Jump to content


Photo

system restore problems


  • This topic is locked This topic is locked
7 replies to this topic

#1 blubop

blubop

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 04 December 2009 - 04:43 PM

My system restore under Windows Vista seems to have stopped working. It seems to go through the proper processes through the restart but then I get the following error message:

"System restore did not complete successfully."
"An unspecified error occurred during system restore."

Here's the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:11 PM, on 12/4/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16916)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\jureg.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunes.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.c...hWN&lnkce=sntWi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8006 bytes





Thanks all...

#2 SWI Support Robot

SWI Support Robot

    Helper robot

  • SWI Bot
  • PipPipPipPipPip
  • 23,520 posts

Posted 07 December 2009 - 05:31 AM

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

Thank you for your patience.


[this is an automated reply]
This is an automated message. It does not count as help.

#3 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 10 December 2009 - 02:33 PM

Hi,

I'm nasdaq

Have you had to remove some malware recently.?

===

Random's System Information Tool (RSIT)

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.
  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

These reports are long, please post the contents of both logs (in separate post) in your next reply.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#4 blubop

blubop

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 11 December 2009 - 02:13 AM

Hey nas,

ty for your help. I haven't had any serious malware problems lately that I'm aware of. But I can't be sure. I only realized I had this problem after some problems that resulted after I installed some system updates and later tried to roll back my setup. Here are the logs you asked for:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt at 2009-12-11 02:03:14
Microsoft® Windows Vista™ Home Premium
System drive C: has 314 GB (67%) free of 468 GB
Total RAM: 3070 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:03:34 AM, on 12/11/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wuauclt.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\RtHDVCpl.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\hp\kbd\kbd.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\eMusic Download Manager\xulrunner\xulrunner.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Matt\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Matt\Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\Matt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.c...hWN&lnkce=sntWi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...lion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...lion&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe
O4 - HKLM\..\Run: [MSConfig] "C:\WINDOWS\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Turbine Message Service - Live (LiveTurbineMessageService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe
O23 - Service: Turbine Network Service - Live (LiveTurbineNetworkService) - Turbine, Inc. - C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8790 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC AutoSweep.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-611076269-38195463-178661245-1000.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-611076269-38195463-178661245-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-611076269-38195463-178661245-1000UA.job
C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Matt.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-22 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-22 378736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2007-08-23 1006264]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"KBD"=C:\HP\KBD\KbdStub.EXE [2006-12-08 65536]
"OsdMaestro"=C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe [2007-02-15 118784]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-15 4874240]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2007-05-24 71176]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"itype"=C:\Program Files\Microsoft IntelliType Pro\itype.exe [2009-01-07 1496968]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"WPCUMI"=C:\Windows\system32\WpcUmi.exe [2006-11-02 176128]
"MSConfig"=C:\WINDOWS\System32\msconfig.exe [2006-11-02 222208]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-05 198160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"=C:\Windows\SMINST\launcher.exe [2007-04-03 44168]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Matt\AppData\Local\Google\Update\GoogleUpdate.exe [2009-05-07 133104]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe [2009-09-03 3342336]
"SmartRAM"=C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe [2009-02-19 202064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbine Download Manager Tray Icon]
C:\Program Files\Turbine\Turbine Download Manager\TurbineDownloadManagerIcon.exe [2009-07-31 472568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Matt^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
C:\PROGRA~1\Yahoo!\Widgets\YAHOOW~1.EXE [2008-03-18 4742184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-12-11 02:03:20 ----D---- C:\Program Files\trend micro
2009-12-11 02:03:14 ----D---- C:\rsit
2009-12-10 03:04:46 ----A---- C:\Windows\system32\nshhttp.dll
2009-12-10 03:04:42 ----A---- C:\Windows\system32\httpapi.dll
2009-12-09 07:05:33 ----A---- C:\Windows\system32\winhttp.dll
2009-12-09 07:05:24 ----A---- C:\Windows\system32\mshtml.dll
2009-12-09 07:05:23 ----A---- C:\Windows\system32\wininet.dll
2009-12-09 07:05:23 ----A---- C:\Windows\system32\urlmon.dll
2009-12-09 07:05:23 ----A---- C:\Windows\system32\iertutil.dll
2009-12-09 07:05:23 ----A---- C:\Windows\system32\ieframe.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\occache.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\msfeedssync.exe
2009-12-09 07:05:22 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\msfeeds.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\jsproxy.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\ieUnatt.exe
2009-12-09 07:05:22 ----A---- C:\Windows\system32\ieui.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\iesysprep.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\iesetup.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\iepeers.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\iedkcs32.dll
2009-12-09 07:05:22 ----A---- C:\Windows\system32\ie4uinit.exe
2009-12-09 07:05:21 ----A---- C:\Windows\system32\iernonce.dll
2009-12-09 07:02:46 ----A---- C:\Windows\system32\rastls.dll
2009-12-09 07:02:46 ----A---- C:\Windows\system32\raschap.dll
2009-12-05 02:19:23 ----D---- C:\Users\Matt\AppData\Roaming\Skype
2009-12-05 02:19:00 ----D---- C:\Program Files\Common Files\Skype
2009-12-05 02:18:59 ----RD---- C:\Program Files\Skype
2009-12-05 02:07:35 ----A---- C:\Windows\system32\rmoc3260.dll
2009-12-05 02:07:30 ----A---- C:\Windows\system32\pndx5032.dll
2009-12-05 02:07:30 ----A---- C:\Windows\system32\pndx5016.dll
2009-12-05 02:07:28 ----D---- C:\Program Files\Common Files\xing shared
2009-12-05 02:07:16 ----A---- C:\Windows\system32\pncrt.dll
2009-12-04 19:50:31 ----D---- C:\Program Files\Microsoft
2009-12-04 19:27:48 ----D---- C:\ProgramData\Office Genuine Advantage
2009-12-04 17:20:32 ----A---- C:\Windows\system32\jscript.dll
2009-12-04 16:06:14 ----A---- C:\Windows\system32\mshtmler.dll
2009-12-04 16:06:14 ----A---- C:\Windows\system32\mshtmled.dll
2009-12-04 16:06:14 ----A---- C:\Windows\system32\icardie.dll
2009-12-04 16:06:14 ----A---- C:\Windows\system32\admparse.dll
2009-12-04 16:06:13 ----A---- C:\Windows\system32\msls31.dll
2009-12-04 16:06:13 ----A---- C:\Windows\system32\imgutil.dll
2009-12-04 16:06:13 ----A---- C:\Windows\system32\ieakeng.dll
2009-12-04 16:06:13 ----A---- C:\Windows\system32\dxtmsft.dll
2009-12-04 16:06:13 ----A---- C:\Windows\system32\corpol.dll
2009-12-04 16:06:12 ----A---- C:\Windows\system32\msrating.dll
2009-12-04 16:06:12 ----A---- C:\Windows\system32\licmgr10.dll
2009-12-04 16:06:12 ----A---- C:\Windows\system32\inseng.dll
2009-12-04 16:06:12 ----A---- C:\Windows\system32\ieaksie.dll
2009-12-04 16:06:12 ----A---- C:\Windows\system32\dxtrans.dll
2009-12-04 16:06:11 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-12-04 16:06:11 ----A---- C:\Windows\system32\wextract.exe
2009-12-04 16:06:11 ----A---- C:\Windows\system32\webcheck.dll
2009-12-04 16:06:11 ----A---- C:\Windows\system32\mstime.dll
2009-12-04 16:06:11 ----A---- C:\Windows\system32\ieakui.dll
2009-12-04 16:06:11 ----A---- C:\Windows\system32\advpack.dll
2009-12-04 16:06:10 ----A---- C:\Windows\system32\vbscript.dll
2009-12-04 16:06:10 ----A---- C:\Windows\system32\url.dll
2009-12-04 16:06:10 ----A---- C:\Windows\system32\pngfilt.dll
2009-12-04 16:06:10 ----A---- C:\Windows\system32\ieapfltr.dll
2009-12-04 16:06:08 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-12-04 16:06:08 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-12-04 16:06:08 ----A---- C:\Windows\system32\PDMSetup.exe
2009-12-04 16:06:08 ----A---- C:\Windows\system32\mshta.exe
2009-12-04 16:06:08 ----A---- C:\Windows\system32\iexpress.exe
2009-12-04 16:01:12 ----A---- C:\Windows\system32\jureg.exe
2009-12-04 16:01:12 ----A---- C:\Windows\system32\javaws.exe
2009-12-04 16:01:12 ----A---- C:\Windows\system32\javaw.exe
2009-12-04 16:01:12 ----A---- C:\Windows\system32\java.exe
2009-11-30 15:37:03 ----D---- C:\Program Files\7-Zip
2009-11-28 00:08:28 ----D---- C:\Users\Matt\AppData\Roaming\NwDocx
2009-11-28 00:08:08 ----D---- C:\Users\Matt\AppData\Roaming\Docx2Rtf
2009-11-25 03:01:45 ----A---- C:\Windows\system32\tzres.dll
2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml6r.dll
2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml6.dll
2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml3r.dll
2009-11-24 21:58:58 ----A---- C:\Windows\system32\msxml3.dll
2009-11-24 08:58:02 ----D---- C:\Program Files\Lame for Audacity
2009-11-24 08:56:16 ----D---- C:\Program Files\Audacity
2009-11-19 02:59:09 ----D---- C:\ProgramData\Real
2009-11-16 20:11:47 ----D---- C:\Program Files\Torrent Harvester

======List of files/folders modified in the last 1 months======

2009-12-11 02:03:33 ----D---- C:\Windows\Prefetch
2009-12-11 02:03:20 ----RD---- C:\Program Files
2009-12-11 02:03:20 ----D---- C:\Windows\Temp
2009-12-11 02:02:42 ----D---- C:\Users\Matt\AppData\Roaming\BitTorrent
2009-12-11 01:40:46 ----SHD---- C:\System Volume Information
2009-12-10 10:16:40 ----D---- C:\Windows\System32
2009-12-10 10:16:40 ----D---- C:\Windows\inf
2009-12-10 10:16:40 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-12-10 10:11:11 ----D---- C:\Windows\SMINST
2009-12-10 07:25:32 ----D---- C:\Windows\winsxs
2009-12-10 07:25:07 ----D---- C:\Windows\system32\catroot
2009-12-10 07:22:52 ----D---- C:\Windows\system32\migration
2009-12-10 07:22:52 ----D---- C:\Windows\system32\en-US
2009-12-10 07:22:52 ----D---- C:\Windows\system32\drivers
2009-12-10 07:22:52 ----D---- C:\Program Files\Windows Mail
2009-12-10 07:22:52 ----D---- C:\Program Files\Internet Explorer
2009-12-10 03:06:44 ----SHD---- C:\Windows\Installer
2009-12-10 03:05:16 ----D---- C:\Windows\system32\catroot2
2009-12-06 20:19:05 ----D---- C:\Windows\system32\Tasks
2009-12-06 20:19:04 ----D---- C:\Windows\Tasks
2009-12-05 11:50:29 ----D---- C:\Program Files\IObit
2009-12-05 08:01:46 ----D---- C:\Users\Matt\AppData\Roaming\skypePM
2009-12-05 02:19:00 ----D---- C:\Program Files\Common Files
2009-12-05 02:18:59 ----D---- C:\ProgramData\Skype
2009-12-05 02:07:47 ----D---- C:\Users\Matt\AppData\Roaming\Real
2009-12-05 02:07:36 ----D---- C:\Program Files\Common Files\Real
2009-12-05 01:54:49 ----D---- C:\WINDOWS
2009-12-05 01:53:15 ----D---- C:\Windows\system32\RTCOM
2009-12-05 01:41:47 ----D---- C:\Windows\system32\wbem
2009-12-05 01:41:47 ----D---- C:\Windows\system32\spool
2009-12-05 01:41:46 ----RD---- C:\Windows\Offline Web Pages
2009-12-05 01:41:46 ----D---- C:\Windows\system32\CodeIntegrity
2009-12-05 01:12:09 ----SD---- C:\Windows\Downloaded Program Files
2009-12-04 19:58:10 ----HD---- C:\ProgramData
2009-12-04 19:58:03 ----D---- C:\ProgramData\NVIDIA
2009-12-04 19:50:41 ----D---- C:\Program Files\Common Files\microsoft shared
2009-12-04 19:38:20 ----D---- C:\Windows\Panther
2009-12-04 19:34:53 ----D---- C:\Windows\PolicyDefinitions
2009-12-04 16:08:32 ----D---- C:\Windows\Debug
2009-12-04 16:03:46 ----D---- C:\Windows\system32\zh-TW
2009-12-04 16:03:46 ----D---- C:\Windows\system32\zh-HK
2009-12-04 16:03:46 ----D---- C:\Windows\system32\tr-TR
2009-12-04 16:03:46 ----D---- C:\Windows\system32\sv-SE
2009-12-04 16:03:46 ----D---- C:\Windows\system32\pt-BR
2009-12-04 16:03:46 ----D---- C:\Windows\system32\nl-NL
2009-12-04 16:03:46 ----D---- C:\Windows\system32\nb-NO
2009-12-04 16:03:46 ----D---- C:\Windows\system32\ko-KR
2009-12-04 16:03:46 ----D---- C:\Windows\system32\it-IT
2009-12-04 16:03:46 ----D---- C:\Windows\system32\he-IL
2009-12-04 16:03:46 ----D---- C:\Windows\system32\fr-FR
2009-12-04 16:03:46 ----D---- C:\Windows\system32\fi-FI
2009-12-04 16:03:46 ----D---- C:\Windows\system32\es-ES
2009-12-04 16:03:45 ----D---- C:\Windows\system32\el-GR
2009-12-04 16:03:45 ----D---- C:\Windows\system32\de-DE
2009-12-04 16:03:45 ----D---- C:\Windows\system32\da-DK
2009-12-04 16:03:45 ----D---- C:\Windows\system32\ar-SA
2009-12-04 16:02:31 ----D---- C:\Windows\Logs
2009-12-04 16:01:11 ----D---- C:\Program Files\Java
2009-12-01 15:06:19 ----A---- C:\Windows\system32\mrt.exe
2009-11-29 00:22:28 ----SD---- C:\Users\Matt\AppData\Roaming\Microsoft
2009-11-12 22:42:00 ----HD---- C:\Windows\system32\GroupPolicyUsers
2009-11-12 03:02:41 ----A---- C:\Windows\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\Windows\System32\Drivers\NIS\1007020.00B\ccHPx86.sys [2009-09-08 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2009-08-26 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20091111.001\IDSvix86.sys [2009-10-28 343088]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1007020.00B\SRTSPX.SYS [2009-08-22 43696]
R1 SymIM;Symantec Network Security Intermediate Filter Driver; C:\Windows\system32\DRIVERS\SymIMv.sys [2009-08-22 25648]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS [2009-08-22 217136]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-26 102448]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HSF_DP;HSF_DP; C:\Windows\system32\DRIVERS\HSX_DP.sys [2008-05-08 980992]
R3 HSXHWBS2;HSXHWBS2; C:\Windows\system32\DRIVERS\HSXHWBS2.sys [2008-05-08 266752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-15 2047576]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091210.023\NAVENG.SYS [2009-08-25 84912]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091210.023\NAVEX15.SYS [2009-08-25 1323568]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-05-03 1065384]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-09-27 9509832]
R3 Ps2;PS2; C:\Windows\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1007020.00B\SRTSP.SYS [2009-08-22 308272]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2009-09-08 124976]
R3 SYMFW;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [2009-08-22 89904]
R3 SYMNDISV;Symantec Network Filter Driver; C:\Windows\System32\Drivers\NIS\1007020.00B\SYMNDISV.SYS [2009-08-22 48688]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2008-05-08 661504]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2007-05-24 61440]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-05-15 79400]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-22 117640]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-09-27 215656]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 LiveTurbineMessageService;Turbine Message Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-07-31 267760]
S3 LiveTurbineNetworkService;Turbine Network Service - Live; C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-07-31 218608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2007-05-11 887544]
S3 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-05-03 74656]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2009-12-11 02:03:36

======Uninstall list======

-->"C:\Program Files\HP Games\Chessmaster Challenge\Uninstall.exe"
-->"C:\Program Files\HP Games\Mah Jong Quest\Uninstall.exe"
-->MsiExec /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ActiveCheck component for HP Active Support Library-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Amazon MP3 Downloader 1.0.8-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
BitTorrent-->C:\Program Files\BitTorrent\uninst.exe
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
EA Download Manager-->C:\Program Files\Electronic Arts\EADM\Uninstall.exe
eMusic Download Manager 4.1.3.1-->C:\Program Files\eMusic Download Manager\uninst.exe
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
FLAC 1.2.1b (remove only)-->C:\Users\Matt\Music\FLAC\uninstall.exe
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
HP Active Support Library 32 bit components-->MsiExec.exe /I{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}
HP Active Support Library-->C:\Program Files\InstallShield Installation Information\{0A47BAFF-D4FF-4BD3-96CA-02A22EA62722}\setup.exe -runfromtemp -l0x0409
HP Advisor-->MsiExec.exe /X{73A43E42-3658-4DD9-8551-FACDA3632538}
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40F7AED3-0C7D-4582-99F6-484A515C73F2}\setup.exe" -l0x9 -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Update-->MsiExec.exe /X{FE57DE70-95DE-4B64-9266-84DA811053DB}
HPAsset component for HP Active Support Library-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LAME v3.98.2 for Audacity-->"C:\Program Files\Lame for Audacity\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\Windows\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Basic Edition 2003-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 6.0-->C:\Program Files\InstallShield Installation Information\{14AF024E-2E3B-49D0-A175-D1C1A06B155A}\setup.exe -runfromtemp -l0x0009 -removeonly
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.7.2.11\InstStub.exe /X
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.09.04-->MsiExec.exe /X{A7E07C2B-2220-4415-87E3-784D5814BC93}
OGA Notifier 2.0.0048.0-->MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Roxio Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Roxio Creator Audio-->MsiExec.exe /X{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator Basic v9-->MsiExec.exe /X{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Copy-->MsiExec.exe /X{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /X{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator EasyArchive-->MsiExec.exe /X{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}
Roxio Creator Tools-->MsiExec.exe /X{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler 3-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD Basic v9-->MsiExec.exe /X{938B1CD7-7C60-491E-AA90-1F1888168240}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\UIU32m.exe -U -ITrx200Cz.INF
SPORE™-->"C:\Program Files\InstallShield Installation Information\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\SPORESetup.exe" -runfromtemp -l0x0009 -removeonly
The Lord of the Rings Online™ - Mines of Moria™ - Live-->"C:\Program Files\Turbine\The Lord of the Rings Online\Uninstall.exe" /silent /query 12bbe590-c890-11d9-9669-0800200c9a66_is1
Turbine Download Manager - Live-->"C:\Program Files\Turbine\Turbine Download Manager\UninstallTDM.exe" /silent /query 62289540-dc30-11dc-95ff-0800200c9a66_is1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
WeatherBug Gadget-->MsiExec.exe /I{209CDA54-D390-46A2-A97C-7BF61734418D}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security
AS: Windows Defender (disabled)
AS: Norton Internet Security

======System event log======

Computer Name: Matt-PC
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 86281
Source Name: cdrom
Time Written: 20091211035419.777541-000
Event Type: Warning
User:

Computer Name: Matt-PC
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 86282
Source Name: cdrom
Time Written: 20091211035639.192541-000
Event Type: Warning
User:

Computer Name: Matt-PC
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 86283
Source Name: cdrom
Time Written: 20091211035640.785541-000
Event Type: Warning
User:

Computer Name: Matt-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 86285
Source Name: Tcpip
Time Written: 20091211045249.786541-000
Event Type: Warning
User:

Computer Name: Matt-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 86287
Source Name: Tcpip
Time Written: 20091211061045.417541-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Matt-PC
Event Code: 4622
Message: The COM+ Event System could not marshal the subscriber for subscription {C5896B89-4DDA-48DA-88F0-7772A4898BEB}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 18096
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091209022247.000000-000
Event Type: Error
User:

Computer Name: Matt-PC
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8000ffff from line 474 of d:\vista_gdr\com\complus\src\events\tier2\eventsystem2.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 18099
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091209022250.000000-000
Event Type: Error
User:

Computer Name: Matt-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
19 user registry handles leaked from \Registry\User\S-1-5-21-611076269-38195463-178661245-1002:
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002
Process 3932 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\Root
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
Process 3932 (\Device\HarddiskVolume1\WINDOWS\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\My
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\My
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\CA
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\SystemCertificates\trust
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\SystemCertificates
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies\Microsoft\SystemCertificates
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Process 1056 (\Device\HarddiskVolume1\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-611076269-38195463-178661245-1002\Software\Policies

Record Number: 18101
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091209022250.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Matt-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 18119
Source Name: WerSvc
Time Written: 20091209115258.000000-000
Event Type: Error
User:

Computer Name: Matt-PC
Event Code: 5007
Message: The target file for the Windows Feedback Platform (a DLL file containing the list of problems on this computer that require additional data collection for diagnosis) could not be parsed. The error code was 8014FFF9.
Record Number: 18333
Source Name: WerSvc
Time Written: 20091210122501.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Matt-PC
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: MATT-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0x440
Process Name: C:\WINDOWS\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x3b16763
Record Number: 29600
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211064121.043541-000
Event Type: Audit Success
User:

Computer Name: Matt-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
Record Number: 29601
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211070328.261541-000
Event Type: Audit Failure
User:

Computer Name: Matt-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
Record Number: 29602
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211070328.311541-000
Event Type: Audit Failure
User:

Computer Name: Matt-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
Record Number: 29603
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211070328.362541-000
Event Type: Audit Failure
User:

Computer Name: Matt-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume1\WINDOWS\System32\drivers\NIS\1007020.00B\BHDrvx86.sys
Record Number: 29604
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091211070328.414541-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;c:\Program Files\Common Files\Roxio Shared\DLLShared\;c:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=c:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Online Services
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------




Hi,

I'm nasdaq

Have you had to remove some malware recently.?

===

Random's System Information Tool (RSIT)

Download random's system information tool (RSIT) by random/random from >>here<< and save it to your desktop.

  • Double click on RSIT.exe to launch program.
  • Click Continue at the disclaimer screen.
  • Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  • Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

These reports are long, please post the contents of both logs (in separate post) in your next reply.



#5 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 11 December 2009 - 10:07 AM

Hi,
I'm nasdaq and will be helping you.

Print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.

Advanced SystemCare is a ROGUE! program.
IOBit based in China is stealing and incorporating proprietary databases and intellectual property into their software.
Please remove it via the Add/Remove programs list.
===

While in the Add/Remove programs remove this old version of Java.
Java SE Runtime Environment 6 Update 1
===

Disable Microsoft Windows Defender

We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
  • Click on Tools, General Settings.
  • Under Real-time protection options, unselect the Turn on real-time protection check box
  • Click Save

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m


Click on Fix Checked when finished and exit HijackThis.

Restart the computer normally.
===

Download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingc...to-use-combofix

Link 1
Link 2


**Note: It is important that it is saved directly to your desktop**

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingc...opic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log for further review.
Note:
Do not mouse click combofix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link http://www.bleepingc...opic114351.html
===

p.s.
Please when replying us this Posted Image Add Reply button. I do not need to see my previous instructions.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#6 blubop

blubop

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 12 December 2009 - 12:37 PM

So what does "rogue" mean? is iobit actually doing damage to my system, or is it a moral/proprietary issue? C-net gave it 5 stars. Can I still perform the other actions you suggest or is it really best to ditch iobit?

#7 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 13 December 2009 - 05:07 PM

or is it a moral/proprietary issue?


You got that right. This community is trying hard to develop tool to help other with out having some 3 party steel their properties.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760

#8 nasdaq

nasdaq

    Forum Deity

  • Global Moderator
  • PipPipPipPipPip
  • 49,080 posts

Posted 28 December 2009 - 10:06 AM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.
nasdaq

Favorite tools: [ SpywareBlaster ] [ Spybot ] [ AdAware ] [ HijackThis ]
[ Housecall online virus scan ] [ Bitdefender online virus scan ]
[ AVG antivirus ] [ Sunbelt Personal Firewall ] [ ZoneAlarm firewall ]

My help is free, but if we have helped you in anyway,please considerDonating ,
see this topic for details.
We need members like you.

========
Shouldn't water be worth more than diamonds?
Adam Smith Glasgow, 1760




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button