Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Security Tool virus


  • This topic is locked This topic is locked
30 replies to this topic

#1 swebb32_99

swebb32_99

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 04 November 2009 - 05:37 AM

System Info:
XP Home Edition V.2002
SP3
AMD Athlon 64 Processor 3200+
2.00 GHz
960 MB Ram

Previous A/V software:
virus Scan (by Comcast i think)
McAfee (not sure if it was actually installed)
Norton (not sure if it was actually installed)

Currently:
AVG 9.0
Comodo Firewall
SAS

AVG continues to show C:/windows/system32/vuranune.dll (i think this is the path) as being infected. if i try to delete or move to the vault, I'm prompted to do a forced removal, which reboots the pc.
SAS and AVG continue to try to access gobadezeb and install a global hook, dotipiwu.dll

I tried using the instructions from http://www.bleepingcomputer.com/virus-remo...e-security-tool, but that didn't work either.

Not sure if it helps, but I have uninstalled Crawler Toolbar, Viewpoint Manager, and some Smiley program (don't remember the name). Also the system restore feature is on.

Thanks for your help.

Here is my DDS log along with the Attach.txt and RootRepeal (Ark.txt).
***********

DDS (Ver_09-10-26.01) - NTFSx86
Run by 1 at 4:47:15.87 on Wed 11/04/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.704 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\1\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=pavilion&pf=desktop&parm1=seconduser
uInternet Connection Wizard,ShellNext = hxxp://lufizha.cn/?wm=7036700052
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80126
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mWinlogon: SFCDisable=4 (0x4)
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: : {11bf46c6-b3de-48bd-bf70-3ad85cab80b5} - c:\progra~1\sitera~1\SiteRank.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
EB: Internet Speed Monitor: {1bac9a2a-4755-43c3-a430-d3512c5b8a4e} - c:\program files\qdrdrive\QDRDRIVE8.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LXCGCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCGtime.dll,_RunDLLEntry@16
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [welikenad] Rundll32.exe "c:\windows\system32\dotipiwu.dll",a
dRun: [CSmileys] "c:\progra~1\crawler\smileys\CSmileysIM.exe"
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B2} - {C9CCBB35-D123-4a31-AFFC-9B2933132116} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {C5428486-50A0-4a02-9D20-520B59A9F9B3} - {A16AD1E9-F69A-45af-9462-B1C286708842} - c:\program files\shoppingreport\bin\2.5.0\ShoppingReport.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/html - {07851C6A-1C43-41d9-8319-BC89154A8C00} -
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: ssqnljg - ssqnljg.dll
Notify: WRNotifier - WRLogonNTF.dll
Notify: __c00F7 - c:\windows\system32\__c00F7.dat
AppInit_DLLs: lipewedi.dll c:\windows\system32\vuranune.dll c:\windows\system32\guard32.dll c:\windows\system32\dotipiwu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: gobadezeb - {d79991ff-a91b-48f7-895a-70f988f42321} - c:\windows\system32\dotipiwu.dll
STS: jugezatag: {d79991ff-a91b-48f7-895a-70f988f42321} - c:\windows\system32\dotipiwu.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\EFCBSQIA.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, msansspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\geBqQIBU
LSA: Notification Packages = scecli lipemeye.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\1\applic~1\mozilla\firefox\profiles\agxsaypf.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\siteranker\firefox\components\siterank.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 SSI;SSI;c:\windows\system32\drivers\ssi.sys [2005-11-26 78336]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-6-17 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-1 360584]
R1 CloneCD;CloneCD I/O Driver;c:\windows\system32\drivers\CloneCD.sys [2006-5-13 4840]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-3 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-3 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-2 285392]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

=============== Created Last 30 ================


==================== Find3M ====================

2009-11-02 23:56:13 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-02 23:56:07 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-22 15:34:24 37888 --sha-w- c:\windows\system32\beluteyu.dll
2009-07-20 03:32:41 39424 --sha-w- c:\windows\system32\bevukeyo.dll
2009-07-14 00:57:10 1011606 --sha-w- c:\windows\system32\biyedepu.exe
2009-07-20 15:33:13 89600 --sha-w- c:\windows\system32\buwuwati.dll
2009-07-13 00:55:59 38400 --sha-w- c:\windows\system32\denekilo.dll
2009-07-12 00:55:24 1011439 --sha-w- c:\windows\system32\derinade.exe
2009-07-16 00:57:58 1112459 --sha-w- c:\windows\system32\dipakule.exe
2009-07-15 12:57:48 1117124 --sha-w- c:\windows\system32\domohodu.exe
2009-08-04 01:44:53 90112 --sha-w- c:\windows\system32\dotipiwu.dll
2009-08-03 02:11:05 3 --sha-w- c:\windows\system32\dukareyo.dll
2009-07-18 06:55:01 1116720 --sha-w- c:\windows\system32\fetijonu.exe
2009-07-24 15:35:43 38912 --sha-w- c:\windows\system32\fewapeve.dll
2009-07-12 00:55:26 88576 --sha-w- c:\windows\system32\fijiveni.dll
2009-07-14 00:57:10 1050147 --sha-w- c:\windows\system32\fogiguzu.exe
2009-07-25 15:36:19 1011753 --sha-w- c:\windows\system32\fozusayo.exe
2009-07-13 12:56:08 38400 --sha-w- c:\windows\system32\gobijadi.dll
2009-07-20 03:32:41 1011245 --sha-w- c:\windows\system32\govezamu.exe
2009-07-18 06:55:01 38400 --sha-w- c:\windows\system32\gozomose.dll
2009-07-14 12:57:21 1113885 --sha-w- c:\windows\system32\gutenadu.exe
2009-07-24 03:35:39 38400 --sha-w- c:\windows\system32\hoherito.dll
2009-07-12 12:55:20 81408 --sha-w- c:\windows\system32\huvehibi.dll
2009-07-24 03:35:39 1011753 --sha-w- c:\windows\system32\jaduyomo.exe
2009-07-14 00:57:10 37888 --sha-w- c:\windows\system32\jajulaze.dll
2009-07-15 12:57:48 38912 --sha-w- c:\windows\system32\jakegetu.dll
2007-12-22 19:24:45 528669 --sha-w- c:\windows\system32\jlkkj.ini2
2009-07-13 12:56:09 1050147 --sha-w- c:\windows\system32\juguteto.exe
2009-07-20 15:33:13 1011600 --sha-w- c:\windows\system32\kewuyomo.exe
2009-07-20 15:33:13 38400 --sha-w- c:\windows\system32\keyisori.dll
2009-07-29 00:55:36 37888 --sha-w- c:\windows\system32\kijudawi.dll
2009-07-16 00:57:58 38912 --sha-w- c:\windows\system32\kirasahi.dll
2009-07-25 03:35:56 37888 --sha-w- c:\windows\system32\kofirawa.dll
2009-07-25 15:36:19 38400 --sha-w- c:\windows\system32\latavija.dll
2009-07-28 00:55:22 51712 --sha-w- c:\windows\system32\lipemeye.dll
2009-07-21 03:33:32 1011214 --sha-w- c:\windows\system32\loluwuke.exe
2009-07-24 15:35:43 1011747 --sha-w- c:\windows\system32\lusepedu.exe
2009-07-21 15:33:44 38400 --sha-w- c:\windows\system32\makijiza.dll
2009-07-19 03:34:33 1010918 --sha-w- c:\windows\system32\mayotomo.exe
2009-07-16 12:58:03 1111915 --sha-w- c:\windows\system32\milokira.exe
2009-07-12 12:55:13 51200 --sha-w- c:\windows\system32\misoselo.dll
2009-07-23 15:34:36 38400 --sha-w- c:\windows\system32\mohotisa.dll
2009-07-23 15:34:36 1011747 --sha-w- c:\windows\system32\nakezomo.exe
2009-07-12 00:55:24 69120 --sha-w- c:\windows\system32\nutowuko.dll
2009-07-28 12:55:35 37888 --sha-w- c:\windows\system32\pawehuhe.dll
2009-07-19 15:32:38 39424 --sha-w- c:\windows\system32\pawovuda.dll
2009-07-30 02:05:08 38400 --sha-w- c:\windows\system32\penonoge.dll
2009-07-22 15:34:24 90112 --sha-w- c:\windows\system32\piwavome.dll
2009-07-20 03:32:41 89600 --sha-w- c:\windows\system32\regoyivu.dll
2009-07-28 00:54:49 51712 --sha-w- c:\windows\system32\rimuwuka.dll
2009-07-23 03:34:32 1011605 --sha-w- c:\windows\system32\rozuroke.exe
2009-07-22 03:34:08 1011365 --sha-w- c:\windows\system32\rumimode.exe
2009-07-22 03:34:07 38400 --sha-w- c:\windows\system32\samanene.dll
2009-08-04 01:44:53 38912 --sha-w- c:\windows\system32\sayawoha.dll
2009-07-17 00:58:19 38400 --sha-w- c:\windows\system32\siremase.dll
2009-07-14 12:57:21 51712 --sha-w- c:\windows\system32\sivagami.dll
2009-07-24 03:35:39 84992 --sha-w- c:\windows\system32\sodepoyu.dll
2009-07-17 18:55:01 1081890 --sha-w- c:\windows\system32\sofapohe.exe
2009-07-15 00:57:51 38912 --sha-w- c:\windows\system32\sohafafe.dll
2009-07-25 03:35:56 1011751 --sha-w- c:\windows\system32\sunimuju.exe
2009-07-17 00:58:19 1111915 --sha-w- c:\windows\system32\temekatu.exe
2009-07-19 15:32:38 88576 --sha-w- c:\windows\system32\tizomahu.dll
2009-02-07 01:01:25 346674 --sha-w- c:\windows\system32\UBIQqBeg.ini2
2009-07-14 12:57:21 37376 --sha-w- c:\windows\system32\vahoremo.dll
2009-07-23 03:34:32 37888 --sha-w- c:\windows\system32\vahugosu.dll
2009-07-28 00:54:50 37888 --sha-w- c:\windows\system32\venumeho.dll
2009-07-30 02:05:09 1055264 --sha-w- c:\windows\system32\vimopihu.exe
2009-07-21 03:33:32 38400 --sha-w- c:\windows\system32\vogavibo.dll
2009-07-19 03:34:33 38400 --sha-w- c:\windows\system32\wahewuvu.dll
2009-07-17 18:55:01 38400 --sha-w- c:\windows\system32\wibovaha.dll
2009-08-03 02:11:05 3 --sha-w- c:\windows\system32\wisegava.dll
2009-07-21 03:33:32 90112 --sha-w- c:\windows\system32\wosozile.dll
2009-07-28 12:55:38 1011848 --sha-w- c:\windows\system32\yohahuli.exe
2009-07-16 12:58:03 38400 --sha-w- c:\windows\system32\yojapuye.dll
2009-07-14 12:57:21 1050147 --sha-w- c:\windows\system32\yolufeta.exe
2009-07-28 00:55:22 51712 --sha-w- c:\windows\system32\zakanilu.dll
2009-07-15 00:57:51 89088 --sha-w- c:\windows\system32\zapekoge.dll
2009-07-21 15:33:43 51200 --sha-w- c:\windows\system32\zavegasa.dll

============= FINISH: 4:48:23.15 ===============


Thanks for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:34 AM

Posted 07 November 2009 - 10:13 PM

Hello swebb32_99,

I tried using the instructions from http://www.bleepingcomputer.com/virus-remo...e-security-tool, but that didn't work either


Is this your computer or a customers computer?

Did RKill run OK?

Is MBAM not installing?
Or is MBAM not running?

Edited by SifuMike, 07 November 2009 - 10:24 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 07 November 2009 - 10:25 PM

I was finally able to run ComboFix and it cleared up a lot of things. I was then able to run SAS and AVG. I'm still getting hits on vuranune.dll and when I try using AVG to remove, I have to do a force removal, which makes the pc restart.

RKill, I was able to get it to run and it created a pev.exe file. Can't remember what else was supposed to happen, but I still couldn't get MBAM installed. I started getting a vbalgrid6.ocx error message. I tried using the work around from MBAM's site, but it still didn't work.

#4 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:34 AM

Posted 07 November 2009 - 11:28 PM

Hi,

I was finally able to run ComboFix


You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.

but I still couldn't get MBAM installed

If MBAM will not install, please rename the installer mbam-setup.exe. Example: newtool2.exe
Proceed installing the renamed installer of MBAM.
If it installs, update, run it and Post the MBAM log
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Select Files and Folders created in last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).
    info.txt can also be found at c:\RSIT\info.txt

Edited by SifuMike, 08 November 2009 - 12:41 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 08 November 2009 - 09:50 AM

Thanks for the update. Here are the logs.

Logfile of random's system information tool 1.06 (written by random/random)
Run by HP_Owner at 2009-11-08 09:47:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 20 GB (11%) free of 183 GB
Total RAM: 958 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:47:38 AM, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...d&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00FE0D69.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00FE0D69.exe
O4 - HKCU\..\Run: [A00F2106856.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F2106856.exe
O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O24 - Desktop Component 0: (no name) - http://owa2.loma.org/exchange/du/Drafts/RE...49.JPG?attach=1

--
End of file - 10131 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2005-09-23 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2009-08-10 311808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-11-02 1471768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
C:\PROGRA~1\INBOXT~1\Inbox.dll [2009-08-04 576000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2009-08-04 576000]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll [2009-10-16 1119488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 []
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2009-11-02 2010904]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-11-03 1799952]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"A00FE0D69.exe"=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00FE0D69.exe []
"A00F2106856.exe"=C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F2106856.exe []
"CSmileys"=C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\33745729]
C:\DOCUME~1\ALLUSE~1\APPLIC~1\33745729\33745729.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\47950429]
C:\DOCUME~1\ALLUSE~1\APPLIC~1\47950429\47950429.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\87572332]
C:\DOCUME~1\ALLUSE~1\APPLIC~1\87572332\87572332.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSmileys]
C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe [2008-04-24 202560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-08-01 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
C:\Program Files\Google\Google Talk\googletalk.exe [2006-01-11 1875968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1133048828\ee\AOLSoftware.exe [2005-11-02 50792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe [2005-05-12 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [2005-06-02 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2005-05-10 253952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcgmon.exe]
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-07-21 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe /StartedFromRunKey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2005-10-12 7086080]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2005-09-19 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteRanker]
C:\Program Files\SiteRanker\SiteRankTray.exe [2009-08-10 273920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\WINDOWS\sm56hlpr.exe [2005-01-24 544768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005-09-19 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\welikenad]
c:\windows\system32\vuranune.dll,a []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]
C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2005-05-12 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
C:\PROGRA~1\UPDATE~1\9972322\Program\UPDATE~1.EXE [2005-09-19 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^HP Organize.lnk]
C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\DISPLA~1.EXE [2005-05-02 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-06-08 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-11-02 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
C:\WINDOWS\system32\WRLogonNTF.dll [2006-01-25 492544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\svcWRSSSDK]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1133048828\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1133048828\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1133048828\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1133048828\ee\aim6.exe:*:Enabled:AIM"
"C:\WINDOWS\system32\lxcgcoms.exe"="C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series Server"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcgpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxcgpswx.exe:*:Enabled:2300 Series Printer Status"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing"
"C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe"="C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe:*:Enabled:LabVIEW 8.0 Development System"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"C:\WINDOWS\system32\lktsrv.exe"="C:\WINDOWS\system32\lktsrv.exe:*:Enabled:lktsrv"
"C:\WINDOWS\system32\lkcitdl.exe"="C:\WINDOWS\system32\lkcitdl.exe:*:Enabled:lkcitdl"
"C:\Program Files\National Instruments\MAX\nimxs.exe"="C:\Program Files\National Instruments\MAX\nimxs.exe:*:Enabled:nimxs"
"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"="C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE:*:Enabled:MDM"
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Enabled:realsched"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-11-08 09:47:24 ----D---- C:\rsit
2009-11-08 09:29:05 ----D---- C:\WINDOWS\LastGood
2009-11-05 18:38:37 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$
2009-11-05 05:44:40 ----A---- C:\WINDOWS\system32\MRT.exe
2009-11-05 05:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-11-05 03:36:49 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2009-11-05 01:16:33 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-11-05 01:16:22 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-11-05 01:15:33 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$
2009-11-05 01:14:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-11-05 01:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-11-05 01:08:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-11-05 01:07:29 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-11-05 01:07:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-11-05 01:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-11-05 01:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-11-05 01:06:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-11-05 01:04:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-11-05 01:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-11-05 01:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-11-05 01:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-11-05 01:03:16 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-11-05 01:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-11-05 01:02:57 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-11-05 01:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-11-05 01:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-11-05 01:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-11-05 01:02:10 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-11-05 01:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-11-05 01:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-11-05 00:55:44 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-11-05 00:55:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-11-05 00:54:56 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-11-05 00:54:46 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-11-05 00:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-11-05 00:54:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-11-05 00:53:27 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-11-05 00:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-11-05 00:53:11 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-11-05 00:53:03 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-11-05 00:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-11-04 19:19:41 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-11-04 17:37:15 ----D---- C:\WINDOWS\ERDNT
2009-11-03 20:41:06 ----A---- C:\WINDOWS\system32\javaws.exe
2009-11-03 20:41:06 ----A---- C:\WINDOWS\system32\javaw.exe
2009-11-03 20:41:06 ----A---- C:\WINDOWS\system32\java.exe
2009-11-03 20:22:21 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-11-03 20:22:16 ----A---- C:\WINDOWS\system32\guard32.dll
2009-11-03 20:22:10 ----D---- C:\Program Files\COMODO
2009-11-03 01:47:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-03 01:47:21 ----D---- C:\Program Files\SUPERAntiSpyware
2009-11-02 23:12:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-11-02 22:38:22 ----D---- C:\Config.Msi
2009-11-02 21:03:53 ----D---- C:\Program Files\Trend Micro
2009-11-02 21:02:26 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-11-02 18:56:32 ----D---- C:\$AVG
2009-11-02 18:56:05 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-11-02 18:55:29 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2009-11-02 18:54:52 ----D---- C:\WINDOWS\SxsCaPendDel
2009-11-01 16:22:00 ----D---- C:\Program Files\MMa
2009-11-01 15:40:03 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-11-01 15:24:03 ----HD---- C:\WINDOWS\PIF
2009-11-01 06:49:16 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-31 03:02:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-10-31 02:55:10 ----D---- C:\WINDOWS\ccleaner
2009-10-28 07:56:10 ----D---- C:\Documents and Settings\All Users\Application Data\33745729
2009-10-19 22:32:45 ----D---- C:\Documents and Settings\All Users\Application Data\87572332
2009-10-11 19:55:39 ----D---- C:\Documents and Settings\All Users\Application Data\47950429
2009-08-25 14:50:23 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SiteRanker
2009-08-25 14:49:38 ----D---- C:\Program Files\SiteRanker
2009-08-25 14:48:53 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Inbox Toolbar
2009-08-25 14:48:51 ----D---- C:\Program Files\Inbox Toolbar
2009-08-22 11:16:56 ----A---- C:\WINDOWS\NetwkCfg.txt

======List of files/folders modified in the last 3 months======

2009-11-08 09:47:37 ----D---- C:\WINDOWS\Prefetch
2009-11-08 09:43:32 ----D---- C:\Program Files\Mozilla Firefox
2009-11-08 09:33:46 ----D---- C:\WINDOWS\Temp
2009-11-08 09:29:07 ----D---- C:\WINDOWS\system32
2009-11-08 09:29:05 ----HD---- C:\WINDOWS\inf
2009-11-08 09:29:05 ----D---- C:\WINDOWS
2009-11-08 09:27:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-11-05 19:44:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-11-05 18:38:55 ----SHD---- C:\WINDOWS\Installer
2009-11-05 18:38:42 ----D---- C:\WINDOWS\system32\dllcache
2009-11-05 18:34:33 ----SHD---- C:\RECYCLER
2009-11-05 18:34:33 ----D---- C:\Documents and Settings
2009-11-05 17:58:55 ----D---- C:\WINDOWS\system32\drivers
2009-11-05 17:00:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-11-05 16:59:02 ----D---- C:\WINDOWS\Help
2009-11-05 05:44:35 ----A---- C:\WINDOWS\imsins.BAK
2009-11-05 05:44:21 ----D---- C:\Program Files\Outlook Express
2009-11-05 05:41:49 ----SHD---- C:\System Volume Information
2009-11-05 05:41:49 ----D---- C:\WINDOWS\system32\Restore
2009-11-05 03:31:50 ----D---- C:\WINDOWS\SoftwareDistribution
2009-11-05 03:30:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-11-05 03:06:31 ----D---- C:\WINDOWS\system32\wbem
2009-11-05 03:06:31 ----D---- C:\Program Files\Microsoft Silverlight
2009-11-05 03:06:29 ----D---- C:\WINDOWS\AppPatch
2009-11-05 01:14:57 ----D---- C:\WINDOWS\WinSxS
2009-11-05 01:05:47 ----A---- C:\WINDOWS\win.ini
2009-11-04 18:35:06 ----A---- C:\WINDOWS\system.ini
2009-11-04 18:31:09 ----D---- C:\Program Files\Common Files
2009-11-04 17:49:11 ----D---- C:\WINDOWS\system32\config
2009-11-04 17:48:14 ----D---- C:\Program Files
2009-11-03 21:42:12 ----A---- C:\WINDOWS\ntbtlog.txt
2009-11-03 20:41:03 ----D---- C:\Program Files\Java
2009-11-03 20:38:09 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-11-02 23:17:57 ----D---- C:\Program Files\Winamp
2009-11-02 22:39:51 ----D---- C:\Program Files\Common Files\Network Associates
2009-11-02 20:20:13 ----RASH---- C:\boot.ini
2009-11-02 20:03:39 ----D---- C:\Program Files\Internet Explorer
2009-11-02 18:56:31 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-11-02 18:56:07 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-11-02 18:55:30 ----D---- C:\Program Files\AVG
2009-11-02 18:55:05 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-11-01 16:38:26 ----A---- C:\WINDOWS\OEWABLog.txt
2009-10-27 20:18:44 ----D---- C:\Program Files\Lx_cats
2009-10-19 18:53:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-10-14 19:08:56 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-09-25 00:37:11 ----A---- C:\WINDOWS\system32\wininet.dll
2009-09-25 00:37:11 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-09-25 00:37:10 ----A---- C:\WINDOWS\system32\shdocvw.dll
2009-09-25 00:37:09 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-09-11 09:18:39 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-09-04 16:03:36 ----A---- C:\WINDOWS\system32\msasn1.dll
2009-09-02 21:58:13 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Winamp
2009-08-26 03:00:21 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-08-13 10:16:05 ----A---- C:\WINDOWS\system32\jscript.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 AvgLdx86;AVG AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-11-02 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-11-02 28424]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-11-02 360584]
R1 CloneCD;CloneCD I/O Driver; C:\WINDOWS\system32\drivers\CloneCD.sys [2000-08-25 4840]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-11-03 132296]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-11-03 25160]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 cvintdrv;cvintdrv; C:\WINDOWS\system32\drivers\cvintdrv.sys [2005-06-10 7140]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-20 2317696]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-06-08 1235968]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2005-07-04 26624]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-04 74496]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-01-25 923863]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 catchme;catchme; \??\C:\DOCUME~1\1\LOCALS~1\Temp\catchme.sys []
S3 EntDrv51;EntDrv51; \??\C:\WINDOWS\system32\drivers\EntDrv51.sys []
S3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-06-08 376832]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-11-02 285392]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-11-03 723632]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-25 53248]
R2 LkCitadelServer;Lookout Citadel Server; C:\WINDOWS\system32\lkcitdl.exe [2005-08-25 688190]
R2 lkClassAds;National Instruments PSP Server Locator; C:\WINDOWS\system32\lkads.exe [2005-10-11 45056]
R2 lkTimeSync;National Instruments Time Synchronization; C:\WINDOWS\system32\lktsrv.exe [2005-10-11 53248]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 mxssvr;NI Configuration Manager; C:\Program Files\National Instruments\MAX\nimxs.exe [2005-10-03 5728]
R2 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2005-10-11 204800]
R2 niSvcLoc;NI Service Locator; C:\WINDOWS\system32\nisvcloc.exe [2005-10-10 49152]
R2 NITaggerService;National Instruments Variable Engine; C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe [2005-10-11 667648]
R2 sprtsvc_ddoctorv2;SupportSoft Sprocket Service (ddoctorv2); C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe [2008-04-24 202560]
R2 svcWRSSSDK;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe [2006-01-25 2161152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2005-11-26 74360]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2005-05-05 327680]
S3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
S3 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2005-09-02 913408]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-11-08 09:47:43

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AutoCAD 2005 - English-->MsiExec.exe /I{5783F2D7-0301-0409-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Barnyard Invasion from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5253F22E-D4B6-49B7-9106-28D9C5395F22\Uninstall.exe"
Bejeweled 2 Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7978E9A8-5A11-4406-BA8F-866E120352DF\Uninstall.exe"
Big Kahuna Reef from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0B99A43B-A792-4003-9295-604BC687B6F6\Uninstall.exe"
Blackhawk Striker 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\58D1A004-6D3C-480A-9E0D-FAA58F3C2A62\Uninstall.exe"
Blasterball 2 from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8C4E79CC-03E1-43AA-9910-9A5113F24603\Uninstall.exe"
Blasterball 2 Holidays from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B41503CB-5FE0-47E0-87C1-47BA8E660BCC\Uninstall.exe"
Boggle Supreme from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5F5B2E2A-5924-4DAB-825A-10BEA50A4DA1\Uninstall.exe"
Bookworm Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\47298745-7194-4142-AFDA-8BE2EDFDF82E\Uninstall.exe"
Bounce Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
CloneCD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Elaborate Bytes\CloneCD\Uninst.isu"
Comcast Desktop Software (v1.2.0.9)-->MsiExec.exe /I{CEF7211D-CE3A-44C4-B321-D84A2099AE94}
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Crystal Maze from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DAE7A92A-BAC7-42FA-AC62-53DEF1DC4292\Uninstall.exe"
Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
Digby's Donuts from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\ED8E7ECA-9D6A-46BA-BF46-D97774AA7117\Uninstall.exe"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
FATE Demo from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\663A22CB-3C2B-4302-9A14-BC5DAFAB2071\Uninstall.exe"
ffdshow [rev 610] [2006-12-01]-->"C:\Program Files\ffdshow\unins000.exe"
Flip Words from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\46CD7AAB-D3C9-41DB-8AEC-5BD24169B0E1\Uninstall.exe"
Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe"
Google SketchUp-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E1423608-F529-40A1-93CA-C7F396F30DF0}\setup.exe" -l0x9
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3-->C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 5.3-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software-->C:\HP\KBD\KBD.EXE uninstalled
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart 330,380,420,470,7800,8000,8200 Series-->C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP Photosmart Cameras 5.0-->C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Inbox Toolbar-->"C:\Program Files\Inbox Toolbar\unins000.exe"
Insaniquarium Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\010D7E30-8019-4477-AE7C-BFBBDE570CB9\Uninstall.exe"
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{523E6F2A-2D59-4D91-90E8-6C49931C9F50}
Java™ 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
Jewel Quest from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1E728F26-D920-45F1-9E97-4A5690B07A7F\Uninstall.exe"
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lexmark 2300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcgUNST.EXE -NOLICENSE
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe
LimeWire 4.10.0-->"C:\Program Files\LimeWire\uninstall.exe"
Mah Jong Quest from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3295A049-B970-4CC5-847C-7ABF14B9F8F1\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MATLAB 6.5-->C:\MATLAB6p5\uninstall\uninstall.exe C:\MATLAB6p5
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Motorola SM56 Speakerphone Modem-->C:\WINDOWS\Motorola\SMSERIAL\sm56unst.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{CEB3A11A-03EA-11DA-BFBD-00065BBDC0B5}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C3D719A-92C7-4323-89CC-C937D0267B84}\setup.exe" -l0x9
National Instruments Software-->"C:\Program Files\National Instruments\Shared\NIUninstaller\uninst.exe"
NI EULA Depot-->MsiExec.exe /I{60FC2242-9CF5-4264-B02A-A4A86447F560}
NI MDF Support-->MsiExec.exe /I{28C59BDD-55F3-4454-BF17-37AC537F894B}
Office 2003 Tour-->MsiExec.exe /I{BE9FEFBA-F2F8-468B-A108-4356F73A3E9C}
PC-Doctor 5 for Windows-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{AB61A692-5543-4C48-979B-8CEA1C52FE9C} /l1033
Pdf995-->c:\pdf995\setup.exe uninstall
PdfEdit995-->c:\pdf995\res\utilities\thinsetup.exe - uninstall
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
Polar Bowler from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\36317AE4-57EC-4F3E-B828-009A3DD96BE8\Uninstall.exe"
Polar Golfer from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B2D3332F-EA2D-42B3-8E4A-F74D052BCBC1\Uninstall.exe"
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
Puzzle Express from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BA910432-2C22-4BB8-9D13-46170F52C5AC\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2005-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Ricochet Lost Worlds from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\27C7083E-4ECB-4C88-ACC1-0EDA88C00257\Uninstall.exe"
SCRABBLE Blast from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\95A4B97A-C363-41DD-B907-BD4AB9E4FF16\Uninstall.exe"
SCRABBLE from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D3203C96-6C76-43D6-A3D0-5DD6A0732E83\Uninstall.exe"
SCRABBLE Rack Attack from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\6E4D87E1-83A3-4029-A9E4-2F360442E1FC\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Shrek 2 Ogre Bowler from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\703E3900-69DA-47C9-9768-C6514098F149\Uninstall.exe"
Signature995-->c:\pdf995\res\utilities\Signature995\thinsetup.exe - uninstall
SiteRanker-->"C:\Program Files\SiteRanker\unins000.exe"
Slingo Deluxe from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C1241092-7183-480A-A289-B5920C7C56D0\Uninstall.exe"
Slyder from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C2C3C2DB-7D8A-4E20-B527-E3149FAECC3A\Uninstall.exe"
Solid Edge V15-->MsiExec.exe /I{9206FBA5-41FB-4DE1-A144-FEC9FAF34B43}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe" -l0x9 /removeonly UNINSTALL -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3F34F72F-9BB0-4B73-8312-558953ACF56F\Uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Swarm from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A9C7B4D4-A866-4696-B115-77B65D0A641A\Uninstall.exe"
Tradewinds from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F5215F01-DFC0-475D-A910-6F1AF94E807E\Uninstall.exe"
Trillian-->C:\Program Files\Trillian\trillian.exe /uninstall
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Updates from HP (remove only)-->C:\WINDOWS\HPCPCUninstall-9972322\HPBWSetup.exe -appid 9972322 -uninstall
Winamp Remote-->"C:\Program Files\Winamp Remote\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) [2009-11-02]
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-11-02]
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) [2009-11-02]
O2 - BHO: (no name) - {A65DA2F1-A2C5-45A1-ABFE-01B8D8FC6BEB} - C:\WINDOWS\system32\geBqQIBU.dll (file missing) [2009-11-02]
O2 - BHO: (no name) - {776BBAA0-78A9-490A-AA10-01BEBC5F2563} - C:\WINDOWS\system32\auth.dll (file missing) [2009-11-02]
O2 - BHO: BndShell3 BHO Class - {875A1348-7674-42aa-ADAC-B4F36A004A2D} - C:\Program Files\QdrDrive\QdrDrive8.dll (file missing) [2009-11-02]
O2 - BHO: {c8b7ede4-926f-cbda-d134-7a72557b10d6} - {6d01b755-27a7-431d-adbc-f6294ede7b8c} - C:\WINDOWS\system32\goyisj.dll (file missing) [2009-11-02]
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-11-02]
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) [2009-11-02]
O2 - BHO: (no name) - {3D29C09B-187A-4F0B-82E2-C9539506CEE9} - C:\WINDOWS\system32\jkklj.dll (file missing) [2009-11-02]
O2 - BHO: (no name) - {76457db2-840b-4141-bb42-673e0c85deb9} - C:\WINDOWS\system32\sddupkuu.dll (file missing) [2009-11-02]
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) [2009-11-02]
O21 - SSODL: dihaliyuy - {1cc4e502-a362-41aa-baa3-7d4179ce12fd} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: yebawijin - {64fb9575-e4d2-43ee-88aa-e8354768592e} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: hiholozoh - {168001d0-768e-45f0-9c39-f0f8f4047f71} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-11-02]
O21 - SSODL: povoguzuf - {68f23d8b-8315-4e22-a9ee-efef3bc95f49} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: fokabatuz - {c276d68d-5bf3-4d89-8401-1ee6ab24b00f} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: kiyefefem - {b5bbe17d-e912-4ce5-82d9-6f6a8ddde873} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: guruvozab - {9686f825-b51b-48fc-ab29-ee67974510c2} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: firufudit - {02f9bdbf-8b30-4b3b-a35b-187b3028c4eb} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: kisugevek - {001dac8a-15e4-4bb9-92a0-068c61cc64b7} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: maziyupaz - {635d28d0-632e-485c-a019-94833388e94c} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: dimuyizop - {9e8adf34-400a-41e9-8537-4420f44af5cb} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: tilitedeh - {fd3b17a2-d961-450e-909b-397ffb0f5fef} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: yesohijef - {0da39641-9684-4ca7-8169-eeebd8743a73} - c:\windows\system32\vebuketi.dll (file missing) [2009-11-02]
O21 - SSODL: lumimajis - {f0bb90e3-368a-4891-82ef-c8be647c4fd6} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O21 - SSODL: javavemim - {0a7972da-1090-4548-bb08-1d422ce6025e} - c:\windows\system32\vebuketi.dll (file missing) [2009-11-02]
O21 - SSODL: dokakalur - {ac7470a2-2d86-4133-8f35-9e2943f40546} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: tijubopib - {931f7c0d-1183-425f-b636-cb5481c2944c} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O21 - SSODL: fupovefuk - {c71dec9a-ad81-44dc-adb0-c5d0e6874593} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: tewigavum - {ca1c573c-8b73-4140-b700-a3b71381d436} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: kovamilit - {5f4770d1-0b36-4826-85ce-fe71bf007a27} - c:\windows\system32\yisabife.dll (file missing) [2009-11-02]
O21 - SSODL: puvazuluv - {189ca6ac-3aab-441d-a8b4-a50b4a9d7af1} - c:\windows\system32\vebuketi.dll (file missing) [2009-11-02]
O21 - SSODL: nadihafeg - {99b7bc1b-0c48-4daf-872c-76d1cf3f5f03} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: lokahosej - {79d860fe-5a5d-43a5-8666-cb87480756fa} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O21 - SSODL: nidugovit - {4bae7752-d3e1-4d98-bc45-d0e2f57cb60b} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: jaguhojor - {e0c89f63-1141-43d4-88fd-649a88a383a8} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: rumikazed - {64589958-b23e-4f94-baad-a7756607737f} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O21 - SSODL: bolevepuz - {d614dae8-b6af-4d81-a015-ddf15d70c9ee} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: zelifesur - {34b4a27d-8629-4326-b311-952dd3486b1c} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: ziparipad - {6b0456de-07cb-4df9-8a4c-e5c090abc73a} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: fufenuwon - {0215cac4-1e66-468b-8544-3ae7f09938d9} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: vajovulig - {bb8ef3a6-dd9f-4f14-8eed-9b4b26820d7d} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: fepefibik - {9f417eff-5631-4987-8222-7c22379e52db} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: zemusiveb - {e5a598c4-8bcf-4e3f-8210-27553d4abe0a} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: nevonobow - {fd3b8511-ef50-4ec6-8446-c7a629077269} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: wuzegalih - {f8b9b19b-ea3f-420f-844e-6cc28c8b1e07} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: muhozipan - {b2b60e70-8d8b-4898-8413-7d127d106c23} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: ganagiwod - {1396f418-b6d5-4c17-8142-d43c56c4d1db} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: tazifowel - {2af5af6d-87c0-4073-9dd3-5a8325c2f1db} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: wineyusap - {735907f7-6a64-4b8b-8b5f-85ad7136e303} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O21 - SSODL: wobewotay - {ec7e74b8-fda7-4c21-94e6-55370127c1f9} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O21 - SSODL: kenafavom - {bf076e7b-2762-4ca4-a867-2d2c635a390c} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {1cc4e502-a362-41aa-baa3-7d4179ce12fd} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {168001d0-768e-45f0-9c39-f0f8f4047f71} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {c276d68d-5bf3-4d89-8401-1ee6ab24b00f} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O21 - SSODL: kozuwusan - {35c5fb9a-3a2b-4384-8248-1e72e7e2cb66} - c:\windows\system32\vuranune.dll [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {68f23d8b-8315-4e22-a9ee-efef3bc95f49} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {02f2290b-137a-47eb-884c-0a1350a6965c} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {fd3b17a2-d961-450e-909b-397ffb0f5fef} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {02f9bdbf-8b30-4b3b-a35b-187b3028c4eb} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {9686f825-b51b-48fc-ab29-ee67974510c2} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {001dac8a-15e4-4bb9-92a0-068c61cc64b7} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {635d28d0-632e-485c-a019-94833388e94c} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {b5bbe17d-e912-4ce5-82d9-6f6a8ddde873} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {dc629c8d-78aa-4b0e-aeb3-6105c6757bc5} - c:\windows\system32\yaponema.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {0da39641-9684-4ca7-8169-eeebd8743a73} - c:\windows\system32\vebuketi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {ca1c573c-8b73-4140-b700-a3b71381d436} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {ecae7871-d76d-41b8-a78a-2df4aea3eb25} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {ac7470a2-2d86-4133-8f35-9e2943f40546} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {0a7972da-1090-4548-bb08-1d422ce6025e} - c:\windows\system32\vebuketi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {931f7c0d-1183-425f-b636-cb5481c2944c} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {f0bb90e3-368a-4891-82ef-c8be647c4fd6} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {99b7bc1b-0c48-4daf-872c-76d1cf3f5f03} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {5f4770d1-0b36-4826-85ce-fe71bf007a27} - c:\windows\system32\yisabife.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {e0c89f63-1141-43d4-88fd-649a88a383a8} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {79d860fe-5a5d-43a5-8666-cb87480756fa} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {64589958-b23e-4f94-baad-a7756607737f} - c:\windows\system32\pegagofo.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {c71dec9a-ad81-44dc-adb0-c5d0e6874593} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {189ca6ac-3aab-441d-a8b4-a50b4a9d7af1} - c:\windows\system32\vebuketi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {6b0456de-07cb-4df9-8a4c-e5c090abc73a} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {4bae7752-d3e1-4d98-bc45-d0e2f57cb60b} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {e5a598c4-8bcf-4e3f-8210-27553d4abe0a} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {9f417eff-5631-4987-8222-7c22379e52db} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {bb8ef3a6-dd9f-4f14-8eed-9b4b26820d7d} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {d614dae8-b6af-4d81-a015-ddf15d70c9ee} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {34b4a27d-8629-4326-b311-952dd3486b1c} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {ec7e74b8-fda7-4c21-94e6-55370127c1f9} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {fd3b8511-ef50-4ec6-8446-c7a629077269} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {0215cac4-1e66-468b-8544-3ae7f09938d9} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {b2b60e70-8d8b-4898-8413-7d127d106c23} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {735907f7-6a64-4b8b-8b5f-85ad7136e303} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: gahurihor - {9e8adf34-400a-41e9-8537-4420f44af5cb} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {1396f418-b6d5-4c17-8142-d43c56c4d1db} - c:\windows\system32\vegozadi.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {bf076e7b-2762-4ca4-a867-2d2c635a390c} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {35c5fb9a-3a2b-4384-8248-1e72e7e2cb66} - c:\windows\system32\vuranune.dll [2009-11-02]
O22 - SharedTaskScheduler: tokatiluy - {2af5af6d-87c0-4073-9dd3-5a8325c2f1db} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: mujuzedij - {64fb9575-e4d2-43ee-88aa-e8354768592e} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe [2009-11-02]
O22 - SharedTaskScheduler: kupuhivus - {f8b9b19b-ea3f-420f-844e-6cc28c8b1e07} - c:\windows\system32\rutuneha.dll (file missing) [2009-11-02]
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) [2009-11-02]
O22 - SharedTaskScheduler: jugezatag - {35c5fb9a-3a2b-4384-8248-1e72e7e2cb66} - c:\windows\system32\vuranune.dll [2009-11-02]
O20 - AppInit_DLLs: c:\windows\system32\turanusu.dll c:\windows\system32\yisabife.dll c:\windows\system32\vegozadi.dll lipewedi.dll c:\windows\system32\vuranune.dll [2009-11-02]
O4 - HKLM\..\Run: [welikenad] Rundll32.exe "c:\windows\system32\vuranune.dll",a [2009-11-02]
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll (file missing) [2009-11-02]

======Security center information======

AV: AVG Anti-Virus Free
FW: COMODO Firewall
FW: Norton Internet Security

======System event log======

Computer Name: HUANDU2
Event Code: 10010
Message: The server {A64D224E-E06A-43D2-A919-8BE108F47305} did not register with DCOM within the required timeout.

Record Number: 99637
Source Name: DCOM
Time Written: 20091101175233.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HUANDU2
Event Code: 10010
Message: The server {A64D224E-E06A-43D2-A919-8BE108F47305} did not register with DCOM within the required timeout.

Record Number: 99636
Source Name: DCOM
Time Written: 20091101175203.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HUANDU2
Event Code: 10010
Message: The server {A64D224E-E06A-43D2-A919-8BE108F47305} did not register with DCOM within the required timeout.

Record Number: 99635
Source Name: DCOM
Time Written: 20091101175133.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HUANDU2
Event Code: 10010
Message: The server {A64D224E-E06A-43D2-A919-8BE108F47305} did not register with DCOM within the required timeout.

Record Number: 99634
Source Name: DCOM
Time Written: 20091101175103.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: HUANDU2
Event Code: 10010
Message: The server {A64D224E-E06A-43D2-A919-8BE108F47305} did not register with DCOM within the required timeout.

Record Number: 99633
Source Name: DCOM
Time Written: 20091101175033.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

=====Application event log=====

Computer Name: HUANDU2
Event Code: 257
Message:
Record Number: 55514
Source Name: Alert Manager Event Interface
Time Written: 20091017140224.000000-240
Event Type: error
User:

Computer Name: HUANDU2
Event Code: 1517
Message: Windows saved user HUANDU2\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 55363
Source Name: Userenv
Time Written: 20091016142518.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HUANDU2
Event Code: 1517
Message: Windows saved user HUANDU2\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 55030
Source Name: Userenv
Time Written: 20091015140317.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: HUANDU2
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 54792
Source Name: Userenv
Time Written: 20091014202504.000000-240
Event Type: warning
User: HUANDU2\HP_Owner

Computer Name: HUANDU2
Event Code: 1517
Message: Windows saved user HUANDU2\HP_Owner registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 54719
Source Name: Userenv
Time Written: 20091014140315.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared;c:\matlab6p5\bin\win32;
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
"EAI_DEVELOPER_ENV"=SE Managed Collab
"P_SCHEMA"=C:\Program Files\Solid Edge V15\etc\UGSchemas
"KMP_DUPLICATE_LIB_OK"=TRUE
"MKL_SERIAL"=YES

-----------------EOF-----------------

thanks for your help.

#6 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 08 November 2009 - 10:04 AM

I should also mention, that there were a lot of programs deactivated in msconfig to get the pc running. I can give you the names of them if they are needed. Is there a way to completely remove the ones that are no longer needed?

thanks again.

Edited by swebb32_99, 08 November 2009 - 10:04 AM.


#7 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:34 AM

Posted 08 November 2009 - 01:46 PM

Did you run MBAM? Where is the MBAM log?



Why have you have been "fixing" things youself with Hijackthis? :(
If you do not have advanced knowledge about computers you should NOT fix entries using HijackThis without consulting an expert on using this program,
If you delete items that it shows, without knowing what they are, it can lead to other problems such as your Internet no longer working or problems with running Windows itself.




I see that you are running msconfig in /auto mode which means that you may have selectively removed some items in the past from the startup procedure.

This can be bad if they are malware, so we would like you to reenable those startup entries by doing the following:

Please click on start, then run, and type msconfig and then press enter. When the window opens click on the startup tab and make sure there are checkmarks in every entry. Then press ok until you are out of the program.
If it asks to reboot, do not reboot. It is not necessary to reboot to get the items to show up in HijackThis.

Now please create a new Hijackthis Log and post it as a reply.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 08 November 2009 - 06:08 PM

I can't install MBAM because of the vbalgrid6.ocx error message during the install. Then it shows Error creating key: HKEY_CLASSES_ROOT\.mbam RegCreateKeyEx failed; code 5. Access is denied

When it completes and I try running the program, I get Run-time error '339': Component 'vbalgrid6.ocx' or one of its dependencies not correctly registered: a file is missing or invalid.

I know that running ComboFix and HJT without assistance is risky, but I looked up each of those line items before I tried running the fix.

Firefox just did an auto update. I hope this doesn't cause any issues.

Here is the new log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:54:43 PM, on 11/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\hjt\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...d&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [welikenad] Rundll32.exe "c:\windows\system32\vuranune.dll",a
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133048828\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKLM\..\Run: [87572332] C:\DOCUME~1\ALLUSE~1\APPLIC~1\87572332\87572332.exe
O4 - HKLM\..\Run: [47950429] C:\DOCUME~1\ALLUSE~1\APPLIC~1\47950429\47950429.exe
O4 - HKLM\..\Run: [33745729] C:\DOCUME~1\ALLUSE~1\APPLIC~1\33745729\33745729.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [A00FE0D69.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00FE0D69.exe
O4 - HKCU\..\Run: [A00F2106856.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F2106856.exe
O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O24 - Desktop Component 0: (no name) - http://owa2.loma.org/exchange/du/Drafts/RE...49.JPG?attach=1

--
End of file - 12923 bytes

thanks.

#9 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:34 AM

Posted 08 November 2009 - 09:05 PM

Hi swebb32_99,

I know that running ComboFix and HJT without assistance is risky, but I looked up each of those line items before I tried running the fix.


Running ComboFix on your own is a quick way of turning your computer into a door stop.




I see you have AVG 9 installed.
Did you disable Comodo Antivirus when you installed COMODO Internet Security?
You should have only ONE antivirus running on this computer. Two antivirus programs running will cause major problems.



Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the each of the following file paths into the "Suspicious files to scan"box on the top of the page:
    • C:\PROGRA~1\INBOXT~1\Inbox.dll
      c:\windows\system32\vuranune.dll
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\87572332\87572332.exe
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\47950429\47950429.exe
      C:\DOCUME~1\ALLUSE~1\APPLIC~1\33745729\33745729.exe
      C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00FE0D69.exe
      C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F2106856.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
  • If Copy to Clipbard does not work, then just copy and paste the output in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Edited by SifuMike, 08 November 2009 - 09:17 PM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#10 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 08 November 2009 - 10:16 PM

Only the Comodo Firewall is installed.

C:\PROGRA~1\INBOXT~1\Inbox.dll - no hits; clean. This is a site that is/was set as his homepage (Inbox.com).
c:\windows\system32\vuranune.dll - couldn't locate file, even after selecting show hidden files and unhiding protected operating system files
C:\DOCUME~1\ALLUSE~1\APPLIC~1\87572332\87572332.exe - couldn't locate file
C:\DOCUME~1\ALLUSE~1\APPLIC~1\47950429\47950429.exe - couldn't locate file
C:\DOCUME~1\ALLUSE~1\APPLIC~1\33745729\33745729.exe - couldn't locate file; The computer started working after I stopped this from running. I had to open Task Mgr and stopped it as soon as it started.
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00FE0D69.exe - couldn't locate file
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F2106856.exe - couldn't locate file

VirSCAN.org Scanned Report :
Scanned time : 2009/11/08 21:41:53 (EST)
Scanner results: Scanners did not find malware!
File Name : Inbox.dll
File Size : 576000 byte
File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi
MD5 : 1a4d4db55446ad4f3bf66c1efc7a77c5
SHA1 : 3b22ffcdec686ee7fd52957d075e4e44c13b6ad9
Online report : http://virscan.org/report/e523effd7c9f8b4f...75e2e1df21.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.5.0.8 20091108053125 2009-11-08 4.29 -
AhnLab V3 2009.11.07.00 2009.11.07 2009-11-07 1.07 -
AntiVir 8.2.1.61 7.1.6.204 2009-11-08 0.07 -
Antiy 2.0.18 20091105.3216324 2009-11-05 0.02 -
Arcavir 2009 200911070243 2009-11-07 0.89 -
Authentium 5.1.1 200911081739 2009-11-08 3.95 -
AVAST! 4.7.4 091108-1 2009-11-08 0.07 -
AVG 8.5.288 270.14.55/2490 2009-11-09 0.35 -
BitDefender 7.81008.4482418 7.28825 2009-11-09 3.90 -
CA (VET) 35.1.0 7107 2009-11-05 6.40 -
ClamAV 0.95.2 10000 2009-11-08 0.10 -
Comodo 3.12 2890 2009-11-08 0.74 -
CP Secure 1.3.0.5 2009.11.09 2009-11-09 0.10 -
Dr.Web 4.44.0.9170 2009.11.08 2009-11-08 6.52 -
F-Prot 4.4.4.56 20091108 2009-11-08 3.84 -
F-Secure 7.02.73807 2009.11.09.02 2009-11-09 0.15 -
Fortinet 2.81-3.120 11.38 2009-11-08 0.30 -
GData 19.8776/19.546 20091109 2009-11-09 5.84 -
ViRobot 20091106 2009.11.06 2009-11-06 0.43 -
Ikarus T3.1.01.74 2009.11.08.74486 2009-11-08 4.24 -
JiangMin 11.0.800 2009.11.08 2009-11-08 6.34 -
Kaspersky 5.5.10 2009.11.08 2009-11-08 0.11 -
KingSoft 2009.2.5.15 2009.11.8.15 2009-11-08 0.51 -
McAfee 5.3.00 5796 2009-11-08 3.50 -
Microsoft 1.5202 2009.11.08 2009-11-08 6.59 -
Norman 6.01.09 6.01.00 2009-11-06 4.01 -
Panda 9.05.01 2009.11.08 2009-11-08 2.37 -
Trend Micro 8.700-1004 6.612.07 2009-11-08 0.03 -
Quick Heal 10.00 2009.11.07 2009-11-07 1.47 -
Rising 20.0 21.54.62.00 2009-11-08 0.96 -
Sophos 3.00.1 4.46 2009-11-09 2.97 -
Sunbelt 5498 5498 2009-11-08 2.11 -
Symantec 1.3.0.24 20091108.002 2009-11-08 0.06 -
nProtect 20091108.01 6121832 2009-11-08 7.82 -
The Hacker 6.5.0.2 v00063 2009-11-06 0.72 -
VBA32 3.12.10.11 20091108.2047 2009-11-08 2.33 -
VirusBuster 4.5.11.10 10.113.11/2003707 2009-11-09 4.62 -

#11 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:34 AM

Posted 09 November 2009 - 12:04 AM

Hi swebb32_99,

Disable SpySweeper as that will prevent Hijackthis from working.

To disable SpySweeper
Open Spysweeper and click on Options > Program Options and uncheck "load at windows startup".
On the left click "shields" and then uncheck everything there.
Uncheck "home page shield".
Uncheck "automatically restore default without notification".
Exit the program.


Please run HijackThis and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - *{D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
O4 - HKLM\..\Run: [welikenad] Rundll32.exe "c:\windows\system32\vuranune.dll",a
O4 - HKLM\..\Run: [87572332] C:\DOCUME~1\ALLUSE~1\APPLIC~1\87572332\87572332.exe
O4 - HKLM\..\Run: [47950429] C:\DOCUME~1\ALLUSE~1\APPLIC~1\47950429\47950429.exe
O4 - HKLM\..\Run: [33745729] C:\DOCUME~1\ALLUSE~1\APPLIC~1\33745729\33745729.exe
O4 - HKCU\..\Run: [A00FE0D69.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00FE0D69.exe
O4 - HKCU\..\Run: [A00F2106856.exe] C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\_A00F2106856.exe


Close all browsers and other windows except for HijackThis, and click "Fix checked"

*******************************************


Reboot your computer.


Disable your AVG antivirus as it will prevent Kaspersky Online Scanner from working.

To disable AVG antivirus:  
Please open the AVG Control Center program -> double-click on the "AVG Resident Shield" component (looks like this: Posted Image) -> deselect the "Turn on AVG Resident Shield" checkmark and save the setting.

When you need to enable the AVG Resident Shield, just open the AVG Control Center program -> double-click on the "AVG Resident Shield" component -> select the "Turn on AVG Resident Shield" checkmark and save the setting.


Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.
  • Open the Kaspersky WebScanner
    page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • In the drop down box labeled Files of type change the type to Text file.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.


Also post a new Hijackthis log, and tell me how your computer is running.
If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#12 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 09 November 2009 - 05:55 AM

Here you go, thanks.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 9, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 09, 2009 06:12:50
Records in database: 3179972
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\
J:\

Scan statistics:
Objects scanned: 162180
Threats found: 5
Infected objects found: 6
Suspicious objects found: 1
Scan duration: 03:40:52


File name / Threat / Threats count
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\Microsoft\Outlook Express\Georgia Tech Mail (1).dbx Infected: Net-Worm.Win32.Mytob.ar 2
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\Microsoft\Outlook Express\Georgia Tech Mail (1).dbx Infected: Email-Worm.Win32.Mydoom.am 2
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\Microsoft\Outlook Express\Georgia Tech Mail (1).dbx Suspicious: Email-Worm.Win32.Bagle.mail 1
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Acr162.tmp Infected: Exploit.Win32.Pidief.ceh 1
C:\Documents and Settings\HP_Owner\Local Settings\Temp\jar_cache56366.tmp Infected: Trojan-Downloader.Java.OpenStream.ad 1

Selected area has been scanned.
-----------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:53:15 AM, on 11/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\AOL\1133048828\ee\AOLSoftware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\hjt\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher...d&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80126
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...arm1=seconduser
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133048828\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [CSmileys] "C:\PROGRA~1\Crawler\Smileys\CSmileysIM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - Startup: HP Organize.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\WINDOWS\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\WINDOWS\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\WINDOWS\system32\lktsrv.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: NI Configuration Manager (mxssvr) - National Instruments Corporation - C:\Program Files\National Instruments\MAX\nimxs.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\WINDOWS\system32\nisvcloc.exe
O23 - Service: National Instruments Variable Engine (NITaggerService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O24 - Desktop Component 0: (no name) - http://owa2.loma.org/exchange/du/Drafts/RE...49.JPG?attach=1

--
End of file - 12482 bytes


Thanks.

#13 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 09 November 2009 - 05:59 AM

I forgot to mention. Windows did an auto update on the reboot. I think it was for MS Office Service Pack. I've turned of auto updates for the moment.

#14 SifuMike

SifuMike

    malware expert


  • Staff Emeritus
  • 15,385 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Vancouver (not BC) WA (Not DC) USA
  • Local time:05:34 AM

Posted 09 November 2009 - 11:22 AM

C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\Microsoft\Outlook Express\Georgia Tech Mail (1).dbx
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\Microsoft\Outlook Express\Georgia Tech Mail (1).dbx
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Identities\{5E41BDC3-3E9B-4A7D-ADED-969491FFC466}\Microsoft\Outlook Express\Georgia Tech Mail (1).dbx



Kaspersky identified files in you Outlook Express Database that are malware, but it did not tell us which specific email is bad.

We cant delete your entire database just because several files are bad.

I suggest you do this:
First you have to sort your mails on attachments.
You can do that by clicking on the icon which looks a paper clip.
After that you must see which mails are suspicious (probably spam mails with attachments).
Delete any file attachments.



Please close FireFox and Internet Explorer browser before running OTM.

Please download OTM by OldTimer and save it to your desktop.
Double click the icon on your desktop to run it.
(Note: If you are running on Vista, right-click on the file and choose Run As Administrator).


Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing {b]CTRL + C[/b] (or, after highlighting, right-click and choose Copy):
Do not include the word "Code".


:files
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Acr162.tmp 
C:\Documents and Settings\HP_Owner\Local Settings\Temp\jar_cache56366.tmp 

:commands
[emptytemp]
[Reboot]


Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Edited by SifuMike, 09 November 2009 - 11:23 AM.

If I've saved you time & money,
please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!



Posted Image

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 swebb32_99

swebb32_99
  • Topic Starter

  • Members
  • 141 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:34 AM

Posted 09 November 2009 - 02:03 PM

This isn't my pc and its asking for a password for Outlook Express. Should I wait until the mail database is ok before I run OTM? Also, should I go back and remove the items from msconfig or leave everything checked?

thanks.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users