Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

slow computer [Closed]

Started by ryeguy2000 , Nov 10 2009 09:00 PM

  • This topic is locked This topic is locked

#1
ryeguy2000
Posted 10 November 2009 - 09:00 PM

ryeguy2000

    Member

  • Member
  • PipPip
  • 28 posts
My computer has been slow for a while now.

scanningprocess.exe seems to be using a lot of memory and I'm not even sure what program it comes from.

My antivirus software is called Freedom, it comes for free from Rogers (my internet provider).

I have a program called "HP digital imaging monitor" in my system tray and I'm not sure how to get rid of it.

I expect there are many unnecessary programs running in the background which I am not aware of.

I also always have a "safely remove hardware" icon in my system tray, it comes back every time I restart!

I have gone through the Cleaning Guide, I have attached the results of the Malware scan, RootRepeal, and OTL.

one more thing - every time I restart, I get 2 files in my recycle bin - this time they are called RB9.tmp and RB8.tmp, original location C:\RECYCLER

I know my computer is getting old, but it is way too slow, help me please!!!!

Attached Files


  • 0

Advertisements

#2
SpySentinel
Posted 20 November 2009 - 01:38 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi ryeguy2000,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your computer problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O33 - MountPoints2\{24c03093-650c-11de-99c4-0011d8333561}\Shell\AutoRun\command - "" = K:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{946850c5-1e27-11d9-baf0-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe -- File not found\

:Files
C:\WINDOWS\System32\drivers\fidbox2.dat
C:\WINDOWS\System32\drivers\fidbox2.idx

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done



Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#3
ryeguy2000
Posted 20 November 2009 - 08:54 PM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
No need to apologize - I appreciate your help!

One more issue I forgot to mention - I receive warnings about running out of virtual memory all the time. Could we possibly look into this too?

I ran OTL and ComboFix as per your instructions. The ComboFix log is attached.

Thanks,

Attached Files


  • 0

#4
SpySentinel
Posted 21 November 2009 - 01:34 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi ryeguy2000, you're welcome.

Yes once you are clean we can address the Low Memory issue.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Rootkit::
c:\windows\system32\drivers\fidbox2.dat
c:\windows\system32\drivers\fidbox2.idx


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Edited by SpySentinel, 21 November 2009 - 01:36 AM.

  • 0

#5
ryeguy2000
Posted 21 November 2009 - 07:25 AM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Okay hold on before I do that last step.

When I turned my computer on today it said Windows did not start successfully. A recent hardware or software change might have caused this. It gave me a few options:
- to start windows normally
- to start in safe mode
- using Microsoft Windows Recovery Console
- to start from the last successful point (or something like that)

but none of these worked

I ended up pressing F10 during startup and using the HP PC system recovery. This seemed to work. I lost a few programs, but that's not a big deal - I can reload them. I seem to still have my data files and ictures so that's the important thing.

Looks like I have a lot of firmware loaded on my computer again, since I am back at the factory settings.

So what happenned here? What should I do now?
  • 0

#6
ryeguy2000
Posted 21 November 2009 - 01:32 PM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
so since I have an old version of Windows, I started updating it, restarting along the way

once it updated service pack 3, it would not reboot, same problem as before
  • 0

#7
SpySentinel
Posted 22 November 2009 - 12:19 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
It would not update because you are infected.

I would advise you not to update windows yet, until we get you clean.

Please go ahead and follow my last instructions.

Edited by SpySentinel, 22 November 2009 - 12:19 PM.

  • 0

#8
ryeguy2000
Posted 22 November 2009 - 07:17 PM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
okay, here's the file

Attached Files


  • 0

#9
SpySentinel
Posted 23 November 2009 - 08:52 AM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.




Run ESET Online Scan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
  • 0

#10
ryeguy2000
Posted 24 November 2009 - 06:10 AM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Here is the Malwarebytes file. I also ran the ESET program, it did not find any viruses, I could not figure out how to get the log file - the instructions don't match what happenned.

Attached Files


  • 0

Advertisements

#11
SpySentinel
Posted 24 November 2009 - 03:16 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.



  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#12
ryeguy2000
Posted 24 November 2009 - 08:00 PM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
okay here you go - 2 logs attached

Attached Files

  • Attached File  log.txt   28.72KB   154 downloads
  • Attached File  info.txt   10.25KB   181 downloads

  • 0

#13
ryeguy2000
Posted 24 November 2009 - 08:02 PM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
This looks easier to read - log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-11-25 02:58:50
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 98 GB (67%) free of 145 GB
Total RAM: 511 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:58:57 AM, on 25/11/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Owner.RYAN.000\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...a...&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...&pf=desktop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6138 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2311998673-1377838299-1174811306-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2311998673-1377838299-1174811306-1009UA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2444700138-1923381970-838522852-1009Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2444700138-1923381970-838522852-1009UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-11-24 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-11-24 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-11-24 256112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe [2004-12-02 32881]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-07 52736]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"HPHUPD06"=c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [2004-06-07 49152]
"HPHmon06"=C:\WINDOWS\system32\hphmon06.exe [2004-06-07 659456]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-11 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004-12-02 180269]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-06-04 286720]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2004-04-14 233472]
"AlcxMonitor"=C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 57344]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-16 81920]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"Reminder"=C:\Windows\Creator\Remind_XP.exe [2003-12-18 118784]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-24 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 3 months======

2009-11-25 02:58:50 ----D---- C:\rsit
2009-11-25 02:58:50 ----D---- C:\Program Files\trend micro
2009-11-25 02:14:14 ----D---- C:\Program Files\NOS
2009-11-25 02:14:14 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-11-24 03:21:52 ----D---- C:\Program Files\ESET
2009-11-24 03:09:25 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\AdobeUM
2009-11-24 02:50:17 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Malwarebytes
2009-11-24 02:19:11 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Adobe
2009-11-24 02:18:55 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Google
2009-11-23 02:03:42 ----D---- C:\WINDOWS\temp
2009-11-23 02:03:41 ----A---- C:\ComboFix.txt
2009-11-21 21:24:38 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Template
2009-11-21 21:21:47 ----RASHD---- C:\cmdcons
2009-11-21 21:21:33 ----D---- C:\WINDOWS\setupupd
2009-11-21 20:33:25 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Macromedia
2009-11-21 19:00:53 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-11-21 18:59:51 ----ASH---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\desktop.ini
2009-11-21 18:59:45 ----SD---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Microsoft
2009-11-21 18:59:45 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Symantec
2009-11-21 18:59:45 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Sun
2009-11-21 18:59:45 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\SampleView
2009-11-21 18:59:45 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Real
2009-11-21 18:59:45 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Identities
2009-11-21 18:59:45 ----D---- C:\Documents and Settings\HP_Owner.RYAN.000\Application Data\Apple Computer
2009-11-21 18:57:35 ----A---- C:\WINDOWS\system32\VGAunistlog.ini
2009-11-21 18:54:14 ----D---- C:\WINDOWS\Prefetch
2009-11-21 18:40:05 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-11-21 18:39:59 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-11-21 17:09:11 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-11-21 15:03:28 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-21 14:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-21 14:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-21 14:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-21 14:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-21 14:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-21 14:01:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-21 14:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-21 14:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-21 14:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-21 14:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-21 14:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-21 14:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-21 14:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-21 14:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2009-11-21 14:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-21 14:00:06 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-21 13:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-21 13:59:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-21 13:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-21 13:59:29 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-21 13:59:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-21 13:59:14 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-21 13:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-21 13:59:01 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-11-21 13:58:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-11-21 13:58:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-11-21 13:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-21 13:58:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-11-21 13:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-11-21 13:58:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-21 13:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-11-21 13:57:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-21 13:57:34 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-11-21 13:57:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-21 13:14:07 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-11-21 13:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2_0$
2009-11-21 12:58:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
2009-11-21 12:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-21 12:52:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
2009-11-21 12:44:45 ----D---- C:\Program Files\MSXML 4.0
2009-11-21 12:44:00 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-11-20 21:14:16 ----A---- C:\WINDOWS\zip.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\SWSC.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\SWREG.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\sed.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\PEV.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\NIRCMD.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\MBR.exe
2009-11-20 21:14:16 ----A---- C:\WINDOWS\grep.exe
2009-11-20 21:12:58 ----AD---- C:\Qoobox
2009-11-20 20:44:05 ----D---- C:\_OTL
2009-11-10 22:21:42 ----HDC---- C:\WINDOWS\$NtUninstallKB969947_0$
2009-11-09 22:03:58 ----A---- C:\RootRepeal report 11-09-09 (22-03-58).txt
2009-11-09 22:03:37 ----A---- C:\RootRepeal report 11-09-09 (22-03-37).txt
2009-11-09 21:39:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-09 21:37:14 ----D---- C:\WINDOWS\ERDNT
2009-11-09 21:36:23 ----D---- C:\Program Files\ERUNT
2009-10-15 22:34:49 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 22:32:32 ----HDC---- C:\WINDOWS\$NtUninstallKB969059_0$
2009-10-15 22:32:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 22:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_0$
2009-10-15 22:31:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975025_0$
2009-10-15 22:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974571_0$
2009-10-15 22:28:40 ----HDC---- C:\WINDOWS\$NtUninstallKB971486_0$
2009-10-15 22:28:31 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 22:27:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975467_0$
2009-09-09 19:25:28 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-09 19:17:30 ----HDC---- C:\WINDOWS\$NtUninstallKB956844_0$

======List of files/folders modified in the last 3 months======

2009-11-25 02:58:50 ----RD---- C:\Program Files
2009-11-25 02:56:44 ----D---- C:\WINDOWS
2009-11-25 02:55:01 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-25 02:54:47 ----D---- C:\WINDOWS\system32
2009-11-25 02:38:23 ----SHD---- C:\WINDOWS\Installer
2009-11-25 02:38:20 ----D---- C:\Config.Msi
2009-11-25 02:37:58 ----D---- C:\WINDOWS\WinSxS
2009-11-25 02:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-11-25 02:14:17 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-11-25 02:14:16 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-24 02:50:10 ----D---- C:\WINDOWS\system32\drivers
2009-11-24 02:19:33 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-11-24 02:18:34 ----D---- C:\Program Files\Google
2009-11-24 02:18:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-11-23 01:58:25 ----A---- C:\WINDOWS\system.ini
2009-11-23 01:56:16 ----D---- C:\WINDOWS\AppPatch
2009-11-23 01:56:10 ----D---- C:\Program Files\Common Files
2009-11-23 01:28:54 ----SD---- C:\WINDOWS\Tasks
2009-11-23 01:22:06 ----SHD---- C:\RECYCLER
2009-11-23 01:13:21 ----D---- C:\Program Files\Easy Internet signup
2009-11-23 01:03:05 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-11-23 01:01:41 ----D---- C:\Program Files\Symantec
2009-11-23 01:00:10 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-11-21 21:26:37 ----HD---- C:\WINDOWS\inf
2009-11-21 21:24:38 ----D---- C:\WINDOWS\system32\FxsTmp
2009-11-21 21:22:01 ----RASH---- C:\boot.ini
2009-11-21 21:21:47 ----AC---- C:\WINDOWS\UPGRADE.TXT
2009-11-21 21:19:24 ----D---- C:\WINDOWS\security
2009-11-21 19:00:55 ----A---- C:\WINDOWS\OEWABLog.txt
2009-11-21 18:59:44 ----D---- C:\Documents and Settings
2009-11-21 18:58:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-21 18:58:36 ----A---- C:\WINDOWS\setuplog.txt
2009-11-21 18:58:35 ----SHD---- C:\System Volume Information
2009-11-21 18:58:15 ----D---- C:\WINDOWS\system32\config
2009-11-21 18:58:14 ----D---- C:\sysprep
2009-11-21 18:57:12 ----RASH---- C:\BOOT.BAK
2009-11-21 18:55:14 ----D---- C:\WINDOWS\Registration
2009-11-21 18:41:02 ----D---- C:\WINDOWS\system32\CatRoot
2009-11-21 17:26:14 ----D---- C:\WINDOWS\system
2009-11-21 17:26:14 ----D---- C:\hp
2009-11-21 17:23:42 ----D---- C:\Program Files\Windows NT
2009-11-21 17:23:41 ----D---- C:\Program Files\Windows Media Player
2009-11-21 17:23:40 ----D---- C:\Program Files\Outlook Express
2009-11-21 17:23:39 ----D---- C:\Program Files\NetMeeting
2009-11-21 17:23:36 ----D---- C:\Program Files\Movie Maker
2009-11-21 17:23:34 ----D---- C:\Program Files\Messenger
2009-11-21 17:23:27 ----D---- C:\Program Files\Internet Explorer
2009-11-21 17:23:27 ----D---- C:\Program Files\Common Files\System
2009-11-21 17:23:24 ----D---- C:\Program Files\Common Files\Services
2009-11-21 17:23:16 ----D---- C:\WINDOWS\system32\wbem
2009-11-21 17:23:08 ----D---- C:\WINDOWS\system32\usmt
2009-11-21 17:23:01 ----D---- C:\WINDOWS\system32\ras
2009-11-21 17:23:00 ----D---- C:\WINDOWS\system32\oobe
2009-11-21 17:22:49 ----D---- C:\WINDOWS\system32\npp
2009-11-21 17:22:35 ----D---- C:\WINDOWS\system32\icsxml
2009-11-21 17:22:34 ----D---- C:\WINDOWS\system32\ias
2009-11-21 17:20:58 ----D---- C:\WINDOWS\system32\Setup
2009-11-21 17:20:58 ----D---- C:\WINDOWS\system32\Restore
2009-11-21 17:20:56 ----D---- C:\WINDOWS\system32\Com
2009-11-21 17:20:55 ----D---- C:\WINDOWS\srchasst
2009-11-21 17:20:51 ----D---- C:\WINDOWS\msagent
2009-11-21 17:20:51 ----D---- C:\WINDOWS\ime
2009-11-21 17:20:50 ----RD---- C:\WINDOWS\Web
2009-11-21 17:20:50 ----D---- C:\WINDOWS\addins
2009-11-21 17:20:44 ----D---- C:\WINDOWS\PeerNet
2009-11-21 17:20:43 ----D---- C:\WINDOWS\Media
2009-11-21 17:20:43 ----D---- C:\WINDOWS\Help
2009-11-21 17:20:33 ----RSD---- C:\WINDOWS\Fonts
2009-11-21 17:20:29 ----D---- C:\WINDOWS\Cursors
2009-11-21 17:20:26 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-11-21 17:20:18 ----RD---- C:\MSOCache
2009-11-21 17:20:06 ----RD---- C:\WINDOWS\Offline Web Pages
2009-11-21 17:20:05 ----RSD---- C:\WINDOWS\assembly
2009-11-21 13:49:58 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-11-21 13:46:32 ----D---- C:\WINDOWS\EHome
2009-11-21 13:15:18 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-11-21 13:15:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-11-21 13:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB959426_0$
2009-11-21 13:14:44 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2009-11-21 13:14:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2009-11-21 13:14:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960859_0$
2009-11-21 13:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-11-21 13:11:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-21 13:10:18 ----HDC---- C:\WINDOWS\ie8
2009-11-21 13:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-11-21 13:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971657_0$
2009-11-21 13:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2009-11-21 13:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960225_0$
2009-11-21 13:00:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956572_0$
2009-11-21 12:59:49 ----HDC---- C:\WINDOWS\$NtUninstallKB961501_0$
2009-11-21 12:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971633_0$
2009-11-21 12:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-11-21 12:59:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973869_0$
2009-11-21 12:58:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952004_0$
2009-11-21 12:58:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973507_0$
2009-11-21 12:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-11-21 12:57:51 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-11-21 12:57:44 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2009-11-21 12:57:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$
2009-11-21 12:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-11-21 12:56:40 ----HDC---- C:\WINDOWS\$NtUninstallKB973354_0$
2009-11-21 12:56:24 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$
2009-11-21 12:56:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-11-21 12:55:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-11-21 12:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB970238_0$
2009-11-21 12:52:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803_0$
2009-11-21 12:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973815_0$
2009-11-21 12:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2009-11-21 12:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2009-11-21 12:44:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2009-11-21 12:43:47 ----HDC---- C:\WINDOWS\$NtUninstallKB923561_0$
2009-11-21 12:43:33 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-21 12:43:11 ----HDC---- C:\WINDOWS\$NtUninstallKB968389_0$
2009-11-21 12:09:38 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-11-21 12:08:28 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-11-21 11:29:09 ----D---- C:\WINDOWS\setup.pss
2009-11-19 20:12:08 ----D---- C:\Program Files\Common Files\Adobe
2009-11-17 21:45:13 ----A---- C:\WINDOWS\QUICKEN.INI
2009-11-08 15:29:29 ----A---- C:\AILog.txt
2009-10-20 20:17:25 ----D---- C:\WINDOWS\Minidump
2009-10-17 17:10:30 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-10-15 22:35:30 ----D---- C:\WINDOWS\ie8updates
2009-10-13 20:10:11 ----D---- C:\Program Files\quicken
2009-09-10 16:31:38 ----D---- C:\Program Files\Microsoft Silverlight

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2004-09-24 12928]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-04-06 13872]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2003-07-11 32768]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2004-09-29 229888]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20040813.178\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-04 5504]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-06-04 401408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-21 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 getPlusHelper;getPlus® Helper; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-11-24 182768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------
  • 0

#14
ryeguy2000
Posted 24 November 2009 - 08:03 PM

ryeguy2000

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
this looks easier to read - info.txt

info.txt logfile of random's system information tool 1.06 2009-11-25 02:58:58

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A92000000001}
Agere Systems PCI Soft Modem-->agrsmdel
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 4.2.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.2.3-->C:\Program Files\HP\Digital Imaging\{0D182A5E-AEE0-42ca-BD1D-4EEB2FFA256D}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.0-->C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat
HP Software Update-->MsiExec.exe /X{457791C5-D702-4143-A7B2-2744BE9573F2}
HPIZ423-->MsiExec.exe /X{561A9B4E-2E48-4149-B977-59C7AFF62B52}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL
InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{00FC6799-866E-44A1-A60C-DCF394CF56FD}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
muvee autoProducer 3.5 magicMoments - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9
Norton Personal Firewall-->MsiExec.exe /I{3BD0196C-6553-460c-A0C4-90D8AE5D60D2}
PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe

======System event log======

Computer Name: RYAN
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 180
Source Name: Service Control Manager
Time Written: 20091123005622.000000-300
Event Type: error
User:

Computer Name: RYAN
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 177
Source Name: Service Control Manager
Time Written: 20091123005622.000000-300
Event Type: error
User:

Computer Name: RYAN
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 174
Source Name: Service Control Manager
Time Written: 20091123005622.000000-300
Event Type: error
User:

Computer Name: RYAN
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 171
Source Name: Service Control Manager
Time Written: 20091123005622.000000-300
Event Type: error
User:

Computer Name: RYAN
Event Code: 7023
Message: The Application Management service terminated with the following error:
The specified module could not be found.


Record Number: 168
Source Name: Service Control Manager
Time Written: 20091123005622.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: RYAN
Event Code: 1517
Message: Windows saved user RYAN\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 81
Source Name: Userenv
Time Written: 20091123005056.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RYAN
Event Code: 1517
Message: Windows saved user RYAN\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 60
Source Name: Userenv
Time Written: 20091121225808.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RYAN
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module flash.ocx, version 7.0.19.0, fault address 0x000235d9.

Record Number: 59
Source Name: Application Error
Time Written: 20091121225646.000000-300
Event Type: error
User:

Computer Name: RYAN
Event Code: 1517
Message: Windows saved user RYAN\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 43
Source Name: Userenv
Time Written: 20091121213203.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: RYAN
Event Code: 1517
Message: Windows saved user RYAN\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 22
Source Name: Userenv
Time Written: 20091121211919.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
  • 0

#15
SpySentinel
Posted 25 November 2009 - 02:46 PM

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi,


How is your computer running?



Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java 2 Runtime Environment, SE v1.4.2_03




Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u17-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586.exe and select "Run as an Administrator.")

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP