Computer Infected

[lmb]

Hi,

This is my second time posting to this forum...Kenny94 was very helpful earlier this year!

A couple of days ago, a screen popped up that said "Windows XP Recovery Console" and appeared to be running a scan on the computer. We closed it out, and then got several popup warnings about hard drive being compromised, etc. I restarted the computer and all desktop icons are missing, and it appeared that the startup menu was empty and all my documents were missing. After looking at the pinned topics in this forum, I ran unhide.exe and I can now view most of the documents in My Computer, but am still missing all my desktop items. Also, a lot of the Program Files appear to be empty.

Appreciate any help you can give. I was able to run mbam and SuperAntiSpyware in safe mode and have posted the logs below.

MBAM LOG:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6592

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18702

5/16/2011 1:52:37 PM

mbam-log-2011-05-16 (13-52-37).txt

Scan type: Quick scan

Objects scanned: 175451

Time elapsed: 3 minute(s), 23 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 6

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jxolosulo (IPH.Trojan.Hiloti.B) -> Value: Jxolosulo -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ijt.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ijt.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ijt.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\urolovolovolo.dll (IPH.Trojan.Hiloti.B) -> Quarantined and deleted successfully.

c:\documents and settings\hp_administrator\local settings\application data\ijt.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

c:\WINDOWS\drshery.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\documents and settings\hp_administrator\local settings\temp\0.5507239370405608.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\hp_administrator\local settings\temp\0.7280289442550646.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\documents and settings\hp_administrator\application data\Adobe\plugs\mmc153.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\hp_administrator\application data\Adobe\plugs\mmc50.exe (Trojan.Agent) -> Quarantined and deleted successfully.

SuperAntiSpyware LOG:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 05/16/2011 at 02:38 PM

Application Version : 4.48.1000

Core Rules Database Version : 7066

Trace Rules Database Version: 4878

Scan type : Quick Scan

Total Scan Time : 00:17:51

Memory items scanned : 286

Memory threats detected : 0

Registry items scanned : 2383

Registry threats detected : 4

File items scanned : 12674

File threats detected : 76

Adware.Tracking Cookie

C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt

C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ad.wsod[2].txt

C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[2].txt

C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt

C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt

media.spicynodes.org [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\G3YPBGB4 ]

media2.firstshowing.net [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\G3YPBGB4 ]

secure-us.imrworldwide.com [ C:\Documents and Settings\HP_Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\G3YPBGB4 ]

.msnportal.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mq1gp208.default\cookies.sqlite ]

.msnbc.112.2o7.net [ C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mq1gp208.default\cookies.sqlite ]

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adtech[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@search.toseeking[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@apmebf[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@fastclick[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@realmedia[3].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@content.yieldmanager[3].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@findology[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertisefirst[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@imrworldwide[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@trafficmp[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[3].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@advertising[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adxpose[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adbrite[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@doubleclick[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@yieldmanager[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.blogtalkradio[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn1.trafficmp[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[3].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ad.yieldmanager[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adserver.adtechus[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@questionmarket[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@specificclick[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@pointroll[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@server.cpmstar[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@citi.bridgetrack[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@invitemedia[3].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cdn.jemamedia[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.addynamix[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@revsci[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@dc.tremormedia[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ads.pointroll[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@network.realmedia[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@casalemedia[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@2o7[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@movieticketscom.122.2o7[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@collective-media[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ru4[2].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ru4[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@tribalfusion[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@atdmt[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@kontera[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@serving-sys[1].txt

C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@media6degrees[2].txt

media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\GRRML35M ]

media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\GRRML35M ]

secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\GRRML35M ]

crackle.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

media.heavy.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\2DRWTTSH ]

PUP.Whitesmoke

HKLM\SOFTWARE\whitesmoketoolbar

HKLM\SOFTWARE\whitesmoketoolbar#Installer Language

HKU\.DEFAULT\Software\WhiteSmokeTranslator

HKU\S-1-5-18\Software\WhiteSmokeTranslator

Trojan.Agent/Gen-FakeAlert[Local]

C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\GM06511DAJCC06511\GM06511DAJCC06511.EXE

C:\WINDOWS\Prefetch\GM06511DAJCC06511.EXE-089B9634.pf

Thank you!

[Kenny94]

Hi lmb,

It's me again. Okay, I know you ran unhide.exe, but remove it and download unhide again:

• Please download and run in normal mode UnHide.exe by Grinler.
  
• Once finished let me know if (desktop items and others) are back?
  

Next

We need to look at some information about what is going on in your computer:

Please perform the following scan:

• Download DDS by sUBs from one of the following links. Save it to your desktop.
  • DDS.scr
    
  • DDS.pif
    

  [*]Double click on the DDS icon, allow it to run.

  [*]A small box will open, with an explanation about the tool.

  [*]When done, DDS will open two (2) logs

  1. DDS.txt

  2. Attach.txt

  [*] Save both reports to your desktop.

  [*] The instructions here ask you to attach the Attach.txt.

  

  [*]Instead of attaching, please copy/past both logs into your Thread

  [*]Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.

After downloading the tool, disconnect from the internet and disable all antivirus protection.

Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HEREThen post your DDS (DDS.txt and Attach.txt

[lmb]

Hi -- nice to talk to you again (although not so nice my computer is acting up again!)

I removed unhide.exe and downloaded/ran it in normal mode and there is no change -- still no icons and folders that appear empty. To get to the internet, I have to find the executable in My Computer and choose 'run as' rather than just opening it...same with Outlook Express.

Here are the logs from running DDS:

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by HP_Administrator at 20:40:48.50 on Tue 05/17/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1350 [GMT -4:00]

.

AV: Trend Micro AntiVirus *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

============== Running Processes ===============

.

C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\Outlook Express\msimn.exe

C:\Documents and Settings\HP_Administrator\Desktop\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll

BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll

TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9

uRun: [sUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [Rhapalumihu] rundll32.exe "c:\windows\drshery.dll",Startup

mRun: [KBD] "c:\hp\kbd\KBD.EXE"

mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [spySweeper] "c:\program files\webroot\spy sweeper\SpySweeperUI.exe" /startintray

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\wkcalrem.lnk - c:\program files\common files\microsoft shared\works shared\WkCalRem.exe

uPolicies-explorer: NoDesktop = 1 (0x1)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_05\bin\npjpi150_05.dll

IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: putnam.com\ibenefitcenter

Trusted Zone: turbotax.com

Trusted Zone: trymedia.com

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\hp_adm~1\applic~1\mozilla\firefox\profiles\mq1gp208.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll

FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll

FF - plugin: c:\program files\java\jre1.5.0_05\bin\NPJPI150_05.dll

FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-22 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 67656]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2007-11-18 50256]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2007-9-18 36368]

R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]

R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-12-12 1201640]

R3 tmproxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2007-11-18 648456]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-6-9 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-9 136176]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 12872]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-3-1 1119888]

.

=============== Created Last 30 ================

.

2011-05-18 00:06:59 502095 ----a-w- c:\windows\unhide.exe

2011-05-16 17:06:44 0 ----a-w- c:\windows\Bgucewigamewobe.bin

2011-05-16 17:06:43 -------- d-----w- c:\docume~1\hp_adm~1\locals~1\applic~1\{49574672-5147-4187-802C-19CB593F2C2F}

2011-05-16 01:19:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\gM06511DaJcC06511

.

==================== Find3M ====================

.

2011-04-15 22:24:21 102400 ----a-w- c:\windows\RegBootClean.exe

.

============= FINISH: 20:41:47.12 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 7/2/2006 9:06:34 AM

System Uptime: 5/17/2011 8:24:58 PM (0 hours ago)

.

Motherboard: MSI | | AMETHYST-M

Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz

Processor: AMD Athlon 64 X2 Dual Core Processor 4200+ | Socket 939 | 2188/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 271 GiB total, 88.452 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 0.325 GiB free.

E: is CDROM (CDFS)

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}

Description: Photosmart Plus B209a-m

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Photosmart Plus B209a-m

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service:

.

==== System Restore Points ===================

.

RP56: 2/15/2011 3:00:19 AM - Software Distribution Service 3.0

RP57: 2/16/2011 3:00:19 AM - Software Distribution Service 3.0

RP58: 2/17/2011 3:00:19 AM - Software Distribution Service 3.0

RP59: 2/18/2011 3:00:27 AM - Software Distribution Service 3.0

RP60: 2/19/2011 3:00:17 AM - Software Distribution Service 3.0

RP61: 2/20/2011 3:00:18 AM - Software Distribution Service 3.0

RP62: 2/21/2011 3:00:20 AM - Software Distribution Service 3.0

RP63: 2/22/2011 3:00:18 AM - Software Distribution Service 3.0

RP64: 2/23/2011 3:00:23 AM - Software Distribution Service 3.0

RP65: 2/24/2011 3:00:18 AM - Software Distribution Service 3.0

RP66: 2/25/2011 3:00:17 AM - Software Distribution Service 3.0

RP67: 2/26/2011 3:00:31 AM - Software Distribution Service 3.0

RP68: 2/27/2011 3:00:16 AM - Software Distribution Service 3.0

RP69: 2/28/2011 3:00:19 AM - Software Distribution Service 3.0

RP70: 3/1/2011 3:00:17 AM - Software Distribution Service 3.0

RP71: 3/2/2011 3:00:17 AM - Software Distribution Service 3.0

RP72: 3/3/2011 3:00:18 AM - Software Distribution Service 3.0

RP73: 3/4/2011 3:00:19 AM - Software Distribution Service 3.0

RP74: 3/5/2011 3:00:19 AM - Software Distribution Service 3.0

RP75: 3/6/2011 3:00:19 AM - Software Distribution Service 3.0

RP76: 3/7/2011 3:00:19 AM - Software Distribution Service 3.0

RP77: 3/8/2011 3:00:22 AM - Software Distribution Service 3.0

RP78: 3/9/2011 3:00:20 AM - Software Distribution Service 3.0

RP79: 3/10/2011 3:00:19 AM - Software Distribution Service 3.0

RP80: 3/11/2011 3:00:18 AM - Software Distribution Service 3.0

RP81: 3/12/2011 3:01:47 AM - Software Distribution Service 3.0

RP82: 3/13/2011 4:00:19 AM - Software Distribution Service 3.0

RP83: 3/14/2011 3:00:18 AM - Software Distribution Service 3.0

RP84: 3/15/2011 3:00:19 AM - Software Distribution Service 3.0

RP85: 3/16/2011 3:00:19 AM - Software Distribution Service 3.0

RP86: 3/17/2011 3:00:19 AM - Software Distribution Service 3.0

RP87: 3/18/2011 3:00:19 AM - Software Distribution Service 3.0

RP88: 3/19/2011 3:00:18 AM - Software Distribution Service 3.0

RP89: 3/20/2011 3:00:18 AM - Software Distribution Service 3.0

RP90: 3/21/2011 3:00:16 AM - Software Distribution Service 3.0

RP91: 3/22/2011 3:00:17 AM - Software Distribution Service 3.0

RP92: 3/23/2011 3:00:18 AM - Software Distribution Service 3.0

RP93: 3/24/2011 3:00:19 AM - Software Distribution Service 3.0

RP94: 3/25/2011 3:00:19 AM - Software Distribution Service 3.0

RP95: 3/26/2011 3:00:19 AM - Software Distribution Service 3.0

RP96: 3/27/2011 3:00:20 AM - Software Distribution Service 3.0

RP97: 3/28/2011 3:01:59 AM - Software Distribution Service 3.0

RP98: 3/29/2011 3:00:18 AM - Software Distribution Service 3.0

RP99: 3/30/2011 3:00:54 AM - Software Distribution Service 3.0

RP100: 3/30/2011 12:50:36 PM - Installed TurboTax 2010 wrapper

RP101: 3/30/2011 1:18:18 PM - Installed TurboTax 2010 wnhiper

RP102: 3/30/2011 1:18:28 PM - Installed TurboTax 2010 wmaiper

RP103: 3/31/2011 3:00:19 AM - Software Distribution Service 3.0

RP104: 4/1/2011 3:00:18 AM - Software Distribution Service 3.0

RP105: 4/1/2011 4:19:43 PM - Software Distribution Service 3.0

RP106: 4/2/2011 3:00:16 AM - Software Distribution Service 3.0

RP107: 4/3/2011 3:00:16 AM - Software Distribution Service 3.0

RP108: 4/4/2011 3:01:30 AM - Software Distribution Service 3.0

RP109: 4/5/2011 3:00:16 AM - Software Distribution Service 3.0

RP110: 4/6/2011 3:00:22 AM - Software Distribution Service 3.0

RP111: 4/7/2011 3:00:16 AM - Software Distribution Service 3.0

RP112: 4/8/2011 3:00:23 AM - Software Distribution Service 3.0

RP113: 4/9/2011 3:00:17 AM - Software Distribution Service 3.0

RP114: 4/10/2011 3:00:16 AM - Software Distribution Service 3.0

RP115: 4/11/2011 3:00:23 AM - Software Distribution Service 3.0

RP116: 4/12/2011 3:00:16 AM - Software Distribution Service 3.0

RP117: 4/13/2011 3:00:15 AM - Software Distribution Service 3.0

RP118: 4/14/2011 3:28:06 AM - System Checkpoint

RP119: 4/15/2011 4:25:22 AM - System Checkpoint

RP120: 4/16/2011 3:00:40 AM - Software Distribution Service 3.0

RP121: 4/17/2011 3:00:27 AM - Software Distribution Service 3.0

RP122: 4/18/2011 3:00:18 AM - Software Distribution Service 3.0

RP123: 4/19/2011 3:00:16 AM - Software Distribution Service 3.0

RP124: 4/20/2011 3:00:17 AM - Software Distribution Service 3.0

RP125: 4/21/2011 3:00:16 AM - Software Distribution Service 3.0

RP126: 4/22/2011 3:00:17 AM - Software Distribution Service 3.0

RP127: 4/23/2011 3:00:33 AM - Software Distribution Service 3.0

RP128: 4/24/2011 3:00:17 AM - Software Distribution Service 3.0

RP129: 4/25/2011 3:01:04 AM - Software Distribution Service 3.0

RP130: 4/26/2011 3:00:21 AM - Software Distribution Service 3.0

RP131: 4/27/2011 3:00:17 AM - Software Distribution Service 3.0

RP132: 4/28/2011 3:00:47 AM - Software Distribution Service 3.0

RP133: 4/29/2011 3:00:18 AM - Software Distribution Service 3.0

RP134: 4/30/2011 3:00:24 AM - Software Distribution Service 3.0

RP135: 5/1/2011 3:00:18 AM - Software Distribution Service 3.0

RP136: 5/2/2011 3:00:17 AM - Software Distribution Service 3.0

RP137: 5/3/2011 3:00:17 AM - Software Distribution Service 3.0

RP138: 5/4/2011 3:00:16 AM - Software Distribution Service 3.0

RP139: 5/5/2011 3:00:18 AM - Software Distribution Service 3.0

RP140: 5/6/2011 3:00:18 AM - Software Distribution Service 3.0

RP141: 5/7/2011 3:00:18 AM - Software Distribution Service 3.0

RP142: 5/8/2011 3:00:18 AM - Software Distribution Service 3.0

RP143: 5/9/2011 3:00:18 AM - Software Distribution Service 3.0

RP144: 5/10/2011 3:00:18 AM - Software Distribution Service 3.0

RP145: 5/11/2011 3:00:16 AM - Software Distribution Service 3.0

RP146: 5/12/2011 3:00:23 AM - Software Distribution Service 3.0

RP147: 5/13/2011 3:00:18 AM - Software Distribution Service 3.0

RP148: 5/14/2011 3:00:17 AM - Software Distribution Service 3.0

RP149: 5/15/2011 3:00:17 AM - Software Distribution Service 3.0

RP150: 5/15/2011 5:37:06 PM - Restore Operation

RP151: 5/15/2011 5:40:43 PM - Restore Operation

.

==== Installed Programs ======================

.

1600

1600_Help

1600Trb

32 Bit HP CIO Components Installer

5 Card Slingo from HP Media Center (remove only)

Action Replay Code Manager

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.9

Adobe Shockwave Player 11

Agere Systems PCI-SV92PP Soft Modem

AiO_Scan

AiOSoftware

Amazon MP3 Downloader 1.0.10

AnswerWorks 4.0 Runtime - English

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft Software Suite

Are You Smarter Than A 5th Grader?

Ask.com Toolbar

AstroPop Deluxe from HP Media Center (remove only)

ATI Control Panel

ATI Display Driver

Audacity 1.2.6

B209a-m

Barnyard Invasion from HP Media Center (remove only)

Battlefield 2: Deluxe Edition

Be Rich

Bejeweled 2 Deluxe from HP Media Center (remove only)

Big Fish Games Client

Blackhawk Striker 2 from HP Media Center (remove only)

Blaine's Custom Dreamy Look Title

Blaine's Custom Photo Album Title

Blaine's Custom PSP Overlay Title

Blaine's Custom Speed Effects

Blaine's Custom Torn Titles

Blaine's Custom TV Overlay Title

Blaine's Custom TV Ratings

Blasterball 2 from HP Media Center (remove only)

Blasterball 2 Remix from HP Media Center (remove only)

Boggle Supreme from HP Media Center (remove only)

Bonjour

Bookworm Deluxe from HP Media Center (remove only)

Bounce Symphony from HP Media Center (remove only)

BufferChm

Cake Mania (remove only)

Cake Mania Free Trial

CameraDrivers

Chuzzle Deluxe from HP Media Center (remove only)

Coffee House Chaos (remove only)

Command & Conquer Generals

Command and ConquerTM Generals Zero Hour

Compatibility Pack for the 2007 Office system

Copy

Coupon Printer for Windows

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

Crazy Burger

CreativeProjects

CreativeProjectsTemplates

Critical Update for Windows Media Player 11 (KB959772)

Crystal Maze from HP Media Center (remove only)

CueTour

Customer Experience Enhancement

Destinations

DeviceDiscovery

Digby's Donuts from HP Media Center (remove only)

Diner Dash Flo on the Go (remove only)

DISCover

Disney's Toontown Online

Disney Toontown Online

DocProc

DocumentViewer

Draft Analyzer

Easy Internet Sign-up

eGames GameButler

Enhanced Multimedia Keyboard Solution

ESPN Java Check

Family Feud

FATE from HP Media Center (remove only)

Fax

GameSpy Arcade

Garmin TOPO U.S. 2008

GemMaster Mystic

Google Chrome

Google Earth

Google Update Helper

GPBaseService2

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 10 (KB903157)

Hotfix for Windows Media Player 10 (KB910393)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB888795)

Hotfix for Windows XP (KB891593)

Hotfix for Windows XP (KB893357)

Hotfix for Windows XP (KB895961)

Hotfix for Windows XP (KB899337)

Hotfix for Windows XP (KB899510)

Hotfix for Windows XP (KB902841)

Hotfix for Windows XP (KB906569)

Hotfix for Windows XP (KB926239)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Boot Optimizer

HP Customer Participation Program 13.0

HP DigitalMedia Archive

HP DVD Play 1.0

HP Game Console and games

HP Image Zone 4.7

HP Imaging Device Functions 13.0

HP Photosmart Cameras 5.0

HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6

HP Print Projects 1.0

HP PSC & OfficeJet 4.7

HP Rhapsody

HP Smart Web Printing 4.5

HP Solution Center 13.0

HP Update

HP Web Helper

hpPrintProjects

HPProductAssistant

HpSdpAppCoreApp

HPSSupply

HPSystemDiagnostics

hpWLPGInstaller

Insaniquarium Deluxe from HP Media Center (remove only)

Inspiration 8

InstantShare

iPod for Windows 2006-06-28

iTunes

J2SE Runtime Environment 5.0 Update 5

Lemonade Tycoon 2 from HP Media Center (remove only)

Lexibox Deluxe from HP Media Center (remove only)

LightScribe 1.4.62.1

Mah Jong Quest from HP Media Center (remove only)

Malwarebytes' Anti-Malware

MarketResearch

Microsoft .NET Framework 1.0 Hotfix (KB887998)

Microsoft .NET Framework 1.0 Hotfix (KB930494)

Microsoft .NET Framework 1.0 Hotfix (KB953295)

Microsoft .NET Framework 1.0 Hotfix (KB979904)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Away Mode

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Money 2006

Microsoft Office 2003 Edition 60 Days Trial Welcome Tour

Microsoft Office Standard Edition 2003

Microsoft Office XP Web Components

Microsoft Silverlight

Microsoft Text-to-Speech Engine 4.0 (English)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Works

Move Networks Media Player for Internet Explorer

Mozilla Firefox (3.6.15)

MSN

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 and SOAP Toolkit 3.0

MSXML 4.0 SP2 Parser and SDK

MSXML 6 Service Pack 2 (KB973686)

muvee autoProducer 4.5

muvee autoProducer unPlugged 1.2

Nanny Mania (remove only)

Netscape Browser (remove only)

Network

Nikon View 6

OTOY

Otto

OverDrive Media Console

Paint.NET v3.36

PanoStandAlone

PC-Doctor 5 for Windows

Personal Finance and Tax Toolkit

PhotoGallery

Polar Bowler from HP Media Center (remove only)

Polar Golfer from HP Media Center (remove only)

ProductContext

Pronto 3.1.0-D

PS_AIO_06_B209a-m_SW_Min

PS2

Puzzle Express from HP Media Center (remove only)

Python 2.2 pywin32 extensions (build 203)

Python 2.2.3

QFolder

Quicken 2006

QuickTime

Readme

RealPlayer

Remove IntelliMover Demo

Ricochet Lost Worlds from HP Media Center (remove only)

Sandlot Games Client Services

Scan

ScannerCopy

SCRABBLE from HP Media Center (remove only)

Security Update for CAPICOM (KB931906)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896422)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896424)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899588)

Security Update for Windows XP (KB899589)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB905915)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911280)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911567)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB912919)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB916281)

Security Update for Windows XP (KB917159)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB918899)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920214)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB921398)

Security Update for Windows XP (KB921503)

Security Update for Windows XP (KB921883)

Security Update for Windows XP (KB922616)

Security Update for Windows XP (KB922760)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925454)

Security Update for Windows XP (KB925486)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928090)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB933729)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Security Update for Windows XP (KB936021)

Security Update for Windows XP (KB937143)

Security Update for Windows XP (KB937894)

Security Update for Windows XP (KB938127)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB938829)

Security Update for Windows XP (KB939653)

Security Update for Windows XP (KB941202)

Security Update for Windows XP (KB941568)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB941644)

Security Update for Windows XP (KB941693)

Security Update for Windows XP (KB942615)

Security Update for Windows XP (KB943055)

Security Update for Windows XP (KB943460)

Security Update for Windows XP (KB943485)

Security Update for Windows XP (KB944338)

Security Update for Windows XP (KB944533)

Security Update for Windows XP (KB944653)

Security Update for Windows XP (KB945553)

Security Update for Windows XP (KB946026)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB947864)

Security Update for Windows XP (KB948590)

Security Update for Windows XP (KB948881)

Security Update for Windows XP (KB950749)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958470)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971032)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB981350)

Security Update for Windows XP (KB982381)

Shooting Stars Pool from HP Media Center (remove only)

Shop for HP Supplies

Shrek 2 Ogre Bowler from HP Media Center (remove only)

SkinsHP1

Sky Rangers Simulator

Slingo Deluxe from HP Media Center (remove only)

SmartMusic 2011

SmartWebPrinting

Snowboard SuperJam from HP Media Center (remove only)

SolutionCenter

Sonic Express Labeler

Sonic MyDVD Plus

Sonic RecordNow Audio

Sonic RecordNow Copy

Sonic RecordNow Data

Sonic Update Manager

SpongeBob SquarePants - Battle for Bikini Bottom

Spy Sweeper

Spy Sweeper Core

Status

Super Granny from HP Media Center (remove only)

SUPERAntiSpyware Free Edition

The Battle for Middle-earth

The Battle for Middle-earth II

The Sims Deluxe Edition

Toolbox

Topo USA 4.0

Topo USA 4.0 Region 1 Data

Tradewinds from HP Media Center (remove only)

TrayApp

Trend Micro AntiVirus

TurboTax 2008

TurboTax 2008 WinPerFedFormset

TurboTax 2008 WinPerProgramHelp

TurboTax 2008 WinPerReleaseEngine

TurboTax 2008 WinPerTaxSupport

TurboTax 2008 WinPerUserEducation

TurboTax 2008 wmaiper

TurboTax 2008 wrapper

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wmaiper

TurboTax 2009 wnhiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmaiper

TurboTax 2010 wnhiper

TurboTax 2010 wrapper

TurboTax Basic 2006

TurboTax Deluxe 2007

TurboTax Deluxe Deduction Maximizer 2006

TurboTax ItsDeductible 2006

U.B. Funkeys

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Media Player 10 (KB913800)

Update for Windows Media Player 10 (KB926251)

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB925720)

Update for Windows XP (KB927891)

Update for Windows XP (KB929338)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Update for Windows XP (KB932823-v3)

Update for Windows XP (KB933360)

Update for Windows XP (KB938828)

Update for Windows XP (KB942763)

Update for Windows XP (KB942840)

Update for Windows XP (KB946627)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB953356)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Update for Windows XP (KB980182)

Update Rollup 2 for Windows XP Media Center Edition 2005

Updates from HP (remove only)

Viewpoint Media Player

Virtual Earth 3D (Beta)

VoiceOver Kit

War of the Ring

WebFldrs XP

WebReg

WexTech AnswerWorks

Whitesmoke Translator

WildTangent Web Driver

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Hotfix - KB873333

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB883667

Windows XP Hotfix - KB885250

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB887742

Windows XP Hotfix - KB888113

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890175

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Hotfix - KB892050

Windows XP Hotfix - KB893066

Windows XP Media Center Edition 2005 KB2502898

Windows XP Media Center Edition 2005 KB925766

Windows XP Media Center Edition 2005 KB973768

Wizard101

Yahoo! Browser Services

Yahoo! Install Manager

Yahoo! Internet Mail

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

ZillaTube 3.1

Zuma Deluxe from HP Media Center (remove only)

.

==== Event Viewer Messages From Past Week ========

.

5/16/2011 1:54:52 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2 iaStor IntelIde ViaIde

5/16/2011 1:09:57 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.

5/16/2011 1:08:14 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Extender Service service to connect.

5/16/2011 1:08:14 PM, error: Service Control Manager [7000] - The Media Center Extender Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/16/2011 1:08:08 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 31 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:08:03 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 30 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:57 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 29 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:52 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 28 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:47 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 27 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:42 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:37 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:31 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/16/2011 1:07:26 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:21 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:15 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:07:10 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/16/2011 1:06:27 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/16/2011 1:05:51 PM, error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).

5/16/2011 1:05:47 PM, error: DCOM [10000] - Unable to start a DCOM Server: {641B9FB0-C2B1-41BD-8563-5F484E3BE84A}. The error: "%5" Happened while starting this command: "C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe" -Embedding

5/16/2011 1:05:27 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.

5/16/2011 1:05:27 PM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/15/2011 9:54:53 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:30:43 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Media Center Receiver Service service to connect.

5/15/2011 9:30:29 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:30:24 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:30:19 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:30:13 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:30:08 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:30:03 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:57 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:52 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:52 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Apple Mobile Device service to connect.

5/15/2011 9:29:52 PM, error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/15/2011 9:29:47 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:41 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:36 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:30 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:25 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:20 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:14 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:09 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:29:03 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:28:58 PM, error: Service Control Manager [7034] - The COM+ System Application service terminated unexpectedly. It has done this 3 time(s).

5/15/2011 9:28:58 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:28:53 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The Machine Debug Manager service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The Intuit Update Service service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7034] - The ARSVC service terminated unexpectedly. It has done this 1 time(s).

5/15/2011 9:28:52 PM, error: Service Control Manager [7031] - The Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:28:52 PM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

5/15/2011 9:28:52 PM, error: Service Control Manager [7031] - The COM+ System Application service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

5/15/2011 9:28:52 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/15/2011 9:05:38 PM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\windows\system32\spoolsv.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.2696.

5/15/2011 5:38:24 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service service to connect.

5/15/2011 5:38:24 PM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/15/2011 3:00:28 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft XML Core Services 6.0 Service Pack 2 (KB954459).

5/15/2011 12:40:03 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

5/15/2011 12:39:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips ftsata2 SASDIFSV SASKUTIL tmtdi

5/15/2011 12:38:16 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/15/2011 12:33:23 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ftsata2

5/15/2011 12:33:17 PM, error: Service Control Manager [7000] - The Upload Manager service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

5/15/2011 1:45:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

.

==== End Of File ===========================

[Kenny94]

Let's run Malwarebytes again, but in normal mode.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are two different versions. If one of them won't run then download and try to run the other one.

Vista and Windows 7 users need to right-click and choose Run as Administrator

You only need to get one of them to run, not both of them.

Please download and run the following tool to help allow other programs to run. (courtesy of BleepingComputer.com)

There are two different versions. If one of them won't run then download and try to run the other one.

Vista and Windows 7 users need to right-click and choose Run as Administrator

You only need to get one of them to run, not both of them.

1. eXplorer.exe -
   
2. WiNlOgOn.exe
   

Please post the log in your next reply. (To see what was terminate).

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

Once you've gotten one of them to run then try to immediately run the following:

Update Run Malwarebytes

• Launch Malwarebytes' Anti-Malware
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[lmb]

The first tools did not appear to be running, but then a box opened with rkill, so I asssume this is the log you were looking for:

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 05/18/2011 at 10:47:42.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 05/18/2011 at 10:47:48.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6592

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

5/18/2011 11:04:38 AM

mbam-log-2011-05-18 (11-04-38).txt

Scan type: Quick scan

Objects scanned: 189595

Time elapsed: 13 minute(s), 7 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 2

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\exefile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\ijt.exe" -a "%1" %*) Good: ("%1" %*) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\hp_administrator\Desktop\eXplorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

c:\documents and settings\hp_administrator\Desktop\WiNlOgOn.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

[lmb]

BTW -- I now see icons on my desktop (wallpaper still missing), but my start menu is still missing items, and folders still appear to be empty when I go to Start -> All Programs.

[Kenny94]

1. Download ComboFix from below:
   Combofix download
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   You can get help on disabling your protection programs here
   
3. Double click on combofix.exe & follow the prompts.
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   The Recovery Console was successfully installed.
   
   Click on Yes, to continue scanning for malware.
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   ---------------------------------------------------------------------------------------------
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   ---------------------------------------------------------------------------------------------
   

[lmb]

ComboFix 11-05-17.03 - HP_Administrator 05/18/2011 12:15:26.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1982.1438 [GMT -4:00]

Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe

AV: Trend Micro AntiVirus *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\Administrator\WINDOWS

c:\documents and settings\Default User\WINDOWS

c:\documents and settings\HP_Administrator\2gweorjqjutp92vjy9gake

c:\documents and settings\HP_Administrator\Application Data\Adobe\plugs

c:\documents and settings\HP_Administrator\Application Data\Adobe\plugs\mmc12350984.txt

c:\documents and settings\HP_Administrator\Application Data\Adobe\plugs\mmc12426500.txt

c:\documents and settings\HP_Administrator\Application Data\Adobe\shed

c:\documents and settings\HP_Administrator\Application Data\Adobe\shed\thr1.chm

c:\documents and settings\HP_Administrator\Local Settings\Application Data\{49574672-5147-4187-802C-19CB593F2C2F}

c:\documents and settings\HP_Administrator\Local Settings\Application Data\{49574672-5147-4187-802C-19CB593F2C2F}\chrome.manifest

c:\documents and settings\HP_Administrator\Local Settings\Application Data\{49574672-5147-4187-802C-19CB593F2C2F}\chrome\content\_cfg.js

c:\documents and settings\HP_Administrator\Local Settings\Application Data\{49574672-5147-4187-802C-19CB593F2C2F}\chrome\content\overlay.xul

c:\documents and settings\HP_Administrator\Local Settings\Application Data\{49574672-5147-4187-802C-19CB593F2C2F}\install.rdf

c:\documents and settings\HP_Administrator\WINDOWS

c:\windows\system32\_005098_.tmp.dll

c:\windows\system32\_005099_.tmp.dll

c:\windows\system32\_005100_.tmp.dll

c:\windows\system32\_005101_.tmp.dll

c:\windows\system32\_005108_.tmp.dll

c:\windows\system32\_005109_.tmp.dll

c:\windows\system32\_005110_.tmp.dll

c:\windows\system32\_005111_.tmp.dll

c:\windows\system32\_005113_.tmp.dll

c:\windows\system32\_005114_.tmp.dll

c:\windows\system32\_005117_.tmp.dll

c:\windows\system32\_005118_.tmp.dll

c:\windows\system32\_005120_.tmp.dll

c:\windows\system32\_005121_.tmp.dll

c:\windows\system32\_005122_.tmp.dll

c:\windows\system32\_005124_.tmp.dll

c:\windows\system32\_005127_.tmp.dll

c:\windows\system32\_005128_.tmp.dll

c:\windows\system32\_005132_.tmp.dll

c:\windows\system32\_005133_.tmp.dll

c:\windows\system32\_005135_.tmp.dll

c:\windows\system32\_005137_.tmp.dll

c:\windows\system32\_005138_.tmp.dll

c:\windows\system32\_005140_.tmp.dll

c:\windows\system32\_005141_.tmp.dll

c:\windows\system32\_005142_.tmp.dll

c:\windows\system32\_005143_.tmp.dll

c:\windows\system32\_005144_.tmp.dll

c:\windows\system32\_005147_.tmp.dll

c:\windows\system32\_005148_.tmp.dll

c:\windows\system32\_005149_.tmp.dll

c:\windows\system32\_005150_.tmp.dll

c:\windows\system32\_005151_.tmp.dll

c:\windows\system32\_005156_.tmp.dll

c:\windows\system32\_005158_.tmp.dll

c:\windows\system32\_005159_.tmp.dll

c:\windows\system32\config\systemprofile\WINDOWS

c:\windows\system32\sdra64.exe

.

Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected

Restored copy from - Kitty had a snack

.

((((((((((((((((((((((((( Files Created from 2011-04-18 to 2011-05-18 )))))))))))))))))))))))))))))))

.

.

2011-05-18 00:06 . 2011-05-18 00:07 502095 ----a-w- c:\windows\unhide.exe

2011-05-16 18:11 . 2011-05-16 18:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

2011-05-16 17:45 . 2011-05-16 17:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2011-05-16 17:19 . 2011-05-16 17:19 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE

2011-05-16 17:19 . 2011-05-16 17:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2011-05-16 17:06 . 2011-05-16 17:06 0 ----a-w- c:\windows\Bgucewigamewobe.bin

2011-05-16 01:19 . 2011-05-16 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\gM06511DaJcC06511

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-04-15 22:24 . 2011-04-15 22:24 102400 ----a-w- c:\windows\RegBootClean.exe

2011-03-14 14:13 . 2011-03-14 14:13 12 ----a-w- c:\windows\Fonts\wfonts.key

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-21 2424560]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-07-29 1398024]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-03-02 180269]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-11 421160]

"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

.

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-3-1 27136]

.

c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\

wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-6-23 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-11-3 237568]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates From HP.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates From HP.lnk

backup=c:\windows\pss\Updates From HP.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlwaysReady Power Message APP]

2005-08-03 00:19 77312 ----a-w- c:\windows\arpwrmsg.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2004-08-09 21:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DISCover]

2005-11-11 21:11 1064960 ----a-w- c:\program files\DISC\DISCover.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiscUpdateManager]

2005-11-11 21:10 61440 ----a-w- c:\program files\DISC\DISCUpdateMgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMAScheduler]

2005-11-01 10:01 90112 ----a-w- c:\program files\Sonic\DigitalMedia Plus\DigitalMedia Archive\DMAScheduler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2005-08-05 21:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2008-12-08 20:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]

2005-11-09 17:29 249856 ----a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]

2005-10-31 19:47 53248 ----a-w- c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]

2005-07-22 23:14 237568 ----a-w- c:\windows\SMINST\Recguard.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]

2004-12-14 03:23 663552 ----a-w- c:\windows\CREATOR\Remind_XP.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=

"c:\\Program Files\\EA Games\\The Battle for Middle-earth \\game.dat"=

"c:\\Program Files\\EA Games\\Battlefield 2\\BF2.exe"=

"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\patchget.dat"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\EA Games\\Command & Conquer Generals Zero Hour\\game.dat"=

"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\game.dat"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth II\\patchget.dat"=

"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=

"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\patchget.dat"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

"c:\\Program Files\\Liquid Entertainment\\War of the Ring\\Rings.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [11/6/2009 1:00 PM 29808]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 67656]

R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/18/2007 9:18 AM 50256]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [9/18/2007 2:10 AM 36368]

R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [12/12/2010 9:44 AM 1201640]

R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [11/18/2007 9:18 AM 648456]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/9/2010 7:29 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/9/2010 7:29 PM 136176]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2011-05-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-02-01 c:\windows\Tasks\Easy Internet Sign-up.job

- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-08 20:23]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 23:29]

.

2011-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-09 23:29]

.

2011-05-18 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

- c:\program files\Ask.com\UpdateTask.exe [2009-02-09 20:06]

.

2011-05-14 c:\windows\Tasks\WebReg HP Photosmart Plus B209a-m.job

- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-22 01:40]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=desktop

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: putnam.com\ibenefitcenter

Trusted Zone: turbotax.com

Trusted Zone: trymedia.com

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\mq1gp208.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-Rhapalumihu - c:\windows\drshery.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-18 12:42

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]

@DACL=(02 0000)

@="Wireless"

"ProcessGroupPolicy"="ProcessWIRELESSPolicy"

"DllName"=expand:"gptext.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]

@DACL=(02 0000)

@="Folder Redirection"

"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

"DllName"=expand:"fdeploy.dll"

"NoMachinePolicy"=dword:00000001

"NoSlowLink"=dword:00000001

"PerUserLocalSettings"=dword:00000001

"NoGPOListChanges"=dword:00000000

"NoBackgroundPolicy"=dword:00000000

"GenerateGroupPolicy"="GenerateGroupPolicy"

"EventSources"=multi:"(Folder Redirection,Application)\00\00"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]

@DACL=(02 0000)

@="Microsoft Disk Quota"

"NoMachinePolicy"=dword:00000000

"NoUserPolicy"=dword:00000001

"NoSlowLink"=dword:00000001

"NoBackgroundPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"PerUserLocalSettings"=dword:00000000

"RequiresSuccessfulRegistry"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000000

"DllName"=expand:"dskquota.dll"

"ProcessGroupPolicy"="ProcessGroupPolicy"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]

@DACL=(02 0000)

@="QoS Packet Scheduler"

"ProcessGroupPolicy"="ProcessPSCHEDPolicy"

"DllName"=expand:"gptext.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]

@DACL=(02 0000)

@="Scripts"

"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"

"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"

"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"

"DllName"=expand:"gptext.dll"

"NoSlowLink"=dword:00000001

"NoGPOListChanges"=dword:00000001

"NotifyLinkTransition"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]

@DACL=(02 0000)

@="Internet Explorer Zonemapping"

"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"

"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"

"NoGPOListChanges"=dword:00000001

"RequiresSucessfulRegistry"=dword:00000001

"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"

"RequiresSuccessfulRegistry"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]

@DACL=(02 0000)

@="Internet Explorer User Accelerators"

"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"

"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"

"NoGPOListChanges"=dword:00000001

"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"

"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"

"RequiresSuccessfulRegistry"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]

@DACL=(02 0000)

"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"

"GenerateGroupPolicy"="SceGenerateGroupPolicy"

"ExtensionRsopPlanningDebugLevel"=dword:00000001

"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"

"ExtensionDebugLevel"=dword:00000001

"DllName"=expand:"scecli.dll"

@="Security"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"EnableAsynchronousProcessing"=dword:00000001

"MaxNoGPOListChangesInterval"=dword:000003c0

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]

@DACL=(02 0000)

"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"

"GenerateGroupPolicy"="GenerateGroupPolicy"

"ProcessGroupPolicy"="ProcessGroupPolicy"

"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"

@="Internet Explorer Branding"

"NoSlowLink"=dword:00000001

"NoBackgroundPolicy"=dword:00000000

"NoGPOListChanges"=dword:00000001

"NoMachinePolicy"=dword:00000001

"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3014"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]

@DACL=(02 0000)

"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"

"DllName"=expand:"scecli.dll"

@="EFS recovery"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000001

"RequiresSuccessfulRegistry"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]

@DACL=(02 0000)

@="Microsoft Offline Files"

"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"

"EnableAsynchronousProcessing"=dword:00000000

"NoBackgroundPolicy"=dword:00000000

"NoGPOListChanges"=dword:00000000

"NoMachinePolicy"=dword:00000000

"NoSlowLink"=dword:00000000

"NoUserPolicy"=dword:00000001

"PerUserLocalSettings"=dword:00000000

"ProcessGroupPolicy"="ProcessGroupPolicy"

"RequiresSuccessfulRegistry"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]

@DACL=(02 0000)

@="Software Installation"

"DllName"=expand:"appmgmts.dll"

"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"

"GenerateGroupPolicy"="GenerateGroupPolicy"

"NoBackgroundPolicy"=dword:00000000

"RequiresSucessfulRegistry"=dword:00000000

"NoSlowLink"=dword:00000001

"PerUserLocalSettings"=dword:00000001

"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]

@DACL=(02 0000)

@="Internet Explorer Machine Accelerators"

"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"

"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"

"NoGPOListChanges"=dword:00000001

"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"

"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"

"RequiresSuccessfulRegistry"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]

@DACL=(02 0000)

@="IP Security"

"ProcessGroupPolicy"="ProcessIPSECPolicy"

"DllName"=expand:"gptext.dll"

"NoUserPolicy"=dword:00000001

"NoGPOListChanges"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]

@DACL=(02 0000)

"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"

"Logon"="SABWINLOLogon"

"Logoff"="SABWINLOLogoff"

"Startup"="SABWINLOStartup"

"Shutdown"="SABWINLOShutdown"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

@DACL=(02 0000)

"DLLName"="Ati2evxx.dll"

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000001

"Lock"="AtiLockEvent"

"Logoff"="AtiLogoffEvent"

"Logon"="AtiLogonEvent"

"Disconnect"="AtiDisConnectEvent"

"Reconnect"="AtiReConnectEvent"

"Safe"=dword:00000000

"Shutdown"="AtiShutdownEvent"

"StartScreenSaver"="AtiStartScreenSaverEvent"

"StartShell"="AtiStartShellEvent"

"Startup"="AtiStartupEvent"

"StopScreenSaver"="AtiStopScreenSaverEvent"

"Unlock"="AtiUnLockEvent"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=expand:"crypt32.dll"

"Logoff"="ChainWlxLogoffEvent"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"Impersonate"=dword:00000000

"DllName"=expand:"cryptnet.dll"

"Logoff"="CryptnetWlxLogoffEvent"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]

@DACL=(02 0000)

"DLLName"="cscdll.dll"

"Logon"="WinlogonLogonEvent"

"Logoff"="WinlogonLogoffEvent"

"ScreenSaver"="WinlogonScreenSaverEvent"

"Startup"="WinlogonStartupEvent"

"Shutdown"="WinlogonShutdownEvent"

"StartShell"="WinlogonStartShellEvent"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]

@DACL=(02 0000)

"DLLName"="wlnotify.dll"

"Logon"="SCardStartCertProp"

"Logoff"="SCardStopCertProp"

"Lock"="SCardSuspendCertProp"

"Unlock"="SCardResumeCertProp"

"Enabled"=dword:00000001

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"DllName"=expand:"wlnotify.dll"

"Impersonate"=dword:00000000

"StartShell"="SchedStartShell"

"Logoff"="SchedEventLogOff"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]

@DACL=(02 0000)

"Logoff"="WLEventLogoff"

"Impersonate"=dword:00000000

"Asynchronous"=dword:00000001

"DllName"=expand:"sclgntfy.dll"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]

@DACL=(02 0000)

"DLLName"="WlNotify.dll"

"Lock"="SensLockEvent"

"Logon"="SensLogonEvent"

"Logoff"="SensLogoffEvent"

"Safe"=dword:00000001

"MaxWait"=dword:00000258

"StartScreenSaver"="SensStartScreenSaverEvent"

"StopScreenSaver"="SensStopScreenSaverEvent"

"Startup"="SensStartupEvent"

"Shutdown"="SensShutdownEvent"

"StartShell"="SensStartShellEvent"

"PostShell"="SensPostShellEvent"

"Disconnect"="SensDisconnectEvent"

"Reconnect"="SensReconnectEvent"

"Unlock"="SensUnlockEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]

@DACL=(02 0000)

"Asynchronous"=dword:00000000

"DllName"=expand:"wlnotify.dll"

"Impersonate"=dword:00000000

"Logoff"="TSEventLogoff"

"Logon"="TSEventLogon"

"PostShell"="TSEventPostShell"

"Shutdown"="TSEventShutdown"

"StartShell"="TSEventStartShell"

"Startup"="TSEventStartup"

"MaxWait"=dword:00000258

"Reconnect"="TSEventReconnect"

"Disconnect"="TSEventDisconnect"

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]

@DACL=(02 0000)

"DLLName"="wlnotify.dll"

"Logon"="RegisterTicketExpiredNotificationEvent"

"Logoff"="UnregisterTicketExpiredNotificationEvent"

"Impersonate"=dword:00000001

"Asynchronous"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]

@DACL=(02 0000)

"HelpAssistant"=dword:00000000

"TsInternetUser"=dword:00000000

"SQLAgentCmdExec"=dword:00000000

"NetShowServices"=dword:00000000

"IWAM_"=dword:00010000

"IUSR_"=dword:00010000

"VUSR_"=dword:00010000

"ASPNET"=dword:00000000

.

Completion time: 2011-05-18 12:45:45

ComboFix-quarantined-files.txt 2011-05-18 16:45

.

Pre-Run: 97,411,588,096 bytes free

Post-Run: 98,719,498,240 bytes free

.

- - End Of File - - 4F91AE64DC90BD7C016F7C13126D73E7

[Kenny94]

Your PC had a TDSS rootkit that has replaced your ide driver volsnap.sys file with malware. If we had removed this driver your PC would not boot into windows.

1. I strongly suggest that you uninstall Ask Toolbar. Some of the bad practices of this toolbar are:

1. Promoting its toolbars on sites targeted to kids. Details.
   
2. Promoting its toolbars through ads that appear to be part of other companies' sites. Details.
   
3. Promoting its toolbars through other companies' spyware. Details.
   
4. Installing without any disclosure whatsoever and without any consent whatsoever. Details.
   
5. Soliciting installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link. Details.
   
6. Making confusing changes to users' browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit. Details.
   

Plesae read the full details HERE.

If you decided to remove Ask Toolbar. Go to Start > Control Panel > Add Remove programs and remove AskBarDis.

Then go to C: > Program Files and delete AskBarDis folder.

Go to Start > Control Panel > Add/Remove Programs.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):

Adobe Reader 7.0.9

Whitesmoke Translator <------This program has been know to cause TDSS rootkit infection.

Restart your computer.

• Please go to the link below to update.
  
• Adobe Reader
  
• Uncheck Include in your download (optional Free McAfee Security Scan Plus )
  

Next

Let's check to make sure that rootkit is gone:

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
  
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
• Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

[lmb]

The TDSSKiller scan did not find any infected or suspicious files. The log is below.

My icons are all back on my desktop and the program files folders appear to be full again. As far as I can tell, everything is running normal. Thanks so much!

2011/05/18 18:33:53.0921 5684 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29

2011/05/18 18:33:54.0203 5684 ================================================================================

2011/05/18 18:33:54.0203 5684 SystemInfo:

2011/05/18 18:33:54.0203 5684

2011/05/18 18:33:54.0203 5684 OS Version: 5.1.2600 ServicePack: 2.0

2011/05/18 18:33:54.0203 5684 Product type: Workstation

2011/05/18 18:33:54.0203 5684 ComputerName: YOUR-4DACD0EA75

2011/05/18 18:33:54.0203 5684 UserName: HP_Administrator

2011/05/18 18:33:54.0203 5684 Windows directory: C:\WINDOWS

2011/05/18 18:33:54.0203 5684 System windows directory: C:\WINDOWS

2011/05/18 18:33:54.0203 5684 Processor architecture: Intel x86

2011/05/18 18:33:54.0203 5684 Number of processors: 2

2011/05/18 18:33:54.0203 5684 Page size: 0x1000

2011/05/18 18:33:54.0203 5684 Boot type: Normal boot

2011/05/18 18:33:54.0203 5684 ================================================================================

2011/05/18 18:33:54.0812 5684 Initialize success

2011/05/18 18:34:06.0406 5788 ================================================================================

2011/05/18 18:34:06.0406 5788 Scan started

2011/05/18 18:34:06.0406 5788 Mode: Manual;

2011/05/18 18:34:06.0406 5788 ================================================================================

2011/05/18 18:34:06.0843 5788 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/18 18:34:06.0875 5788 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/18 18:34:06.0937 5788 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/05/18 18:34:06.0984 5788 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys

2011/05/18 18:34:07.0078 5788 AgereSoftModem (51a66c689ad9b9a953f75496209ae520) C:\WINDOWS\system32\DRIVERS\AGRSM.sys

2011/05/18 18:34:07.0390 5788 ALCXWDM (7f26d024355cbadb60838f53dfb171ec) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/05/18 18:34:07.0765 5788 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys

2011/05/18 18:34:07.0812 5788 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys

2011/05/18 18:34:07.0859 5788 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys

2011/05/18 18:34:07.0890 5788 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys

2011/05/18 18:34:07.0921 5788 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys

2011/05/18 18:34:07.0984 5788 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/05/18 18:34:08.0015 5788 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys

2011/05/18 18:34:08.0140 5788 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/18 18:34:08.0187 5788 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/18 18:34:08.0265 5788 ati2mtag (7a6cf9f411a9c5bd5c442a1cd46af401) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/05/18 18:34:08.0375 5788 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/18 18:34:08.0421 5788 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/18 18:34:08.0484 5788 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/18 18:34:08.0671 5788 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/18 18:34:08.0718 5788 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/05/18 18:34:08.0781 5788 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/18 18:34:08.0828 5788 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/18 18:34:08.0859 5788 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/18 18:34:09.0031 5788 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/18 18:34:09.0125 5788 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/18 18:34:09.0328 5788 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/18 18:34:09.0375 5788 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/18 18:34:09.0421 5788 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/18 18:34:09.0484 5788 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/18 18:34:09.0531 5788 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/18 18:34:09.0593 5788 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/18 18:34:09.0640 5788 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/18 18:34:09.0671 5788 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/18 18:34:09.0703 5788 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/05/18 18:34:09.0765 5788 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/18 18:34:09.0796 5788 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/18 18:34:09.0875 5788 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/05/18 18:34:09.0937 5788 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/18 18:34:10.0000 5788 grmnusb (d956358054e99e6ffac69cd87e893a89) C:\WINDOWS\system32\drivers\grmnusb.sys

2011/05/18 18:34:10.0062 5788 hcwPP2 (41bbad646a8c842bc30ef6745a4f6ff3) C:\WINDOWS\system32\DRIVERS\hcwPP2.sys

2011/05/18 18:34:10.0140 5788 HidIr (1f695c5e013ba11a1901d8b845111b7e) C:\WINDOWS\system32\DRIVERS\hidir.sys

2011/05/18 18:34:10.0187 5788 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/18 18:34:10.0265 5788 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/05/18 18:34:10.0328 5788 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/05/18 18:34:10.0375 5788 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/05/18 18:34:10.0437 5788 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/18 18:34:10.0515 5788 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/18 18:34:10.0593 5788 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys

2011/05/18 18:34:10.0781 5788 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/18 18:34:10.0921 5788 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/05/18 18:34:11.0000 5788 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/05/18 18:34:11.0031 5788 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/18 18:34:11.0093 5788 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/18 18:34:11.0125 5788 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/18 18:34:11.0171 5788 IrBus (3dcdb9480fc39b5f3bd6298296213c26) C:\WINDOWS\system32\DRIVERS\IrBus.sys

2011/05/18 18:34:11.0218 5788 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/05/18 18:34:11.0250 5788 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/18 18:34:11.0296 5788 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/18 18:34:11.0328 5788 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/18 18:34:11.0375 5788 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/18 18:34:11.0406 5788 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/18 18:34:11.0531 5788 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/05/18 18:34:11.0562 5788 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/18 18:34:11.0609 5788 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/18 18:34:11.0625 5788 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/18 18:34:11.0671 5788 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/18 18:34:11.0718 5788 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/18 18:34:11.0765 5788 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/18 18:34:11.0828 5788 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/18 18:34:11.0921 5788 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/18 18:34:11.0968 5788 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/18 18:34:12.0015 5788 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/18 18:34:12.0062 5788 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/18 18:34:12.0093 5788 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/18 18:34:12.0125 5788 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/05/18 18:34:12.0156 5788 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/18 18:34:12.0203 5788 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/05/18 18:34:12.0265 5788 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/18 18:34:12.0390 5788 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/05/18 18:34:12.0437 5788 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/18 18:34:12.0468 5788 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/18 18:34:12.0515 5788 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/18 18:34:12.0562 5788 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/18 18:34:12.0609 5788 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/18 18:34:12.0671 5788 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/18 18:34:12.0734 5788 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/05/18 18:34:12.0765 5788 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/18 18:34:12.0812 5788 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/18 18:34:12.0890 5788 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/18 18:34:12.0953 5788 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/18 18:34:12.0984 5788 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/18 18:34:13.0015 5788 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/05/18 18:34:13.0062 5788 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/18 18:34:13.0093 5788 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/18 18:34:13.0156 5788 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/18 18:34:13.0187 5788 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/18 18:34:13.0250 5788 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/18 18:34:13.0296 5788 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/18 18:34:13.0484 5788 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/18 18:34:13.0609 5788 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/05/18 18:34:13.0656 5788 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys

2011/05/18 18:34:13.0687 5788 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/18 18:34:13.0734 5788 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/18 18:34:13.0765 5788 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/05/18 18:34:13.0890 5788 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/18 18:34:13.0937 5788 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/18 18:34:13.0984 5788 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/18 18:34:14.0031 5788 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/18 18:34:14.0062 5788 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/18 18:34:14.0109 5788 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/18 18:34:14.0171 5788 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/18 18:34:14.0234 5788 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/18 18:34:14.0281 5788 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/18 18:34:14.0375 5788 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys

2011/05/18 18:34:14.0421 5788 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/05/18 18:34:14.0515 5788 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS

2011/05/18 18:34:14.0562 5788 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS

2011/05/18 18:34:14.0593 5788 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys

2011/05/18 18:34:14.0656 5788 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/18 18:34:14.0687 5788 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\drivers\Serial.sys

2011/05/18 18:34:14.0765 5788 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/18 18:34:14.0828 5788 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/05/18 18:34:14.0890 5788 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/18 18:34:14.0937 5788 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/18 18:34:14.0984 5788 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/18 18:34:15.0156 5788 ssfs0bbc (a3cc244f1e043c2b7ae32899ff99a0a0) C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys

2011/05/18 18:34:15.0203 5788 SSHRMD (e041026dafa17af2610afc4da8f4ea14) C:\WINDOWS\system32\Drivers\SSHRMD.SYS

2011/05/18 18:34:15.0234 5788 SSIDRV (5a40b485825cc31b3a49bb4701b30d35) C:\WINDOWS\system32\Drivers\SSIDRV.SYS

2011/05/18 18:34:15.0312 5788 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\WINDOWS\system32\Drivers\sskbfd.sys

2011/05/18 18:34:15.0406 5788 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys

2011/05/18 18:34:15.0500 5788 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/05/18 18:34:15.0531 5788 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/18 18:34:15.0593 5788 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/18 18:34:15.0718 5788 symlcbrd (b226f8a4d780acdf76145b58bb791d5b) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/05/18 18:34:15.0796 5788 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/18 18:34:15.0843 5788 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/18 18:34:15.0921 5788 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/18 18:34:15.0968 5788 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/18 18:34:16.0000 5788 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/18 18:34:16.0062 5788 tmactmon (02ffe7402fb07f2f64d1ac6866345087) C:\WINDOWS\system32\drivers\tmactmon.sys

2011/05/18 18:34:16.0109 5788 tmcomm (8762cb58a489b385feef2aea7f7718f3) C:\WINDOWS\system32\drivers\tmcomm.sys

2011/05/18 18:34:16.0171 5788 tmevtmgr (efe60b70fa964459dde55039c5b05be7) C:\WINDOWS\system32\drivers\tmevtmgr.sys

2011/05/18 18:34:16.0218 5788 tmpreflt (c7c7959ec0940e0eddfc881fed8ec214) C:\WINDOWS\system32\DRIVERS\tmpreflt.sys

2011/05/18 18:34:16.0281 5788 tmtdi (c9b16b4f9f063b527cddbb76fb946dfd) C:\WINDOWS\system32\DRIVERS\tmtdi.sys

2011/05/18 18:34:16.0328 5788 tmxpflt (3e615f370f0c7db414b6bcd1c18399d4) C:\WINDOWS\system32\DRIVERS\tmxpflt.sys

2011/05/18 18:34:16.0453 5788 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/18 18:34:16.0609 5788 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/18 18:34:16.0687 5788 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/05/18 18:34:16.0765 5788 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/18 18:34:16.0812 5788 usbehci (7481d843e672b51039b7e8a161b746b8) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/18 18:34:16.0843 5788 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/18 18:34:16.0906 5788 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\WINDOWS\system32\Drivers\usbio.sys

2011/05/18 18:34:16.0953 5788 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/05/18 18:34:16.0984 5788 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/18 18:34:17.0015 5788 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/18 18:34:17.0046 5788 usbstor (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/18 18:34:17.0078 5788 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/18 18:34:17.0125 5788 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/05/18 18:34:17.0156 5788 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/18 18:34:17.0218 5788 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/18 18:34:17.0296 5788 vsapint (60dfbc34228ca36221b03460789f5d4e) C:\WINDOWS\system32\DRIVERS\vsapint.sys

2011/05/18 18:34:17.0390 5788 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/18 18:34:17.0546 5788 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/18 18:34:17.0609 5788 WinDriver6 (097a8291df541f9b9af2c500797cdcaa) C:\WINDOWS\system32\drivers\windrvr6.sys

2011/05/18 18:34:17.0750 5788 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys

2011/05/18 18:34:17.0828 5788 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/05/18 18:34:17.0875 5788 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/18 18:34:17.0953 5788 WUDFRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\WUDFRd.sys

2011/05/18 18:34:18.0046 5788 ================================================================================

2011/05/18 18:34:18.0046 5788 Scan finished

2011/05/18 18:34:18.0046 5788 ================================================================================

[Kenny94]

Please run this online scan to help look for remnants.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read here.

• Please go here then click on:
  
• Select the option YES, I accept the Terms of Use then click on:
  
• When prompted allow the Add-On/Active X to install.
  
• Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  
• Now click on Advanced Settings and select the following:
  

• • Scan for potentially unwanted applications
    
  • Scan for potentially unsafe applications
    
  • Enable Anti-Stealth Technology
    

[*]Now click on:

[*]The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.

[*]When completed the Online Scan will begin automatically.

[*]Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

[*]When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!

[*]Now click on:

[*]Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.

[*]Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Also, please let me know how things are running now and if you encountered any problems while you were following the instructions I posted.

[lmb]

Things still seem to be running normally, and I haven't had any problems following your instructions. Here is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=06c012f3ccbd874cba2c0007a0833974

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2011-05-19 04:34:17

# local_time=2011-05-19 12:34:17 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=514 16776869 100 97 0 141493596 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=217421

# found=4

# cleaned=0

# scan_time=14353

C:\Program Files\Netscape\Netscape Browser\chrome\m3ntstbr.jar Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I

C:\Qoobox\Quarantine\C\Documents and Settings\HP_Administrator\Application Data\Adobe\plugs\mmc12350984.txt.vir a variant of Win32/Kryptik.NTD trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP151\A0034648.exe a variant of Win32/Injector.GJY trojan (unable to clean) 00000000000000000000000000000000 I

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP151\A0034668.exe a variant of Win32/Injector.GLF trojan (unable to clean) 00000000000000000000000000000000 I

[Kenny94]

Were almost done here......

Please download the OTM by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Services
  
  :Reg
  
  :Files
  C:\Program Files\Netscape\Netscape Browser\chrome\m3ntstbr.jar 
  ipconfig /flushdns /c
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [EMPTYFLASH]
  [clearallrestorepoints]
  [Reboot]

• Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTM
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

[lmb]

All processes killed

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

C:\Program Files\Netscape\Netscape Browser\chrome\m3ntstbr.jar moved successfully.

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\HP_Administrator\Desktop\cmd.bat deleted successfully.

C:\Documents and Settings\HP_Administrator\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 11889 bytes

User: All Users

User: Default User

->Temp folder emptied: 31285 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 56504 bytes

User: HP_Administrator

->Temp folder emptied: 3828814 bytes

->Temporary Internet Files folder emptied: 10521488 bytes

->Java cache emptied: 80316606 bytes

->FireFox cache emptied: 98046257 bytes

->Google Chrome cache emptied: 6184862 bytes

->Flash cache emptied: 54241 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 671878 bytes

->Flash cache emptied: 47354 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 81758 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1053297 bytes

%systemroot%\System32 .tmp files removed: 64916592 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 47363 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 17077965 bytes

Total Files Cleaned = 270.00 mb

Restore point Set: OTM Restore Point (0)

Restore points cleared and new OTM Restore Point set!

OTM by OldTimer - Version 3.1.17.2 log created on 05202011_093846

Files moved on Reboot...

Registry entries deleted on Reboot...

[Kenny94]

Your Computer is Clean

Some final items:

To remove all of the tools we used and the files and folders they created, please do the following:

Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures

Secunia software inspector & update checker

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Auslogics Disc Defrag or JKDefrag - Two good disc defragmenters for you to choose from to help speed up your computer.

Visit My Blog for Malware and Spyware Tips