Here are the logs requested:
--DefenceInspector.log
Defence Inspector (Build 26.09.10.1)
Log created at 19:19:43 on January 09, 2011
-= System =-
Windows XP (32-bit, Service Pack 3)
Windows Update: Automatic installation
System Restore: ON (74 point(s) available)
-= User Accounts =-
Administrator (Admin)
ASPNET
Guest (Disabled)
HelpAssistant (Disabled)
SUPPORT_388945a0 (Disabled)
User (Admin)
-= Security Programs =-
Error retrieving programs
Windows Defender: Not found
Windows Firewall: Enabled
-= Other Programs =-
Adobe AIR 2.0.3.13070
Adobe Flash Player (Plugin) 10.1.85.3
Adobe Flash Player (ActiveX) 10.1.85.3
Internet Explorer 8.0.6001.18702
Java 1.6.0_23
Mozilla Firefox 3.6.13 (en-US)
-= EOF =-
gmer.txt
GMER 1.0.15.15530 -
http://www.gmer.netRootkit scan 2011-01-09 19:15:54
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST340014A rev.8.16
Running: wqfwwjer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pwaoqkob.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwAdjustPrivilegesToken [0xEECED5FA]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwClose [0xEF59080E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwConnectPort [0xEECEED32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateEvent [0xEECEF27C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateFile [0xEECEE1DA]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwCreateKey [0xEF590604]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateMutant [0xEECEF162]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateNamedPipeFile [0xEECED1E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreatePort [0xEECEF036]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSection [0xEECED390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateSemaphore [0xEECEF39C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateThread [0xEECEDB86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwCreateWaitablePort [0xEECEF0CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDebugActiveProcess [0xEECF0A84]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwDeleteKey [0xEF5904AC]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwDeleteValueKey [0xEF5904F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDeviceIoControlFile [0xEECEE65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwDuplicateObject [0xEECF1C90]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwEnumerateKey [0xEF5903F2]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwEnumerateValueKey [0xEF59034E]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwFlushKey [0xEF590446]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwFsControlFile [0xEECEE46A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadDriver [0xEECF0B76]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwLoadKey [0xEF590972]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwLoadKey2 [0xEECEC458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwMapViewOfSection [0xEECF12DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwNotifyChangeKey [0xEECED138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenEvent [0xEECEF312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenFile [0xEECEDF80]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwOpenKey [0xEF5907D0]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenMutant [0xEECEF1F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenProcess [0xEECED836]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSection [0xEECF1078]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenSemaphore [0xEECEF432]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwOpenThread [0xEECED728]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwQueryKey [0xEF59003E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueryMultipleValueKey [0xEECECCDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQuerySection [0xEECF1618]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwQueryValueKey [0xEF590166]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwQueueApcThread [0xEECF0F0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRenameKey [0xEECECB96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplaceKey [0xEECEBE80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyPort [0xEECEF796]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwReplyWaitReceivePort [0xEECEF65C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRequestWaitReplyPort [0xEECF081E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwRestoreKey [0xEECEC1F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwResumeThread [0xEECF1B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSaveKey [0xEECEBE18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSecureConnectPort [0xEECEEA78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetContextThread [0xEECEDDA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetInformationToken [0xEECF00BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSecurityObject [0xEECF0D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSetSystemInformation [0xEECF1768]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwSetValueKey [0xEF59028A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendProcess [0xEECF185A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSuspendThread [0xEECF1994]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwSystemDebugControl [0xEECF09A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateProcess [0xEECED9D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwTerminateThread [0xEECED932]
SSDT \??\C:\WINDOWS\system32\Drivers\PROCMON20.SYS (Process Monitor Driver/Sysinternals -
www.sysinternals.com) ZwUnloadKey [0xEF590AC2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwUnmapViewOfSection [0xEECF14BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys ZwWriteVirtualMemory [0xEECEDABC]
Code \SystemRoot\system32\DRIVERS\klif.sys FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys IoIsOperationSynchronous
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\explorer.exe [508] 0x6D780000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\explorer.exe [508] 0x6D740000
---- EOF - GMER 1.0.15 ----
info.txt
info.txt logfile of random's system information tool 1.08 2011-01-09 17:33:19
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 9.4.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A94000000001}
Apple Application Support-->MsiExec.exe /I{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AutoHotkey 1.0.91.01-->C:\Program Files\AutoHotkey\uninst.exe
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
Free File Viewer 2010-->"C:\Program Files\FreeFileViewer\unins000.exe"
GIMP 2.6.11-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2158563)-->"C:\WINDOWS\$NtUninstallKB2158563$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
InstallIQ Updater-->MsiExec.exe /X{5EFA68C8-CFFD-407F-8B17-7D7C61D2F93A}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
Intel(R) PROSet II-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Intel\PROSet\PROUnins.isu" -c"C:\Program Files\Intel\PROSet\PROInst.DLL"
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
Java(TM) 6 Update 23-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216023FF}
Just Great Software EditPad Lite 6.6.4-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\JGsoft\EditPadLite\Deploy.log"
Leopard-->"C:\WINDOWS\lsb_un20.exe" /C=UC /N=Leopard
LG CyberLink LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LG CyberLink LabelPrint-->"C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
LG CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
LG CyberLink Power2Go-->"C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
LG CyberLink PowerBackup-->"C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\Setup.exe" -uninstall
LG CyberLink PowerDVD-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
LG CyberLink PowerDVD-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\Setup.exe" /z-uninstall
LG CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall
LG CyberLink PowerProducer-->"C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe" /z-uninstall
LG CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
LG CyberLink YouCam-->"C:\Program Files\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\Setup.exe" /z-uninstall
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe"
LG Power Tools-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
LG Power Tools-->"C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
LightScribe System Software-->MsiExec.exe /X{CC8E94A2-55C7-4460-953C-2A790180578C}
Microsoft .NET Framework 1.1 Security Update (KB2416447)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2416447\M2416447Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework Client Profile-->C:\AHCache\All Users\Microsoft.Net.Client.3.5\setup.exe /remove "Microsoft.Net.Client.3.5"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
Paint.NET v3.5.5-->MsiExec.exe /X{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{E7004147-2CCA-431C-AA05-2AB166B9785D}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB979402)-->"C:\WINDOWS\$NtUninstallKB979402_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2121546)-->"C:\WINDOWS\$NtUninstallKB2121546$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2259922)-->"C:\WINDOWS\$NtUninstallKB2259922$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2279986)-->"C:\WINDOWS\$NtUninstallKB2279986$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2296199)-->"C:\WINDOWS\$NtUninstallKB2296199$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2436673)-->"C:\WINDOWS\$NtUninstallKB2436673$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981957)-->"C:\WINDOWS\$NtUninstallKB981957$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982802)-->"C:\WINDOWS\$NtUninstallKB982802$\spuninst\spuninst.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Windows (KB971513)-->"C:\WINDOWS\$NtUninstallKB971513$\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982664)-->"C:\WINDOWS\ie8updates\KB982664-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB2141007)-->"C:\WINDOWS\$NtUninstallKB2141007$\spuninst\spuninst.exe"
Update for Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Update for Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Management Framework Core-->"C:\WINDOWS\$968930Uinstall_KB968930$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wordlist Wizard-->"C:\WINDOWS\Wordlist Wizard\uninstall.exe" "/U:C:\Program Files\Wordlist Wizard\Uninstall\uninstall.xml"
======System event log======
Computer Name: USER-6NCEH97SB9
Event Code: 20
Message: Installation Failure: Windows failed to install the following update with error 0x8007054f: Security Update for Windows XP (KB956572).
Record Number: 3214
Source Name: Windows Update Agent
Time Written: 20110109120256.000000-300
Event Type: error
User:
Computer Name: USER-6NCEH97SB9
Event Code: 4373
Message: Windows XP KB956572 installation failed.
An internal error occurred.
Record Number: 3213
Source Name: NtServicePack
Time Written: 20110109120243.000000-300
Event Type: error
User: NT AUTHORITY\SYSTEM
Computer Name: USER-6NCEH97SB9
Event Code: 16
Message: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Record Number: 3212
Source Name: Windows Update Agent
Time Written: 20110109120220.000000-300
Event Type: error
User:
Computer Name: USER-6NCEH97SB9
Event Code: 256
Message: Timed out sending notification of device interface change to window of "MyTest"
Record Number: 3211
Source Name: PlugPlayManager
Time Written: 20110109120158.000000-300
Event Type: warning
User:
Computer Name: USER-6NCEH97SB9
Event Code: 4373
Message: Windows XP Service Pack 3 installation failed.
An internal error occurred.
Record Number: 3210
Source Name: NtServicePack
Time Written: 20110105221010.000000-300
Event Type: error
User: USER-6NCEH97SB9\User
=====Application event log=====
Computer Name: USER-6NCEH97SB9
Event Code: 1000
Message: Faulting application rundll32.exe, version 5.1.2600.2180, faulting module unknown, version 0.0.0.0, fault address 0x0006e63a.
Record Number: 22
Source Name: Application Error
Time Written: 20100624150303.000000-240
Event Type: error
User:
Computer Name: USER-6NCEH97SB9
Event Code: 63
Message: A provider, HiPerfCooker_v1, has been registered in the WMI namespace, Root\WMI, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 17
Source Name: WinMgmt
Time Written: 20100624145700.000000-240
Event Type: warning
User: USER-6NCEH97SB9\User
Computer Name: USER-6NCEH97SB9
Event Code: 1011
Message: Your Windows product has not been activated with Microsoft yet. To activate Windows, use the Product Activation Wizard.
Record Number: 7
Source Name: Windows Product Activation
Time Written: 20100623194017.000000-240
Event Type: warning
User:
Computer Name: USER-6NCEH97SB9
Event Code: 1517
Message: Windows saved user USER-6NCEH97SB9\User registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.
This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 2
Source Name: Userenv
Time Written: 20061228100815.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: USER-6NCEH97SB9
Event Code: 1005
Message: Your Windows product has not been activated with Microsoft yet. Please use the Product Activation Wizard within 30 days.
Record Number: 1
Source Name: Windows Product Activation
Time Written: 20061228100648.000000-300
Event Type: warning
User:
======Environment variables======
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 4, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0204
"PSModulePath"=C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
-----------------EOF-----------------
log.txt
Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2011-01-09 17:37:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 24 GB (69%) free of 36 GB
Total RAM: 503 MB (49% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Free File Viewer Update Checker.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2860770303-1274164593-2249697719-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2860770303-1274164593-2249697719-1003UA.job
C:\WINDOWS\tasks\Install_NSS.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-01-09 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-06-21 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-06-21 126976]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
""= []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"CLMLServer"=C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [2009-06-03 103720]
"UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"RemoteControl8"=C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2009-04-15 91432]
"PDVD8LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2009-04-15 50472]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-02-17 218408]
"LGODDFU"=C:\Program Files\lg_fwupdate\fwupdate.exe [2010-10-24 557056]
"UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-09-25 210216]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"InstallIQUpdater"=C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe [2010-07-07 1008128]
""= []
"Google Update"=C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-22 136176]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\System32\hkcmd.exe [2005-06-21 126976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\System32\igfxtray.exe [2005-06-21 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Promon.exe]
C:\WINDOWS\system32\Promon.exe [2001-09-13 61440]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-06-21 348160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe"="C:\Program Files\FreeFileViewer\FFVCheckForUpdates.exe:*:Enabled:Free File Viewer Update Checker"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe"="C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
======List of files/folders created in the last 1 months======
2011-01-09 17:33:12 ----D---- C:\Program Files\trend micro
2011-01-09 17:33:11 ----D---- C:\rsit
2011-01-09 12:49:06 ----A---- C:\WINDOWS\system32\javaws.exe
2011-01-09 12:49:06 ----A---- C:\WINDOWS\system32\javaw.exe
2011-01-09 12:49:06 ----A---- C:\WINDOWS\system32\java.exe
2011-01-05 22:06:51 ----D---- C:\WINDOWS\system32\CatRoot_bak
2011-01-05 22:03:07 ----D---- C:\Documents and Settings\All Users\Application Data\MFAData
2011-01-05 21:37:57 ----N---- C:\WINDOWS\system32\drivers\PROCMON20.SYS
2011-01-05 21:30:29 ----SHD---- C:\Config.Msi
2011-01-05 20:55:10 ----D---- C:\WINDOWS\LastGood
2010-12-30 22:02:20 ----D---- C:\WINDOWS\system32\appmgmt
2010-12-30 13:28:53 ----D---- C:\WINDOWS\ShellNew
2010-12-30 13:28:52 ----D---- C:\Program Files\AutoHotkey
2010-12-27 10:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-27 10:57:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-27 10:56:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-27 10:56:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-27 10:56:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-27 10:55:53 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-27 10:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
======List of files/folders modified in the last 1 months======
2011-01-09 17:36:44 ----D---- C:\Program Files
2011-01-09 17:33:06 ----D---- C:\WINDOWS\Prefetch
2011-01-09 17:31:01 ----SHD---- C:\WINDOWS\Installer
2011-01-09 12:49:08 ----D---- C:\WINDOWS\Temp
2011-01-09 12:49:06 ----D---- C:\WINDOWS\system32
2011-01-09 12:48:49 ----A---- C:\WINDOWS\system32\deployJava1.dll
2011-01-09 12:02:43 ----HD---- C:\WINDOWS\inf
2011-01-05 22:10:10 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-05 22:10:10 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-05 22:03:41 ----SD---- C:\WINDOWS\Tasks
2011-01-05 21:37:57 ----D---- C:\WINDOWS\system32\drivers
2011-01-05 21:24:11 ----SHD---- C:\System Volume Information
2011-01-05 21:06:08 ----D---- C:\WINDOWS
2011-01-05 20:54:40 ----A---- C:\WINDOWS\lgfwup.ini
2011-01-05 20:54:37 ----D---- C:\Program Files\lg_fwupdate
2011-01-04 22:21:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-04 22:06:28 ----SD---- C:\Documents and Settings\User\Application Data\Microsoft
2011-01-01 16:08:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-01 16:07:57 ----D---- C:\WINDOWS\system32\Restore
2011-01-01 16:03:25 ----A---- C:\WINDOWS\system32\winmm.dll
2010-12-30 22:02:19 ----D---- C:\Program Files\BOINC
2010-12-30 22:00:07 ----D---- C:\Documents and Settings\All Users\Application Data\BOINC
2010-12-30 14:21:44 ----D---- C:\Program Files\Mozilla Firefox
2010-12-27 10:57:35 ----A---- C:\WINDOWS\imsins.BAK
2010-12-27 10:56:48 ----D---- C:\Program Files\Internet Explorer
2010-12-27 10:56:36 ----D---- C:\WINDOWS\ie8updates
2010-12-27 10:56:30 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-27 10:53:43 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-27 10:53:34 ----D---- C:\Program Files\Outlook Express
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2005-11-16 241280]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2002-12-17 139674]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2002-12-17 206464]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2002-12-17 25930]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2002-08-06 139776]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2005-06-21 807998]
R3 NMSCFG;NIC Management Service Configuration Driver; \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS []
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R4 KL1;kl1; C:\WINDOWS\system32\DRIVERS\kl1.sys []
R4 kl2;kl2; C:\WINDOWS\system32\DRIVERS\kl2.sys []
R4 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys []
S0 PROCMON20;PROCMON20; C:\WINDOWS\System32\Drivers\PROCMON20.SYS [2011-01-05 52296]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 ASTRA32;ASTRA32; \??\C:\WINDOWS\System32\DRIVERS\ASTRA32.SYS []
S3 E1000;Intel(R) PRO/1000 Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1000nt5.sys [2001-08-17 50719]
S3 EL98x;3Com EtherLink 10/100 PCI; C:\WINDOWS\System32\DRIVERS\el98xn5.sys [2001-08-17 70174]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2002-12-17 30630]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-01-09 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 NMSSvc;Intel(R) NMS; C:\WINDOWS\System32\NMSSvc.exe [2001-09-21 1077248]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2009-04-15 271760]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-27 439808]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-30 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
I noticed that the flash disinfect tool didn't remove the dllrun.exe file.
"HijackThis download failed" is confusing me since it is located in (what I think is) the default installation folder (C:\program files\trend micro\ Hijackthis)
The default for RSIT was files/folders in last 1 month(s) so I didn't change that. Your instructions didn't specify what to set for that, only to click continue. I can easily run it again.
Thank you for your time.