Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help, please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Need help, please

Unread postby melboy » February 25th, 2010, 2:21 pm

Hi Terri

My computer is running MUCH better now. Thanks!!
You're welcome. :) Your computer does still have outstanding issues though.

In this post I asked you to remove "safe-share". There are still signs of it in the logs.

What do you know about the program?

In some cases it is paid for by the user when it is reportedly available for free.
http://www.siteadvisor.com/sites/safe-share.com
Merchant issues
Feedback from credible users indicates that this site may be trying to sell you something which is normally available elsewhere for free.

In any case, it is an undesirable program and will have to be removed due to MWR rules. I can remove it for you if you are having difficulty removing it.

Please let me know what you want to do so we can continue.



===============================================



SystemLook

Please download SystemLook by jpshortstuff from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox and paste it into the main textfield:
    Code: Select all
    :filefind
    *atapi*
    *safe-search*
    :folderfind
    *safe-search*
    :file
    c:\documents and settings\hp_administrator\ÿÿÿÿ]
    c:\documents and settings\hp_administrator\hû
    c:\documents and settings\hp_administrator\}

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Re: Need help, please

Unread postby TerriReb » February 25th, 2010, 7:08 pm

I asked my husband and my 14 year old son about that program. No one knows how it appeared on our computer. I think it's something my son downloaded and either doesn't want to admit to or just can't remember specifically downloading it.

The odd thing is that it no longer shows up under the Control Panel "Add/Remove Programs" section.

Here is the log from SystemLook:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:55 on 25/02/2010 by HP_Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "*atapi*"
C:\cmdcons\atapi.sy_ --a--- 49558 bytes [19:34 16/07/2005] [04:00 10/08/2004] 28541D14647BB58502D09D1CEAEE6684
C:\WINDOWS\I386\ATAPI.SY_ --a--- 49558 bytes [04:00 10/08/2004] [04:00 10/08/2004] 28541D14647BB58502D09D1CEAEE6684
C:\WINDOWS\I386\COMPDATA\DECATAPI.HTM --a--- 881 bytes [04:00 10/08/2004] [04:00 10/08/2004] FDA00ABB8831E4903E9442E9B01843ED
C:\WINDOWS\I386\COMPDATA\DECATAPI.TXT --a--- 449 bytes [04:00 10/08/2004] [04:00 10/08/2004] F5A5EAC5B4790D90031B913DD5D559A5
C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys --a--- 96512 bytes [10:47 04/09/2008] [18:40 13/04/2008] 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\system32\dllcache\atapi.sys --a--- 95360 bytes [04:00 10/08/2004] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\drivers\atapi.sys --a--- 95360 bytes [04:00 10/08/2004] [05:59 04/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys --a--- 95360 bytes [04:00 10/08/2004] [04:00 10/08/2004] CDFE4411A69C224BD1D11B2DA92DAC51

Searching for "*safe-search*"
No files found.

========== folderfind ==========

Searching for "*safe-search*"
No folders found.

========== file ==========

c:\documents and settings\hp_administrator\ÿÿÿÿ] - File found and opened.
MD5: D41D8CD98F00B204E9800998ECF8427E
Created at 16:46 on 20/02/2010
Modified at 16:46 on 20/02/2010
Size: 0 bytes
Attributes: --a---
No version information available.

c:\documents and settings\hp_administrator\hû - File found and opened.
MD5: D41D8CD98F00B204E9800998ECF8427E
Created at 17:27 on 14/02/2010
Modified at 17:27 on 14/02/2010
Size: 0 bytes
Attributes: --a---
No version information available.

c:\documents and settings\hp_administrator\} - File found and opened.
MD5: D41D8CD98F00B204E9800998ECF8427E
Created at 21:28 on 03/02/2010
Modified at 13:56 on 19/02/2010
Size: 0 bytes
Attributes: --a---
No version information available.

-=End Of File=-

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 25th, 2010, 8:29 pm

Hi Terri

Are you experiencing any more symptoms of a malware infection, EG: search re-directions?


Copy the contents of the code box below (do not include Code:), then go to start > run and paste them into the run box and click OK.

Code: Select all
cmd /c copy /y C:\WINDOWS\system32\drivers\atapi.sys C:\atapi.sys

You should see a flash of a black command box. Then do the following:


Check a file
  • Go to VirusTotal or Jotti's
    C:\atapi.sys
  • Copy/Paste the contents of the quotebox above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed(VirusTotal), click Reanalyze file Now.
    • File has been scanned before(Jotti), click Scan again.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.



MBR Rootkit Detector

Please download MBR.exe by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe


Once the download has finished, click Start > Run. Copy and paste the following into the run box, then click OK:
Code: Select all
\mbr

A log will be generated on your C: drive called MBR.txt. Post it in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 25th, 2010, 11:18 pm

I haven't noticed anything wonky with the computer lately. I don't get any more of those fake "security alerts" or other programs that take over the computer. Does that mean the computer is now clean?

Here are the two logs:

File atapi.sys received on 2010.02.26 03:10:35 (UTC)
Current status: finished
Result: 0/42 (0%)
Compact
Print results
Email:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.26 -
AhnLab-V3 5.0.0.2 2010.02.25 -
AntiVir 8.2.1.172 2010.02.25 -
Antiy-AVL 2.0.3.7 2010.02.25 -
Authentium 5.2.0.5 2010.02.25 -
Avast 4.8.1351.0 2010.02.25 -
Avast5 5.0.332.0 2010.02.25 -
AVG 9.0.0.730 2010.02.25 -
BitDefender 7.2 2010.02.26 -
CAT-QuickHeal 10.00 2010.02.25 -
ClamAV 0.96.0.0-git 2010.02.25 -
Comodo 4065 2010.02.26 -
DrWeb 5.0.1.12222 2010.02.26 -
eSafe 7.0.17.0 2010.02.25 -
eTrust-Vet 35.2.7329 2010.02.25 -
F-Prot 4.5.1.85 2010.02.25 -
F-Secure 9.0.15370.0 2010.02.26 -
Fortinet 4.0.14.0 2010.02.25 -
GData 19 2010.02.26 -
Ikarus T3.1.1.80.0 2010.02.26 -
Jiangmin 13.0.900 2010.02.25 -
K7AntiVirus 7.10.983 2010.02.25 -
Kaspersky 7.0.0.125 2010.02.26 -
McAfee 5903 2010.02.25 -
McAfee+Artemis 5903 2010.02.25 -
McAfee-GW-Edition 6.8.5 2010.02.25 -
Microsoft 1.5502 2010.02.25 -
NOD32 4896 2010.02.25 -
Norman 6.04.08 2010.02.25 -
nProtect 2009.1.8.0 2010.02.26 -
Panda 10.0.2.2 2010.02.25 -
PCTools 7.0.3.5 2010.02.25 -
Prevx 3.0 2010.02.26 -
Rising 22.36.04.01 2010.02.26 -
Sophos 4.50.0 2010.02.26 -
Sunbelt 5700 2010.02.26 -
Symantec 20091.2.0.41 2010.02.26 -
TheHacker 6.5.1.6.211 2010.02.26 -
TrendMicro 9.120.0.1004 2010.02.25 -
VBA32 3.12.12.2 2010.02.25 -
ViRobot 2010.2.25.2202 2010.02.25 -
VirusBuster 5.0.27.0 2010.02.25 -
Additional information
File size: 95360 bytes
MD5...: cdfe4411a69c224bd1d11b2da92dac51
SHA1..: a42fbfeb5a4d94118b483d7f18113aa8c329a052
SHA256: 0e6b23a80f171550575bebc56f7500cd87a5cf03b2b9fdc49bc3de96282cd69d
ssdeep: 1536:BVzXEOXUOyD8HT6OhAVJqNoQrPs2W7IDdXBoDZYkvR5TJWBwEsjG0cXFIQ0bbZPO:BVL/Eiz6OhrNoQzsnwBoDjR51hljrckO
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x155f7timedatestamp.....: 0x41107b4d (Wed Aug 04 05:59:41 2004)machinetype.......: 0x14c (I386)( 9 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x380 0x9672 0x9680 6.45 70b67d65eb28dcccdcba61a31c4d40e2NONPAGE 0x9a00 0x18e8 0x1900 6.48 5629c7db94fbcf0123c267ec52f0c942.rdata 0xb300 0xa54 0xa80 4.37 569d2979d21f645730a1a59fd512d25c.data 0xbd80 0xd94 0xe00 0.44 77b784be18c5257bf3b9c132a03019dbPAGESCAN 0xcb80 0x154f 0x1580 6.15 d1c7adb0c1e5491b58c485d62076561fPAGE 0xe100 0x5f54 0x5f80 6.46 0951fe4f10eee3d01d5d5aab9a0472bcINIT 0x14080 0x22a0 0x2300 6.48 4354ab341533bda39d4f4dc3548ef9bd.rsrc 0x16380 0x3f0 0x400 3.40 0184b21986944fd39532f818b4c642ab.reloc 0x16780 0xcf0 0xd00 6.46 ae8fd4a932f7899f6257876856210914( 3 imports ) > ntoskrnl.exe: RtlInitUnicodeString, swprintf, KeSetEvent, IoCreateSymbolicLink, IoGetConfigurationInformation, IoDeleteSymbolicLink, MmFreeMappingAddress, IoFreeErrorLogEntry, IoDisconnectInterrupt, MmUnmapIoSpace, ObReferenceObjectByPointer, IofCompleteRequest, RtlCompareUnicodeString, IofCallDriver, MmAllocateMappingAddress, IoAllocateErrorLogEntry, IoConnectInterrupt, IoDetachDevice, KeWaitForSingleObject, KeInitializeEvent, RtlAnsiStringToUnicodeString, RtlInitAnsiString, IoBuildDeviceIoControlRequest, IoQueueWorkItem, MmMapIoSpace, IoInvalidateDeviceRelations, IoReportDetectedDevice, IoReportResourceForDetection, RtlxAnsiStringToUnicodeSize, NlsMbCodePageTag, PoRequestPowerIrp, KeInsertByKeyDeviceQueue, PoRegisterDeviceForIdleDetection, sprintf, MmMapLockedPagesSpecifyCache, ObfDereferenceObject, IoGetAttachedDeviceReference, IoInvalidateDeviceState, ZwClose, ObReferenceObjectByHandle, ZwCreateDirectoryObject, IoBuildSynchronousFsdRequest, PoStartNextPowerIrp, PoCallDriver, IoCreateDevice, IoAllocateDriverObjectExtension, RtlQueryRegistryValues, ZwOpenKey, RtlFreeUnicodeString, IoStartTimer, KeInitializeTimer, IoInitializeTimer, KeInitializeDpc, KeInitializeSpinLock, IoInitializeIrp, ZwCreateKey, RtlAppendUnicodeStringToString, RtlIntegerToUnicodeString, ZwSetValueKey, KeInsertQueueDpc, KefAcquireSpinLockAtDpcLevel, IoStartPacket, KefReleaseSpinLockFromDpcLevel, IoBuildAsynchronousFsdRequest, IoFreeMdl, MmUnlockPages, IoWriteErrorLogEntry, KeRemoveByKeyDeviceQueue, MmMapLockedPagesWithReservedMapping, MmUnmapReservedMapping, KeSynchronizeExecution, IoStartNextPacket, KeBugCheckEx, KeRemoveDeviceQueue, KeSetTimer, KeCancelTimer, _allmul, MmProbeAndLockPages, _except_handler3, PoSetPowerState, IoOpenDeviceRegistryKey, RtlWriteRegistryValue, _aulldiv, strstr, _strupr, KeQuerySystemTime, IoWMIRegistrationControl, KeTickCount, IoAttachDeviceToDeviceStack, IoDeleteDevice, ExAllocatePoolWithTag, IoAllocateWorkItem, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, MmLockPagableDataSection, IoGetDriverObjectExtension, MmUnlockPagableImageSection, ExFreePoolWithTag, IoFreeIrp, IoFreeWorkItem, InitSafeBootMode, RtlCompareMemory, RtlCopyUnicodeString, memmove, MmHighestUserAddress> HAL.dll: KfAcquireSpinLock, READ_PORT_UCHAR, KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, HalGetInterruptVector, HalTranslateBusAddress, KeStallExecutionProcessor, KfReleaseSpinLock, READ_PORT_BUFFER_USHORT, READ_PORT_USHORT, WRITE_PORT_BUFFER_USHORT, WRITE_PORT_UCHAR> WMILIB.SYS: WmiSystemControl, WmiCompleteRequest( 0 exports )
RDS...: NSRL Reference Data Set-
pdfid.: -
trid..: Win32 Executable Generic (68.0%)Generic Win/DOS Executable (15.9%)DOS Executable Generic (15.9%)Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
packers (Kaspersky): PE_Patch
sigcheck:publisher....: Microsoft Corporationcopyright....: (c) Microsoft Corporation. All rights reserved.product......: Microsoft_ Windows_ Operating Systemdescription..: IDE/ATAPI Port Driveroriginal name: atapi.sysinternal name: atapi.sysfile version.: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)comments.....: n/asigners......: -signing date.: -verified.....: Unsigned



MBR log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK


Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 26th, 2010, 2:45 pm

Does that mean the computer is now clean?


Remember my first post?
Absence of symptoms does not mean that everything is clear.


Things are a lot better -I'll let you know when were done, we've not long to go now hopefully. ;)


Fix HijackThis entries
  • Run HijackThis
  • Click on the do a system scan only button
  • Put a check beside all of the items listed below (if present):


  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.




OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Processes
    SafeShare.exe
    
    :Files
    c:\documents and settings\hp_administrator\ÿÿÿÿ]
    c:\documents and settings\hp_administrator\hû
    c:\documents and settings\hp_administrator\}
    C:\Program Files\safe-share
    
    :Commands
    [purity]
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


    After OTM has finished and rebooted:


    ESET Online Scanner

    Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

    • Please go here then click on: Image
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on: Image
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on: Image
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on: Image
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    Note: Do not forget to re-enable your Anti-Virus application after running the above scan!



    CKScanner
    Download CKScanner from here
    • Important - Save it to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • After a very short time, when the cursor hourglass disappears, click Save List To File.
    • A message box will verify the file saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.



    In your next reply:
    1. OTM log
    2. ESET online scan log
    3. CKFiles.txt
    4. A fresh HijackThis log (Do a system scan and save a log file)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 27th, 2010, 4:42 pm

I wasn't sure if you meant to run HijackThis twice or only once (before running the other three programs). I ran it twice. Both logs are posted below.

First HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:58:55 AM, on 2/23/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\safe-share\SafeShare.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\windows\system\hpsysdrv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [PersonalSec] C:\Program Files\PersonalSec\psecurity.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/spineworld/en/"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://fsbanforms.slu.edu:7799/forms/ji ... /jinit.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15956 bytes

OTM log:

All processes killed
========== PROCESSES ==========
No active process named SafeShare.exe was found!
========== FILES ==========
c:\documents and settings\hp_administrator\ÿÿÿÿ] moved successfully.
c:\documents and settings\hp_administrator\hû moved successfully.
c:\documents and settings\hp_administrator\} moved successfully.
C:\Program Files\Safe-Share\vlcplugins folder moved successfully.
C:\Program Files\Safe-Share\SharedFolder folder moved successfully.
C:\Program Files\Safe-Share\giFT\plugins folder moved successfully.
C:\Program Files\Safe-Share\giFT\incoming\corrupted folder moved successfully.
C:\Program Files\Safe-Share\giFT\incoming folder moved successfully.
C:\Program Files\Safe-Share\giFT\data folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf\Gnutella folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf\FastTrack folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf\Ares folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf folder moved successfully.
C:\Program Files\Safe-Share\giFT folder moved successfully.
C:\Program Files\Safe-Share folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ebay to be listed

User: HP_Administrator
->Temp folder emptied: 562469 bytes
->Temporary Internet Files folder emptied: 5780477 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: My Music_11_05

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8704517 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24191452 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02272010_095756

ESET scan log:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=eccd4bbcbab539409582cdb395ceae6f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-02-27 06:33:27
# local_time=2010-02-27 12:33:27 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 986465 986465 0 0
# compatibility_mode=3586 16764885 100 89 0 691632859 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=156773
# found=1
# cleaned=0
# scan_time=8346
C:\WINDOWS\system32\spool\prtprocs\w32x86\365.tmp a variant of Win32/Kryptik.BYJ trojan 00000000000000000000000000000000 I

CKFiles log:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

Second HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:45 PM, on 2/27/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\HP_Administrator\Desktop\mbam-installer\explorer.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/spineworld/en/"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://fsbanforms.slu.edu:7799/forms/ji ... /jinit.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15229 bytes
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » February 27th, 2010, 6:20 pm

Hi Terri

With reference to this post, If you have a copy of RSIT on your desktop, delete it.
After the RSIT.exe program runs, it saves two .txt files on my C drive, but the files are empty (they show they contain 0 KB). So I don't have any logs from RSIT.


Navigate to C:\RSIT and if the folder exists, delete it. If info.txt or log.txt are on your C: drive, delete them.

Then complete the following in the order given below.



Check a file
  • Go to VirusTotal or Jotti's
    C:\WINDOWS\system32\spool\prtprocs\w32x86\365.tmp
  • Copy/Paste the file above into the white Upload a file box.
  • Click Send/Submit, and the file will upload to VirusTotal/Jotti, where it will be scanned by several anti-virus programmes.
    NOTE: if you receive a message stating:
    • File has already been analyzed, click Reanalyze file Now.
    • File has been scanned before(Jotti), click Scan again.
  • After a while, a window will open, with details of what the scans found.
  • Copy and paste the results into your next reply.


Then proceed with the following. If you encounter any problems, let me know.



Dial-A-Fix

Please download Dial-A-Fix from here

  • Extract the zip file to your desktop. (Instructions, if needed)
  • Double click Dial-a-Fix.exe to start the program.
  • Check the MSI Fix Windows Installer checkbox.
  • When the window looks like this, press the GO button in the bottom of the window.

    Image

  • In the bottom of the window you will see the checkmarked items being processed, when it has finished it will again say: Ready
  • Exit/Close Dial-A-Fix



Uninstall Programs
  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
    Acrobat.com
    Ad-Aware SE Personal
    Adobe AIR
    Adobe Reader 9
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 4


Update Adobe Acrobat Reader
Your Adobe Acrobat Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
  • Please download Adobe Reader 9.3 to your PC's desktop. (UNcheck the Google Toolbar if you wish)
  • Install the new downloaded updated software.
This will re-install Adobe Air and Acrobat.com. These can be uninstalled again if you wish.



Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.

  • Go to Sun Java
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • In Platform box choose Windows.
  • Check the box to Accept License Agreement and click Continue.
  • Click on Windows Offline Installation, click on the link under it which says "jre-6u18-windows-i586-p.exe" and save the downloaded file to your desktop.
  • Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
  • Reboot your computer



low on disk space
Your computer's system drive is low on disk space:

  • Go to Start > My Computer
  • Right-click on the hard-drive letter for the system, (usually C: )
  • Click Properties
  • Under the General tabUncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
  • Click Apply
  • If it asks whether to apply to all files and folders, answer Yes.
  • You may have to wait while it resets the file attributes.
  • Click OK

Reboot the machine.



random's system information tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from HERE and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open:
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized)
  • Post both of these logs in your next reply (Sometimes you have to make several post to get the logs posted.)


In your next reply:
  1. RSIT log.txt
  2. RSIT info.txt
  3. VirusTotal/Jotti results.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » February 28th, 2010, 7:21 pm

The RSIT log file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Administrator at 2010-02-28 17:18:08
Microsoft Windows XP Professional Service Pack 2
System drive C: has 128 GB (70%) free of 183 GB
Total RAM: 894 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:33 PM, on 2/28/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\ISSVC.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wuauclt.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wltray.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] c:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [_SetRes] c:\hp\bin\cloaker c:\hp\bin\res.bat
O4 - HKLM\..\Run: [IcoSet] c:\hp\bin\cloaker.exe c:\hp\bin\IcoSet\adjust.bat seticon
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager] C:\WINDOWS\system32\wltray.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Documents and Settings\HP_Administrator\Desktop\mbam-installer\explorer.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Media Center PC 4.0; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/spineworld/en/"
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Dynex Wireless Networking Utility.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} (YYGInstantPlay Control) - http://www.yoyogames.com/downloads/activex/YoYo.cab
O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - http://fsbanforms.slu.edu:7799/forms/ji ... /jinit.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15217 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer - HP_Administrator.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
CNavExtBho Class - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2004-08-30 218240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-02-28 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-02-28 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-11-20 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]
- []
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll [2004-08-30 218240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar3.dll [2006-10-12 2108480]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-11-20 911600]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"ccApp"=c:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-08-27 58488]
"URLLSTCK.exe"=c:\Program Files\Norton Internet Security\UrlLstCk.exe [2004-08-30 33936]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-25 245760]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-03-17 339968]
"_SetRes"=c:\hp\bin\cloaker c:\hp\bin\res.bat []
"IcoSet"=c:\hp\bin\cloaker.exe [1999-11-06 27136]
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe [2002-09-10 368706]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Broadcom Wireless Manager"=C:\WINDOWS\system32\wltray.exe [2007-03-02 1282048]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"Malwarebytes Anti-Malware (reboot)"=C:\Documents and Settings\HP_Administrator\Desktop\mbam-installer\explorer.exe /runcleanupscript []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-09 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"Yahoo! Pager"=1 []
"TivoTransfer"=C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe [2008-04-04 1193984]
"TivoNotify"=C:\Program Files\TiVo\Desktop\TiVoNotify.exe [2008-04-04 394240]
"TivoServer"=C:\Program Files\TiVo\Desktop\TiVoServer.exe [2008-04-04 1879552]
"Search Protection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]
"YSearchProtection"=C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-10-07 111856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE [2008-08-06 447928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
C:\PROGRA~1\BRODER~1\AGCREA~1\AGremind.exe /Q []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~3\SonyTray.exe [2003-11-21 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-07-08 106496]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Dynex Wireless Networking Utility.lnk - C:\Program Files\Dynex Enhanced G Desktop Card Adapter\DynexWCUI.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
VPN Client.lnk - C:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-03-14 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableCMD"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"=0
"DisableCMD"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe"="C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:LocalSubNet:Enabled:TiVo Beacon Service"
"C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:LocalSubNet:Enabled:TiVo Transfer Service"
"C:\Program Files\TiVo\Desktop\TiVoServer.exe"="C:\Program Files\TiVo\Desktop\TiVoServer.exe:LocalSubNet:Enabled:TiVo Server Service"
"C:\Program Files\TiVo\Desktop\TiVoDesktop.exe"="C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:LocalSubNet:Enabled:TiVo Desktop User Interface"
"C:\Program Files\TiVo\Desktop\curl.exe"="C:\Program Files\TiVo\Desktop\curl.exe:LocalSubNet:Enabled:TiVo Curl Service"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax"
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe"="C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe"="C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-02-28 17:18:08 ----D---- C:\rsit
2010-02-28 16:49:06 ----D---- C:\Program Files\Common Files\Java
2010-02-28 16:48:58 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-02-28 16:48:34 ----D---- C:\Program Files\Sun
2010-02-28 16:48:20 ----A---- C:\WINDOWS\system32\javaws.exe
2010-02-28 16:48:20 ----A---- C:\WINDOWS\system32\javaw.exe
2010-02-28 16:48:20 ----A---- C:\WINDOWS\system32\java.exe
2010-02-28 16:48:20 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-02-28 16:46:25 ----D---- C:\Program Files\Java
2010-02-28 16:39:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-02-28 03:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-02-27 10:11:06 ----D---- C:\Program Files\ESET
2010-02-27 09:57:56 ----D---- C:\_OTM
2010-02-25 21:14:28 ----A---- C:\mbr.exe
2010-02-24 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-02-24 03:07:06 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-02-24 03:06:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-02-24 03:04:23 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-02-24 03:03:10 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-02-23 18:35:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2010-02-23 18:35:26 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-02-21 03:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-02-21 03:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-02-21 03:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-02-14 11:35:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-02-05 08:13:14 ----D---- C:\Program Files\Trend Micro
2010-02-03 15:05:40 ----HD---- C:\WINDOWS\PIF
2010-02-03 15:05:11 ----A---- C:\mbam-setup.exe
2010-01-30 23:24:20 ----A---- C:\WINDOWS\brndlog.txt
2010-01-30 23:23:55 ----D---- C:\SendTo
2010-01-30 23:23:54 ----D---- C:\Internet Explorer

======List of files/folders modified in the last 1 months======

2010-02-28 17:14:54 ----D---- C:\WINDOWS\Registration
2010-02-28 17:14:47 ----D---- C:\WINDOWS
2010-02-28 17:14:23 ----D---- C:\WINDOWS\Temp
2010-02-28 17:12:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-28 16:57:46 ----D---- C:\WINDOWS\system32
2010-02-28 16:52:30 ----HD---- C:\Program Files
2010-02-28 16:52:30 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2010-02-28 16:52:23 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-28 16:49:07 ----HD---- C:\Config.Msi
2010-02-28 16:49:06 ----SHD---- C:\WINDOWS\Installer
2010-02-28 16:49:06 ----D---- C:\Program Files\Common Files
2010-02-28 16:41:08 ----HD---- C:\Program Files\Adobe
2010-02-28 16:40:18 ----D---- C:\Program Files\Common Files\Adobe
2010-02-28 16:40:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-02-28 16:38:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-28 16:32:58 ----D---- C:\Python22
2010-02-28 16:31:56 ----HD---- C:\Program Files\Zero G Registry
2010-02-28 16:30:14 ----D---- C:\Program Files\SPSS
2010-02-28 16:28:41 ----SD---- C:\WINDOWS\Fonts
2010-02-28 16:26:34 ----D---- C:\WINDOWS\Prefetch
2010-02-28 16:22:42 ----D---- C:\Program Files\Sony
2010-02-28 16:18:27 ----D---- C:\Program Files\Rio
2010-02-28 12:09:25 ----D---- C:\Program Files\Cyanide
2010-02-28 12:08:04 ----D---- C:\Documents and Settings\All Users\Application Data\Tibo Software
2010-02-28 12:01:34 ----D---- C:\Program Files\QuickTime
2010-02-28 12:01:33 ----D---- C:\Program Files\PhotoDeluxe 2.0
2010-02-28 12:01:24 ----D---- C:\Program Files\Internet Explorer
2010-02-28 12:01:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-02-28 12:01:22 ----D---- C:\Program Files\HPQ
2010-02-28 12:00:49 ----D---- C:\Program Files\SBC Self Support Tool
2010-02-28 12:00:25 ----D---- C:\WINDOWS\Motive
2010-02-28 12:00:11 ----D---- C:\Program Files\Broderbund
2010-02-28 11:58:39 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Adobe
2010-02-28 03:00:29 ----HD---- C:\WINDOWS\inf
2010-02-27 10:08:29 ----SD---- C:\WINDOWS\Tasks
2010-02-25 16:54:14 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-02-25 16:54:14 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Lavasoft
2010-02-24 03:08:07 ----A---- C:\WINDOWS\imsins.BAK
2010-02-24 03:07:53 ----RSHD---- C:\WINDOWS\system32\dllcache
2010-02-24 03:02:21 ----D---- C:\WINDOWS\system32\en-US
2010-02-24 03:02:03 ----D---- C:\WINDOWS\ie7updates
2010-02-23 19:02:03 ----D---- C:\WINDOWS\system32\drivers
2010-02-23 08:54:34 ----HD---- C:\WINDOWS\$hf_mig$
2010-02-22 17:53:42 ----D---- C:\Pictures
2010-02-19 07:46:13 ----D---- C:\Documents and Settings
2010-02-17 17:10:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-02-03 15:08:09 ----D---- C:\Program Files\The Learning Company
2010-02-01 16:13:23 ----A---- C:\WINDOWS\OEWABLog.txt
2010-01-30 23:23:54 ----D---- C:\Program Files\Web Publish

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 ATMhelpr;ATMhelpr; C:\WINDOWS\system32\drivers\ATMhelpr.sys [1997-06-17 4064]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 SAVRTPEL;SAVRTPEL; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-08-27 266464]
R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys []
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-09 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-09 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-09 55936]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-03-14 1032192]
R3 BCM43XX;Dynex 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2006-11-30 610816]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2007-01-31 127376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-20 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-20 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-20 21568]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NAVENG.Sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20050817.024\NavEx15.Sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-12-12 19072]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
R3 SAVRT;SAVRT; \??\c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS []
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\SYMDNS.SYS [2004-08-27 11040]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\SYMFW.SYS [2004-08-27 171424]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\SYMIDS.SYS [2004-08-27 34496]
R3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20050816.022\symidsco.sys []
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\SYMNDIS.SYS [2004-08-27 46208]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-08-27 25824]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-09 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-09 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-09 26496]
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2007-01-18 5275]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2008-06-04 3768]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 PcdrNdisuio;PCDRNDISUIO Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\pcdrndisuio.sys [2005-01-19 12416]
S3 PRISM_A02;802.11a/g USB Driver; C:\WINDOWS\system32\DRIVERS\WUSB20XP.sys [2003-09-09 337184]
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2008-06-04 508544]
S3 sonypvs1;Sony Digital Imaging Video2; C:\WINDOWS\system32\DRIVERS\sonypvs1.sys [2002-10-15 102220]
S3 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 USBIO;USBIO Driver (usbio.sys); C:\WINDOWS\System32\Drivers\usbio.sys [2001-05-07 19805]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-09 20480]
S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2004-08-03 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-03-14 352256]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-08-27 197752]
R2 ccSetMgr;Symantec Settings Manager; c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-08-27 164984]
R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2007-07-16 1524512]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 IntuitUpdateService;Intuit Update Service; C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ISSVC;ISSvc; c:\Program Files\Norton Internet Security\ISSVC.exe [2004-08-30 78992]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-02-28 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-05-08 53248]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 navapsvc;Norton AntiVirus Auto-Protect Service; c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe [2004-08-30 176768]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-09 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
R2 RioMSC;Rio MSC Manager; C:\WINDOWS\system32\RioMSC.exe [2004-08-26 282624]
R2 SNDSrvc;Symantec Network Drivers Service; c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-08-27 206048]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-11-02 316544]
R2 TivoBeacon2;TiVo Beacon; C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [2008-04-04 868864]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\wltrysvc.exe [2006-12-01 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-09 14336]
R2 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 ccProxy;Symantec Network Proxy; c:\Program Files\Common Files\Symantec Shared\ccProxy.exe [2004-08-27 234616]
S2 SPBBCSvc;Symantec SPBBCSvc; c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [2004-07-21 173160]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 ccPwdSvc;Symantec Password Validation; c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-08-27 78968]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-09 267776]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-09 14336]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SAVScan;SAVScan; c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe [2004-07-23 197864]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\wmpnetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

The RSIT info.txt file:

info.txt logfile of random's system information tool 1.06 2010-02-28 17:18:37

======Uninstall list======

-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {6421F085-1FAA-DE13-D02A-CFB412C522A4}
Acrobat.com-->MsiExec.exe /I{6421F085-1FAA-DE13-D02A-CFB412C522A4}
Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe PhotoDeluxe 2.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\PhotoDeluxe 2.0\DeIsL1.isu"
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Adobe Type Manager 4.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Adobe Type Manager\DeIsL1.isu" -c"C:\Program Files\Adobe Type Manager\UNINST.DLL"
Agere Systems PCI Soft Modem-->agrsmdel
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Canon Camera Window for ZoomBrowser EX-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5ADA9741-0570-4096-B5FE-1D55E57537D4}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -fC:\PROGRA~1\Canon\PhotoRecord\Uninst.isu -c"C:\PROGRA~1\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot S45 WIA Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{938DB54D-B302-4594-A782-32219F1734AB}
Canon Utilities File Viewer Utility 1.2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}
Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AB3AC39D-9915-435D-ACC4-9881E75326BC}
Cisco Systems VPN Client 5.0.01.0600-->MsiExec.exe /X{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}
Creative Memories Memory Manager 2-->MsiExec.exe /I{0F1A3568-7419-4115-A207-512B9F688267}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dynex Enhanced G Wireless Desktop Card Setup-->C:\Program Files\InstallShield Installation Information\{1544E39F-0A3A-4920-A530-1264DFB7113D}\setup.exe -runfromtemp -l0x0009 -removeonly
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Final Drive Nitro from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\31D6EDEF-1926-4267-A24E-077BFB360F72\Uninstall.exe"
Finale Allegro 2007-->C:\Program Files\Finale Allegro 2007\uninstallAllegro.exe
Finale NotePad 2009-->C:\Program Files\Finale NotePad 2009\uninstallNP.exe
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB888795)-->"C:\WINDOWS\$NtUninstallKB888795$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB891593)-->"C:\WINDOWS\$NtUninstallKB891593$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB895961)-->"C:\WINDOWS\$NtUninstallKB895961$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899337)-->"C:\WINDOWS\$NtUninstallKB899337$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB899510)-->"C:\WINDOWS\$NtUninstallKB899510$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB902841)-->"C:\WINDOWS\$NtUninstallKB902841$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Customer Participation Program 7.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Imaging Device Functions 7.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Officejet All-In-One Series-->C:\Program Files\HP\Digital Imaging\{2D0DF835-98AB-487e-8514-0E0941F728C4}\setup\hpzscr01.exe -datfile hpwscr10.dat
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Solution Center 7.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Tunes-->MsiExec.exe /X{6512B303-F989-4C13-B9F6-A99989E4ED54}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Java DB 10.5.3.0-->MsiExec.exe /X{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Java(TM) SE Development Kit 6 Update 18-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160180}
Lexibox Deluxe from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9844050E-4CA4-4901-A53D-A5D14C63789B\Uninstall.exe"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Premium-->MsiExec.exe /I{00000409-78E1-11D2-B60F-006097C998E7}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Norton AntiSpam-->MsiExec.exe /I{5677563D-0CB1-485f-9E18-C5025306BB3F}
Norton Internet Security 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe /X
Norton Internet Security-->MsiExec.exe /I{12E2B9E9-05B1-407d-B0FD-B5F350535125}
Norton Internet Security-->MsiExec.exe /I{449F3A9E-9903-4a0d-A209-08030D45A935}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447a-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{526AD5DC-CFC4-4f2a-8442-C84CC91D6C7F}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenMG Limited Patch 4.7-07-14-05-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.7-07-14-05-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
Oracle JInitiator 1.3.1.17-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Oracle\JInitiator 1.3.1.17\Uninst.isu"
PC-Doctor for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{19C989C4-50AE-43A4-B06E-8C70FFFF852F} /l1033
Photo Organizer-->C:\WINDOWS\UNINST.EXE -f"C:\PROGRA~1\BRODER~1\PHOTOO~1.8\DeIsL1.isu"
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PrimoPDF-->"C:\WINDOWS\PrimoPDF\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstall.xml"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Riddle Me-->"C:\Program Files\Riddle Me\Uninstall_Riddle Me.exe"
Rio Internet Update-->MsiExec.exe /X{3101857A-2D36-4DD5-A092-27478119601A}
Rio Internet Update-->MsiExec.exe /X{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}
Rio Music Manager-->MsiExec.exe /X{12141D70-0324-42DB-B5E8-706040083931}
Rio Music Manager-->MsiExec.exe /X{282EF7E3-AE54-48AE-A11D-27F512F23AB3}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB974455)-->"C:\WINDOWS\ie7updates\KB974455-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB976325)-->"C:\WINDOWS\ie7updates\KB976325-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB978207)-->"C:\WINDOWS\ie7updates\KB978207-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sibelius 5 First-->MsiExec.exe /X{60E2DE3E-54D1-4AD0-9A8C-4294A3C76F08}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
TiVo Desktop 2.6.1-->MsiExec.exe /X{4E839090-3B68-436A-B3CF-A2A08C38DD26}
Tradewinds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe"
TurboTax 2008 WinPerFedFormset-->MsiExec.exe /I{7570F1CA-016D-46AC-B586-CD74645EFB52}
TurboTax 2008 WinPerUserEducation-->MsiExec.exe /I{29521505-F489-4822-ADFA-32C6DEE4F114}
TurboTax 2008 wmoiper-->MsiExec.exe /I{397EF8BA-A868-43AF-9E75-AF26C32954B2}
TurboTax 2008-->C:\Program Files\TurboTax\Deluxe 2008\Installer\TurboTax 2008 Installer.exe /u /t /a
TurboTax Deluxe 2005-->C:\Program Files\TurboTax\Deluxe 2005\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2005\Uninstall.log" -NoGui
TurboTax Deluxe 2007-->C:\Program Files\TurboTax\Deluxe 2007\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2007\Uninstall.log" -NoGui
TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui
TurboTax ItsDeductible 2005-->MsiExec.exe /X{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}
Update for Windows Internet Explorer 7 (KB976749)-->"C:\WINDOWS\ie7updates\KB976749-IE7\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See KB889858 for more information]-->C:\WINDOWS\$NtUninstallKB889858$\spuninst\spuninst.exe
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885354-->C:\WINDOWS\$NtUninstallKB885354$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891220-->C:\WINDOWS\$NtUninstallKB891220$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB895678-->C:\WINDOWS\$NtUninstallKB895678$\spuninst\spuninst.exe
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com [2010-02-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customi ... .yahoo.com [2010-02-27]
O4 - HKLM\..\Run: [Unshare] C:\Program Files\safe-share\SafeShare.exe [2010-02-27]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com [2010-02-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customi ... .yahoo.com [2010-02-27]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html [2010-02-27]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customi ... ch/ie.html [2010-02-27]

======Security center information======

AV: Norton Internet Security
FW: Norton Internet Security

======System event log======

Computer Name: STUDY
Event Code: 10010
Message: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout.

Record Number: 79745
Source Name: DCOM
Time Written: 20100214220206.000000-360
Event Type: error
User: STUDY\HP_Administrator

Computer Name: STUDY
Event Code: 10010
Message: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout.

Record Number: 79744
Source Name: DCOM
Time Written: 20100214220136.000000-360
Event Type: error
User: STUDY\HP_Administrator

Computer Name: STUDY
Event Code: 10010
Message: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout.

Record Number: 79743
Source Name: DCOM
Time Written: 20100214220106.000000-360
Event Type: error
User: STUDY\HP_Administrator

Computer Name: STUDY
Event Code: 10010
Message: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout.

Record Number: 79742
Source Name: DCOM
Time Written: 20100214220036.000000-360
Event Type: error
User: STUDY\HP_Administrator

Computer Name: STUDY
Event Code: 10010
Message: The server {28DD3979-0566-4ED3-9B14-1548B3187491} did not register with DCOM within the required timeout.

Record Number: 79741
Source Name: DCOM
Time Written: 20100214220006.000000-360
Event Type: error
User: STUDY\HP_Administrator

=====Application event log=====

Computer Name: STUDY
Event Code: 439
Message: wuauclt (3216) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1808.

Record Number: 6655
Source Name: ESENT
Time Written: 20100214175507.000000-360
Event Type: error
User:

Computer Name: STUDY
Event Code: 482
Message: wuauclt (3216) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 8192 (0x00002000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Record Number: 6654
Source Name: ESENT
Time Written: 20100214175507.000000-360
Event Type: error
User:

Computer Name: STUDY
Event Code: 482
Message: wuauclt (2976) An attempt to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 8192 (0x0000000000002000) for 57344 (0x0000e000) bytes failed with system error 112 (0x00000070): "There is not enough space on the disk. ". The write operation will fail with error -1808 (0xfffff8f0). If this error persists then the file may be damaged and may need to be restored from a previous backup.

Record Number: 6652
Source Name: ESENT
Time Written: 20100214175505.000000-360
Event Type: error
User:

Computer Name: STUDY
Event Code: 4689
Message: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in d:\qxp_slp\com\com1x\src\comsvcs\crm\recoveryclerk2.cpp(1192), hr = 80070070: InitNew
Record Number: 6635
Source Name: COM+
Time Written: 20100214175220.000000-360
Event Type: error
User:

Computer Name: STUDY
Event Code: 4444
Message: An empty CRM log file was detected. It has been re-initialized. If this warning appears when the CRM log file is being initially created then no further action is required.
Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235}
Server Application Instance ID:
{B0B5B5F3-7BE2-4DC7-86E2-5E2CCD2F47C6}
Server Application Name: System Application
Comsvcs.dll file version: ENU 2001.12.4414.308 shp
Record Number: 6634
Source Name: COM+
Time Written: 20100214175220.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=2f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

The VirusTotal/Jotti results:

Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.02.28 Trojan.Win32.Tdss!IK
AhnLab-V3 5.0.0.2 2010.02.28 -
AntiVir 8.2.1.176 2010.02.26 TR/TDss.avof.82
Antiy-AVL 2.0.3.7 2010.02.26 Trojan/Win32.Tdss.gen
Authentium 5.2.0.5 2010.02.28 W32/Trojan2.LUJJ
Avast 4.8.1351.0 2010.02.28 -
Avast5 5.0.332.0 2010.02.24 -
AVG 9.0.0.730 2010.02.28 -
BitDefender 7.2 2010.02.28 Gen:Heur.Krypt.9
CAT-QuickHeal 10.00 2010.02.27 Trojan.Tdss.avof
ClamAV 0.96.0.0-git 2010.02.28 -
Comodo 4091 2010.02.28 TrojWare.Win32.Rootkit.Tdss.~d2
DrWeb 5.0.1.12222 2010.02.28 Trojan.Packed.2936
eSafe 7.0.17.0 2010.02.28 -
eTrust-Vet 35.2.7331 2010.02.26 Win32/WindowsAntivirusPro!generi
F-Prot 4.5.1.85 2010.02.28 W32/Trojan2.LUJJ
F-Secure 9.0.15370.0 2010.02.27 Gen:Heur.Krypt.9
Fortinet 4.0.14.0 2010.02.28 -
GData 19 2010.02.28 Gen:Heur.Krypt.9
Ikarus T3.1.1.80.0 2010.02.28 Trojan.Win32.Tdss
Jiangmin 13.0.900 2010.02.28 Trojan/TDSS.hua
K7AntiVirus 7.10.984 2010.02.26 -
Kaspersky 7.0.0.125 2010.02.28 Trojan.Win32.Tdss.avof
McAfee 5906 2010.02.28 DNSChanger.aw
McAfee+Artemis 5906 2010.02.28 DNSChanger.aw
McAfee-GW-Edition 6.8.5 2010.02.28 Heuristic.BehavesLike.Win32.Dropper.B
Microsoft 1.5502 2010.02.28 Trojan:Win32/Alureon.CT
NOD32 4902 2010.02.28 a variant of Win32/Kryptik.BYJ
Norman 6.04.08 2010.02.28 -
nProtect 2009.1.8.0 2010.02.28 -
Panda 10.0.2.2 2010.02.28 Trj/TDSS.gen
PCTools 7.0.3.5 2010.02.28 HeurEngine.MaliciousPacker
Prevx 3.0 2010.02.28 High Risk Cloaked Malware
Rising 22.36.06.04 2010.02.28 -
Sophos 4.50.0 2010.02.28 Mal/Behav-362
Sunbelt 5708 2010.02.28 Packed.Win32.Tdss.y (v)
Symantec 20091.2.0.41 2010.02.28 Packed.Generic.277
TheHacker 6.5.1.7.215 2010.02.28 Trojan/Tdss.avof
TrendMicro 9.120.0.1004 2010.02.28 Mal_TIDIES-14
VBA32 3.12.12.2 2010.02.26 Trojan.Win32.Tdss.avof
ViRobot 2010.2.27.2206 2010.02.27 Trojan.Win32.TDSS.66560.T
VirusBuster 5.0.27.0 2010.02.28 Trojan.Vundo.Gen!Pac.45
Additional information
File size: 66560 bytes
MD5...: 87674bff27044bdfa97f0a0d6ffc95b8
SHA1..: f599d64a1c534517da9d576c45931d464e2e9433
SHA256: 062dc56fc2785fdc0ee84a885b0d7b28cca75c4278f2597f8ba8f447b87f871e
ssdeep: 1536:ZziU8S5oDgWgiCorcStw90JU87t7yNDywkN:L5oDDgiPS90JdEZE
PEiD..: -
PEInfo: PE Structure information( base data )entrypointaddress.: 0x1000timedatestamp.....: 0x4b589623 (Thu Jan 21 18:00:03 2010)machinetype.......: 0x14c (I386)( 5 sections )name viradd virsiz rawdsiz ntrpy md5.text 0x1000 0x2000 0x1200 3.62 96529ad3b3ad2f52d35e96cf7eadefe0.rdata 0x3000 0xf000 0x200 2.25 17c17a16923f49d125c2559949518308.data 0x12000 0x10000 0xe600 7.99 584452b88e470aa007ac020cd615ef70.idata 0x22000 0x1000 0x600 1.27 fc5753cc2cac53fbd6d815dd304cbeb9.rsrc 0x23000 0x1000 0x400 6.31 4e093627c8dcea5f07981ab2d4702d90( 2 imports ) > kernel32.dll: GetCommandLineA, ReadFile, WriteConsoleInputW, VirtualProtectEx, ExitProcess> user32.dll: GetTopWindow, GetWindowRgn, EndPaint( 0 exports )
RDS...: NSRL Reference Data Set-
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=2ABF3E270044C111045901B37510BD00D243965D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=2ABF3E270044C111045901B37510BD00D243965D</a>
trid..: Win32 Executable Generic (38.5%)Win32 Dynamic Link Library (generic) (34.2%)Clipper DOS Executable (9.1%)Generic Win/DOS Executable (9.0%)DOS Executable Generic (9.0%)
pdfid.: -
sigcheck:publisher....: n/acopyright....: n/aproduct......: n/adescription..: n/aoriginal name: n/ainternal name: n/afile version.: n/acomments.....: n/asigners......: -signing date.: -verified.....: Unsigned

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » March 1st, 2010, 2:17 pm

Hi Terri



OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
    Code: Select all
    :Files
    C:\WINDOWS\system32\spool\prtprocs\w32x86\365.tmp
    
    :Commands
    [emptytemp]
    [Reboot]
    

    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
    • Push the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.


    NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.




    TDSSKiller

    Please download TDSSKiller.zip and extract it to the Desktop.

    • From within the newly created tdsskiller folder move TDSSKiller.exe to the desktop and delete the tdsskiller folder.
    • Click on Start >> Run... >> copy in the following text, and press Enter:
      Code: Select all
      "%userprofile%\desktop\TDSSKiller.exe" -l TDSSreport.txt -v
    • A Command Window will appear, follow the prompts.
    • There will be a log on your desktop when the scan is completed with the name TDSSreport.txt.
    • Copy and paste the contents of this log into your next reply.


    In your next reply:
    1. OTM log
    2. TDSSreport.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » March 1st, 2010, 9:13 pm

The OTM log:

Files moved on Reboot...
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1A31.tmp not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1A3E.tmp not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF4321.tmp moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8VSKJPDF\viewtopic[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8VSKJPDF\viewtopic[2].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

The TDSS Report/log:

19:11:55:170 3956 TDSS rootkit removing tool 2.2.7.1 Feb 27 2010 13:29:25
19:11:55:170 3956 ================================================================================
19:11:55:170 3956 SystemInfo:

19:11:55:170 3956 OS Version: 5.1.2600 ServicePack: 2.0
19:11:55:170 3956 Product type: Workstation
19:11:55:170 3956 ComputerName: STUDY
19:11:55:170 3956 UserName: HP_Administrator
19:11:55:170 3956 Windows directory: C:\WINDOWS
19:11:55:170 3956 Processor architecture: Intel x86
19:11:55:170 3956 Number of processors: 1
19:11:55:170 3956 Page size: 0x1000
19:11:55:170 3956 Boot type: Normal boot
19:11:55:170 3956 ================================================================================
19:11:55:170 3956 UnloadDriverW: NtUnloadDriver error 1
19:11:55:170 3956 ForceUnloadDriverW: UnloadDriverW(klmd21) error 1
19:11:55:186 3956 LoadDriverW: Driver already loaded
19:11:55:186 3956 KLMD_DropNLoadW: LoadDriverW(klmd21) error 1056
19:11:55:186 3956 Initialize success
19:11:55:186 3956
19:11:55:186 3956 Scanning Services ...
19:11:55:186 3956 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
19:11:55:186 3956 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:11:55:186 3956 wfopen_ex: Trying to KLMD file open
19:11:55:186 3956 wfopen_ex: File opened ok (Flags 2)
19:11:55:186 3956 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
19:11:55:186 3956 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
19:11:55:186 3956 wfopen_ex: Trying to KLMD file open
19:11:55:186 3956 wfopen_ex: File opened ok (Flags 2)
19:11:55:717 3956 GetAdvancedServicesInfo: Raw services enum returned 377 services
19:11:55:717 3956 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
19:11:55:717 3956 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
19:11:55:717 3956
19:11:55:717 3956 Scanning Kernel memory ...
19:11:55:717 3956 Devices to scan: 11
19:11:55:717 3956
19:11:55:717 3956 Driver Name: Disk
19:11:55:717 3956 IRP_MJ_CREATE : F7516C30
19:11:55:717 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:717 3956 IRP_MJ_CLOSE : F7516C30
19:11:55:717 3956 IRP_MJ_READ : F7510D9B
19:11:55:717 3956 IRP_MJ_WRITE : F7510D9B
19:11:55:717 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:717 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:717 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:717 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:717 3956 IRP_MJ_FLUSH_BUFFERS : F7511366
19:11:55:717 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:717 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:717 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:717 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:717 3956 IRP_MJ_DEVICE_CONTROL : F751144D
19:11:55:717 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7514FC3
19:11:55:717 3956 IRP_MJ_SHUTDOWN : F7511366
19:11:55:717 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:717 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:717 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:717 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:717 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:717 3956 IRP_MJ_POWER : F7512EF3
19:11:55:717 3956 IRP_MJ_SYSTEM_CONTROL : F7517A24
19:11:55:717 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:717 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:717 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:717 3956 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:11:55:717 3956 sion
19:11:55:733 3956 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:11:55:733 3956
19:11:55:733 3956 Driver Name: Disk
19:11:55:733 3956 IRP_MJ_CREATE : F7516C30
19:11:55:733 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:733 3956 IRP_MJ_CLOSE : F7516C30
19:11:55:733 3956 IRP_MJ_READ : F7510D9B
19:11:55:733 3956 IRP_MJ_WRITE : F7510D9B
19:11:55:733 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:733 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:733 3956 IRP_MJ_FLUSH_BUFFERS : F7511366
19:11:55:733 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:733 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:733 3956 IRP_MJ_DEVICE_CONTROL : F751144D
19:11:55:733 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7514FC3
19:11:55:733 3956 IRP_MJ_SHUTDOWN : F7511366
19:11:55:733 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:733 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:733 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:733 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:733 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:733 3956 IRP_MJ_POWER : F7512EF3
19:11:55:733 3956 IRP_MJ_SYSTEM_CONTROL : F7517A24
19:11:55:733 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:733 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:733 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:733 3956 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:11:55:733 3956 sion
19:11:55:733 3956 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:11:55:733 3956
19:11:55:733 3956 Driver Name: Disk
19:11:55:733 3956 IRP_MJ_CREATE : F7516C30
19:11:55:733 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:733 3956 IRP_MJ_CLOSE : F7516C30
19:11:55:733 3956 IRP_MJ_READ : F7510D9B
19:11:55:733 3956 IRP_MJ_WRITE : F7510D9B
19:11:55:733 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:733 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:733 3956 IRP_MJ_FLUSH_BUFFERS : F7511366
19:11:55:733 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:733 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:733 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:733 3956 IRP_MJ_DEVICE_CONTROL : F751144D
19:11:55:733 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7514FC3
19:11:55:733 3956 IRP_MJ_SHUTDOWN : F7511366
19:11:55:733 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:733 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:733 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:733 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:733 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:733 3956 IRP_MJ_POWER : F7512EF3
19:11:55:733 3956 IRP_MJ_SYSTEM_CONTROL : F7517A24
19:11:55:733 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:733 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:733 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:733 3956 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:11:55:733 3956 sion
19:11:55:748 3956 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:11:55:748 3956
19:11:55:748 3956 Driver Name: Disk
19:11:55:748 3956 IRP_MJ_CREATE : F7516C30
19:11:55:748 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:748 3956 IRP_MJ_CLOSE : F7516C30
19:11:55:748 3956 IRP_MJ_READ : F7510D9B
19:11:55:748 3956 IRP_MJ_WRITE : F7510D9B
19:11:55:748 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:748 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:748 3956 IRP_MJ_FLUSH_BUFFERS : F7511366
19:11:55:748 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_DEVICE_CONTROL : F751144D
19:11:55:748 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7514FC3
19:11:55:748 3956 IRP_MJ_SHUTDOWN : F7511366
19:11:55:748 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:748 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:748 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:748 3956 IRP_MJ_POWER : F7512EF3
19:11:55:748 3956 IRP_MJ_SYSTEM_CONTROL : F7517A24
19:11:55:748 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:748 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:748 3956 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:11:55:748 3956 sion
19:11:55:748 3956 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:11:55:748 3956
19:11:55:748 3956 Driver Name: USBSTOR
19:11:55:748 3956 IRP_MJ_CREATE : AC4A7218
19:11:55:748 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:748 3956 IRP_MJ_CLOSE : AC4A7218
19:11:55:748 3956 IRP_MJ_READ : AC4A723C
19:11:55:748 3956 IRP_MJ_WRITE : AC4A723C
19:11:55:748 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:748 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:748 3956 IRP_MJ_FLUSH_BUFFERS : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_DEVICE_CONTROL : AC4A7180
19:11:55:748 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : AC4A29E6
19:11:55:748 3956 IRP_MJ_SHUTDOWN : 804F3418
19:11:55:748 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:748 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:748 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:748 3956 IRP_MJ_POWER : AC4A65F0
19:11:55:748 3956 IRP_MJ_SYSTEM_CONTROL : AC4A4A6E
19:11:55:748 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:748 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:748 3956 siohd: 0
19:11:55:748 3956 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:11:55:748 3956
19:11:55:748 3956 Driver Name: USBSTOR
19:11:55:748 3956 IRP_MJ_CREATE : AC4A7218
19:11:55:748 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:748 3956 IRP_MJ_CLOSE : AC4A7218
19:11:55:748 3956 IRP_MJ_READ : AC4A723C
19:11:55:748 3956 IRP_MJ_WRITE : AC4A723C
19:11:55:748 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:748 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:748 3956 IRP_MJ_FLUSH_BUFFERS : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:748 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_DEVICE_CONTROL : AC4A7180
19:11:55:748 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : AC4A29E6
19:11:55:748 3956 IRP_MJ_SHUTDOWN : 804F3418
19:11:55:748 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:748 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:748 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:748 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:748 3956 IRP_MJ_POWER : AC4A65F0
19:11:55:748 3956 IRP_MJ_SYSTEM_CONTROL : AC4A4A6E
19:11:55:748 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:748 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:748 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:748 3956 siohd: 0
19:11:55:764 3956 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:11:55:764 3956
19:11:55:764 3956 Driver Name: USBSTOR
19:11:55:764 3956 IRP_MJ_CREATE : AC4A7218
19:11:55:764 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:764 3956 IRP_MJ_CLOSE : AC4A7218
19:11:55:764 3956 IRP_MJ_READ : AC4A723C
19:11:55:764 3956 IRP_MJ_WRITE : AC4A723C
19:11:55:764 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:764 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:764 3956 IRP_MJ_FLUSH_BUFFERS : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:764 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:764 3956 IRP_MJ_DEVICE_CONTROL : AC4A7180
19:11:55:764 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : AC4A29E6
19:11:55:764 3956 IRP_MJ_SHUTDOWN : 804F3418
19:11:55:764 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:764 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:764 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:764 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:764 3956 IRP_MJ_POWER : AC4A65F0
19:11:55:764 3956 IRP_MJ_SYSTEM_CONTROL : AC4A4A6E
19:11:55:764 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:764 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:764 3956 siohd: 0
19:11:55:764 3956 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:11:55:764 3956
19:11:55:764 3956 Driver Name: USBSTOR
19:11:55:764 3956 IRP_MJ_CREATE : AC4A7218
19:11:55:764 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:764 3956 IRP_MJ_CLOSE : AC4A7218
19:11:55:764 3956 IRP_MJ_READ : AC4A723C
19:11:55:764 3956 IRP_MJ_WRITE : AC4A723C
19:11:55:764 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:764 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:764 3956 IRP_MJ_FLUSH_BUFFERS : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:764 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:764 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:764 3956 IRP_MJ_DEVICE_CONTROL : AC4A7180
19:11:55:764 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : AC4A29E6
19:11:55:764 3956 IRP_MJ_SHUTDOWN : 804F3418
19:11:55:764 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:764 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:764 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:764 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:764 3956 IRP_MJ_POWER : AC4A65F0
19:11:55:764 3956 IRP_MJ_SYSTEM_CONTROL : AC4A4A6E
19:11:55:764 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:764 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:764 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:780 3956 siohd: 0
19:11:55:780 3956 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: Clean
19:11:55:780 3956
19:11:55:780 3956 Driver Name: Disk
19:11:55:780 3956 IRP_MJ_CREATE : F7516C30
19:11:55:780 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:780 3956 IRP_MJ_CLOSE : F7516C30
19:11:55:780 3956 IRP_MJ_READ : F7510D9B
19:11:55:780 3956 IRP_MJ_WRITE : F7510D9B
19:11:55:780 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:780 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:780 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:780 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:780 3956 IRP_MJ_FLUSH_BUFFERS : F7511366
19:11:55:780 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:780 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:780 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:780 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:780 3956 IRP_MJ_DEVICE_CONTROL : F751144D
19:11:55:780 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7514FC3
19:11:55:780 3956 IRP_MJ_SHUTDOWN : F7511366
19:11:55:780 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:780 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:780 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:780 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:780 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:780 3956 IRP_MJ_POWER : F7512EF3
19:11:55:780 3956 IRP_MJ_SYSTEM_CONTROL : F7517A24
19:11:55:780 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:780 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:780 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:780 3956 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:11:55:780 3956 sion
19:11:55:795 3956 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:11:55:795 3956
19:11:55:795 3956 Driver Name: Disk
19:11:55:795 3956 IRP_MJ_CREATE : F7516C30
19:11:55:795 3956 IRP_MJ_CREATE_NAMED_PIPE : 804F3418
19:11:55:795 3956 IRP_MJ_CLOSE : F7516C30
19:11:55:795 3956 IRP_MJ_READ : F7510D9B
19:11:55:795 3956 IRP_MJ_WRITE : F7510D9B
19:11:55:795 3956 IRP_MJ_QUERY_INFORMATION : 804F3418
19:11:55:795 3956 IRP_MJ_SET_INFORMATION : 804F3418
19:11:55:795 3956 IRP_MJ_QUERY_EA : 804F3418
19:11:55:795 3956 IRP_MJ_SET_EA : 804F3418
19:11:55:795 3956 IRP_MJ_FLUSH_BUFFERS : F7511366
19:11:55:795 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F3418
19:11:55:795 3956 IRP_MJ_SET_VOLUME_INFORMATION : 804F3418
19:11:55:795 3956 IRP_MJ_DIRECTORY_CONTROL : 804F3418
19:11:55:795 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 804F3418
19:11:55:795 3956 IRP_MJ_DEVICE_CONTROL : F751144D
19:11:55:795 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7514FC3
19:11:55:795 3956 IRP_MJ_SHUTDOWN : F7511366
19:11:55:795 3956 IRP_MJ_LOCK_CONTROL : 804F3418
19:11:55:795 3956 IRP_MJ_CLEANUP : 804F3418
19:11:55:795 3956 IRP_MJ_CREATE_MAILSLOT : 804F3418
19:11:55:795 3956 IRP_MJ_QUERY_SECURITY : 804F3418
19:11:55:795 3956 IRP_MJ_SET_SECURITY : 804F3418
19:11:55:795 3956 IRP_MJ_POWER : F7512EF3
19:11:55:795 3956 IRP_MJ_SYSTEM_CONTROL : F7517A24
19:11:55:795 3956 IRP_MJ_DEVICE_CHANGE : 804F3418
19:11:55:795 3956 IRP_MJ_QUERY_QUOTA : 804F3418
19:11:55:795 3956 IRP_MJ_SET_QUOTA : 804F3418
19:11:55:795 3956 TDL3_StartIoLastChanceHookDetect: Unable to dump StartIo handler code
19:11:55:795 3956 sion
19:11:55:795 3956 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
19:11:55:795 3956
19:11:55:795 3956 Driver Name: atapi
19:11:55:795 3956 IRP_MJ_CREATE : 852C0856
19:11:55:795 3956 IRP_MJ_CREATE_NAMED_PIPE : 852C0856
19:11:55:795 3956 IRP_MJ_CLOSE : 852C0856
19:11:55:795 3956 IRP_MJ_READ : 852C0856
19:11:55:795 3956 IRP_MJ_WRITE : 852C0856
19:11:55:795 3956 IRP_MJ_QUERY_INFORMATION : 852C0856
19:11:55:795 3956 IRP_MJ_SET_INFORMATION : 852C0856
19:11:55:795 3956 IRP_MJ_QUERY_EA : 852C0856
19:11:55:795 3956 IRP_MJ_SET_EA : 852C0856
19:11:55:795 3956 IRP_MJ_FLUSH_BUFFERS : 852C0856
19:11:55:795 3956 IRP_MJ_QUERY_VOLUME_INFORMATION : 852C0856
19:11:55:795 3956 IRP_MJ_SET_VOLUME_INFORMATION : 852C0856
19:11:55:795 3956 IRP_MJ_DIRECTORY_CONTROL : 852C0856
19:11:55:795 3956 IRP_MJ_FILE_SYSTEM_CONTROL : 852C0856
19:11:55:795 3956 IRP_MJ_DEVICE_CONTROL : 852C0856
19:11:55:795 3956 IRP_MJ_INTERNAL_DEVICE_CONTROL : 852C0856
19:11:55:795 3956 IRP_MJ_SHUTDOWN : 852C0856
19:11:55:795 3956 IRP_MJ_LOCK_CONTROL : 852C0856
19:11:55:795 3956 IRP_MJ_CLEANUP : 852C0856
19:11:55:795 3956 IRP_MJ_CREATE_MAILSLOT : 852C0856
19:11:55:795 3956 IRP_MJ_QUERY_SECURITY : 852C0856
19:11:55:795 3956 IRP_MJ_SET_SECURITY : 852C0856
19:11:55:795 3956 IRP_MJ_POWER : 852C0856
19:11:55:795 3956 IRP_MJ_SYSTEM_CONTROL : 852C0856
19:11:55:795 3956 IRP_MJ_DEVICE_CHANGE : 852C0856
19:11:55:795 3956 IRP_MJ_QUERY_QUOTA : 852C0856
19:11:55:795 3956 IRP_MJ_SET_QUOTA : 852C0856
19:11:55:795 3956 ihd1
19:11:55:795 3956 siolchd1
19:11:55:795 3956 siohd: 0
19:11:55:795 3956 C:\WINDOWS\system32\drivers\tsk12.tmp - Verdict: Clean
19:11:55:795 3956
19:11:55:795 3956 Completed
19:11:55:795 3956
19:11:55:795 3956 Results:
19:11:55:795 3956 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:55:795 3956 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:55:795 3956 File objects infected / cured / cured on reboot: 0 / 0 / 0
19:11:55:811 3956
19:11:55:811 3956 UnloadDriverW: NtUnloadDriver error 1
19:11:55:811 3956 KLMD_Unload: UnloadDriverW(klmd21) error 1
19:11:55:811 3956 KLMD(ARK) unloaded successfully


Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » March 2nd, 2010, 2:16 pm

Hi Terri :)

Looking better - You've done well! I think we're just about done.

How are things running, any further issues?


The OTM log isn't complete. Navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste all of the contents of that document back here in your next post.


Then give me one last (hopefully!) updated MBAM scan.


Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » March 2nd, 2010, 3:54 pm

There were two recent OTM logs, each 4 minutes apart. I am posting them both below.

All processes killed
========== PROCESSES ==========
No active process named SafeShare.exe was found!
========== FILES ==========
c:\documents and settings\hp_administrator\ÿÿÿÿ] moved successfully.
c:\documents and settings\hp_administrator\hû moved successfully.
c:\documents and settings\hp_administrator\} moved successfully.
C:\Program Files\Safe-Share\vlcplugins folder moved successfully.
C:\Program Files\Safe-Share\SharedFolder folder moved successfully.
C:\Program Files\Safe-Share\giFT\plugins folder moved successfully.
C:\Program Files\Safe-Share\giFT\incoming\corrupted folder moved successfully.
C:\Program Files\Safe-Share\giFT\incoming folder moved successfully.
C:\Program Files\Safe-Share\giFT\data folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf\Gnutella folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf\FastTrack folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf\Ares folder moved successfully.
C:\Program Files\Safe-Share\giFT\conf folder moved successfully.
C:\Program Files\Safe-Share\giFT folder moved successfully.
C:\Program Files\Safe-Share folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Ebay to be listed

User: HP_Administrator
->Temp folder emptied: 562469 bytes
->Temporary Internet Files folder emptied: 5780477 bytes
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: My Music_11_05

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8704517 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24191452 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 38.00 mb


OTM by OldTimer - Version 3.1.9.0 log created on 02272010_095756

Files moved on Reboot...
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FWG67V5Y\3ndwd7sk[1].css not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\BUKEO5VL\connect[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1HN1KOHJ\top_sexiest_beaches[1].htm not found!
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1HN1KOHJ\youtube_com[1].htm not found!

Registry entries deleted on Reboot...


Second otm log:


Files moved on Reboot...
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1A31.tmp not found!
File C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF1A3E.tmp not found!
C:\Documents and Settings\HP_Administrator\Local Settings\Temp\~DF4321.tmp moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8VSKJPDF\viewtopic[1].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8VSKJPDF\viewtopic[2].htm moved successfully.
C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...


MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3815
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

3/2/2010 1:47:02 PM
mbam-log-2010-03-02 (13-47-02).txt

Scan type: Quick Scan
Objects scanned: 141204
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\HP_Administrator\Desktop\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


My computer is running much better now. The only odd thing that happens is that the entire screen flashes on and off when the computer is first started. You can see the desktop loading, then everything disappears and then it immediately all comes back. It might not be anything, but a Windows thing.

I'm just thrilled that I can run more than one application per boot and I can get to any website I want, such as this one, without the virus taking over and blocking it.

Thanks,
Terri
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » March 2nd, 2010, 5:33 pm

Hi Terri

OTM by OldTimer

  • Double-click OTM.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

You can also delete MBR.exe, TDSSKilller.exe and TDSSReport.txt



Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are.



General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

  • Clear Infected System Restore Points
    • Turn System Restore off
    • On the Desktop, right click on the My Computer icon.
    • Click Properties.
    • Click the System Restore tab.
    • Check Turn off System Restore.
    • Click Apply, and then click OK.
      Restart your computer

      • Turn System Restore on
      • On the Desktop, right click on the My Computer icon.
      • Click Properties.
      • Click the System Restore tab.
      • Uncheck Turn off System Restore on all drives.
      • Click Apply
      • Click each drive in turn where system restore is not required and click Settings
        Note: System restore is only needed on drives with an operating system installed
      • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
      Note: only do this once, and not on a regular basis

    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
      Uninstall Tools for Major Antivirus Products
    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    • Make Internet Explorer More Secure
      Internet Explorer 8 <<< Recommended Version
      For older versions please read and follow the recommendations at this site
      Internet Explorer7
      Internet Explorer6


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Malwarebytes' Anti-Malware
      As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. (TIP: Cleaning out temp files can reduce scanning times.)
      Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Need help, please

Unread postby TerriReb » March 2nd, 2010, 8:36 pm

MalBoy,

You are my hero!!! I can't believe you saved my kids' computer. We were ready to wipe it clean and start over. I would have lost a ton of information and photos.

I am going to follow your advice for keeping the computer clean.

Thanks again! You are a life-saver.

Terri

:cheers:
TerriReb
Regular Member
 
Posts: 58
Joined: October 21st, 2008, 1:51 pm

Re: Need help, please

Unread postby melboy » March 3rd, 2010, 12:55 pm

You're most welcome, Terri. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 124 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware