\Windows\system32\ar-SA

2009-12-04 16:02:31 ----D---- C:\Windows\Logs

2009-12-04 16:01:11 ----D---- C:\Program Files\Java

2009-12-01 15:06:19 ----A---- C:\Windows\system32\mrt.exe

2009-11-29 00:22:28 ----SD---- C:\Users\Matt\AppData\Roaming\Microsoft

2009-11-12 22:42:00 ----HD---- C:\Windows\system32\GroupPolicyUsers

2009-11-12 03:02:41 ----A---- C:\Windows\win.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys [2009-08-22 259632]

R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys [2009-09-08 482432]

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-26 371248]

R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091111.001\IDSvix86.sys [2009-10-28 343088]

R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS [2009-08-22 43696]

R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648]

R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS [2009-08-22 217136]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]

R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]

R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091210.023\NAVENG.SYS [2009-08-25 84912]

R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091210.023\NAVEX15.SYS [2009-08-25 1323568]

R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832]

R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]

R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1007020.00B\SRTSP.SYS [2009-08-22 308272]

R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-08 124976]

R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [2009-08-22 89904]

R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [2009-08-22 48688]

R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]

R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]

R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656]

R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-07-31 267760]

S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-07-31 218608]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]

S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]

 

-----------------EOF-----------------

 

 

info.txt logfile of random's system information tool 1.06 2009-12-11 02:03:36

 

======Uninstall list======

 

-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"

-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"

-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}

Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"

Amazon MP3 Downloader 1.0.8-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe

Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"

BitTorrent-->C:\Program Files\BitTorrent\uninst.exe

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe

eMusic Download Manager 4.1.3.1-->C:\Program Files\eMusic Download Manager\uninst.exe

Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u

FLAC 1.2.1b (remove only)-->C:\Users\Matt\Music\FLAC\uninstall.exe

Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}

HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409

HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}

HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}

HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly

HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe

HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}

HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}

HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}

iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}

Java SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}

LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}

Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x0009 -removeonly

My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"

Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}

Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.7.2.11\InstStub.exe /X

NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI

NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}

OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}

PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}

Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0

Realtek High Definition Audio Driver-->RtlUpd.exe -r -m

Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}

Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}

Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}

Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}

Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}

Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}

Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}

Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}

Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}

Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}

Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF

SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly

The Lord of the Rings Online™ - Mines of Moria™ - Live-->"C:\Program Files\Turbine\The Lord of the Rings Online\Uninstall.exe" /silent /query 12bbe590-c890-11d9-9669-0800200c9a66_is1

Turbine Download Manager - Live-->"C:\Program Files\Turbine\Turbine Download Manager\UninstallTDM.exe" /silent /query 62289540-dc30-11dc-95ff-0800200c9a66_is1

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}

WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}

Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}

World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe

Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL

Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

 

======Security center information======

 

AV: Norton Internet Security

FW: Norton Internet Security

AS: Windows Defender (disabled)

AS: Norton Internet Security

 

======System event log======

 

Computer Name: Matt-PC

Event Code: 51

Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 86281

Source Name: cdrom

Time Written: 20091211035419.777541-000

Event Type: Warning

User:

 

Computer Name: Matt-PC

Event Code: 51

Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 86282

Source Name: cdrom

Time Written: 20091211035639.192541-000

Event Type: Warning

User:

 

Computer Name: Matt-PC

Event Code: 51

Message: An error was detected on device \Device\CdRom0 during a paging operation.

Record Number: 86283

Source Name: cdrom

Time Written: 20091211035640.785541-000

Event Type: Warning

User:

 

Computer Name: Matt-PC

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 86285

Source Name: Tcpip

Time Written: 20091211045249.786541-000

Event Type: Warning

User:

 

Computer Name: Matt-PC

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 86287

Source Name: Tcpip

Time Written: 20091211061045.417541-000

Event Type: Warning

User:

 

=====Application event log=====

 

Computer Name: Matt-PC

Event Code: 4622

Message: The COM+ Event System could not marshal the subscriber for subscription {C5896B89-4DDA-48DA-88F0-7772A4898BEB}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.

Record Number: 18096

Source Name: Microsoft-Windows-EventSystem

Time Written: 20091209022247.000000-000

Event Type: Error

User:

 

Computer Name: Matt-PC

Event Code: 4609

Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8000ffff from line 474 of d:\vista_gdr\com\complus\src\events\tier2\eventsystem2.cpp. Please contact Microsoft Product Support Services to report this error.

Record Number: 18099

Source Name: Microsoft-Windows-EventSystem

Time Written: 20091209022250.000000-000

Event Type: Error

User:

 

Computer Name: Matt-PC

Event Code: 1530

Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

 

DETAIL -

19 user registry handles leaked from \Registry\User\S-1-5-21-611076269-38195463-178661245-1002:

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002

Process 3932 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\SmartCardRoot

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\Root

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

Process 3932 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\My

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\My

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\CA

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\trust

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\SystemCertificates

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\SystemCertificates

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies

 

Record Number: 18101

Source Name: Microsoft-Windows-User Profiles Service

Time Written: 20091209022250.000000-000

Event Type: Warning

User: NT AUTHORITY\SYSTEM

 

Computer Name: Matt-PC

Event Code: 5007

Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Record Number: 18119

Source Name: WerSvc

Time Written: 20091209115258.000000-000

Event Type: Error

User:

 

Computer Name: Matt-PC

Event Code: 5007

Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.

Record Number: 18333

Source Name: WerSvc

Time Written: 20091210122501.000000-000

Event Type: Error

User:

 

=====Security event log=====

 

Computer Name: Matt-PC

Event Code: 4905

Message: An attempt was made to unregister a security event source.

 

Subject

Security ID: S-1-5-18

Account Name: MATT-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

 

Process:

Process ID: 0x440

Process Name: C:\WINDOWS\System32\VSSVC.exe

 

Event Source:

Source Name: VSSAudit

Event Source ID: 0x3b16763

Record Number: 29600

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091211064121.043541-000

Event Type: Audit Success

User:

 

Computer Name: Matt-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys

Record Number: 29601

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091211070328.261541-000

Event Type: Audit Failure

User:

 

Computer Name: Matt-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys

Record Number: 29602

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091211070328.311541-000

Event Type: Audit Failure

User:

 

Computer Name: Matt-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys

Record Number: 29603

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091211070328.362541-000

Event Type: Audit Failure

User:

 

Computer Name: Matt-PC

Event Code: 5038

Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

 

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys

Record Number: 29604

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091211070328.414541-000

Event Type: Audit Failure

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD

"PROCESSOR_REVISION"=6b02

"NUMBER_OF_PROCESSORS"=2

"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\

"PLATFORM"=HPD

"PCBRAND"=Pavilion

"OnlineServices"=Online Services

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

 

 

Hi,

 

I'm nasdaq

 

Have you had to remove some malware recently.?

 

===

 

Random's System Information Tool (RSIT)

 

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.

  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

 

These reports are long, please post the contents of both logs (in separate post) in your next reply.

Share this post


Link to post
Share on other sites

Hi,

I'm nasdaq and will be helping you.

 

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

 

Advanced SystemCare is a ROGUE! program.

IOBit based in China is stealing and incorporating proprietary databases and intellectual property into their software.

Please remove it via the Add/Remove programs list.

===

 

While in the Add/Remove programs remove this old version of Java.

Java SE Runtime Environment 6 Update 1

===

 

Disable Microsoft Windows Defender

 

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

 

After all of the fixes are complete it is very important that you enable Real-time Protection again.

 

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m

 

Click on Fix Checked when finished and exit HijackThis.

 

Restart the computer normally.

===

 

Download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

 

Link 1

Link 2

 

 

**Note: It is important that it is saved directly to your desktop**

 

IMPORTANT....

 

1. Close any open browsers.

 

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

 

3. Do not install any other programs until this if fixed.

 

How to : Disable Anti-virus and Firewall...

http://www.bleepingcomputer.com/forums/topic114351.html

 

Double click on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.

Note:

Do not mouse click combofix's window while it's running. That may cause it to stall

 

Note: If you have difficulty properly disabling your protective programs, refer to this link http://www.bleepingcomputer.com/forums/topic114351.html

===

 

p.s.

Please when replying us this post-10-126012383895.gifAdd Reply button. I do not need to see my previous instructions.

Share this post


Link to post
Share on other sites

So what does "rogue" mean? is iobit actually doing damage to my system, or is it a moral/proprietary issue? C-net gave it 5 stars. Can I still perform the other actions you suggest or is it really best to ditch iobit?

Share this post


Link to post
Share on other sites
or is it a moral/proprietary issue?

 

You got that right. This community is trying hard to develop tool to help other with out having some 3 party steel their properties.

Share this post


Link to post
Share on other sites

Glad we could help. :)

 

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0