Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

iexplore.exe Taskmanager

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

iexplore.exe Taskmanager

Unread postby cutberth » September 1st, 2010, 5:19 pm

I think its hiding in the taskmanager as iexplore.exe with a memory usage of around 31,976k. ok, i have tried superantispyware & malwarebytes and they each removed numerous things such as rogue.antimalwaredoctor & trojan.agent/gen-nullo[short] & lots more, seems like its regenerating from sysrestore upon reboot.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:47:14 PM, on 9/1/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1524837437
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6753 bytes
Thank you for any help you can provide, never had this kind of trouble with removal.

I have since run superantispyware & malwarebytes & microsoft security essentials in safe mode and removed an added trojan. Also I did some reading and discovered this article
http://www.winhelponline.com/blog/multi ... xplorer-8/
which explains how it is normal for internet explorer 8 to have more than 1 process in the taskmanager for iexplore.exe, 1 for the frame and 1 for the tab. I will post below my new scan after safe mode fixes, please let me know if i have missed anything, did my best :}"

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:22 AM, on 9/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1524837437
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 6754 bytes

If any of the aboved listed logfile items can be removed that would be great to clean it up a bit :}"

Thank you for your time and help.
cutberth
Active Member
 
Posts: 4
Joined: September 1st, 2010, 5:00 pm
Advertisement
Register to Remove

Re: iexplore.exe Taskmanager

Unread postby muppy03 » September 3rd, 2010, 9:14 pm

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-
  • Continue to respond to this thread until I give you the All Clean!
  • Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
  • Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
  • Please follow all instructions in the order posted.
  • If you have any questions or do not understand instructions, please ask before continuing.
  • Please reply to this thread. Do not start a new topic.

Please post the Malwarebytes Log that removed items, it can be found using the "Logs" tab in the program. Please also describe what symptoms you are having.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:
  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

NEXT Download and Run: RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Please reply with:-
  • Uninstall List
  • MBAM log
  • RSIT logs ( info.txt and log.txt)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: iexplore.exe Taskmanager

Unread postby cutberth » September 3rd, 2010, 10:19 pm

µTorrent
1Click DVD Copy Pro 4.2.2.7
7-Zip 4.65
Acrobat.com
Adobe Flash Player 10 ActiveX
Adobe Reader 9.3.3
Adobe Shockwave Player 11.5
Apple Software Update
Carbonite Online Backup Setup
ConvertXtoDVD 3.8.0.193j
Data Fax SoftModem with SmartCP
DivX
DVD43 v4.6.0
Enhanced Multimedia Keyboard Solution
EPSON Printer Software
EPSON Scan
FileZilla Client 3.3.4.1
GemMaster Mystic
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman 2: Silent Assassin
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP DigitalMedia Archive
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
Intel(R) PRO Network Connections Drivers
Intel(R) Quick Resume Technology Drivers
Intel® Viiv™ Software
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 15
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Antimalware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office XP Media Content
Microsoft Office XP Professional
Microsoft Publisher 2002
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Otto
QuickTime
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealPlayer
Realtek High Definition Audio Driver
Seagate Manager Installer
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Smart Defrag
Sonic Express Labeler
Sonic MyDVD Plus
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spelling Dictionaries Support For Adobe Reader 9
SUPERAntiSpyware
tf2-screensaver-bumblebee
tf2-screensaver-optimus
tf2-screensaver-starscream
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.4
VSO CopyToDVD 4
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Wise Registry Cleaner Free 5.53


Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4519

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/1/2010 4:18:51 AM
mbam-log-2010-09-01 (04-18-51).txt

Scan type: Full scan (C:\|D:\|O:\|P:\|)
Objects scanned: 256014
Time elapsed: 1 hour(s), 3 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 24
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 6
Files Infected: 21

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll (Trojan.BHO) -> Delete on reboot.
c:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0d8fea7b-645c-4996-9164-6ebf356f6437} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0d8fea7b-645c-4996-9164-6ebf356f6437} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d8fea7b-645c-4996-9164-6ebf356f6437} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d8fea7b-645c-4996-9164-6ebf356f6437} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ae426e-2e31-4652-8f87-f1f0da651c80} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{84c3c236-f588-4c93-84f4-147b2abbe67b} (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$NtUninstallMTF1011$ (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\HP_Administrator\Application Data\Sky-Banners (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sky-Banners\skb (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Street-Ads (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Street-Ads\sta (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$ (Adware.Adrotator) -> Delete on reboot.

Files Infected:
C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll (Trojan.BHO) -> Delete on reboot.
C:\Documents and Settings\HP_Administrator\Application Data\6FC131A90F63E71A35FBC4BAF6D41644\mediafix70700en02.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\45.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\46.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\48.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\4A.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\4D.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\4F.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\st_witty820_1930.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\wcsaenorxm.tmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\xsameonwcr.tmp (Adware.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\CQ7LKQBE\mediafix70700en02[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Sky-Banners\skb\log.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\apUninstall.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\WINDOWS\$NtUninstallMTF1011$\zrpt.xml (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\HP_Administrator\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2010 at 07:39 AM

Application Version : 4.42.1000

Core Rules Database Version : 5439
Trace Rules Database Version: 3251

Scan type : Complete Scan
Total Scan Time : 00:50:38

Memory items scanned : 398
Memory threats detected : 0
Registry items scanned : 6982
Registry threats detected : 0
File items scanned : 27800
File threats detected : 164

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tripod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adtechus[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kontera[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statcounter[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnservices.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lucidmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adultfriendfinder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.digital-digest[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yadro[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kanoodle[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bluestreak[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ru4[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@9.q.j.cltomedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eas.apm.emediate[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pubmatic[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rotator.adjuggler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@statse.webtrendslive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@smartadserver[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads-vrx.adbrite[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myroitracking[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www5.addfreestats[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@eyewonder[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.mycricket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@9.p.j.cltomedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.lzjl[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@chitika[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@asianmediawiki[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tacoda[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@247realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@rambler[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@xiti[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cltomedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediabrandsww[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dmtracker[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@googleads.g.doubleclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.christianpost[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@in.getclicky[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@oasn04.247realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@t.u.j.cltomedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adinterax[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clickbank[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@zedo[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediatraffic[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[4].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adxpose[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tracker.infra-ad[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@foxfilmedentertainment.122.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www3.addfreestats[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adpredictive[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@account.mycricket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.undertone[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnportal.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@clicksor[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adreactor[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pointroll[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn4.specificclick[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adlegend[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@legolas-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@network.realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@walmart.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media.photobucket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dc.tremormedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lushadserver[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@edgeadx[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yeprevenue[2].txt
2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
a.media.abcfamily.go.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
cdn4.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
content.video.imedia.ro [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
content.yieldmanager.edgesuite.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
convoad.technoratimedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
core.insightexpressai.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
ds.serving-sys.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
ia.media-imdb.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
m1.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
media.heavy.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
media.mtvnservices.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
media.scanscout.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
mediaforgews.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
msnbcmedia.msn.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
objects.tremormedia.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
s0.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
secure-us.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
static.2mdn.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
udn.specificclick.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
http://www.crackle.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@liveperson[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@myroitracking[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-reddoorinteractive.hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@www.burstnet[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kanoodle[1].txt
media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\LMRKU574 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\LMRKU574 ]
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[1].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[1].txt
C:\Documents and Settings\LocalService\Cookies\system@2o7[2].txt
C:\Documents and Settings\LocalService\Cookies\system@invitemedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bs.serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@realmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@tribalfusion[1].txt
C:\Documents and Settings\LocalService\Cookies\system@questionmarket[1].txt
C:\Documents and Settings\LocalService\Cookies\system@revsci[1].txt
C:\Documents and Settings\LocalService\Cookies\system@network.realmedia[1].txt
C:\Documents and Settings\LocalService\Cookies\system@viacom.adbureau[2].txt
C:\Documents and Settings\LocalService\Cookies\system@collective-media[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bizzclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@enhance[2].txt
media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\87R22JA7 ]
media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\87R22JA7 ]
secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\87R22JA7 ]

Rogue.AntiMalwareDoctor
C:\Documents and Settings\HP_Administrator\Application Data\6FC131A90F63E71A35FBC4BAF6D41644

Trojan.Agent/Gen-Nullo[Short]
C:\AVENGER\6TO4V32.DLL
C:\AVENGER\MMDUCH.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP602\A0058456.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP602\A0058459.EXE


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2010 at 05:33 PM

Application Version : 4.42.1000

Core Rules Database Version : 5439
Trace Rules Database Version: 3251

Scan type : Complete Scan
Total Scan Time : 00:35:24

Memory items scanned : 220
Memory threats detected : 0
Registry items scanned : 6977
Registry threats detected : 0
File items scanned : 27778
File threats detected : 18

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@interclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lucidmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@bs.serving-sys[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pubmatic[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt

Trojan.Agent/Gen-Nullo[Short]
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP603\A0058549.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{106CF321-99A3-4E3A-9103-1BD027606A99}\RP603\A0058550.DLL


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/01/2010 at 09:31 PM

Application Version : 4.42.1000

Core Rules Database Version : 5444
Trace Rules Database Version: 3256

Scan type : Quick Scan
Total Scan Time : 00:22:07

Memory items scanned : 395
Memory threats detected : 0
Registry items scanned : 1594
Registry threats detected : 0
File items scanned : 12265
File threats detected : 12

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pubmatic[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@247realmedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@oasn04.247realmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@at.atwola[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/02/2010 at 09:56 PM

Application Version : 4.42.1000

Core Rules Database Version : 5448
Trace Rules Database Version: 3260

Scan type : Complete Scan
Total Scan Time : 00:34:02

Memory items scanned : 228
Memory threats detected : 0
Registry items scanned : 6978
Registry threats detected : 0
File items scanned : 27211
File threats detected : 22

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@insightexpressai[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@lucidmedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ru4[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@liveperson[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@sales.liveperson[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@liveperson[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[3].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adpredictive[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@account.mycricket[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ehg-reddoorinteractive.hitbox[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[1].txt


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/03/2010 at 02:36 AM

Application Version : 4.42.1000

Core Rules Database Version : 5449
Trace Rules Database Version: 3261

Scan type : Quick Scan
Total Scan Time : 00:21:21

Memory items scanned : 408
Memory threats detected : 0
Registry items scanned : 1595
Registry threats detected : 0
File items scanned : 12187
File threats detected : 10

Adware.Tracking Cookie
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@msnbc.112.2o7[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[1].txt
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.wsod[2].txt
ia.media-imdb.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\GNU75BYM ]

Logfile of random's system information tool 1.08 (written by random/random)
Run by HP_Administrator at 2010-09-03 21:50:53
Microsoft Windows XP Professional Service Pack 3
System drive C: has 202 GB (88%) free of 230 GB
Total RAM: 1526 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:15 PM, on 9/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE /FU "C:\WINDOWS\TEMP\E_S9A.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6770.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1524837437
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7158 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-08-29 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-08-29 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ftutil2"=ftutil2.dll,SetWriteCacheMode []
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"EPSON Stylus CX5000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVA.EXE [2006-02-14 131072]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-08-25 2424560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-19 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bipro]
rundll32 C:\WINDOWS\$NtUninstallMTF1011$\mmduch.dll,,Run []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite]
C:\Program Files\Carbonite\CarbonitePreinstaller.exe [2009-08-04 318096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]
c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe [2006-04-13 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
C:\Program Files\dvd43\dvd43_tray.exe [2009-10-23 827904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2006-02-16 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-02-21 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [2009-09-25 185640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mediafix70700en02.exe]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
C:\WINDOWS\SMINST\RECGUARD.EXE [2005-07-23 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
C:\Windows\Creator\Remind_XP.exe [2004-12-14 663552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2006-06-13 16239616]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-08-29 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-08-29 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-02-19 288560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Administrator^Start Menu^Programs^Startup^Antimalware Doctor.lnk]
[]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Disabled:Earthlink"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-09-03 21:50:53 ----D---- C:\rsit
2010-09-03 01:59:45 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\ImgBurn
2010-09-03 01:58:42 ----D---- C:\Program Files\ImgBurn
2010-09-03 01:57:34 ----A---- C:\Program Files\SetupImgBurn_2.5.2.0.exe
2010-09-03 01:48:15 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\vlc
2010-09-03 01:46:21 ----A---- C:\Program Files\vlc-1.1.4-win32.exe
2010-09-03 01:37:38 ----D---- C:\Program Files\LG Software Innovations
2010-09-03 01:36:41 ----A---- C:\Program Files\1clickdvdcopyprosetup4.2.2.7.exe
2010-09-03 01:28:33 ----A---- C:\Program Files\FileZilla_3.3.4.1_win32-setup.exe
2010-09-02 23:08:52 ----ASH---- C:\hiberfil.sys
2010-09-01 15:46:07 ----D---- C:\Program Files\Trend Micro
2010-09-01 06:41:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2010-09-01 06:41:40 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-01 06:41:29 ----D---- C:\Program Files\SUPERAntiSpyware
2010-09-01 03:13:17 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2010-09-01 03:13:06 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-09-01 03:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-09-01 03:13:03 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-09-01 03:13:03 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2010-09-01 02:13:24 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Tific
2010-09-01 02:13:05 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-09-01 02:12:57 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2010-08-31 18:36:19 ----A---- C:\WINDOWS\system32\drivers\MOUCLASS.SYS
2010-08-20 01:07:16 ----D---- C:\Program Files\Wise Registry Cleaner
2010-08-10 14:59:16 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$
2010-08-10 14:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$
2010-08-10 14:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$
2010-08-10 14:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2010-08-10 14:58:14 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$
2010-08-10 14:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$
2010-08-10 14:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2010-08-10 14:52:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2010-08-10 04:59:38 ----D---- C:\Program Files\VSO.Software.ConvertXtoDVD.4.v4.0.12.327-TE
2010-08-10 00:50:34 ----D---- C:\Program Files\IObit
2010-08-10 00:31:20 ----A---- C:\Program Files\WRCFree.exe
2010-08-10 00:18:57 ----D---- C:\Program Files\VSO.Software.ConvertXtoDVD.3.v3.8.0.193j-TE
2010-08-10 00:18:41 ----D---- C:\Program Files\VSO.Software.ConvertXtoDVD.v3.5.3.139.Multilingual.WinALL-BRD
2010-08-09 23:44:07 ----A---- C:\Program Files\CleanVSO.exe
2010-08-09 19:07:50 ----D---- C:\Program Files\Seagate
2010-08-09 19:07:50 ----D---- C:\Documents and Settings\All Users\Application Data\Seagate
2010-08-09 19:05:42 ----D---- C:\Program Files\Carbonite
2010-08-09 19:05:41 ----SHD---- C:\WINDOWS\ftpcache
2010-08-09 18:59:23 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Leadertech
2010-08-06 17:56:29 ----D---- C:\Program Files\HOTLLAMA Media

======List of files/folders modified in the last 1 months======

2010-09-03 21:51:14 ----D---- C:\WINDOWS\Temp
2010-09-03 21:51:08 ----D---- C:\WINDOWS\Prefetch
2010-09-03 17:17:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-03 17:01:57 ----D---- C:\WINDOWS\Registration
2010-09-03 17:01:46 ----AD---- C:\WINDOWS
2010-09-03 17:00:36 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-03 14:26:27 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\uTorrent
2010-09-03 01:58:42 ----D---- C:\Program Files
2010-09-03 01:38:35 ----D---- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2010-09-03 01:37:49 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Vso
2010-09-03 01:30:40 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\FileZilla
2010-09-03 01:30:08 ----D---- C:\Program Files\FileZilla FTP Client
2010-09-02 23:07:03 ----AC---- C:\WINDOWS\ntbtlog.txt
2010-09-02 16:12:46 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\dvdcss
2010-09-01 06:06:20 ----D---- C:\WINDOWS\system32\drivers
2010-09-01 04:21:27 ----D---- C:\WINDOWS\system32
2010-09-01 04:21:26 ----D---- C:\WINDOWS\mui
2010-09-01 02:28:30 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-08-31 18:36:30 ----D---- C:\WINDOWS\system32\config
2010-08-31 16:50:34 ----RASH---- C:\boot.ini
2010-08-31 16:50:34 ----A---- C:\WINDOWS\win.ini
2010-08-31 16:50:34 ----A---- C:\WINDOWS\system.ini
2010-08-31 16:50:30 ----D---- C:\WINDOWS\pss
2010-08-20 01:14:44 ----SD---- C:\WINDOWS\Tasks
2010-08-18 22:21:22 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\U3
2010-08-17 16:18:16 ----HD---- C:\WINDOWS\inf
2010-08-11 04:36:14 ----D---- C:\Program Files\Windows Live Safety Center
2010-08-11 04:27:53 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-08-10 15:00:35 ----D---- C:\Program Files\Internet Explorer
2010-08-10 14:59:18 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-08-10 14:59:13 ----A---- C:\WINDOWS\imsins.BAK
2010-08-10 14:59:03 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-10 14:58:25 ----D---- C:\Program Files\Movie Maker
2010-08-10 14:53:44 ----SHD---- C:\WINDOWS\Installer
2010-08-10 14:53:44 ----HD---- C:\Config.Msi
2010-08-10 01:49:52 ----D---- C:\Program Files\Common Files\Adobe
2010-08-10 01:48:59 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-08-10 01:05:36 ----D---- C:\Program Files\Lavasoft
2010-08-10 01:05:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-08-10 01:05:31 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-10 01:05:27 ----D---- C:\WINDOWS\WinSxS
2010-08-10 00:50:09 ----A---- C:\Program Files\DefragSetup.exe
2010-08-09 19:08:09 ----HD---- C:\Program Files\InstallShield Installation Information
2010-08-09 19:06:00 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-06 00:30:53 ----D---- C:\Program Files\Common Files
2010-08-05 15:30:26 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 bb-run;Promise driver accelerator; C:\WINDOWS\system32\DRIVERS\bb-run.sys [2003-11-05 17408]
R0 ftsata2;ftsata2; C:\WINDOWS\system32\DRIVERS\ftsata2.sys [2005-06-29 175104]
R0 iaStor;Intel RAID Controller; C:\WINDOWS\System32\DRIVERS\iastor.sys [2006-02-21 250368]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-02-14 44944]
R1 ELhid;EL hid Service; \??\C:\WINDOWS\System32\Drivers\Elhid.sys []
R1 ELkbd;EL KB Service; \??\C:\WINDOWS\System32\Drivers\Elkbd.sys []
R1 ELmon;EL Monitor Service; \??\C:\WINDOWS\System32\Drivers\Elmon.sys []
R1 ELmou;EL Mouse Service; \??\C:\WINDOWS\System32\Drivers\Elmou.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 MpFilter;Microsoft Malware Protection Driver; C:\WINDOWS\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS []
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 dvd43llh;dvd43llh; C:\WINDOWS\System32\DRIVERS\dvd43llh.sys [2009-11-06 18816]
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 ELacpi;ELacpi; C:\WINDOWS\system32\DRIVERS\ELacpi.sys [2006-05-10 9728]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSX_DP;HSX_DP; C:\WINDOWS\system32\DRIVERS\HSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys [2005-12-06 241664]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-14 4299264]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-07-20 47360]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsx;winachsx; C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys [2005-12-06 670208]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 ELService;Intel(R) Quick Resume technology; C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe [2006-06-02 180224]
R2 FreeAgentGoNext Service;Seagate Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-02-21 81920]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-08-29 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-06-21 49152]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.08 2010-09-03 21:51:18

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
1Click DVD Copy Pro 4.2.2.7-->"C:\Program Files\LG Software Innovations\1Click DVD Copy Pro\unins000.exe"
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A93000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Carbonite Online Backup Setup-->"C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900 /uninstall
ConvertXtoDVD 3.8.0.193j-->"C:\Program Files\VSO\ConvertX\3\unins000.exe"
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1\HXFSETUP.EXE -U -ITrx200Ck.inf
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD43 v4.6.0-->"C:\Program Files\dvd43\unins000.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
FileZilla Client 3.3.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman 2: Silent Assassin-->C:\PROGRA~1\EIDOSI~1\HITMAN~1\uninstall.exe
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive-->MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC-->c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2776 PCI\VEN_8086&DEV_2772
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
Intel(R) Quick Resume Technology Drivers-->C:\WINDOWS\System32\Elusetup.exe
Intel® Viiv™ Software-->MsiExec.exe /X{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216015FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB979904)-->"C:\WINDOWS\$NtUninstallKB979904$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Antimalware-->MsiExec.exe /X{E62A1F01-07B7-4541-A835-EE5B0BF064C2}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Publisher 2002-->MsiExec.exe /I{91190409-6000-11D3-8CFE-0050048383C9}
Microsoft Security Essentials-->C:\Program Files\Microsoft Security Essentials\setup.exe /x
Microsoft Security Essentials-->MsiExec.exe /I{EF98A02A-1748-4762-9B7D-5ED1600520D5}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
muvee autoProducer 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB4740B3-2530-452D-A825-F7AB246CA7DF}\setup.exe" -l0x9
muvee autoProducer unPlugged 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5FDD0538-C67A-4F67-B3F8-09D1AAF04D99}\setup.exe" -l0x9
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealNetworks - Microsoft Visual C++ 2005 Runtime-->MsiExec.exe /I{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Seagate Manager Installer-->"C:\Program Files\InstallShield Installation Information\{2A30052B-831C-41D3-8044-3C0388066350}\setup.exe" -runfromtemp -l0x0409 -removeonly
Seagate Manager Installer-->MsiExec.exe /X{2A30052B-831C-41D3-8044-3C0388066350}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Smart Defrag-->"C:\Program Files\IObit\IObit SmartDefrag\unins000.exe"
Sonic Express Labeler-->MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SUPERAntiSpyware-->"C:\Program Files\SUPERAntiSpyware\Uninstall.exe"
tf2-screensaver-bumblebee-->C:\WINDOWS\system32\tf2-screensaver-bumblebee.scr /u
tf2-screensaver-optimus-->C:\WINDOWS\system32\tf2-screensaver-optimus.scr /u
tf2-screensaver-starscream-->C:\WINDOWS\system32\tf2-screensaver-starscream.scr /u
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.1.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO CopyToDVD 4-->"C:\Program Files\VSO\unins000.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Wise Registry Cleaner Free 5.53-->"C:\Program Files\Wise Registry Cleaner\unins000.exe"

======Security center information======

AV: Microsoft Security Essentials

======System event log======

Computer Name: TIMOTHY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk12\.

Record Number: 21180
Source Name: Disk
Time Written: 20100817162217.000000-300
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk12\.

Record Number: 21179
Source Name: Disk
Time Written: 20100817162216.000000-300
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk12\.

Record Number: 21178
Source Name: Disk
Time Written: 20100817162216.000000-300
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk12\.

Record Number: 21177
Source Name: Disk
Time Written: 20100817162216.000000-300
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 11
Message: The driver detected a controller error on \Device\Harddisk12\.

Record Number: 21176
Source Name: Disk
Time Written: 20100817162216.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: TIMOTHY
Event Code: 5000
Message:
Record Number: 669
Source Name: MSSecurityEssentials
Time Written: 20100202141828.000000-360
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 666
Source Name: Application Hang
Time Written: 20100201014836.000000-360
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 653
Source Name: Application Hang
Time Written: 20100118231854.000000-360
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 1000
Message: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.18854, fault address 0x000d6a3b.

Record Number: 645
Source Name: Application Error
Time Written: 20100114215607.000000-360
Event Type: error
User:

Computer Name: TIMOTHY
Event Code: 1002
Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 624
Source Name: Application Hang
Time Written: 20091228173721.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

The malware seems to of been a redirector, took over my iexplorer.exe and opened numerous pages, also heard music on speakers.

By the way noticed that you joined this site on my Birthday....Happy Days :}"

Thank you for the assist :}"
You do not have the required permissions to view the files attached to this post.
cutberth
Active Member
 
Posts: 4
Joined: September 1st, 2010, 5:00 pm

Re: iexplore.exe Taskmanager

Unread postby muppy03 » September 3rd, 2010, 11:36 pm

IMPORTANT
One or more of the identified infections that you have is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

The Trojan has been identified and can be killed but many experts in the security community believe that once infected with this type of Trojan, the best course of action would be to reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you have any questions, please feel free to ask.

Let me know what you decide.
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: iexplore.exe Taskmanager

Unread postby cutberth » September 4th, 2010, 3:15 pm

Thank you for the advice but I don't do any banking or retain any private/secured data on this machine. Pretty sure this can be resolved by removal procedures. I think i may have handled it already but if you have any added removal advice for any listed data i will take it into consideration.

Thank you for the assist :}"
cutberth
Active Member
 
Posts: 4
Joined: September 1st, 2010, 5:00 pm

Re: iexplore.exe Taskmanager

Unread postby muppy03 » September 4th, 2010, 7:54 pm

The malware seems to of been a redirector, took over my iexplorer.exe and opened numerous pages, also heard music on speakers.

Are you still experiencing these or any problems or symptoms?

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer. This will have to be removed before we continue.

µTorrent


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red). Also take note that remnants of the above program/s and any other P2P program found will be removed when cleaning.

One the above is done please let me know the answer to the above question if you wish to contunue. :)
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia

Re: iexplore.exe Taskmanager

Unread postby cutberth » September 4th, 2010, 10:54 pm

No, I have not seen any signs of virus/malware activity for 2 days now, you may now close this topic as resolved. Thank you for your time and help :}"
cutberth
Active Member
 
Posts: 4
Joined: September 1st, 2010, 5:00 pm

Re: iexplore.exe Taskmanager

Unread postby muppy03 » September 4th, 2010, 11:05 pm

As your problems appear to have been resolved, this topic is now closed.
We are pleased we could help you resolve your computer's malware issues.

If you are satisfied with our assistance and wish to donate to help with the costs of this volunteer site, please read :
Donations For Malware Removal
User avatar
muppy03
MRU Emeritus
MRU Emeritus
 
Posts: 4798
Joined: December 4th, 2007, 5:30 am
Location: Australia
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 481 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware