Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Windows Explorer Needs to Close

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Windows Explorer Needs to Close

Unread postby Radar50 » December 7th, 2008, 4:37 pm

Good Afternoon,

I would appreciate your help with an on going problem for the last three weeks or so. I previously posted but misunderstood about not attaching theHijack log and neglected to do that. Sorry for the error.

I have scanned with Avast, CCleaner and Advanced Care for windows and found nothing. I also have this problem on my LT. This computer is an HP Pavilion A250Y, Intel P4 with 1 GB memory.

Best Regards,

John

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:30:12 PM, on 12/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ScsiAccess.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
O4 - HKCU\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PlayCenter2] "C:\Program Files\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBAudigy\PlayCenter2" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 11344 bytes
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool
Advertisement
Register to Remove

Re: Windows Explorer Needs to Close

Unread postby Katana » December 16th, 2008, 6:22 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.


Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
  1. Please Read All Instructions Carefully
  2. If you don't understand something, stop and ask! Don't keep going on.
  3. Please do not run any other tools or scans whilst I am helping you
  4. Please continue to respond until I give you the "All Clear"
    (Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly Image

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe


----------------------------------------------------------------------------------------

I apologize for the delay in responding, but as you can probably see the forums are quite busy.
Unfortunately there are far more people needing help than there are helpers.

If you still require help please do the following


Download and Run RSIT
  • Please download Random's System Information Tool by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt will be opened maximized.
    • info.txt will be opened minimized.
  • Please post the contents of both log.txt and info.txt.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Windows Explorer Needs to Close

Unread postby Radar50 » December 16th, 2008, 8:29 pm

Thanks Katana! I really appreciate your help. I see the forums are busy and it is really great for you to take your time to help. No problem with me on the timing.

Best regards,

John

Info.txt

info.txt logfile of random's system information tool 1.04 2008-12-16 19:23:53

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE" /U /S
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\System32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->c:\WINDOWS\System32\\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58582977-44D2-44A0-A09B-031CC2AE5938}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A731533B-B325-4D9C-91A4-D93C8E294C19}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Advanced WindowsCare 2.55 Personal-->"C:\Program Files\IObit\Advanced WindowsCare V2\unins000.exe"
ArcSoft Picture Software-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ArcSoft\Software Suite\Uninst.isu"
ARRL 2007 Handbook-->MsiExec.exe /I{8125B0BB-0151-4245-8E3C-A56780AF6708}
ARRL 2008 Handbook-->MsiExec.exe /X{F2BEBAEE-DF00-4141-AA55-D9391EBBBB61}
aspi-->MsiExec.exe /I{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
CCHelp-->MsiExec.exe /I{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
Cisco SSL VPN Client-->C:\Program Files\Cisco Systems\SSL VPN Client\uninstall.exe
CR2-->MsiExec.exe /I{432C3720-37BF-4BD7-8E49-F38E090246D0}
Defraggler (remove only)-->"C:\Program Files\Defraggler\uninst.exe"
ESSAdpt-->MsiExec.exe /I{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}
ESSANUP-->MsiExec.exe /I{A6F18A67-B771-4191-8A33-36D2E742D6D9}
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCAM-->MsiExec.exe /I{469730CC-78DF-4CD3-B286-562D459EA619}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}
ESSCT-->MsiExec.exe /I{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESShelp-->MsiExec.exe /I{87843A41-7808-4F2E-B13F-25C1E67CF2FD}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSTUTOR-->MsiExec.exe /I{CA60320D-6A16-49C8-A34F-84EEF4799567}
ESSvpaht-->MsiExec.exe /I{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}
ESSvpot-->MsiExec.exe /I{48C82F7A-F100-4DAB-A310-8E18BF2159E1}
FileZilla Client 3.1.0.1-->C:\Program Files\FileZilla Client\uninstall.exe
Free Download Manager 2.5-->"C:\Program Files\Free Download Manager\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HLPCCTR-->MsiExec.exe /I{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}
HLPIndex-->MsiExec.exe /I{78F79C84-BFD5-4D79-A07D-F39A3CF428DC}
HLPPDOCK-->MsiExec.exe /I{154508C0-07C5-4659-A7A0-E49968750D21}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {D8087907-E255-3A41-A46D-D0F798709C71} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Deskjet printer preloaded drivers-->MsiExec.exe /X{48BD24F5-13DE-493A-A7CE-28A85113FF0C}
HP Digital Imaging Album Printing 1.0-->MsiExec.exe /X{47D4AF7B-EDE6-4ADB-8D2F-0BDA25C7321F}
HP Instant Support-->C:\PROGRA~1\HPINST~1\UNWISE.EXE C:\PROGRA~1\HPINST~1\INSTALL.LOG
HP Photo & Imaging 3.1-->c:\Program Files\Hewlett-Packard\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photo and Imaging 1.2 - Photosmart Cameras-->MsiExec.exe /X{4F5FC172-F0E7-4EA5-902F-8D005DF9F000}
HP Photosmart printers preloaded drivers-->MsiExec.exe /X{9E88DAA4-1352-4272-BA3A-897668408400}
HP PSC & OfficeJet 3.0-->"c:\Program Files\Hewlett-Packard\Digital Imaging\{6CF9C6C0-54E5-4668-85C1-C10F63C40155}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
HP Unload DLL Patch-->MsiExec.exe /X{595D0DE8-C38A-4432-B851-47DECC1A99BD}
Index.DAT File Viewer-->"C:\Program Files\Index.DAT File Viewer\uninstall.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
ISO Recorder-->MsiExec.exe /I{DFC6573E-124D-4026-BFA4-B433C9D3FF21}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
JumpStart World Presents Pet Playground-->C:\Program Files\Common Files\Knowledge Adventure\Uninstall\PetPlaygroundUn.exe
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_3d001c_30e0c1\Setup.exe /APR-REMOVE
KSU-->MsiExec.exe /I{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft .NET Framework (English) v1.0.3705-->C:\WINDOWS\Microsoft.NET\Framework\Install.exe /u /p Microsoft .NET Framework Full v1.0.3705 (1033)
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync 4.0-->MsiExec.exe /I{B208806F-A231-4FA0-AB3F-5C1B8979223E}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-011C-0409-0000-0000000FF1CE}
Microsoft Office XP Small Business-->MsiExec.exe /I{91130409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{9D6D76A6-4328-49E8-97A7-531A74841DA5}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition with SP1 - ENU\setup.exe
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{D8087907-E255-3A41-A46D-D0F798709C71}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.9)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Essentials-->MsiExec.exe /X{1196A3B6-9B62-4999-BF6C-1CCE1F581033}
Notifier-->MsiExec.exe /I{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OmniPass-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\Setup.exe" -l0x9
OpenOffice.org 3.0-->MsiExec.exe /I{F44DA61E-720D-4E79-871F-F6E628B33242}
Opera 9.62-->MsiExec.exe /X{D9226EB1-C528-48AC-B423-BD9240E1F60B}
OTtBP-->MsiExec.exe /I{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}
overland-->MsiExec.exe /I{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}
PCDLNCH-->MsiExec.exe /I{69BD6399-3D8F-45B7-81D9-819361F5101D}
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 combined Win32 extensions-->C:\Python22\Lib\SITE-P~1\UNWISE~1.EXE C:\Python22\Lib\SITE-P~1\w32inst.log
Python 2.2.1-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RecordNow-->MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
Road Runner Medic 5.2-->"C:\Program Files\Support.com\TWC\uninstall.exe" /c "Remove Road Runner Medic 5.2?"
S3Display-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display'
S3Gamma2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2'
S3Info2-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2'
S3Overlay-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay'
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}
SFR2-->MsiExec.exe /I{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}
ShowBiz DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60E80B13-8649-4A69-85E2-1AE99E061F43}\setup.exe" -l0x9
Signature995-->c:\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
Simple Backup for My Pictures-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Simple Installer - Multilanguage Version-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EEF397AC-DAEF-4C04-90A9-5B2BD31875DC}\setup.exe"
Soccer Mania-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AF833FA4-6845-4668-B5EE-AF4FBDAB119D}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sound Blaster Audigy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\Setup.exe" -l0x9 /nofinish
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Stop the Morbuzakh (remove only)-->C:\Program Files\LEGO Software\Stop the Morbuzakh\Uninst.exe
SyncToy-->MsiExec.exe /I{B5688129-7595-4E5B-9990-CEF981A31264}
toolkit-->c:\Windows\HPTK\unhptkit.exe
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
UBCD4Win 3.12-->"C:\UBCD4Win\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.2.3.66.exe -AppId 137903
VCAMCEN-->MsiExec.exe /I{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081216-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PCToolsDir"=C:\Documents and Settings\All Users\Start Menu\Programs\Hewlett-Packard\HP Pavilion PC Tools
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0209
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"VERSION"=3.1.0
"SESSIONID"=1213033892759g1u0355c.austin.hp.com670d6062:11a87a41337:-4f6e
"COLLECTIONID"=COL7458
"ITEMID"=ps-22563-2
"UPDATEDIR"=C:\DOCUME~1\Owner\LOCALS~1\Temp\radCC460.tmp
"TOOLPATH"=/C:\Program%20Files\Hewlett-Packard\HP%20Software%20Update\install.htm
"HMSERVER"=https://vausnzisprob.austin.hp.com/wuss/servlet/WUSSServlet
"SWUTVER"=1.0.18.20030625
"OSVER"=winXPH
"LANG"=1033
"TIMEOUT"=0
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\

-----------------EOF-----------------


log.txt

Logfile of random's system information tool 1.04 (written by random/random)
Run by Owner at 2008-12-16 19:23:36
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 44 GB (61%) free of 72 GB
Total RAM: 1023 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:48 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\ScsiAccess.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.superwebsearch.com/ie/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.superwebsearch.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cm.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us8.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us8.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.superwebsearch.com/ie/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKCU\..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
O4 - HKCU\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKCU\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKCU\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKCU\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - HKCU\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKCU\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [PlayCenter2] "C:\Program Files\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" "C:\Program Files\Creative\SBAudigy\PlayCenter2" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMidi] MIDIDEF.EXE (User 'Default user')
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\system32\ScsiAccess.EXE
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 11560 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-25 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2007-11-26 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - hp toolkit - C:\HP\EXPLOREBAR\HPTOOLKT.DLL [2003-02-20 106496]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"=c:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-18 69632]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-03 136600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-16 77824]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-25 185872]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-10-24 1056928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2004-05-12 241664]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-14 212992]
"nwiz"=nwiz.exe /install []
"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2003-01-09 28672]
"PS2"=C:\WINDOWS\system32\ps2.exe [2002-10-17 81920]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2003-03-12 114688]
"hpsysdrv"=c:\windows\system\hpsysdrv.exe [1998-05-08 52736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-03-20 149040]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-15 153136]
"H/PC Connection Agent"=C:\PROGRA~1\MICROS~3\wcescomm.exe [2005-11-15 1200128]
"KBD"=C:\HP\KBD\KBD.EXE [2003-02-12 61440]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2003-02-28 1843200]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"StorageGuard"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2003-02-13 155648]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"NvCplDaemon"= []
"CamMonitor"=c:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe [2002-06-22 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-25 185872]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe [2003-06-25 49152]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2007-12-31 2449455]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Kodak EasyShare software.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
Kodak software updater.lnk - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2003-03-12 315392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll [2003-02-21 40960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe"="C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Enabled:BackWeb-137903"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\wjview.exe"="C:\WINDOWS\system32\wjview.exe:*:Enabled:Microsoft® VM Command Line Interpreter"
"C:\WINDOWS\system32\mshta.exe"="C:\WINDOWS\system32\mshta.exe:*:Enabled:Microsoft (R) HTML Application host"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-16 19:23:36 ----D---- C:\rsit
2008-12-13 13:47:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 13:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 13:45:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 13:45:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 13:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-13 13:32:32 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-07 17:19:22 ----D---- C:\Documents and Settings\Owner\Application Data\TrojanHunter
2008-12-07 15:40:37 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-07 15:40:36 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-07 15:29:37 ----D---- C:\Program Files\Trend Micro
2008-12-04 21:06:20 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-04 21:06:03 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-04 21:04:42 ----D---- C:\WINDOWS\system32\RsFx
2008-12-04 20:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-12-04 20:51:29 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-04 20:51:19 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-04 20:46:04 ----D---- C:\Program Files\Microsoft.NET
2008-12-04 20:45:36 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-04 20:45:36 ----D---- C:\Program Files\Common Files\Merge Modules
2008-12-04 20:45:35 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-04 20:44:17 ----D---- C:\Program Files\Microsoft SDKs
2008-12-04 20:39:39 ----D---- C:\19beaa985d7ec7e9ca01
2008-12-04 20:39:21 ----D---- C:\WINDOWS\SxsCaPendDel
2008-12-03 20:25:17 ----A---- C:\WINDOWS\imsins.BAK
2008-12-03 19:41:49 ----D---- C:\Program Files\JRE
2008-12-03 19:30:40 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-03 19:30:40 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-03 19:30:40 ----A---- C:\WINDOWS\system32\java.exe
2008-12-03 19:30:40 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-03 19:09:46 ----D---- C:\Config.Msi
2008-12-03 19:09:23 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-28 21:08:39 ----D---- C:\Program Files\Celestia
2008-11-28 11:30:49 ----D---- C:\Documents and Settings\Owner\Application Data\Opera
2008-11-28 11:29:49 ----D---- C:\Program Files\Opera
2008-11-26 17:41:30 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
2008-11-26 17:30:21 ----D---- C:\Program Files\OpenOffice.org 3
2008-11-26 15:58:02 ----D---- C:\Program Files\GIMP-2.0
2008-11-22 20:14:53 ----D---- C:\Program Files\activePDF

======List of files/folders modified in the last 1 months======

2008-12-16 19:23:42 ----D---- C:\WINDOWS\Prefetch
2008-12-16 19:22:22 ----D---- C:\Documents and Settings\Owner\Application Data\Free Download Manager
2008-12-16 19:20:24 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 19:20:04 ----AD---- C:\WINDOWS\Temp
2008-12-14 21:07:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-13 13:54:18 ----AD---- C:\WINDOWS
2008-12-13 13:53:43 ----AD---- C:\WINDOWS\system32
2008-12-13 13:47:53 ----HD---- C:\WINDOWS\inf
2008-12-13 13:47:44 ----ADC---- C:\WINDOWS\system32\dllcache
2008-12-13 13:47:32 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 13:38:20 ----AD---- C:\WINDOWS\system32\FxsTmp
2008-12-13 13:37:36 ----SHD---- C:\WINDOWS\Installer
2008-12-13 13:34:43 ----AD---- C:\WINDOWS\system32\CatRoot2
2008-12-09 18:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 15:40:36 ----AD---- C:\Program Files
2008-12-07 06:46:36 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-06 09:57:39 ----AD---- C:\WINDOWS\Microsoft.NET
2008-12-06 09:57:35 ----RSD---- C:\WINDOWS\assembly
2008-12-04 21:06:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-04 21:04:42 ----AD---- C:\WINDOWS\system32\drivers
2008-12-04 21:03:24 ----AD---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 21:03:10 ----AD---- C:\WINDOWS\system32\1033
2008-12-04 21:01:45 ----AD---- C:\WINDOWS\WinSxS
2008-12-04 20:52:48 ----AD---- C:\WINDOWS\system32\mui
2008-12-04 20:51:20 ----D---- C:\Temp
2008-12-04 20:49:16 ----AD---- C:\Documents and Settings\Owner\Application Data\Microsoft
2008-12-04 20:49:16 ----AD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-04 20:41:18 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-04 20:41:14 ----D---- C:\WINDOWS\system32\en-us
2008-12-04 20:41:06 ----RSD---- C:\WINDOWS\Fonts
2008-12-03 20:25:40 ----AD---- C:\WINDOWS\Debug
2008-12-03 20:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-03 20:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-03 20:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-03 19:41:06 ----D---- C:\Program Files\OpenOffice.org 2.3
2008-12-03 19:18:43 ----AD---- C:\WINDOWS\system32\CatRoot
2008-12-03 19:15:49 ----AD---- C:\WINDOWS\system32\config
2008-12-03 19:15:22 ----AD---- C:\WINDOWS\system32\wbem
2008-12-03 19:15:22 ----AD---- C:\WINDOWS\Registration
2008-12-03 19:14:46 ----D---- C:\Program Files\VMware
2008-12-03 19:13:34 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-03 19:09:22 ----D---- C:\Program Files\Yahoo!
2008-12-03 19:08:31 ----AD---- C:\WINDOWS\system32\Restore
2008-11-28 14:46:55 ----D---- C:\Program Files\IObit
2008-11-27 18:31:42 ----D---- C:\Program Files\Java
2008-11-26 17:28:00 ----D---- C:\Documents and Settings\Owner\Application Data\OpenOffice.org2
2008-11-26 12:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-24 18:50:32 ----AD---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2003-01-09 186068]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2003-01-10 493280]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2003-01-09 6144]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2003-01-10 136448]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2003-01-10 116416]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2003-01-10 819760]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ltmodem5;Lucent Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-03-08 624369]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2003-01-10 113840]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2002-10-01 9856]
R3 Ps2;PS2; C:\WINDOWS\System32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-13 37760]
S3 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2003-03-14 112288]
S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2003-03-14 78496]
S3 CSVirtA;Cisco Systems SSL VPN Adapter; C:\WINDOWS\system32\DRIVERS\CSVirtA.sys [2008-01-27 22136]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-07-16 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-07-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-07-16 21488]
S3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2003-03-14 90395]
S3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2004-08-03 166912]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-02-27 260736]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-03 152984]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-07-10 40999448]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 omniserv;Softex OmniPass Service; C:\Program Files\Softex\OmniPass\Omniserv.exe [2003-02-21 68704]
R2 ScsiAccess;ScsiAccess; C:\WINDOWS\system32\ScsiAccess.EXE [2003-02-04 181312]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 STCAgent;Cisco Systems, Inc. STC Agent; C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe [2008-01-27 267320]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-03-20 267824]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Imapi Helper;Imapi Helper; C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe [2006-01-05 163840]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-20 779824]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-07-16 65795]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-10 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool

Re: Windows Explorer Needs to Close

Unread postby Katana » December 17th, 2008, 5:08 am

Step 1


Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If required, please reboot
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


----------------------------------------------------------- -----------------------------------------------------------
Step 2



Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:

Bleeping Computer ComboFix Tutorial

  • You must download it to and run it from your Desktop
  • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply
  • Re-enable all the programs that were disabled during the running of ComboFix..


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


----------------------------------------------------------- -----------------------------------------------------------
Step 3


Remove Programs

Older versions of some programs have vulnerabilities that malware can use to infect your system.

Now click Start---Control Panel. Double click Add or Remove Programs (XP) / Programs and Features (Vista) . If any of the following programs are listed there,
click on the program to highlight it, and click on remove.
  • Adobe Reader 8.1.0 << See below for updating Adobe
  • Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
Now close the Control Panel.


----------------------------------------------------------- -----------------------------------------------------------
Step 4


Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • MalwareBytes Log
  • Combofix Log
  • How are things running now ?

----------------------------------------------------------- -----------------------------------------------------------

Additional Notes


Your Adobe Acrobat Reader is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Adobe Reader is a large program and uses unnecessary space.
If you prefer a smaller program you can get Foxit 3.0 from http://www.foxitsoftware.com/pdf/rd_intro.php << Recommended

There is a newer version of Adobe Acrobat Reader available.
  • Please go to this link Adobe Acrobat Reader Download Link
  • Click Download
  • On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
  • Click the Continue button
  • Click Run, and click Run again
  • Next click the Install Now button and follow the on screen prompts
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Windows Explorer Needs to Close

Unread postby Radar50 » December 20th, 2008, 8:32 am

Good Morning Katana,

Sorry for the delay in getting back to you. Busy with the holidays and all.

I followed your direction explicitly. By the way Foxit is really cool. Thanks for the info on that.

Below are the logs. I'm still getting the "Windows explorer needs to close" message, though this time the computer did not lock up. Again, I really appreciate your help and the time it takes to do this. :)

Best Regards,

John

Malwarebytes' Anti-Malware 1.31
Database version: 1523
Windows 5.1.2600 Service Pack 3

12/20/2008 6:48:22 AM
mbam-log-2008-12-20 (06-48-22).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 177622
Time elapsed: 1 hour(s), 0 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ComboFix 08-12-18.03 - Owner 2008-12-20 6:57:22.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.527 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\iAlmcoin.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-11-20 to 2008-12-20 )))))))))))))))))))))))))))))))
.

2008-12-19 20:18 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-19 20:17 . 2008-12-19 20:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-19 20:17 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-19 20:08 . 2008-12-19 20:08 <DIR> d-------- c:\windows\LastGood
2008-12-19 19:54 . 2008-09-04 12:15 1,106,944 --a------ c:\windows\system32\SET1B.tmp
2008-12-19 19:54 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-19 19:54 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-19 17:09 . 2008-12-19 19:42 <DIR> d-------- c:\documents and settings\John\UserData
2008-12-17 19:52 . 2008-12-17 19:52 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-17 19:52 . 2008-12-17 19:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-16 19:23 . 2008-12-16 19:23 <DIR> d-------- C:\rsit
2008-12-07 17:19 . 2008-12-07 17:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\TrojanHunter
2008-12-07 15:40 . 2008-12-19 19:42 <DIR> d-------- c:\program files\TrojanHunter 5.0
2008-12-07 15:29 . 2008-12-07 15:29 <DIR> d-------- c:\program files\Trend Micro
2008-12-04 20:51 . 2008-12-19 19:43 <DIR> d-------- c:\program files\Microsoft SQL Server
2008-12-04 20:51 . 2008-12-19 19:44 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-12-04 20:45 . 2008-12-19 19:44 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2008-12-04 20:45 . 2008-12-04 20:46 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-12-04 20:45 . 2008-12-19 19:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-04 20:44 . 2008-12-04 20:44 <DIR> d-------- c:\program files\Microsoft SDKs
2008-12-03 20:25 . 2008-12-19 20:09 1,393 --a------ c:\windows\imsins.BAK
2008-12-03 19:41 . 2008-12-03 19:41 <DIR> d-------- c:\program files\JRE
2008-12-03 19:30 . 2008-12-03 19:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-03 19:18 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2008-12-03 19:18 . 2001-08-17 13:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys
2008-12-03 19:18 . 2008-04-13 14:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-03 19:18 . 2008-04-13 14:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-12-03 19:09 . 2008-12-03 19:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-28 21:08 . 2008-12-03 19:09 <DIR> d-------- c:\program files\Celestia
2008-11-28 11:29 . 2008-12-03 19:58 <DIR> d-------- c:\program files\Opera
2008-11-26 17:41 . 2008-11-26 17:41 <DIR> d-------- c:\documents and settings\Owner\Application Data\OpenOffice.org
2008-11-26 17:30 . 2008-12-03 19:41 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-11-26 15:58 . 2008-12-03 19:11 <DIR> d-------- c:\program files\GIMP-2.0
2008-11-26 15:58 . 2008-12-03 19:11 <DIR> d-------- c:\documents and settings\Owner\.gimp-2.6
2008-11-26 15:58 . 2008-12-03 19:11 <DIR> d-------- c:\documents and settings\Owner\.gegl-0.0
2008-11-22 20:14 . 2008-11-22 20:14 <DIR> d-------- c:\program files\activePDF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 11:58 --------- d-----w c:\documents and settings\Owner\Application Data\Free Download Manager
2008-12-04 00:41 --------- d-----w c:\program files\OpenOffice.org 2.3
2008-12-04 00:14 --------- d-----w c:\program files\VMware
2008-12-04 00:09 --------- d-----w c:\program files\Yahoo!
2008-11-28 19:46 --------- d-----w c:\program files\IObit
2008-11-27 23:31 --------- d-----w c:\program files\Java
2008-11-26 22:28 --------- d-----w c:\documents and settings\Owner\Application Data\OpenOffice.org2
2008-11-16 17:21 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 17:16 --------- d-----w c:\program files\eBay
2008-11-10 00:30 --------- d-----w c:\documents and settings\All Users\Application Data\VMware
2008-11-09 00:40 --------- d-----w c:\program files\Sun
2008-10-25 12:17 --------- d---a-w c:\program files\Common Files\Real
2008-10-25 12:17 --------- d-----w c:\program files\Common Files\xing shared
2008-10-25 12:16 --------- d---a-w c:\program files\Real
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\SET17.tmp
2008-10-22 14:23 126,976 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\ContentUpdater.exe
2008-10-22 14:22 77,824 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\WinVerifyTrust.dll
2008-10-22 14:22 49,152 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHI18N.dll
2008-10-22 14:22 420,432 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\pchplugin.zip
2008-10-22 14:22 159,744 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PCHButton.exe
2008-10-22 14:22 122,880 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\SearchCtrl.dll
2008-10-22 14:22 106,496 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\PluginCtrl.dll
2008-10-22 14:22 1,306,152 ----a-w c:\windows\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHNABS3EN\plugin\bin\motdeusr.zip
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 01:00 666,112 ----a-w c:\windows\system32\wininet.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-03-16 23:25 87,928 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-17 81920]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-12 114688]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-08 52736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-20 149040]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-15 153136]
"H/PC Connection Agent"="c:\progra~1\MICROS~3\wcescomm.exe" [2005-11-15 1200128]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2003-02-28 1843200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"StorageGuard"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"CamMonitor"="c:\program files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe" [2002-06-22 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2007-12-31 2449455]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2003-01-09 c:\windows\system32\cthelper.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-18 69632]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-03 136600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-16 77824]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-25 185872]
"nwiz"="nwiz.exe" [2007-12-05 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"PlayCenter2"="c:\program files\Creative\SBAudigy\PlayCenter2\MDEntry.EXE" [2001-07-21 131072]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-12-04 c:\windows\mididef.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-12-13 630915]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2003-06-08 16432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 12:50 40960 c:\program files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\137903\\Program\\BackWeb-137903.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\wjview.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-04 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-04 20560]
S3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys [2008-01-27 22136]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-NvCplDaemon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://cm.my.yahoo.com/
uDefault_Search_URL = hxxp://srch-us8.hpwis.com/
mStart Page = hxxp://us8.hpwis.com/
mSearch Bar = hxxp://srch-us8.hpwis.com/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ahzg0g4l.default\
FF - prefs.js: browser.startup.homepage - hxxp://cm.my.yahoo.com/|http://www.goog ... S:official
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll

ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-20 06:59:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568)
c:\program files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-12-20 7:00:54
ComboFix-quarantined-files.txt 2008-12-20 12:00:51

Pre-Run: 45,396,357,120 bytes free
Post-Run: 45,463,445,504 bytes free

202 --- E O F --- 2008-12-20 01:11:44
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool

Re: Windows Explorer Needs to Close

Unread postby Katana » December 20th, 2008, 9:08 am

Step 1


Submit a File For Analysis
We need to have the files below Scanned by Uploading them/it to Virus Total

Please visit Virustotal
Copy/paste the the following file path into the window
C:\Qoobox\Quarantine\c\windows\system32\iAlmcoin.dll.vir
Click Submit/Send File
Please post back, to let me know the results.
If Virustotal is too busy please try Jotti

----------------------------------------------------------- -----------------------------------------------------------
Step 2


Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)

NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partne ... bscan.html

Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.


**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

----------------------------------------------------------- -----------------------------------------------------------
Step 3

Logs/Information to Post in Reply
Please post the following logs/Information in your reply
  • Virus Total results
  • Kaspersky Log
  • Does the problem happen after a particular program has been used ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Windows Explorer Needs to Close

Unread postby Radar50 » December 20th, 2008, 9:49 am

The path listed does not exist on my computer from what I can tell.

When I tried to paste path Windows Explorer popped up.

John
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool

Re: Windows Explorer Needs to Close

Unread postby Katana » December 20th, 2008, 10:03 am

Please continue with the Kaspersky scan
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Windows Explorer Needs to Close

Unread postby Radar50 » December 20th, 2008, 6:48 pm

Good Evening Katana,

Scan is completed. I did not see how to remove the items found.

Generally I get the message and partial computer freeze when I close Windows Explorer. Also it happens a lot when 'm on the web. It seems to be related to saving files or downloading files where Windows Explorer seems to be used. As I mentioned initially I have the same problem on my laptop with exact same symptoms if that helps any.

I appreciate your help with resolving this sticky problem. Hope it's warm where you are, Zero F. and snow here tonight.

Best Regards,

John

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 20, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 20, 2008 08:52:11
Records in database: 1490942
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 115155
Threat name: 6
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 03:39:58


File name / Threat name / Threats count
C:\UBCD4Win\plugin\Network\ipscan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c 1
C:\UBCD4Win\plugin\Network\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\UBCD4Win\plugin\Network\ultravnc\files\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1
C:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 1
C:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\UBCD4Win\plugin\System-Info\Information\keyfinderpe\keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1

The selected area was scanned.
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool

Re: Windows Explorer Needs to Close

Unread postby Katana » December 21st, 2008, 6:07 am

There is no obvious sign of infection now, ( the items Kaspersky found are part of UBCD and are safe)


Please Download GMER to your desktop

Download GMER and extract it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click Yes.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Windows Explorer Needs to Close

Unread postby Radar50 » December 21st, 2008, 9:48 am

Good Morning Katana,

Here is the log from the GMER scan. I hope there is something here.

Best Regards,

John

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-12-21 08:45:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF399E576]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF399E432]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF399E910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF399E00A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF399E50C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF399DF4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF399DFAE]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF399E62C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF399E5EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF399E76C]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[608] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.14 ----
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool

Re: Windows Explorer Needs to Close

Unread postby Katana » December 21st, 2008, 10:25 am

There is no active malware that is causing the problem, and nothing in your logs indicates an infection that would have caused this.
About when did this problem occur ?
Did you install or update any programs about the same time as the problem started ?
You mention that your laptop has the same problem, do you have the same programs installed on that ?
what programs are installed on both machines ?
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Windows Explorer Needs to Close

Unread postby Radar50 » December 21st, 2008, 6:35 pm

Good Evening Katana,

Here are the programs on both computers. In thinking about this I'm wondering if Win XP SP3 may be involved. In October or there about I think that both computers were updated with SP3. I can't think of anything I might have done to both machines other than that. I dual boot both machines using ntldr into openSUSE 11.0, but that has been on them long before the problem started.

Programs on Desktop add/remove programs:


23_24_2500Tour
2400
2400_2500Help
2400_2500trb
7-Zip 4.57
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
Advanced WindowsCare 2.55 Personal
AiO_Scan
AiOSoftware
ArcSoft Picture Software
ARRL 2007 Handbook
ARRL 2008 Handbook
aspi
avast! Antivirus
BitTorrent
CCHelp
CCleaner (remove only)
CCScore
CDBurnerXP
Cisco SSL VPN Client
Copy
CR2
Creative Driver
CreativeProjects
Defraggler (remove only)
Director
DNA
DocProc
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSTUTOR
ESSvpaht
ESSvpot
Fax
FileZilla Client 3.1.0.1
Free Download Manager 2.5
HLPCCTR
HLPIndex
HLPPDOCK
Hotfix for Windows XP (KB952287)
HP Deskjet printer preloaded drivers
HP Digital Imaging Album Printing 1.0
HP Instant Support
HP Photo & Imaging 3.1
HP Photo and Imaging 1.2 - Photosmart Cameras
HP Photosmart printers preloaded drivers
HP PSC & OfficeJet 3.0
HP Software Update
HP Unload DLL Patch
hpmdtab
HpSdpAppCoreApp
HPSystemDiagnostics
Index.DAT File Viewer
InstantShare
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
ISO Recorder
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
JumpStart World Presents Pet Playground
KBD
Kodak EasyShare software
KSU
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 1.80 (Symantec Corporation)
Malwarebytes' Anti-Malware
Memories Disc Creator 2.0
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft ActiveSync 4.0
Microsoft Office Outlook Connector
Microsoft Office XP Small Business
Mozilla Firefox (3.0.3)
Mozilla Thunderbird (2.0.0.9)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
Notifier
NVIDIA Drivers
OmniPass
OpenOffice.org 3.0
Opera 9.62
OTtBP
overland
PCDLNCH
PhotoGallery
PrintScreen
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
RealPlayer
RecordNow
Road Runner Medic 5.2
S3Display
S3Gamma2
S3Info2
S3Overlay
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB960714)
SFR
SFR2
ShowBiz DVD
Signature995
Simple Backup for My Pictures
Simple Installer - Multilanguage Version
SkinsHP1
SkinsHP2
Soccer Mania
Sonic Update Manager
Sound Blaster Audigy
Stop the Morbuzakh (remove only)
SyncToy
toolkit
TrayApp
Tweak UI
UBCD4Win 3.12
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Updates from HP
VCAMCEN
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Yahoo! Toolbar


Programs on Laptop Start Menu

Google Desktop
MS Works
Netwaiting
Roxio Creator DE
Adobe Reader
IE 7.0
MdeiaDirect
MS Office PPT Viewer
MS Photo plus
Outlook Express
Windows Media Player
Win Mesenger
Win Movie Maker
Firefox 3.0
FileZilla
Avast Anti Virus
CDBurnerXP
Free Download Manager
winMD5sum
Spybot Search and Destroy
Dell Data Safe
Bit Torrent
Infra Recorder
Think Free Office 3.0
Abiword
HP Printer SW
IRIS OCE Registration'
Hashcalc
CCleaner
Realplayer
SuperAntiSpyware
Windows Power Shell 1.0
Oracle Database 10g Express
Hijack This
Goog Chrome, Earth, Updater
Malewarebytes
foxit
ebay
WinPatrol
Firetrust
advanced Systems Care
MWsnap

Laptop Add/Remove
µTorrent
23_24_2500Tour
2400
2400_2500Help
2400_2500trb
AbiWord 2.6.4
AbiWord Tools Plugins
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Advanced Audio FX Engine
Advanced Video FX Engine
Advanced WindowsCare Personal
AiO_Scan
AiOSoftware
avast! Antivirus
BitTorrent
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
CDBurnerXP
Cisco SSL VPN Client
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Copy
CreativeProjects
Dell DataSafe Online
Dell Support Center
Dell System Restore
Dell Touchpad
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card
Digital Line Detect
Director
DNA
DocProc
Documentation & Support Launcher
Fax
FileZilla Client 3.0.10
Free Download Manager 2.5
Games, Music, & Photos Launcher
Google Chrome
Google Desktop
Google Earth
Google Updater
GoToAssist 8.0.0.514
HashCalc 2.02
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
hpmdtab
HPSystemDiagnostics
InfraRecorder
InstantShare
Intel(R) Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement
Internet Service Offers Launcher
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Laptop Integrated Webcam Driver (1.03.02.0719)
Live! Cam Avatar Creator
Live! Cam Avatar v1.0
Malwarebytes' Anti-Malware
MediaDirect
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.0.4)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Musicmatch for Windows Media Player
NetWaiting
OpenOffice.org 2.4
Opera 9.62
Oracle Data Provider for .NET Help
Oracle Database 10g Express Edition
OutlookAddinSetup
Overland
PhotoGallery
PrintScreen
QFolder
QuickProjects
QuickSet
Readme
RealPlayer
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SkinsHP1
SkinsHP2
Spybot - Search & Destroy
StumbleUpon IE Toolbar
SUPERAntiSpyware Free Edition
ThinkFree Office 3
TrayApp
Unload
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format Runtime
Windows Media Player 10
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Install Manager
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool

Re: Windows Explorer Needs to Close

Unread postby Katana » December 21st, 2008, 6:57 pm

Please do the following on both machines.


Please download RegQuery by Noviciate to your desktop
  • Copy the following registry keypath by highlighting the text and pressing CTRL and C at the same time
      [HKEY_LOCAL_MACHINE\SOFTWARE\ Microsoft\Windows\CurrentVersion\Shell Extensions]
  • Double click RegQuery.exe to run the program
  • Paste the text you have copied using CRTL and V, into the textbox
  • Click the Query button
  • A Notepad file will open. Please paste the contents in your next reply
  • You may now close the RegQuery program
User avatar
Katana
MRU Teacher Emeritus
 
Posts: 6412
Joined: November 10th, 2006, 5:00 pm
Location: Manchester

Re: Windows Explorer Needs to Close

Unread postby Radar50 » December 21st, 2008, 7:46 pm

Katana,

I've done this on both machines. When the HKEY path is pasted into Regquery and I click the query button I get a pop up message that say "check key name". I went into regedit and verfied that the hkey exists and the path is correct. I tried adding my computer as shown in regedit and also C:\ with the same result. Any thoughts?

Best regards,

John
Radar50
Regular Member
 
Posts: 16
Joined: November 30th, 2008, 4:40 pm
Location: Liverpool
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware