Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - antdgar

Pages: [1]
1
Tech Clinic / Yoog Search (firefox+IE)
« on: January 08, 2009, 05:50:33 PM »
[quote name=\'guestolo\' post=\'454989\' date=\'Jan 6 2009, 08:25 PM\']Don't worry about rerunning Kaspersky, you can uninstall it from Add/remove



It's been awhile, I forgot that we didn't do the final cleanup steps
Do you still have all the tools that we used to clean your computer?
I'm enquiring as I want to remove them properly[/quote]

Yes, I have all the tools that we used to clean the computer.

I'm leaving here tomorrow^^

2
Tech Clinic / Yoog Search (firefox+IE)
« on: January 06, 2009, 05:16:11 PM »
[quote name=\'guestolo\' post=\'454952\' date=\'Jan 6 2009, 01:05 PM\']Alright, I'll await the Full scan report[/quote]

Hmm, something is wrong. I let the scan run over night. It ran for 8 hours and wasn't finished. I had to cancel it... It only scanned 10,000 files. There are over 100,000 files on the hard disk.

3
Tech Clinic / Yoog Search (firefox+IE)
« on: January 05, 2009, 11:05:09 PM »
Thanks. The scan run successfully. The 'report' is attached. However, the scan found 2 infected files, but they were only in the ESET NOD32 quarantine folder. So really there are no infected files.

It took a whopping 3 hours to do the scan. I chose to scan the 'most important' files, rather than the whole hard disk. I may do that tonight, so I can sleep instead of waiting 3 hours again^^

4
Tech Clinic / Yoog Search (firefox+IE)
« on: January 05, 2009, 04:29:39 PM »
[quote name=\'guestolo\' post=\'454877\' date=\'Jan 5 2009, 03:06 PM\']You should remove the selected file after the scan

Please post the log from Kaspersky when your done[/quote]

I've removed it now. The computer randomly reboots when the kaspersky online scanner is running :-s

5
Tech Clinic / Yoog Search (firefox+IE)
« on: January 05, 2009, 01:30:48 PM »
[quote name=\'guestolo\' post=\'454129\' date=\'Jan 1 2009, 02:44 PM\']You may want to take the time and run the Kaspersky scan when you get a chance and post it's log
We should do a final cleanup also, nothing major[/quote]

I'm running kaspersky online scanner right now. I'll update this post with the log.


It seems something still remains. Every time I search with MBAM (Malware Bytes') it finds a Trojan.FakeAlert. It has the TDS file name again... Log is attached.

I wonder where this is coming from? It usually infects the temp folder or the system_volume_information folder.

6
Tech Clinic / Yoog Search (firefox+IE)
« on: December 31, 2008, 01:40:10 PM »
Just to let you know, I will be donating to you from your sig link. It will be about 2 weeks as I'm on holiday right now.

Thanks again^^

7
Tech Clinic / Yoog Search (firefox+IE)
« on: December 22, 2008, 09:57:11 AM »
Ahh those files are movies I recently converted for my iphone.

Yoog seems to be gone. I will run different virus scans too. It's quite frightening when one catches what another does not.

Oh and I will donate to you, as a thank you for your help. Just give me a week or so http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' />

8
Tech Clinic / Yoog Search (firefox+IE)
« on: December 21, 2008, 11:13:10 PM »
Thanks, that has removed YOOG from firefox and IE.
I'm unsure as to whether I'm still infected though, with the root kit and all...


The log of the paste fix is attached.

9
Tech Clinic / Yoog Search (firefox+IE)
« on: December 21, 2008, 09:37:03 PM »
Thanks. Scanned with Otscanit2.

The log is attached to this post. (you may have to right-click -> save as the txt file if firefox doesn't render the text correctly)

10
Tech Clinic / Yoog Search (firefox+IE)
« on: December 21, 2008, 06:20:13 PM »
I disabled all programs, as I did before. I also tried it again and it still didn't work.
Also that log I showed you was from an earlier attempt. But it was the only log file that was made, since it refused to scan when I drag the script.

11
Tech Clinic / Yoog Search (firefox+IE)
« on: December 21, 2008, 06:07:10 PM »
Unfortunately the scanner didn't run after dragging the script txt file.

Combofix opens however it just sits there for a long time (30mins+). I can run combofix without dragging the script, and it that case it scans in under 10 minutes.

Yoog still remains ;_;

ComboFix 08-12-21.01 - Compaq_Owner 2008-12-21 16:13:53.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.446.159 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Desktop\ComboFix.exe
 * Resident AV is active

.

(((((((((((((((((((((((((   Files Created from 2008-11-21 to 2008-12-21  )))))))))))))))))))))))))))))))
.

2008-12-21 16:01 . 2008-12-21 16:01   388,608   --a------   c:\windows\system32\CF17562.exe
2008-12-21 11:34 . 2008-12-21 11:34   2,748   --a------   c:\windows\system32\PerfStringBackup.TMP
2008-12-20 21:40 . 2008-12-21 11:33   2,707   --a------   c:\windows\system32\TDSSqekn.dll
2008-12-19 19:30 . 2008-12-19 19:30   33,846   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-12-19 19:30 . 2008-12-19 19:30   2,987   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-12-19 17:14 . 2008-12-19 17:38   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Apple Computer
2008-12-19 17:14 . 2008-04-17 15:12   107,368   --a------   c:\windows\system32\GEARAspi.dll
2008-12-19 17:14 . 2008-04-17 15:12   15,464   --a------   c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-19 17:13 . 2008-12-19 17:14   <DIR>   d--------   c:\program files\iTunes
2008-12-19 17:13 . 2008-12-19 17:13   <DIR>   d--------   c:\program files\iPod
2008-12-19 17:13 . 2008-12-19 17:14   <DIR>   d--------   c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 17:11 . 2008-12-19 17:11   <DIR>   d--------   c:\program files\Apple Software Update
2008-12-19 17:11 . 2008-12-19 17:13   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-19 17:10 . 2008-12-19 17:13   <DIR>   d--------   c:\program files\Common Files\Apple
2008-12-19 17:10 . 2008-12-19 17:10   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Apple
2008-12-19 17:10 . 2008-11-07 16:23   32,000   --a------   c:\windows\system32\drivers\usbaapl.sys
2008-12-19 16:51 . 2008-12-19 16:51   33,846   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-12-19 16:51 . 2008-12-19 16:51   3,625   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-12-19 16:50 . 2008-12-19 16:50   <DIR>   d--------   c:\program files\Illustrate
2008-12-19 16:50 . 2008-12-19 19:30   513,400   --a------   c:\windows\system32\SpoonUninstall.exe
2008-12-19 16:50 . 2008-12-19 16:49   33,846   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-12-19 16:50 . 2008-12-19 16:50   13,085   --a------   c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-12-19 16:19 . 2008-12-19 16:20   <DIR>   d--------   C:\rsit
2008-12-19 15:29 . 2008-12-19 15:29   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 15:29 . 2008-12-19 15:29   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 15:27 . 2008-12-19 15:27   <DIR>   d--------   c:\program files\DAEMON Tools Lite
2008-12-19 15:27 . 2008-12-19 15:27   <DIR>   d--------   c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:29   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:24   717,296   --a------   c:\windows\system32\drivers\sptd.sys
2008-12-19 14:51 . 2008-12-19 14:51   <DIR>   d--------   c:\program files\LSI SoftModem
2008-12-19 14:50 . 2008-12-19 14:50   <DIR>   d--------   c:\program files\Microsoft Silverlight
2008-12-19 14:41 . 2008-12-19 14:41   <DIR>   d--------   c:\windows\system32\LogFiles
2008-12-19 14:41 . 2008-12-19 14:42   <DIR>   d--------   c:\windows\system32\drivers\UMDF
2008-12-19 14:29 . 2006-11-13 00:02   288,768   ---------   c:\windows\system32\rhttpaa.dll
2008-12-19 14:29 . 2006-11-13 00:02   116,736   ---------   c:\windows\system32\aaclient.dll
2008-12-19 14:29 . 2006-11-13 00:02   36,352   ---------   c:\windows\system32\tsgqec.dll
2008-12-19 14:28 . 2005-04-28 13:16   274,432   --a------   c:\windows\system32\dllcache\SET2A1C.tmp

2008-12-19 14:28 . 2005-04-27 18:12   245,248   --a------   c:\windows\system32\dllcache\SET2A1A.tmp
2008-12-19 14:28 . 2005-04-28 13:16   215,552   --a------   c:\windows\system32\dllcache\SET2A19.tmp
2008-12-19 14:28 . 2005-04-28 13:16   193,024   --a------   c:\windows\system32\dllcache\SET2A18.tmp
2008-12-19 14:28 . 2005-04-28 13:16   133,120   --a------   c:\windows\system32\dllcache\SET2A1E.tmp
2008-12-19 14:28 . 2005-04-27 18:12   103,424   --a------   c:\windows\system32\dllcache\SET2A1B.tmp
2008-12-19 14:28 . 2005-04-28 13:16   19,968   --a------   c:\windows\system32\dllcache\SET2A1D.tmp
2008-12-19 05:07 . 2008-12-19 05:07   <DIR>   d--------   c:\windows\ie8updates
2008-12-19 05:07 . 2008-12-20 02:19   1,393   --a------   c:\windows\imsins.BAK
2008-12-18 20:47 . 2008-12-18 20:47   <DIR>   d--------   c:\program files\Trend Micro
2008-12-18 20:43 . 2004-08-04 00:58   5,504   --a------   c:\windows\system32\drivers\MSTEE.sys
2008-12-18 20:43 . 2004-08-04 00:58   5,504   --a------   c:\windows\system32\dllcache\mstee.sys
2008-12-18 20:24 . 2008-12-18 20:27   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 20:17 . 2005-10-15 00:42   46,592   --a------   c:\windows\system32\hpzll43a.dll
2008-12-18 20:16 . 2005-03-14 14:03   278,584   --a------   c:\windows\system32\HPZidr12.dll
2008-12-18 20:16 . 2005-03-14 14:05   204,800   --a------   c:\windows\system32\HPZipr12.dll
2008-12-18 20:16 . 2005-03-08 13:55   94,208   --a------   c:\windows\system32\HPZipt12.dll
2008-12-18 20:16 . 2005-03-14 14:05   69,632   --a------   c:\windows\system32\HPZipm12.exe
2008-12-18 20:16 . 2005-03-14 15:39   65,536   --a------   c:\windows\system32\HPZinw12.exe
2008-12-18 20:16 . 2005-03-08 13:55   57,344   --a------   c:\windows\system32\HPZisn12.dll
2008-12-18 20:13 . 2008-12-18 20:27   110,206   --a------   c:\windows\hpoins08.dat
2008-12-18 20:13 . 2006-01-24 01:11   7,577   ---------   c:\windows\hpomdl08.dat
2008-12-18 20:12 . 2005-10-21 21:58   49,920   --a------   c:\windows\system32\drivers\HPZid412.sys
2008-12-18 20:12 . 2005-10-21 21:58   16,496   --a------   c:\windows\system32\drivers\HPZipr12.sys
2008-12-18 20:11 . 2005-10-28 17:11   614,400   --a------   c:\windows\system32\hpotscl2.dll
2008-12-18 20:11 . 2005-10-28 17:11   602,112   --a------   c:\windows\system32\hpowiax2.dll
2008-12-18 20:11 . 2005-10-28 17:11   254,026   --a------   c:\windows\system32\hpovst09.dll
2008-12-18 20:11 . 2005-09-09 17:28   98,304   --a------   c:\windows\system32\hpzjsn01.dll
2008-12-18 20:11 . 2005-03-22 06:48   77,824   --a------   c:\windows\system32\hpzids01.dll
2008-12-18 18:26 . 2008-12-18 18:26   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 17:51 . 2008-12-18 17:51   <DIR>   d--------   c:\program files\CCleaner
2008-12-18 14:14 . 2008-12-18 14:14   <DIR>   d--------   c:\program files\ERUNT
2008-12-18 14:13 . 2008-12-18 14:13   <DIR>   d--------   c:\program files\Lavasoft
2008-12-18 14:13 . 2008-12-18 14:15   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-18 12:31 . 2008-12-18 13:00   <DIR>   d--------   c:\program files\Spybot - Search & Destroy
2008-12-18 12:31 . 2008-12-19 00:45   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 04:09 . 2008-10-16 16:06   268,648   --a------   c:\windows\system32\mucltui.dll
2008-12-18 04:09 . 2008-10-16 16:06   208,744   --a------   c:\windows\system32\muweb.dll
2008-12-18 04:09 . 2008-10-16 16:06   27,496   --a------   c:\windows\system32\mucltui.dll.mui
2008-12-17 20:30 . 2008-12-17 22:11   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Contacts
2008-12-17 20:28 . 2008-12-19 17:14   <DIR>   d----c---   c:\windows\system32\DRVSTORE
2008-12-17 20:23 . 2008-12-17 20:27   <DIR>   d--------   c:\program files\Windows Live
2008-12-17 20:23 . 2008-12-17 20:26   <DIR>   d--hsc---   c:\program files\Common Files\WindowsLiveInstaller
2008-12-17 20:22 . 2008-12-18 22:49   <DIR>   d--------   c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-17 20:11 . 2008-12-17 20:11   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 18:45 . 2008-12-17 18:43   512,096   --a------   c:\windows\system32\drivers\amon.sys
2008-12-17 18:45 . 2008-12-17 18:43   298,104   --a------   c:\windows\system32\imon.dll
2008-12-17 18:45 . 2008-12-17 18:43   15,424   --a------   c:\windows\system32\drivers\nod32drv.sys
2008-12-17 18:43 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\ESET
2008-12-17 17:10 . 2008-12-17 17:10   <DIR>   d--------   c:\program files\Xvid
2008-12-17 17:10 . 2008-12-04 23:42   815,104   --a------   c:\windows\system32\xvidcore.dll
2008-12-17 17:10 . 2008-12-04 23:46   180,224   --a------   c:\windows\system32\xvidvfw.dll
2008-12-17 17:10 . 2008-12-13 22:01   77,824   --a------   c:\windows\system32\xvid.ax
2008-12-17 16:42 . 2008-12-17 16:42   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\Malwarebytes' Anti-Malware
2008-12-17 16:41 . 2008-12-17 16:41   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-03 21:59   38,496   --a------   c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 16:41 . 2008-12-03 21:59   15,504   --a------   c:\windows\system32\drivers\mbam.sys
2008-12-17 16:14 . 2008-12-17 16:14   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\TrojanHunter
2008-12-17 15:50 . 2008-12-17 16:16   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-17 15:50 . 2008-12-17 16:00   454,467,584   --a------   C:\Howard.TV.Funny.Hot.Chicks.XviD.avi
2008-12-17 15:35 . 2008-12-17 15:35   <DIR>   d--------   C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 15:10 . 2008-12-17 15:10   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-17 14:51 . 2005-11-27 15:02   <DIR>   d--------   c:\documents and settings\Administrator\WINDOWS
2008-12-17 14:51 . 2005-11-27 15:22   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Symantec
2008-12-17 14:51 . 2005-11-27 15:03   <DIR>   d--------   c:\documents and settings\Administrator\Application Data\Intuit
2008-12-17 14:51 . 2008-12-17 14:51   <DIR>   d--------   c:\documents and settings\Administrator
2008-12-17 08:27 . 2004-08-04 02:56   159,232   --a------   c:\windows\system32\ptpusd.dll
2008-12-17 08:27 . 2004-08-04 00:58   15,104   --a------   c:\windows\system32\drivers\usbscan.sys
2008-12-17 08:27 . 2004-08-04 00:58   15,104   --a------   c:\windows\system32\dllcache\usbscan.sys
2008-12-17 08:27 . 2001-08-18 00:36   5,632   --a------   c:\windows\system32\ptpusb.dll
2008-12-17 08:23 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\SUPERAntiSpyware
2008-12-17 08:23 . 2008-12-17 08:23   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 08:23 . 2008-12-17 08:23   <DIR>   d--------   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 08:22 . 2008-12-18 14:12   <DIR>   d--------   c:\program files\Common Files\Wise Installation Wizard
2008-12-16 21:24 . 2008-12-16 21:24   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 21:15 . 2007-03-07 17:51   129,784   ---------   c:\windows\system32\pxafs.dll
2008-12-16 21:15 . 2007-03-07 17:51   9,464   ---------   c:\windows\system32\drivers\cdralw2k.sys
2008-12-16 21:15 . 2007-03-07 17:51   9,336   ---------   c:\windows\system32\drivers\cdr4_xp.sys
2008-12-16 21:14 . 2008-12-19 16:59   <DIR>   d--------   c:\program files\Winamp
2008-12-16 21:14 . 2008-12-16 21:19   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 20:55 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\uTorrent
2008-12-16 20:55 . 2008-12-21 16:03   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 20:50 . 2008-12-18 20:34   <DIR>   d--------   c:\program files\TrojanHunter 5.0
2008-12-15 14:50 . 2008-12-15 14:50   <DIR>   d--hs----   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\PrivacIE
2008-12-15 14:42 . 2008-12-15 14:43   <DIR>   d--h-c---   c:\windows\ie8
2008-12-13 14:01 . 2008-12-21 13:05   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 14:01 . 2008-12-13 14:01   56   --ah-----   c:\windows\system32\ezsidmv.dat
2008-12-13 13:22 . 2008-12-13 13:22   <DIR>   d--------   c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 08:24   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-19 23:12   ---------   d-----w   c:\program files\QuickTime
2008-12-19 23:12   ---------   d-----w   c:\program files\Bonjour
2008-12-19 20:47   ---------   d-----w   c:\program files\Common Files\logishrd
2008-12-19 02:34   ---------   d---a-w   c:\program files\Common Files\LightScribe
2008-12-19 02:34   ---------   d-----w   c:\program files\Quicken
2008-12-19 02:34   ---------   d-----w   c:\program files\Microsoft Works
2008-12-19 02:34   ---------   d-----w   c:\program files\Google
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\SureThing Shared
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\Sonic Shared
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\Skype
2008-12-19 02:34   ---------   d-----w   c:\program files\Common Files\Palo Alto Software
2008-12-19 02:16   ---------   d-----w   c:\program files\HP
2008-12-19 00:22   3,649   ----a-w   c:\windows\viassary-hp.reg
2008-12-17 22:32   ---------   d-----w   c:\program files\Symantec
2008-12-17 22:29   ---------   d-----w   c:\program files\Common Files\Symantec Shared
2008-12-17 22:26   ---------   d-----w   c:\documents and settings\All Users\Application Data\Symantec
2008-12-17 17:03   ---------   d-----w   c:\program files\Morpheus
2008-12-14 13:59   5,699,584   ----a-w   c:\windows\system32\dllcache\mshtml.dll
2008-12-04 19:12   ---------   d-----w   c:\documents and settings\All Users\Application Data\Kontiki
2008-12-04 19:10   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\Skype
2008-12-04 19:01   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\ComcastToolbar
2008-12-04 18:11   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\skypePM
2008-12-03 22:36   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2008-10-30 18:21   ---------   d-----w   c:\documents and settings\Compaq_Owner\Application Data\HP
2008-10-30 04:43   1,204,128   ----a-w   c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:10   453,632   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 13:01   283,648   ----a-w   c:\windows\system32\dllcache\gdi32.dll
2008-10-16 22:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 22:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 22:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 22:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 22:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 22:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 22:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 22:08   34,328   ----a-w   c:\windows\system32\dllcache\wups.dll
2008-10-16 10:37   55,808   ----a-w   c:\windows\system32\dllcache\extmgr.dll
2008-10-16 10:37   474,112   ----a-w   c:\windows\system32\dllcache\shlwapi.dll
2008-10-16 10:37   151,040   ----a-w   c:\windows\system32\dllcache\cdfview.dll
2008-10-16 10:37   1,494,528   ----a-w   c:\windows\system32\dllcache\shdocvw.dll
2008-10-16 10:37   1,054,208   ----a-w   c:\windows\system32\dllcache\danim.dll
2008-10-16 10:37   1,023,488   ----a-w   c:\windows\system32\dllcache\browseui.dll
2008-10-15 16:57   332,800   ----a-w   c:\windows\system32\dllcache\netapi32.dll
2008-10-15 09:45   18,432   ----a-w   c:\windows\system32\dllcache\iedw.exe
2008-10-03 10:15   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-10-03 10:15   247,326   ----a-w   c:\windows\system32\dllcache\strmdll.dll
2008-10-01 00:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-09-26 23:13   55,816   ----a-w   c:\windows\agrsmdel.exe
2008-03-28 23:54   774,144   ----a-w   c:\program files\RngInterstitial.dll
2006-07-24 21:11   0   -c--a-w   c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2008-11-28 17:10   640,000   ----a-w   c:\program files\mozilla firefox\components\nsdcads.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2005-11-27 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 18:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
path=c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\Startup\Compaq Organize.lnk
backup=c:\windows\pss\Compaq Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 03:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 13:18 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 11:41 1605740 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 15:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 13:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 12:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
--a------ 1999-11-07 01:11 27136 c:\hp\bin\cloaker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 18:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-08-20 01:34 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-17 15424]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-20 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-20 55024]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-17 15504]
S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-17 170640]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-20 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 21:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/b/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\ft4o9l13.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
FF - component: c:\program files\Mozilla Firefox\components\nsdcads.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

[color=\"red\"]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 16:18:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-21 16:21:11
ComboFix-quarantined-files.txt  2008-12-21 22:21:09
ComboFix2.txt  2008-12-21 21:15:34

Pre-Run: 80,940,683,264 bytes free
Post-Run: 80,924,254,208 bytes free

327   --- E O F ---   2008-12-20 08:24:14

12
Tech Clinic / Yoog Search (firefox+IE)
« on: December 21, 2008, 04:22:34 PM »
yoog still remains (I tried again after running combo fix)


Combo Fix Log:

ComboFix 08-12-21.01 - Compaq_Owner 2008-12-21 15:05:31.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.446.99 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
c:\windows\system32\Drivers\TDSSpcuu.sys
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSktkl.dll
c:\windows\system32\TDSSqrwn.log
c:\windows\system32\TDSSrojf.dll
c:\windows\system32\TDSSwgqe.dat
D:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys


(((((((((((((((((((((((((   Files Created from 2008-11-21 to 2008-12-21  )))))))))))))))))))))))))))))))
.

2008-12-21 11:34 . 2008-12-21 11:34    2,748    --a------    c:\windows\system32\PerfStringBackup.TMP
2008-12-20 21:40 . 2008-12-21 11:33    2,707    --a------    c:\windows\system32\TDSSqekn.dll
2008-12-19 19:30 . 2008-12-19 19:30    33,846    --a------    c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.bmp
2008-12-19 19:30 . 2008-12-19 19:30    2,987    --a------    c:\windows\system32\SpoonUninstall-dBpoweramp FLAC Codec.dat
2008-12-19 17:14 . 2008-12-19 17:38    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Apple Computer
2008-12-19 17:14 . 2008-04-17 15:12    107,368    --a------    c:\windows\system32\GEARAspi.dll
2008-12-19 17:14 . 2008-04-17 15:12    15,464    --a------    c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-19 17:13 . 2008-12-19 17:14    <DIR>    d--------    c:\program files\iTunes
2008-12-19 17:13 . 2008-12-19 17:13    <DIR>    d--------    c:\program files\iPod
2008-12-19 17:13 . 2008-12-19 17:14    <DIR>    d--------    c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 17:11 . 2008-12-19 17:11    <DIR>    d--------    c:\program files\Apple Software Update
2008-12-19 17:11 . 2008-12-19 17:13    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-19 17:10 . 2008-12-19 17:13    <DIR>    d--------    c:\program files\Common Files\Apple
2008-12-19 17:10 . 2008-12-19 17:10    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Apple
2008-12-19 17:10 . 2008-11-07 16:23    32,000    --a------    c:\windows\system32\drivers\usbaapl.sys
2008-12-19 16:51 . 2008-12-19 16:51    33,846    --a------    c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.bmp
2008-12-19 16:51 . 2008-12-19 16:51    3,625    --a------    c:\windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
2008-12-19 16:50 . 2008-12-19 16:50    <DIR>    d--------    c:\program files\Illustrate
2008-12-19 16:50 . 2008-12-19 19:30    513,400    --a------    c:\windows\system32\SpoonUninstall.exe
2008-12-19 16:50 . 2008-12-19 16:49    33,846    --a------    c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2008-12-19 16:50 . 2008-12-19 16:50    13,085    --a------    c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2008-12-19 16:19 . 2008-12-19 16:20    <DIR>    d--------    C:\rsit
2008-12-19 15:29 . 2008-12-19 15:29    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 15:29 . 2008-12-19 15:29    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 15:27 . 2008-12-19 15:27    <DIR>    d--------    c:\program files\DAEMON Tools Lite
2008-12-19 15:27 . 2008-12-19 15:27    <DIR>    d--------    c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:29    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 15:24 . 2008-12-19 15:24    717,296    --a------    c:\windows\system32\drivers\sptd.sys
2008-12-19 14:51 . 2008-12-19 14:51    <DIR>    d--------    c:\program files\LSI SoftModem
2008-12-19 14:50 . 2008-12-19 14:50    <DIR>    d--------    c:\program files\Microsoft Silverlight
2008-12-19 14:41 . 2008-12-19 14:41    <DIR>    d--------    c:\windows\system32\LogFiles
2008-12-19 14:41 . 2008-12-19 14:42    <DIR>    d--------    c:\windows\system32\drivers\UMDF
2008-12-19 14:29 . 2006-11-13 00:02    288,768    ---------    c:\windows\system32\rhttpaa.dll
2008-12-19 14:29 . 2006-11-13 00:02    116,736    ---------    c:\windows\system32\aaclient.dll
2008-12-19 14:29 . 2006-11-13 00:02    36,352    ---------    c:\windows\system32\tsgqec.dll
2008-12-19 14:28 . 2005-04-28 13:16    274,432    --a------    c:\windows\system32\dllcache\SET2A1C.tmp
2008-12-19 14:28 . 2005-04-27 18:12    245,248    --a------    c:\windows\system32\dllcache\SET2A1A.tmp
2008-12-19 14:28 . 2005-04-28 13:16    215,552    --a------    c:\windows\system32\dllcache\SET2A19.tmp
2008-12-19 14:28 . 2005-04-28 13:16    193,024    --a------    c:\windows\system32\dllcache\SET2A18.tmp
2008-12-19 14:28 . 2005-04-28 13:16    133,120    --a------    c:\windows\system32\dllcache\SET2A1E.tmp
2008-12-19 14:28 . 2005-04-27 18:12    103,424    --a------    c:\windows\system32\dllcache\SET2A1B.tmp
2008-12-19 14:28 . 2005-04-28 13:16    19,968    --a------    c:\windows\system32\dllcache\SET2A1D.tmp
2008-12-19 05:07 . 2008-12-19 05:07    <DIR>    d--------    c:\windows\ie8updates
2008-12-19 05:07 . 2008-12-20 02:19    1,393    --a------    c:\windows\imsins.BAK
2008-12-18 20:47 . 2008-12-18 20:47    <DIR>    d--------    c:\program files\Trend Micro
2008-12-18 20:43 . 2004-08-04 00:58    5,504    --a------    c:\windows\system32\drivers\MSTEE.sys
2008-12-18 20:43 . 2004-08-04 00:58    5,504    --a------    c:\windows\system32\dllcache\mstee.sys
2008-12-18 20:24 . 2008-12-18 20:27    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 20:17 . 2005-10-15 00:42    46,592    --a------    c:\windows\system32\hpzll43a.dll
2008-12-18 20:16 . 2005-03-14 14:03    278,584    --a------    c:\windows\system32\HPZidr12.dll
2008-12-18 20:16 . 2005-03-14 14:05    204,800    --a------    c:\windows\system32\HPZipr12.dll
2008-12-18 20:16 . 2005-03-08 13:55    94,208    --a------    c:\windows\system32\HPZipt12.dll
2008-12-18 20:16 . 2005-03-14 14:05    69,632    --a------    c:\windows\system32\HPZipm12.exe
2008-12-18 20:16 . 2005-03-14 15:39    65,536    --a------    c:\windows\system32\HPZinw12.exe
2008-12-18 20:16 . 2005-03-08 13:55    57,344    --a------    c:\windows\system32\HPZisn12.dll
2008-12-18 20:13 . 2008-12-18 20:27    110,206    --a------    c:\windows\hpoins08.dat
2008-12-18 20:13 . 2006-01-24 01:11    7,577    ---------    c:\windows\hpomdl08.dat
2008-12-18 20:12 . 2005-10-21 21:58    49,920    --a------    c:\windows\system32\drivers\HPZid412.sys
2008-12-18 20:12 . 2005-10-21 21:58    16,496    --a------    c:\windows\system32\drivers\HPZipr12.sys
2008-12-18 20:11 . 2005-10-28 17:11    614,400    --a------    c:\windows\system32\hpotscl2.dll
2008-12-18 20:11 . 2005-10-28 17:11    602,112    --a------    c:\windows\system32\hpowiax2.dll
2008-12-18 20:11 . 2005-10-28 17:11    254,026    --a------    c:\windows\system32\hpovst09.dll
2008-12-18 20:11 . 2005-09-09 17:28    98,304    --a------    c:\windows\system32\hpzjsn01.dll
2008-12-18 20:11 . 2005-03-22 06:48    77,824    --a------    c:\windows\system32\hpzids01.dll
2008-12-18 18:26 . 2008-12-18 18:26    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 17:51 . 2008-12-18 17:51    <DIR>    d--------    c:\program files\CCleaner
2008-12-18 14:14 . 2008-12-18 14:14    <DIR>    d--------    c:\program files\ERUNT
2008-12-18 14:13 . 2008-12-18 14:13    <DIR>    d--------    c:\program files\Lavasoft
2008-12-18 14:13 . 2008-12-18 14:15    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-18 12:31 . 2008-12-18 13:00    <DIR>    d--------    c:\program files\Spybot - Search & Destroy
2008-12-18 12:31 . 2008-12-19 00:45    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 04:09 . 2008-10-16 16:06    268,648    --a------    c:\windows\system32\mucltui.dll
2008-12-18 04:09 . 2008-10-16 16:06    208,744    --a------    c:\windows\system32\muweb.dll
2008-12-18 04:09 . 2008-10-16 16:06    27,496    --a------    c:\windows\system32\mucltui.dll.mui
2008-12-17 20:30 . 2008-12-17 22:11    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Contacts
2008-12-17 20:28 . 2008-12-19 17:14    <DIR>    d----c---    c:\windows\system32\DRVSTORE
2008-12-17 20:23 . 2008-12-17 20:27    <DIR>    d--------    c:\program files\Windows Live
2008-12-17 20:23 . 2008-12-17 20:26    <DIR>    d--hsc---    c:\program files\Common Files\WindowsLiveInstaller
2008-12-17 20:22 . 2008-12-18 22:49    <DIR>    d--------    c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-17 20:11 . 2008-12-17 20:11    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 18:45 . 2008-12-17 18:43    512,096    --a------    c:\windows\system32\drivers\amon.sys
2008-12-17 18:45 . 2008-12-17 18:43    298,104    --a------    c:\windows\system32\imon.dll
2008-12-17 18:45 . 2008-12-17 18:43    15,424    --a------    c:\windows\system32\drivers\nod32drv.sys
2008-12-17 18:43 . 2008-12-18 20:34    <DIR>    d--------    c:\program files\ESET
2008-12-17 17:10 . 2008-12-17 17:10    <DIR>    d--------    c:\program files\Xvid
2008-12-17 17:10 . 2008-12-04 23:42    815,104    --a------    c:\windows\system32\xvidcore.dll
2008-12-17 17:10 . 2008-12-04 23:46    180,224    --a------    c:\windows\system32\xvidvfw.dll
2008-12-17 17:10 . 2008-12-13 22:01    77,824    --a------    c:\windows\system32\xvid.ax
2008-12-17 16:42 . 2008-12-17 16:42    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-18 20:34    <DIR>    d--------    c:\program files\Malwarebytes' Anti-Malware
2008-12-17 16:41 . 2008-12-17 16:41    <DIR>    d--------    c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-17 16:41 . 2008-12-03 21:59    38,496    --a------    c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-17 16:41 . 2008-12-03 21:59    15,504    --a------    c:\windows\system32\drivers\mbam.sys
2008-12-17 16:14 . 2008-12-17 16:14    <DIR>    d--------    c:\documents and settings\Administrator\Application Data\TrojanHunter
2008-12-17 15:50 . 2008-12-17 16:16    <DIR>    d--------    c:\documents and settings\Administrator\Application Data\uTorrent
2008-12-17 15:50 . 2008-12-17 16:00    454,467,584    --a------    C:\Howard.TV.Funny.Hot.Chicks.XviD.avi
2008-12-17 15:35 . 2008-12-17 15:35    <DIR>    d--------    C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 15:10 . 2008-12-17 15:10    <DIR>    d--------    c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-12-17 14:51 . 2005-11-27 15:02    <DIR>    d--------    c:\documents and settings\Administrator\WINDOWS
2008-12-17 14:51 . 2005-11-27 15:22    <DIR>    d--------    c:\documents and settings\Administrator\Application Data\Symantec
2008-12-17 14:51 . 2005-11-27 15:03    <DIR>    d--------    c:\documents and settings\Administrator\Application Data\Intuit
2008-12-17 14:51 . 2008-12-17 14:51    <DIR>    d--------    c:\documents and settings\Administrator
2008-12-17 08:27 . 2004-08-04 02:56    159,232    --a------    c:\windows\system32\ptpusd.dll
2008-12-17 08:27 . 2004-08-04 00:58    15,104    --a------    c:\windows\system32\drivers\usbscan.sys
2008-12-17 08:27 . 2004-08-04 00:58    15,104    --a------    c:\windows\system32\dllcache\usbscan.sys
2008-12-17 08:27 . 2001-08-18 00:36    5,632    --a------    c:\windows\system32\ptpusb.dll
2008-12-17 08:23 . 2008-12-18 20:34    <DIR>    d--------    c:\program files\SUPERAntiSpyware
2008-12-17 08:23 . 2008-12-17 08:23    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 08:23 . 2008-12-17 08:23    <DIR>    d--------    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 08:22 . 2008-12-18 14:12    <DIR>    d--------    c:\program files\Common Files\Wise Installation Wizard
2008-12-16 21:24 . 2008-12-16 21:24    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 21:15 . 2007-03-07 17:51    129,784    ---------    c:\windows\system32\pxafs.dll
2008-12-16 21:15 . 2007-03-07 17:51    9,464    ---------    c:\windows\system32\drivers\cdralw2k.sys
2008-12-16 21:15 . 2007-03-07 17:51    9,336    ---------    c:\windows\system32\drivers\cdr4_xp.sys
2008-12-16 21:14 . 2008-12-19 16:59    <DIR>    d--------    c:\program files\Winamp
2008-12-16 21:14 . 2008-12-16 21:19    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 20:55 . 2008-12-18 20:34    <DIR>    d--------    c:\program files\uTorrent
2008-12-16 20:55 . 2008-12-21 14:59    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 20:50 . 2008-12-18 20:34    <DIR>    d--------    c:\program files\TrojanHunter 5.0
2008-12-15 14:50 . 2008-12-15 14:50    <DIR>    d--hs----    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\PrivacIE
2008-12-15 14:42 . 2008-12-15 14:43    <DIR>    d--h-c---    c:\windows\ie8
2008-12-13 14:01 . 2008-12-21 13:05    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 14:01 . 2008-12-13 14:01    56    --ah-----    c:\windows\system32\ezsidmv.dat
2008-12-13 13:22 . 2008-12-13 13:22    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch
2008-12-13 12:57 . 2008-12-21 15:00    <DIR>    d--------    c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skype

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-20 08:24    ---------    d-----w    c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-19 23:12    ---------    d-----w    c:\program files\QuickTime
2008-12-19 23:12    ---------    d-----w    c:\program files\Bonjour
2008-12-19 20:47    ---------    d-----w    c:\program files\Common Files\logishrd
2008-12-19 02:34    ---------    d---a-w    c:\program files\Common Files\LightScribe
2008-12-19 02:34    ---------    d-----w    c:\program files\Quicken
2008-12-19 02:34    ---------    d-----w    c:\program files\Microsoft Works
2008-12-19 02:34    ---------    d-----w    c:\program files\Google
2008-12-19 02:34    ---------    d-----w    c:\program files\Common Files\SureThing Shared
2008-12-19 02:34    ---------    d-----w    c:\program files\Common Files\Sonic Shared
2008-12-19 02:34    ---------    d-----w    c:\program files\Common Files\Skype
2008-12-19 02:34    ---------    d-----w    c:\program files\Common Files\Palo Alto Software
2008-12-19 02:16    ---------    d-----w    c:\program files\HP
2008-12-19 00:22    3,649    ----a-w    c:\windows\viassary-hp.reg
2008-12-17 22:32    ---------    d-----w    c:\program files\Symantec
2008-12-17 22:29    ---------    d-----w    c:\program files\Common Files\Symantec Shared
2008-12-17 22:26    ---------    d-----w    c:\documents and settings\All Users\Application Data\Symantec
2008-12-17 17:03    ---------    d-----w    c:\program files\Morpheus
2008-12-04 19:12    ---------    d-----w    c:\documents and settings\All Users\Application Data\Kontiki
2008-12-04 19:10    ---------    d-----w    c:\documents and settings\Compaq_Owner\Application Data\Skype
2008-12-04 19:01    ---------    d-----w    c:\documents and settings\Compaq_Owner\Application Data\ComcastToolbar
2008-12-04 18:11    ---------    d-----w    c:\documents and settings\Compaq_Owner\Application Data\skypePM
2008-12-03 22:36    ---------    d-----w    c:\documents and settings\Compaq_Owner\Application Data\Move Networks
2008-10-30 18:21    ---------    d-----w    c:\documents and settings\Compaq_Owner\Application Data\HP
2008-10-30 04:43    1,204,128    ----a-w    c:\windows\system32\drivers\AGRSM.sys
2008-10-24 11:10    453,632    ----a-w    c:\windows\system32\drivers\mrxsmb.sys
2008-09-26 23:13    55,816    ----a-w    c:\windows\agrsmdel.exe
2008-03-28 23:54    774,144    ----a-w    c:\program files\RngInterstitial.dll
2006-07-24 21:11    0    -c--a-w    c:\documents and settings\Compaq_Owner\Application Data\wklnhst.dat
2008-11-28 17:10    640,000    ----a-w    c:\program files\mozilla firefox\components\nsdcads.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-17 949376]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2008-12-03 399504]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-27 27136]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
Compaq Organize.lnk - c:\program files\Hewlett-Packard\Compaq Organize\bin\displayAgent.exe [2005-11-27 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 18:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
path=c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Start Menu\Programs\Startup\Compaq Organize.lnk
backup=c:\windows\pss\Compaq Organize.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 06:00 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-10 03:02 216520 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 13:18 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a------ 2005-09-21 11:41 1605740 c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 15:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 13:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 12:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
--a------ 1999-11-07 01:11 27136 c:\hp\bin\cloaker.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-18 18:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-08-20 01:34 1576176 c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-12-17 15424]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-08-20 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-08-20 55024]
R2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" [2008-12-17 170640]
R3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys [2008-12-17 15504]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-08-20 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-12-21 c:\windows\Tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2008-12-03 21:59]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Microsoft OCX - c:\windows\system32\fglimztkm.exe
MSConfigStartUp-Orb - c:\program files\Winamp Remote\bin\OrbTray.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/b/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla\Firefox\Profiles\ft4o9l13.default\
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/a/
FF - prefs.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - component: c:\program files\Mozilla Firefox\components\nsBrowserOpt.dll
FF - component: c:\program files\Mozilla Firefox\components\nsdcads.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll

[color=\"red\"]ATTENTION: FIREFOX POLICES IS IN FORCE [/color]
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www2.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 15:10:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2008-12-21 15:15:32 - machine was rebooted
ComboFix-quarantined-files.txt  2008-12-21 21:15:27

Pre-Run: 86,165,348,352 bytes free
Post-Run: 87,118,278,656 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

341    --- E O F ---    2008-12-20 08:24:14

13
Tech Clinic / Yoog Search (firefox+IE)
« on: December 21, 2008, 03:31:36 PM »
I did exactly as you said however YOOG SEARCH bar is still in firefox and IE. Infact it's right there as I'm typing this.

I almost feel it's impossible to remove. v___v
Also, it seems I'm still infected with something as all my google searches would be redirected to some malicious place. I have just fixed this though. However, it must have somehow snuck in since the google search problem only happened today.
This is my grandmothers computer which I'm trying to fix btw. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/happy.gif\' class=\'bbc_emoticon\' alt=\'^_^\' /> Her son had a trojan which transferred to the PC from his Sony PSP. It seems everything came from this.

The cause of the google results redirects was TDSSserv.sys. I also see some "TDS" related files in RSIT's log of 'recently created files'. hmm...

Here's the RSIT log:
(attached)

Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2008-12-21 14:26:32
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 82 GB (57%) free of 145 GB
Total RAM: 446 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:27:24 PM, on 12/21/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 5798 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Compaq_Owner.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-03-25 1047712]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-17 949376]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-12-03 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft OCX]
C:\WINDOWS\system32\fglimztkm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe [1999-11-07 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-20 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
C:\PROGRA~1\SanDisk\Common\Bin\WINCIN~1.EXE [2006-09-19 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\5577497\Program\COMPAQ~1.EXE [2005-11-27 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\DISPLA~1.EXE [2005-05-09 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:�Torrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\fglimztkm.exe"="C:\WINDOWS\system32\fglimztkm.exe:*:Enabled:Microsoft OCX"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{98d5040a-c23c-11dd-92c6-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-12-21 11:34:51 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
2008-12-20 21:40:30 ----A---- C:\WINDOWS\system32\TDSSqekn.dll
2008-12-20 21:40:26 ----A---- C:\WINDOWS\system32\TDSSrojf.dll
2008-12-20 21:40:26 ----A---- C:\WINDOWS\system32\TDSSirxy.dll
2008-12-20 21:39:42 ----A---- C:\WINDOWS\system32\TDSSktkl.dll
2008-12-19 17:14:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Apple Computer
2008-12-19 17:14:04 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2008-12-19 17:13:33 ----D---- C:\Program Files\iPod
2008-12-19 17:13:21 ----D---- C:\Program Files\iTunes
2008-12-19 17:13:21 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-19 17:11:43 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-12-19 17:11:06 ----D---- C:\Program Files\Apple Software Update
2008-12-19 17:10:27 ----D---- C:\Program Files\Common Files\Apple
2008-12-19 17:10:25 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2008-12-19 16:50:08 ----A---- C:\WINDOWS\system32\SpoonUninstall.exe
2008-12-19 16:50:04 ----D---- C:\Program Files\Illustrate
2008-12-19 16:19:48 ----D---- C:\rsit
2008-12-19 15:41:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-19 15:29:04 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 15:29:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 15:27:25 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 15:27:13 ----D---- C:\Program Files\DAEMON Tools Lite
2008-12-19 15:24:10 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 14:51:06 ----D---- C:\Program Files\LSI SoftModem
2008-12-19 14:50:02 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-19 14:44:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-19 14:41:31 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-19 14:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2008-12-19 14:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896344$
2008-12-19 14:29:59 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-19 14:29:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-19 14:29:59 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-19 05:07:47 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 05:07:38 ----D---- C:\WINDOWS\ie8updates
2008-12-18 20:47:06 ----D---- C:\Program Files\Trend Micro
2008-12-18 20:42:05 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-18 20:24:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 20:17:23 ----A---- C:\WINDOWS\system32\hpzll43a.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-18 20:16:34 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-18 20:11:06 ----A---- C:\WINDOWS\system32\hpotscl2.dll
2008-12-18 20:11:05 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2008-12-18 20:11:04 ----A---- C:\WINDOWS\system32\hpovst09.dll
2008-12-18 20:11:03 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2008-12-18 20:11:03 ----A---- C:\WINDOWS\system32\hpzids01.dll
2008-12-18 18:26:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 17:51:40 ----D---- C:\Program Files\CCleaner
2008-12-18 16:26:19 ----D---- C:\WINDOWS\ERDNT
2008-12-18 14:14:13 ----D---- C:\Program Files\ERUNT
2008-12-18 14:13:17 ----D---- C:\Program Files\Lavasoft
2008-12-18 14:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-18 12:31:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-18 12:31:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 04:09:49 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-18 04:09:49 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-18 04:09:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-17 20:28:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-17 20:23:44 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-17 20:23:04 ----D---- C:\Program Files\Windows Live
2008-12-17 20:22:08 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-17 20:11:44 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 18:45:39 ----A---- C:\WINDOWS\system32\imon.dll
2008-12-17 18:43:37 ----D---- C:\Program Files\ESET
2008-12-17 17:10:13 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-17 17:10:12 ----D---- C:\Program Files\Xvid
2008-12-17 17:10:12 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-17 17:09:47 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Sun
2008-12-17 16:42:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 16:41:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 16:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 16:25:15 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-17 15:35:14 ----D---- C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 08:27:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-17 08:27:42 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-17 08:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 08:23:09 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-17 08:23:08 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 08:22:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-17 08:22:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinRAR
2008-12-17 08:21:22 ----D---- C:\Program Files\WinRAR
2008-12-16 21:24:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-16 21:15:08 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-16 21:14:52 ----D---- C:\Program Files\Winamp
2008-12-16 21:14:52 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 20:55:39 ----D---- C:\Program Files\uTorrent
2008-12-16 20:55:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 20:50:55 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-16 20:50:54 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-15 14:42:17 ----HDC---- C:\WINDOWS\ie8
2008-12-13 21:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 21:42:53 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-13 21:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-13 21:31:16 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-13 20:26:31 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-13 14:01:46 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 13:41:43 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Help
2008-12-13 13:22:48 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch
2008-12-13 12:57:57 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skype
2008-12-11 22:25:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 22:25:35 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 22:24:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 22:24:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 20:37:51 ----D---- C:\Program Files\InterActual
2008-12-11 08:45:40 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\alot
2008-12-08 22:12:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\InterVideo
2008-12-05 08:13:19 ----D---- C:\WINDOWS\system32\en-US
2008-12-05 07:36:20 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Mozilla
2008-12-04 18:36:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Adobe
2008-12-04 14:14:17 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Macromedia
2008-12-04 14:08:33 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-12-04 14:05:40 ----ASH---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\desktop.ini
2008-12-04 14:05:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Intuit
2008-12-04 14:05:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Identities
2008-12-04 14:05:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Symantec
2008-12-04 14:05:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Real
2008-12-04 14:05:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Microsoft
2008-12-04 13:58:43 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-02 12:05:39 ----D---- C:\Program Files\Inbox Toolbar
2008-11-28 11:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2008-11-22 05:05:51 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-22 05:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-22 05:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

======List of files/folders modified in the last 1 months======

2008-12-21 14:26:33 ----D---- C:\WINDOWS\Prefetch
2008-12-21 14:23:17 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 14:09:32 ----D---- C:\WINDOWS\Tasks
2008-12-21 13:34:16 ----D---- C:\WINDOWS\Temp
2008-12-21 12:18:14 ----D---- C:\WINDOWS\system32
2008-12-21 12:17:14 ----D---- C:\WINDOWS
2008-12-21 12:15:57 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 12:15:30 ----RASH---- C:\boot. ini
2008-12-21 12:15:30 ----A---- C:\WINDOWS\win.ini
2008-12-21 12:15:30 ----A---- C:\WINDOWS\system.ini
2008-12-21 11:40:50 ----HD---- C:\WINDOWS\inf
2008-12-21 11:40:35 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 10:53:32 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-20 21:40:25 ----D---- C:\WINDOWS\system32\drivers
2008-12-20 13:04:22 ----D---- C:\WINDOWS\system32\wbem
2008-12-20 02:24:14 ----HD---- C:\Config.Msi
2008-12-20 02:24:12 ----SHD---- C:\WINDOWS\Installer
2008-12-20 02:24:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-20 02:23:19 ----D---- C:\WINDOWS\system32\dllcache
2008-12-20 02:23:18 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-20 02:20:09 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2008-12-20 02:19:52 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2008-12-20 02:17:12 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-20 02:14:06 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2008-12-19 19:30:40 ----D---- C:\Program Files
2008-12-19 17:12:44 ----D---- C:\Program Files\Bonjour
2008-12-19 17:12:13 ----D---- C:\Program Files\QuickTime
2008-12-19 17:10:27 ----D---- C:\Program Files\Common Files
2008-12-19 16:16:26 ----D---- C:\WINDOWS\system32\config
2008-12-19 15:41:23 ----D---- C:\WINDOWS\WinSxS
2008-12-19 15:40:53 ----RSD---- C:\WINDOWS\Fonts
2008-12-19 15:34:39 ----D---- C:\Program Files\Microsoft Office
2008-12-19 15:34:39 ----D---- C:\Program Files\Common Files\System
2008-12-19 15:25:11 ----D---- C:\WINDOWS\security
2008-12-19 15:11:13 ----D---- C:\WINDOWS\SHELLNEW
2008-12-19 14:56:15 ----D---- C:\WINDOWS\AppPatch
2008-12-19 14:47:46 ----D---- C:\Program Files\Common Files\logishrd
2008-12-19 14:44:52 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-12-19 14:43:57 ----D---- C:\Program Files\Windows Media Player
2008-12-19 14:43:53 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-12-19 14:42:28 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-12-19 14:37:46 ----D---- C:\WINDOWS\Help
2008-12-19 14:37:33 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-19 14:37:20 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-19 14:36:43 ----D---- C:\Program Files\Internet Explorer
2008-12-19 14:32:59 ----D---- C:\WINDOWS\system32\usmt
2008-12-18 20:42:16 ----D---- C:\WINDOWS\system
2008-12-18 20:34:43 ----D---- C:\WINDOWS\system32\Setup
2008-12-18 20:34:43 ----D---- C:\WINDOWS\system32\Restore
2008-12-18 20:34:43 ----D---- C:\WINDOWS\system32\Com
2008-12-18 20:34:43 ----D---- C:\WINDOWS\srchasst
2008-12-18 20:34:43 ----D---- C:\WINDOWS\msagent
2008-12-18 20:34:42 ----D---- C:\WINDOWS\ime
2008-12-18 20:34:42 ----D---- C:\WINDOWS\Downloaded Program Files
2008-12-18 20:34:40 ----D---- C:\Program Files\Quicken
2008-12-18 20:34:40 ----D---- C:\Program Files\Outlook Express
2008-12-18 20:34:40 ----D---- C:\Program Files\NetMeeting
2008-12-18 20:34:40 ----D---- C:\Program Files\Movie Maker
2008-12-18 20:34:40 ----D---- C:\Program Files\Microsoft Works
2008-12-18 20:34:40 ----D---- C:\Program Files\Messenger
2008-12-18 20:34:39 ----D---- C:\Program Files\Google
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\Skype
2008-12-18 20:34:39 ----D---- C:\Program Files\Common Files\Palo Alto Software
2008-12-18 20:34:39 ----AD---- C:\Program Files\Common Files\LightScribe
2008-12-18 20:30:53 ----D---- C:\WINDOWS\pss
2008-12-18 20:24:17 ----D---- C:\WINDOWS\system32\FxsTmp
2008-12-18 20:16:34 ----D---- C:\Program Files\HP
2008-12-18 17:53:03 ----D---- C:\WINDOWS\Debug
2008-12-18 14:05:13 ----A---- C:\WINDOWS\WININIT.INI
2008-12-17 20:27:20 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-17 16:32:02 ----D---- C:\Program Files\Symantec
2008-12-17 16:29:51 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-17 16:26:12 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-17 14:51:23 ----D---- C:\Documents and Settings
2008-12-17 11:03:38 ----D---- C:\Program Files\Morpheus
2008-12-15 18:04:57 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2008-12-15 18:04:45 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2008-12-15 18:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2008-12-15 18:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2008-12-15 18:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2008-12-15 18:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2008-12-15 18:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2008-12-15 18:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2008-12-15 18:03:24 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2008-12-15 18:03:08 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2008-12-15 18:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2008-12-15 18:02:46 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2008-12-15 18:02:36 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2008-12-15 18:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2008-12-15 18:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2008-12-15 18:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2008-12-15 18:01:58 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-15 18:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2008-12-15 18:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2008-12-15 18:01:25 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2008-12-15 18:01:15 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2008-12-15 18:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2008-12-15 18:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2008-12-15 18:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2008-12-15 18:00:25 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2008-12-15 17:59:50 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2008-12-15 17:59:38 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2008-12-15 17:59:27 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2008-12-15 17:59:17 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2008-12-15 17:59:08 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2008-12-15 17:58:58 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2008-12-15 17:58:50 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2008-12-15 17:58:33 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2008-12-15 17:58:23 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2008-12-15 17:58:12 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2008-12-15 17:58:02 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2008-12-15 17:57:53 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2008-12-15 17:57:43 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2008-12-15 17:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2008-12-15 17:57:20 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2008-12-15 17:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2008-12-15 17:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2008-12-15 17:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2008-12-15 17:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2008-12-15 17:56:27 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2008-12-15 17:56:15 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2008-12-15 17:56:05 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2008-12-15 17:55:55 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2008-12-15 17:55:45 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2008-12-15 17:55:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-12-15 17:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2008-12-15 17:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2008-12-15 17:54:45 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2008-12-15 17:54:34 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2008-12-15 17:54:23 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2008-12-15 17:54:13 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2008-12-15 17:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB943055$
2008-12-15 17:53:54 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2008-12-15 17:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2008-12-15 17:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2008-12-15 17:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB944653$
2008-12-15 17:53:07 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2008-12-15 15:16:18 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-15 14:47:38 ----D---- C:\WINDOWS\Media
2008-12-14 07:59:44 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-13 21:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-13 21:45:44 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-13 21:45:36 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-13 21:45:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-13 21:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-13 21:45:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-13 21:44:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-13 21:42:46 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-13 21:42:37 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-13 21:42:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-13 21:42:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-13 21:40:21 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-13 21:40:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-13 21:39:44 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-13 21:39:17 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-13 21:39:08 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-13 21:38:57 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-13 21:38:42 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-13 21:37:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-12-13 20:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-13 13:36:07 ----SHD---- C:\RECYCLER
2008-12-13 13:20:22 ----HD---- C:\hp
2008-12-13 13:14:58 ----D---- C:\WINDOWS\Registration
2008-12-13 13:14:21 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-12-13 13:14:20 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-13 13:14:14 ----HDC---- C:\WINDOWS\ie7
2008-12-13 13:13:02 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2008-12-13 13:12:50 ----HDC---- C:\WINDOWS\$NtUninstallKB953356$
2008-12-13 13:11:25 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2008-12-13 13:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-13 12:27:26 ----D---- C:\Program Files\MSN
2008-12-11 12:24:32 ----D---- C:\WINDOWS\network diagnostic
2008-12-06 12:40:59 ----D---- C:\WINDOWS\ie7updates
2008-12-04 14:08:25 ----AD---- C:\WINDOWS\system32\pcintro
2008-12-04 13:58:58 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-04 13:12:50 ----D---- C:\Documents and Settings\All Users\Application Data\Kontiki
2008-12-04 12:47:58 ----D---- C:\WINDOWS\I386
2008-12-04 12:45:27 ----D---- C:\Program Files\Windows NT
2008-12-04 12:45:12 ----D---- C:\Program Files\Common Files\Services
2008-12-04 12:44:45 ----D---- C:\WINDOWS\system32\ras
2008-12-04 12:44:43 ----D---- C:\WINDOWS\system32\oobe
2008-12-04 12:44:29 ----D---- C:\WINDOWS\system32\npp
2008-12-04 12:44:15 ----D---- C:\WINDOWS\system32\icsxml
2008-12-04 12:44:14 ----D---- C:\WINDOWS\system32\ias
2008-12-04 12:42:29 ----RD---- C:\WINDOWS\Web
2008-12-04 12:42:29 ----D---- C:\WINDOWS\addins
2008-12-04 12:42:24 ----D---- C:\WINDOWS\PeerNet
2008-12-04 12:42:08 ----D---- C:\WINDOWS\Cursors
2008-12-04 12:42:05 ----AHDC---- C:\WINDOWS\$NtUninstallKB902400$
2008-12-04 12:42:02 ----AHDC---- C:\WINDOWS\$NtUninstallKB901214$
2008-12-04 12:42:01 ----AHDC---- C:\WINDOWS\$NtUninstallKB896688$
2008-12-04 12:41:58 ----AHDC---- C:\WINDOWS\$NtUninstallKB896422$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB896358$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB893066$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB892050$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2008-12-04 12:41:57 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2008-12-04 12:41:56 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2008-12-04 12:41:55 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2008-12-04 12:41:52 ----RHD---- C:\MSOCache
2008-12-04 12:41:04 ----RSD---- C:\WINDOWS\assembly

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-12-17 15424]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-12-17 512096]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-10-29 1204128]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-29 3644928]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-13 1313792]
R3 CamDrL;Logitech QuickCam Pro 3000(CamDrl); C:\WINDOWS\system32\DRIVERS\Camdrl.sys [2007-02-03 1075360]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-03-31 27008]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 aza1nkgc;aza1nkgc; C:\WINDOWS\system32\drivers\aza1nkgc.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2008-08-26 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-13 376832]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2008-12-03 170640]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-12-17 552064]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2005-03-14 69632]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-10-23 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

-----------------EOF-----------------

14
Tech Clinic / Yoog Search (firefox+IE)
« on: December 21, 2008, 01:07:18 PM »
# Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.background-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1229094858);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1229094858);
user_pref("browser.anchor_color", "#0000FF");
user_pref("browser.display.background_color", "#C0C0C0");
user_pref("browser.display.use_system_colors", true);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.4");
user_pref("browser.visited_color", "#800080");
user_pref("extensions.enabledItems", "{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4");
user_pref("extensions.lastAppVersion", "3.0.4");
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("network.cookie.prefsMigrated", true);
user_pref("spellchecker.dictionary", "en-US");
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1231647541);

*AND userpref*

user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("keyword.enabled", true);


Second xxxdefault folder:

# Mozilla User Preferences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual change to preferences, you can visit the URL about:config
 * For more information, see http://www.mozilla.org/unix/customizing.html#prefs
 */

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1229825789);
user_pref("app.update.lastUpdateTime.background-update-timer", 1229825789);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1229825789);
user_pref("app.update.lastUpdateTime.microsummary-generator-update-timer", 1229649044);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1229838320);
user_pref("browser.download.lastDir", "C:\\Documents and Settings\\Compaq_Owner.YOUR-27E1513D96\\My Documents\\Downloads");
user_pref("browser.download.manager.alertOnEXEOpen", false);
user_pref("browser.history_expire_days.mirror", 180);
user_pref("browser.migration.version", 1);
user_pref("browser.places.importBookmarksHTML", false);
user_pref("browser.places.importDefaults", false);
user_pref("browser.places.leftPaneFolderId", -1);
user_pref("browser.places.migratePostDataAnnotations", false);
user_pref("browser.places.smartBookmarksVersion", 1);
user_pref("browser.places.updateRecentTagsUri", false);
user_pref("browser.rights.3.shown", true);
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.startup.homepage", "http://www.comcast.net/a/");
user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.5");
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.warnOnRestart", false);
user_pref("extensions.adblockplus.currentVersion", "1.0");
user_pref("extensions.enabledItems", "{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.5");
user_pref("extensions.lastAppVersion", "3.0.5");
user_pref("extensions.update.notifyUser", false);
user_pref("general.warnOnAboutConfig", false);
user_pref("intl.charsetmenu.browser.cache", "ISO-8859-1, UTF-8, ISO-8859-2, us-ascii, EUC-JP");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("network.cookie.prefsMigrated", true);
user_pref("pref.browser.homepage.disable_button.current_page", false);
user_pref("print.print_printer", "Quicken PDF Printer");
user_pref("print.printer_Quicken_PDF_Printer.print_bgcolor", false);
user_pref("print.printer_Quicken_PDF_Printer.print_bgimages", false);
user_pref("print.printer_Quicken_PDF_Printer.print_command", "");
user_pref("print.printer_Quicken_PDF_Printer.print_downloadfonts", false);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_bottom", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_left", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_right", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_edge_top", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_evenpages", true);
user_pref("print.printer_Quicken_PDF_Printer.print_footercenter", "");
user_pref("print.printer_Quicken_PDF_Printer.print_footerleft", "&PT");
user_pref("print.printer_Quicken_PDF_Printer.print_footerright", "&D");
user_pref("print.printer_Quicken_PDF_Printer.print_headercenter", "");
user_pref("print.printer_Quicken_PDF_Printer.print_headerleft", "&T");
user_pref("print.printer_Quicken_PDF_Printer.print_headerright", "&U");
user_pref("print.printer_Quicken_PDF_Printer.print_in_color", true);
user_pref("print.printer_Quicken_PDF_Printer.print_margin_bottom", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_margin_left", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_margin_right", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_margin_top", "0.5");
user_pref("print.printer_Quicken_PDF_Printer.print_oddpages", true);
user_pref("print.printer_Quicken_PDF_Printer.print_orientation", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_pagedelay", 500);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_data", 1);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_height", " 11.00");
user_pref("print.printer_Quicken_PDF_Printer.print_paper_size_type", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_size_unit", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_paper_width", "  8.50");
user_pref("print.printer_Quicken_PDF_Printer.print_reversed", false);
user_pref("print.printer_Quicken_PDF_Printer.print_scaling", "  1.00");
user_pref("print.printer_Quicken_PDF_Printer.print_shrink_to_fit", true);
user_pref("print.printer_Quicken_PDF_Printer.print_to_file", false);
user_pref("print.printer_Quicken_PDF_Printer.print_to_filename", "");
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_bottom", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_left", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_right", 0);
user_pref("print.printer_Quicken_PDF_Printer.print_unwriteable_margin_top", 0);
user_pref("security.warn_viewing_mixed", false);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1232241051);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.103", "");

userpref:
user_pref("browser.search.selectedEngine", "Yoog Search");
user_pref("keyword.URL", "http://www2.yoog.com/search.php?q=");
user_pref("keyword.enabled", true);



I have 2 xxxdefault folders within mozilla. I've also found that my google search results are now getting redirected to random ad sites. This only just started to happen. I can't believe this!!

15
Tech Clinic / Yoog Search (firefox+IE)
« on: December 19, 2008, 05:01:41 PM »
[quote name=\'guestolo\' post=\'451390\' date=\'Dec 19 2008, 04:10 PM\']Post back here the contents of that log please[/quote]

Ok. It's here:

Malwarebytes' Anti-Malware 1.31

Database version: 1512
Windows 5.1.2600 Service Pack 2

12/17/2008 4:31:42 PM
mbam-log-2008-12-17 (16-31-42).txt

Scan type: Quick Scan
Objects scanned: 60424
Time elapsed: 14 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 25
Files Infected: 59

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Starware381 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\bin (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\icons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\BrowserSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Configurator (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ErrorSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Layouts (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Manager (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_Info_Search (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_News (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\RelatedSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB4 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB5 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB6 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB7 (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Toolbar (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarLogo (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TravelSearch (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Start Menu\Antivirus 2009 (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Compaq_Owner\Local Settings\Temp\TDSSd6df.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\Starware381Config.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\Starware381Uninstall.exe (Adware.Starware) -> Quarantined and deleted successfully.
C:\Program Files\Starware381\icons\star_16.ico (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1316_button_1b_over.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\1317_button_1b_def.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindIt.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\FindItHot.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\findithotxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\finditxp.png (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logo.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\logoxp.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB40.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB50.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB60.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\buttons\TMB70.bmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\error.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Related.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\contexts\Travel.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\ProductMessagingConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\SimpleUpdateConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Starware381\SimpleUpdate\TimerManagerConfig.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Tem3A9.tmp (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\BrowserSearch\BrowserSearch.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\BrowserSearch\BrowserSearch.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Configurator\Configurator.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Configurator\Configurator.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ErrorSearch\ErrorSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ErrorSearch\ErrorSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Layouts\ToolbarLayout.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Layouts\ToolbarLayout.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Manager\ManagerOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Manager\ManagerOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_Info_Search\Music_Info_SearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_News\Music_NewsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Music_News\Music_NewsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\RelatedSearch\RelatedSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\RelatedSearch\RelatedSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB4\TMB4Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB4\TMB4Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB5\TMB5Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB5\TMB5Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB6\TMB6Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB6\TMB6Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB7\TMB7Options.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TMB7\TMB7Options.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Toolbar\TBProductsOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\Toolbar\TBProductsOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarLogo\ToolbarLogoOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarLogo\ToolbarLogoOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarSearch\ToolbarSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\ToolbarSearch\ToolbarSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TravelSearch\TravelSearchOptions.xml (Adware.Starware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Owner\Application Data\Starware381\TravelSearch\TravelSearchOptions.xml.backup (Adware.Starware) -> Quarantined and deleted successfully.

16
Tech Clinic / Yoog Search (firefox+IE)
« on: December 19, 2008, 02:25:15 PM »
Thanks for your help:

info.txt logfile of random's system information tool 1.05 2008-12-19 14:20:20

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
5 Card Slingo from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3B3B73D1-DC4A-4780-B0E4-E823D08B3397\Uninstall.exe"
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems PCI-SV92PP Soft Modem-->C:\WINDOWS\agrsmdel
AstroPop Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\997DD523-B925-4C73-970B-C201E8F781AD\Uninstall.exe"
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barnyard Invasion from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\53474592-01BC-4338-8647-FE350957D912\Uninstall.exe"
Bejeweled 2 Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D84AC71A-75E8-4709-8BA5-4B46EAC00C5E\Uninstall.exe"
Blackhawk Striker 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BFAF1EEC-E987-415B-BCB8-80CDB0BC6CDF\Uninstall.exe"
Blasterball 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\75528D5F-DD82-402E-BA7C-045B7DC6A712\Uninstall.exe"
Blasterball 2 Remix from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9D7E7CDA-051E-4B0D-8CEE-58F41F449CF9\Uninstall.exe"
Boggle Supreme from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C6D35CCA-3F9E-4B6E-A17F-409EE7379D6B\Uninstall.exe"
Bookworm Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E618FC78-EE4F-4243-8409-078EB5E0B1F6\Uninstall.exe"
Bounce Symphony from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\29FF6D07-4A15-41F1-9D5E-E0F3A58012C6\Uninstall.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chuzzle Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\9448DE42-C017-4A3E-A0BB-C50BF673E9E0\Uninstall.exe"
Compaq Connections (remove only)-->C:\WINDOWS\HPCPCUninstall-5577497\HPBWSetup.exe -appid 5577497 -uninstall
Compaq Game Console and games-->C:\Program Files\WildTangent\Apps\hpuninstall.exe
Compaq Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
Crystal Maze from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\C43D84CD-EBFC-48D3-A330-7868C8AD415A\Uninstall.exe"
Customer Experience Enhancement-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Family Feud-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BBE9E0F3-11F7-4424-9905-8E0153E872C1\Uninstall.exe"
FATE from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\85CF9BF3-1057-468C-962D-31BAABC6AC72\Uninstall.exe"
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB896344)-->"C:\WINDOWS\$NtUninstallKB896344$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe /uninstall
HP Extended Capabilities 6.1-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Imaging Device Functions 6.1-->C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential-->MsiExec.exe /X{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}
HP PSC & OfficeJet 6.1.A-->"C:\Program Files\HP\Digital Imaging\{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}\setup\hpzscr01.exe" -datfile hposcr08.dat
HP Software Update-->MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center and Imaging Support Tools 6.1-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Support Overview-->"C:\WINDOWS\unins000.exe"
Insaniquarium Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5AF1DD17-7B06-45EF-8592-2E524E458BAB\Uninstall.exe"
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
Lemonade Tycoon 2 from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\63E4EC24-7173-4E1F-9C77-B4403CBCF91F\Uninstall.exe"
Lexibox Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F05A08BF-E600-4FBD-A53A-3D47296B1275\Uninstall.exe"
Mah Jong Quest from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\422C7575-C10D-4795-87FA-9972765379E6\Uninstall.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Netscape Browser (remove only)-->"C:\Program Files\Netscape\Netscape Browser\NSUninst.exe"
NOD32 antivirus system-->C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX-->"C:\Program Files\Eset\unins000.exe"
Polar Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\05E21449-3BA3-42BF-BBDA-95205F4EA40A\Uninstall.exe"
Polar Golfer from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3330A279-CC39-4A17-AE19-DA464B26AD9A\Uninstall.exe"
Puzzle Express from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\E1A0F769-A43A-4DDB-9F73-12791E453557\Uninstall.exe"
Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Remove WeatherBug Installer-->c:\hp\bin\cloaker.exe c:\hp\bin\commands.exe /c c:\hp\bin\wbug\clean.bat
Ricochet Lost Worlds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\52AEBC18-F252-4B0C-B3E1-724537D9F873\Uninstall.exe"
SCRABBLE from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\FA6A73EB-40AB-4B58-851D-3892B3C10EF6\Uninstall.exe"
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB960714)-->"C:\WINDOWS\ie8updates\KB960714-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shooting Stars Pool from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\045C89A0-CA37-443C-8826-F750227DE69C\Uninstall.exe"
Shrek 2 Ogre Bowler from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\BBCBAA5D-AC5A-4098-A53E-EC60A68F38F9\Uninstall.exe"
Skypeâ„¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Slingo Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\F19E8CDF-5EFD-45E0-9FAF-66CBAE84B1D9\Uninstall.exe"
Snowboard SuperJam from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\8D11F98B-4931-44F6-8FC6-971CCBBBB131\Uninstall.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Super Granny from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\DE87FA96-7840-420C-86F9-33F3B7B3CED1\Uninstall.exe"
SUPERAntiSpyware Professional-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Tradewinds from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\66195170-D19D-46C5-8FB7-8A4630071ADC\Uninstall.exe"
TrojanHunter 5.0-->"C:\Program Files\TrojanHunter 5.0\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925876)-->"C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB892050-->"C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.1 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Zuma Deluxe from Compaq (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0BD36D37-C5D7-4B96-B64A-CB2C3A82EC4D\Uninstall.exe"

=====HijackThis Backups=====

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

======Hosts File======

127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com

======Security center information======

AV: ESET NOD32 antivirus system 2.70

System event log

Computer Name: YOUR-27E1513D96
Event Code: 7000
Message: The MCSTRM service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 3834
Source Name: Service Control Manager
Time Written: 20081217141812.000000-480
Event Type: error
User:

Computer Name: YOUR-27E1513D96
Event Code: 6005
Message: The Event log service was started.

Record Number: 3833
Source Name: EventLog
Time Written: 20081217141758.000000-480
Event Type: information
User:

Computer Name: YOUR-27E1513D96
Event Code: 6009
Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 3832
Source Name: EventLog
Time Written: 20081217141758.000000-480
Event Type: information
User:

Computer Name: YOUR-27E1513D96
Event Code: 6006
Message: The Event log service was stopped.

Record Number: 3831
Source Name: EventLog
Time Written: 20081217141707.000000-480
Event Type: information
User:

Computer Name: YOUR-27E1513D96
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 3830
Source Name: DCOM
Time Written: 20081217141657.000000-480
Event Type: error
User: NT AUTHORITY\SYSTEM

Application event log

Computer Name: YOUR-27E1513D96
Event Code: 36
Message:
Record Number: 1156
Source Name: ccSetMgr
Time Written: 20081217142834.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 11724
Message: Product: SymNet -- Removal completed successfully.

Record Number: 1155
Source Name: MsiInstaller
Time Written: 20081217142824.000000-480
Event Type: information
User: YOUR-27E1513D96\Compaq_Owner

Computer Name: YOUR-27E1513D96
Event Code: 2
Message:
Record Number: 1154
Source Name: SNDSrvc
Time Written: 20081217142759.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 27
Message:
Record Number: 1153
Source Name: SNDSrvc
Time Written: 20081217142758.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: YOUR-27E1513D96
Event Code: 11724
Message: Product: Norton Internet Security -- Removal completed successfully.

Record Number: 1152
Source Name: MsiInstaller
Time Written: 20081217142752.000000-480
Event Type: information
User: YOUR-27E1513D96\Compaq_Owner

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2008-12-19 14:19:48
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 119 GB (82%) free of 145 GB
Total RAM: 446 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:20:11 PM, on 12/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Compaq_Owner.exe
C:\WINDOWS\system32\imapi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4945 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Easy Internet Sign-up.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Compaq_Owner.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-11-18 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2005-11-27 1157120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"THGuard"=C:\Program Files\TrojanHunter 5.0\THGuard.exe [2008-03-25 1047712]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-12-17 949376]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-10 216520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-12-15 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-09-21 1605740]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft OCX]
C:\WINDOWS\system32\fglimztkm.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCDrProfiler]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\regcmdcons]
c:\hp\bin\cloaker.exe [1999-11-06 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-19 1576176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
C:\PROGRA~1\SanDisk\Common\Bin\WINCIN~1.EXE [2006-09-19 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
C:\PROGRA~1\COMPAQ~1\5577497\Program\COMPAQ~1.EXE [2005-11-27 36903]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
C:\PROGRA~1\Kodak\KODAKE~1\bin\EASYSH~1.EXE [2008-05-10 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner.YOUR-27E1513D96^Start Menu^Programs^Startup^Compaq Organize.lnk]
C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\DISPLA~1.EXE [2005-05-09 36864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-07-23 352256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-13 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:�Torrent"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\WINDOWS\system32\fglimztkm.exe"="C:\WINDOWS\system32\fglimztkm.exe:*:Enabled:Microsoft OCX"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe"="C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe:*:Enabled:Compaq Connections"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d435b36-e506-11d9-9b78-e6b009352ae7}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-12-19 14:19:48 ----D---- C:\rsit
2008-12-19 13:41:06 ----D---- C:\Program Files\Common Files\DESIGNER
2008-12-19 13:29:04 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools
2008-12-19 13:29:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Pro
2008-12-19 13:27:25 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2008-12-19 13:27:13 ----D---- C:\Program Files\DAEMON Tools Lite
2008-12-19 13:24:10 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\DAEMON Tools Lite
2008-12-19 12:51:06 ----D---- C:\Program Files\LSI SoftModem
2008-12-19 12:50:02 ----D---- C:\Program Files\Microsoft Silverlight
2008-12-19 12:44:31 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-19 12:41:31 ----D---- C:\WINDOWS\system32\LogFiles
2008-12-19 12:37:36 ----HDC---- C:\WINDOWS\$NtUninstallKB925876$
2008-12-19 12:32:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896344$
2008-12-19 12:29:59 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-19 12:29:59 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-19 12:29:59 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-19 03:07:47 ----A---- C:\WINDOWS\imsins.BAK
2008-12-19 03:07:38 ----D---- C:\WINDOWS\ie8updates
2008-12-18 18:47:06 ----D---- C:\Program Files\Trend Micro
2008-12-18 18:42:05 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2008-12-18 18:24:01 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\HP
2008-12-18 18:17:23 ----A---- C:\WINDOWS\system32\hpzll43a.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZisn12.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZipt12.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZipr12.dll
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZipm12.exe
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZinw12.exe
2008-12-18 18:16:34 ----A---- C:\WINDOWS\system32\HPZidr12.dll
2008-12-18 18:11:06 ----A---- C:\WINDOWS\system32\hpotscl2.dll
2008-12-18 18:11:05 ----A---- C:\WINDOWS\system32\hpowiax2.dll
2008-12-18 18:11:04 ----A---- C:\WINDOWS\system32\hpovst09.dll
2008-12-18 18:11:03 ----A---- C:\WINDOWS\system32\hpzjsn01.dll
2008-12-18 18:11:03 ----A---- C:\WINDOWS\system32\hpzids01.dll
2008-12-18 16:26:35 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Skinux
2008-12-18 15:51:40 ----D---- C:\Program Files\CCleaner
2008-12-18 14:26:19 ----D---- C:\WINDOWS\ERDNT
2008-12-18 12:14:13 ----D---- C:\Program Files\ERUNT
2008-12-18 12:13:17 ----D---- C:\Program Files\Lavasoft
2008-12-18 12:13:12 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-18 10:31:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-18 10:31:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-18 02:09:49 ----A---- C:\WINDOWS\system32\muweb.dll
2008-12-18 02:09:49 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2008-12-18 02:09:48 ----A---- C:\WINDOWS\system32\mucltui.dll
2008-12-17 18:28:25 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-17 18:23:44 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-12-17 18:23:04 ----D---- C:\Program Files\Windows Live
2008-12-17 18:22:08 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-12-17 18:11:44 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\AdobeUM
2008-12-17 16:45:39 ----A---- C:\WINDOWS\system32\imon.dll
2008-12-17 16:43:37 ----D---- C:\Program Files\ESET
2008-12-17 15:10:13 ----A---- C:\WINDOWS\system32\xvidcore.dll
2008-12-17 15:10:12 ----D---- C:\Program Files\Xvid
2008-12-17 15:10:12 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2008-12-17 15:09:47 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Sun
2008-12-17 14:42:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Malwarebytes
2008-12-17 14:41:52 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-17 14:41:52 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-17 14:25:15 ----A---- C:\WINDOWS\system32\LuResult.txt
2008-12-17 13:35:14 ----D---- C:\ESET_NOD32_v2.70.39_WIth_NOD_FIX_2.2_and_NOD-UE
2008-12-17 06:27:47 ----A---- C:\WINDOWS\system32\ptpusb.dll
2008-12-17 06:27:42 ----A---- C:\WINDOWS\system32\ptpusd.dll
2008-12-17 06:23:32 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-17 06:23:09 ----D---- C:\Program Files\SUPERAntiSpyware
2008-12-17 06:23:08 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\SUPERAntiSpyware.com
2008-12-17 06:22:27 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-17 06:22:00 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinRAR
2008-12-17 06:21:22 ----D---- C:\Program Files\WinRAR
2008-12-16 19:24:28 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\TrojanHunter
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-16 19:15:08 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-16 19:14:52 ----D---- C:\Program Files\Winamp
2008-12-16 19:14:52 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Winamp
2008-12-16 18:55:39 ----D---- C:\Program Files\uTorrent
2008-12-16 18:55:36 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\uTorrent
2008-12-16 18:50:55 ----R---- C:\WINDOWS\system32\streamhlp.dll
2008-12-16 18:50:54 ----D---- C:\Program Files\TrojanHunter 5.0
2008-12-15 12:42:17 ----HDC---- C:\WINDOWS\ie8
2008-12-13 19:44:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 19:42:53 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-13 19:38:02 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-13 19:31:16 ----N---- C:\WINDOWS\system32\xpsp3res.dll
2008-12-13 18:26:31 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-13 12:01:46 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\skypePM
2008-12-13 11:41:43 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\Help
2008-12-13 11:22:48 ----D---- C:\Documents and Settings\Compaq_Owner.YOUR-27E1513D96\Application Data\WinBatch
2008-12-13 10:57:57

17
Tech Clinic / Yoog Search (firefox+IE)
« on: December 19, 2008, 12:04:35 PM »
Hi, I've ran the following programs and deleted everything they found:

Ad-aware
MalwareBytes
Spybot S+D
NOD32 AV
SuperAntiSpyware
CC Cleaner
Trojan Hunter

They found about 300 trojans/viruses/spyware in total. I've removed them all.

However, yoog search remains in IE search/url bar and the firefox search/url bar.
I have tried deleting yoog entries from the registry and from IE's options. It still comes back.

I've reinstalled firefox twice, yet yoog still remains. I also deleted all folders from firefox after the install.

Can anyone recommend anyway to get rid of this nonsense? The only thing I can't do is reformat or re-install windows.

HiJackThis SystemScan Log:
 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 12:05:12 PM, on 12/19/2008
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v8.00 (8.00.6001.18241)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.exe
 C:\WINDOWS\system32\services.exe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\Ati2evxx.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\System32\svchost.exe
 C:\WINDOWS\system32\Ati2evxx.exe
 C:\WINDOWS\Explorer.EXE
 C:\WINDOWS\system32\spoolsv.exe
 C:\Program Files\TrojanHunter 5.0\THGuard.exe
 C:\Program Files\Eset\nod32kui.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
 C:\Program Files\Eset\nod32krn.exe
 C:\WINDOWS\system32\svchost.exe
 C:\WINDOWS\system32\wuauclt.exe
 C:\Program Files\Windows Live\Messenger\usnsvc.exe
 C:\Program Files\Mozilla Firefox\firefox.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/b/
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
 O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
 O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
 O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
 O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
 O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
 O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
 O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
 O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
 O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
 O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
 O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
 O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
 O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
 O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
 O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 --
 End of file - 5338 bytes




edit: the hijackthis system scan log is attached to this post.
<I removed the attachment as you have posted it in a replay>

Pages: [1]