Author Topic: Dvd issues (Read 1805 times)

RachelW · « **on:** May 24, 2009, 11:45:57 AM »

Hi guys,

I have a dvd-rw drive that is currently causing issues. I have a bunch of files that I want to back-up onto DVDs (rather than CDs as I need a lot of space). When I put in a DVD-RW it recognises it (i.e. next to drive D it will say DVD-RW so it knows that it is in there) and it even asks if I want to erase disc (although it is empty). The issue is when I drag files over to the D drive it will not let me. However if I take the disc out it will. If I try to write them it asks for a CD-R or CD-RW and will not accept the DVD at all. I have put in a DVD-R as well and it won't work. I have tried unchecking the CD writing box in the propertis of the drive and then it won't even open the drive at all.

It will also read DVDs no problem.

I am not sure what to do. I could copy everything onto CDs but it will be such a pain and will be many more discs to carry with me when I travel.

Thanks so much in advance for any advice given.

Rachel

guestolo · « **Reply #1 on:** May 24, 2009, 11:55:04 AM »

What is your operating system and do you have a Burning program installed?

RachelW · « **Reply #2 on:** May 24, 2009, 12:01:10 PM »

[quote name=\'guestolo\' post=\'462966\' date=\'May 24 2009, 12:55 PM\']What is your operating system and do you have a Burning program installed?[/quote]

I have windows XP. Not sure about the burning program. I once had a trial software to copy DVD movies but that is expired. I did use it and it did back-up the DVDs successfully on DVDs which subsequently played on a DVD player so it does write.

guestolo · « **Reply #3 on:** May 24, 2009, 12:23:26 PM »

I just want to get a bit more info
Have you since uninstalled that trial software program you had installed earlier?

What is the exact Make/model of DVD-RW installed>>Look in your Device manager
Right click MyComputer>>select Properties>>Hardware>>Device Manager
Expand on CD/DVD drives to get the exact name>>If you double click on the name of the drive, do you see any error codes?
Or does it say it's working properly
Any error marks in Device manager?

Also, a tad bit more info
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< and save it to your desktop.

Double click on RSIT.exe and choose to Run it
Click Continue at the disclaimer screen.
Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
Once it has finished, two logs will open: log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].

Post both those logs please

NOTE: If you get an error message trying to post the logs back here to the forum
Just post info.txt back here in a reply
And upload log.txt<<In a reply back here, choose the Browse... / UPLOAD buttons on the bottom right
Only upload the log that opens if you get an error message trying to reply with the info

RachelW · « **Reply #4 on:** May 24, 2009, 12:58:01 PM »

Hi,

The model it gives for the drive is: HL-DT-ST DVD-RW GCA-4080N

It says that it is working.

The logs are extremely long. Is there a way to put them in a text box within a post? Or is it better to attach them after all?

Thanks

RachelW · « **Reply #5 on:** May 24, 2009, 01:32:11 PM »

Okay, here are the logs:

info:
"======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->MsiExec.exe /I{5B782FFA-6A95-480D-8E0A-0954A14693D6}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-

1C3B8A06BE60}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19822917-61F6-4221-B1D0-

1C3B8A06BE60}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC

-0186D6CB7A44}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-

9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B

-E637C2FCB410}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C9F6AF4-E9D9-47FE-BE4B

-E637C2FCB410}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-

452FF877D5B9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-

452FF877D5B9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE

-71AAA693A8E2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0B5225-B59B-4D72-B3FE

-71AAA693A8E2}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763

-D32204D2563D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A9BB081B-C020-4D02-A763

-D32204D2563D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C029DB0E-C59F-417A-90F8

-88FD5B2C4AE7}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat 9 Pro - English, FranÃ§ais, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator 10 Tryout-->"C:\Program Files\InstallShield Installation Information\{0AC416C3-A600-4A98-B5E1-A629498241DB}\setup.exe"
Adobe Illustrator CS2 Tryout-->msiexec /I {AD05F1FF-F284-402D-952A-ABCA6A6063FB}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop Elements 3.0-->MsiExec.exe /I{851C67EF-068A-4060-9EF5-2E3DDCD68382}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArtIcons Pro-->"C:\Program Files\ArtIcons Pro\uninstall.exe"
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-

9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
Be a King-->"C:\Program Files\Be a King\Uninstall.exe"
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
Broadcom 802.11 Driver-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Cake Mania (remove only)-->"C:\Program Files\Yahoo! Games\Cake Mania\Uninstall.exe"
Cake Mania 3 (remove only)-->"C:\Program Files\Yahoo! Games\Cake Mania 3\Uninstall.exe"
Caligari trueSpace3.2-->"C:\Program Files\Kazaa\unins000.exe"
CamStudio-->C:\Program Files\CamStudio\uninstall.exe
Chocolatier (remove only)-->"C:\Program Files\Yahoo! Games\Chocolatier\Uninstall.exe"
Conexant AC-Link Audio-->CIAunwdm.exe
Corel Painter Essentials 2-->MsiExec.exe /X{B946D46E-1302-48B4-84EE-B74C3191D975}
CorelDRAW Graphics Suite X3-->C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4} C:\DOCUME~1

\RACHEL~1.TAV\LOCALS~1\Temp\CGSX3.log
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{63218538-4A69-497F-8455-904261B0E9E4}
Creative Removable Disk Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative ZEN V Series (R2)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}\SETUP.EXE" -l0x9 /remove
CutePDF Writer 2.7-->C:\Program Files\Acro Software\CutePDF Writer\uninscpw.exe
Diner Dash - Flo on the Go (remove only)-->"C:\Program Files\Yahoo! Games\Diner Dash - Flo on the Go\Uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DQ Tycoon-->"C:\Program Files\DQ Tycoon\Uninstall.exe"
DVD2one V2.1.3-->C:\Program Files\DVD2one V2\uninst.exe
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
Fairy Godmother Tycoon-->"C:\Program Files\Fairy Godmother Tycoon\Uninstall.exe"
Farm Frenzy 2-->"C:\Program Files\Farm Frenzy 2\Uninstall.exe"
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FishCo-->"C:\Program Files\FishCo\Uninstall.exe"
Flower Stand Tycoon (remove only)-->"C:\Program Files\Yahoo! Games\Flower Stand Tycoon\Uninstall.exe"
FontCreator 5.6-->"C:\Program Files\High-Logic\FontCreator\unins000.exe"
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
FREE Hi-Q Recorder 1.9-->"C:\Program Files\FREE Hi-Q Recorder\unins000.exe"
getPlus®_dll-->rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\inf\GETPLUSd.INF, DefaultUninstall
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Graboid Video 1.5-->C:\Program Files\Graboid\uninst.exe
Grimmâ€™s Hatchery (remove only)-->"C:\Program Files\Yahoo! Games\Grimmâ€™s Hatchery\Uninstall.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotspot Shield 1.15-->C:\Program Files\Hotspot Shield\Uninstall.exe
Hotspot_Shield Toolbar-->C:\PROGRA~1\HOTSPO~2\UNWISE.EXE C:\PROGRA~1\HOTSPO~2\INSTALL.LOG
HP Deskjet 6800-->C:\Program Files\Hewlett-Packard\Deskjet 6800 Installs\Installer\setup.exe /x
HP Deskjet 6800-->MsiExec.exe /X{92E0213D-2D81-4AC0-B9E5-BCB3AB8C2F9E}
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9
HP Pavillion zv6000 User Guides-->C:\PROGRA~1\HPQ\UNWISE.EXE C:\PROGRA~1\HPQ\INSTALL.LOG
HP Photo & Imaging 4.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Update-->MsiExec.exe /X{8C6027FD-53DC-446D-BB75-CACD7028A134}
HP Wireless Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9
Ice Cream Craze: Tycoon Takeover-->"C:\Program Files\Ice Cream Craze - Tycoon Takeover\Uninstall.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
Internet Worm Protection-->MsiExec.exe /I{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iOrgSoft Mod Converter 3.1.8-->C:\Program Files\iOrgSoft\Mod Converter\uninst.exe
Ipswitch WS_FTP Home 2007-->C:\Program Files\InstallShield Installation Information\{11DE2361-9F73-47B3-B638-2F267927E307}\setup.exe -runfromtemp -l0x0009 -removeonly
Isle of Dreams demo-->C:\WINDOWS\system32\ISLEOF~1.SCR /UNINSTALL "C:\WINDOWS\system32\Isle of Dreams demo.log"
iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(tm) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VCSetup.exe /REMOVE
LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5

-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech Print Service-->C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
LogitechÂ® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Mah Jong Tiles Deluxe-->C:\PROGRA~1\ZONE~1.COM\Mahjong\UNWISE.EXE /U C:\PROGRA~1\ZONE~1.COM\Mahjong\INSTALL.LOG
MDI2PDF 2.4-->"C:\Program Files\MDIConvertor\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Money 2005-->C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe /s:120
Microsoft Office 2000 Disc 2-->MsiExec.exe /I{00040409-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MonkeyBongo - Free SMS Now!-->C:\Program Files\MonkeyBongo\Free SMS Now!\Uninstall.exe
MonkeyBongo - Upload2Phone-->C:\Program Files\MonkeyBongo\Upload2Phone\Uninstall.exe
MonkeyJam 3_050529-->"C:\Program Files\MonkeyJam\unins000.exe"
MostFun Game Player-->MsiExec.exe /I{2BD2069A-A865-432A-86B8-1151BB0526CC}
Mozilla ActiveX Control v1.7.12-->C:\Program Files\Mozilla ActiveX Control v1.7.12\uninst.exe
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 3.5 - SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{37E31FCE-A048-4D8C-B167-31891BCF6585}\setup.exe" -l0x9
Myst III: Exile-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F05B89E-2873-11D5-9E9D-

0050DA1EA555}\setup.exe"
Mystery Case Files - Ravenhearst (remove only)-->"C:\Program Files\Yahoo! Games\Mystery Case Files - Ravenhearst\Uninstall.exe"
Myth Match (remove only)-->"C:\Program Files\Yahoo! Games\Myth Match\Uninstall.exe"
Nanny Mania 2: Goes to Hollywood-->"C:\Program Files\Nanny Mania 2 - Goes to Hollywood\Uninstall.exe"
Napster Burn Engine-->MsiExec.exe /I{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}
Napster-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BBBCAE4B-B416-

4182-A6F2-438180894A81}\setup.exe" -l0x9 -removeonly
Need2Find Bar-->rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
nik Color Efex Pro 2.0 IE-->C:\WINDOWS\unvise32.exe C:\Program Files\nik Color Efex Pro 2.0 IE\uninstal.log
Norton AntiVirus 2005 (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe /X
Norton AntiVirus 2005-->MsiExec.exe /X{C6F5B6CF-609C-428E-876F-CA83176C021B}
Norton AntiVirus Help-->MsiExec.exe /I{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}
Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309}
Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99

-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
PCI 1620 Cardbus Controller and Software-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
PDF Combine-->"C:\Program Files\PDF Combine\unins000.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Peer Points Manager-->"C:\Program Files\Altnet\Download Manager\AltnetUninstall.exe" -m
PoivY-->"C:\Program Files\PoivY.com\PoivY\unins000.exe"
PopCap Browser Plugin-->C:\Program Files\PopCap Games\PopCap Browser Plugin\Uninstall.exe
Product Key Explorer 2.1.8-->"C:\Program Files\Nsasoft\ProductKeyExplorer\unins000.exe"
Quick Launch Buttons 5.10 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealArcade-->C:\Program Files\Real\RealArcade\Update\rnuninst.exe RealNetworks|RealArcade|1.2
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{94FB906A-CF42-4128-A509-D353026A607E}\setup.exe" -l0x9 REMOVE
Rhapsody Player Engine-->MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rhapsody-->C:\PROGRA~1\Rhapsody\Unwise32.exe /A C:\PROGRA~1\Rhapsody\INSTALL.LOG
Risk (remove only)-->C:\Program Files\Yahoo! Games\Risk\uninstall.exe
RollerCoaster Tycoon-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{3EE9EB18-62AD-4F68-AD11-2DF358CBDCA2}\Setup.exe" -l0x9
RX Bar-->regsvr32.exe /u /s "C:\Program Files\RXToolBar\RXToolBar.dll"
Safecracker-->"C:\Program Files\Safecracker\Uninstall.exe"
Sally's Salon (remove only)-->"C:\Program Files\Yahoo! Games\Sally's Salon\Uninstall.exe"
Sandlot Games Client Services-->"C:\Program Files\Common Files\Sandlot Shared\unins000.exe"
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926247)-->"C:\WINDOWS\$NtUninstallKB926247$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Serif DrawPlus 4.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Serif\dp40.isu"
SMSlisto-->"C:\Program Files\SMSlisto.com\SMSlisto\unins000.exe"
Snapshot Viewer-->C:\Program Files\Snapshot Viewer\Setup\Setup.exe /T snap90.stf
SoftV90 Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C\HXFSETUP.EXE -U -Icpl30855.inf
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spa Mania-->"C:\Program Files\Spa Mania\Uninstall.exe"
SPBBC-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Squeeze Page Wizard 1.0-->"C:\Program Files\Squeeze Page Wizard\unins000.exe"
StorageSync Backup Software-->C:\Program Files\StorageSync\Uninstall.exe
Symantec Script Blocking Installer-->MsiExec.exe /I{D327AFC9-7BAA-473A-8319-6EB7A0D40138}
Symantec-->MsiExec.exe /I{228F6876-A313-40A3-91C0-C3CBE6997D09}
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
TypingMaster Pro-->"C:\Program Files\TypingMaster\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
UserGuides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{02E22217-0E96-

4C3F-B831-83AA942B7715}\setup.exe" -l0x9
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
Voipwise-->"C:\Program Files\Voipwise.com\Voipwise\unins000.exe"
Wacom Tablet-->C:\Program Files\Tablet\Wacom\Remove.exe /u
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB895316-->"C:\WINDOWS\$NtUninstallKB895316$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB884575-->C:\WINDOWS\$NtUninstallKB884575$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885855-->C:\WINDOWS\$NtUninstallKB885855$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Wonderburg-->"C:\Program Files\Wonderburg\Uninstall.exe"
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Yahoo! extras-->C:\Program Files\Yahoo!\Common\unycust.exe /S
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Yahoo! Messenger Explorer Bar-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\YHEXBM~1.DLL
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Music Jukebox-->"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\Uninstall.exe"
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
ZENcast Organizer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation

Information\{C029DB0E-C59F-417A-90F8-88FD5B2C4AE7}\setup.exe" -l0x9 /remove
Zoo Tycoon 2-->"C:\Program Files\Microsoft Games\Zoo Tycoon 2\UNINSTAL.EXE" /runtemp /uninstall

======Security center information======

AV: Norton AntiVirus 2005 (outdated)
FW: Norton Internet Worm Protection

======System event log======

Computer Name: TAVARISHKA
Event Code: 8022
Message: The browser was unable to retrieve a list of domains from the browser master \\BRONCO on the network \Device\NetBT_Tcpip_{0F26094D-2F7C-4ED0-BE31-DD1793DD0FCF}.
The data is the error code.

Record Number: 122
Source Name: BROWSER
Time Written: 20090518144733.000000-240
Event Type: warning
User:

Computer Name: TAVARISHKA
Event Code: 8022
Message: The browser was unable to retrieve a list of domains from the browser master \\BRONCO on the network \Device\NetBT_Tcpip_{0F26094D-2F7C-4ED0-BE31-DD1793DD0FCF}.
The data is the error code.

Record Number: 116
Source Name: BROWSER
Time Written: 20090518111126.000000-240
Event Type: warning
User:

Computer Name: TAVARISHKA
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\BRONCO on the network \Device\NetBT_Tcpip_{0F26094D-2F7C-4ED0-BE31-DD1793DD0FCF}.
The data is the error code.

Record Number: 115
Source Name: BROWSER
Time Written: 20090518111124.000000-240
Event Type: warning
User:

Computer Name: TAVARISHKA
Event Code: 7011
Message: Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

Record Number: 62
Source Name: Service Control Manager
Time Written: 20090517125305.000000-240
Event Type: error
User:

Computer Name: TAVARISHKA
Event Code: 8021
Message: The browser was unable to retrieve a list of servers from the browser master \\BRONCO on the network \Device\NetBT_Tcpip_{0F26094D-2F7C-4ED0-BE31-DD1793DD0FCF}.
The data is the error code.

Record Number: 29
Source Name: BROWSER
Time Written: 20090517003815.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: TAVARISHKA
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMSvcHost.exe

Record Number: 44046
Source Name: .NET Runtime Optimization Service
Time Written: 20090322112610.000000-240
Event Type:
User:

Computer Name: TAVARISHKA
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\SMDiagnostics.dll

Record Number: 44044
Source Name: .NET Runtime Optimization Service
Time Written: 20090322112607.000000-240
Event Type:
User:

Computer Name: TAVARISHKA
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\ServiceModelReg.exe

Record Number: 44042
Source Name: .NET Runtime Optimization Service
Time Written: 20090322112606.000000-240
Event Type:
User:

Computer Name: TAVARISHKA
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\Microsoft.Transactions.Bridge.Dtc.dll

Record Number: 44040
Source Name: .NET Runtime Optimization Service
Time Written: 20090322112604.000000-240
Event Type:
User:

Computer Name: TAVARISHKA
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication

Foundation\Microsoft.Transactions.Bridge.dll

Record Number: 44038
Source Name: .NET Runtime Optimization Service
Time Written: 20090322112602.000000-240
Event Type:
User:

=====Security event log=====

Computer Name: TAVARISHKA
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.

Logon Process Name: Winlogon

Record Number: 210262
Source Name: Security
Time Written: 20090516111904.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: TAVARISHKA
Event Code: 515
Message: A trusted logon process has registered with the Local Security Authority.
This logon process will be trusted to submit logon requests.

Logon Process Name: KSecDD

Record Number: 210261
Source Name: Security
Time Written: 20090516111904.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: TAVARISHKA
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\msv1_0.dll : MICROSOFT_AUTHENTICATION_PACKAGE_V1_0

Record Number: 210260
Source Name: Security
Time Written: 20090516111904.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: TAVARISHKA
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\wdigest.dll : WDigest

Record Number: 210259
Source Name: Security
Time Written: 20090516111904.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: TAVARISHKA
Event Code: 514
Message: An authentication package has been loaded by the Local Security Authority.
This authentication package will be used to authenticate logon attempts.

Authentication Package Name: C:\WINDOWS\system32\schannel.dll : Schannel

Record Number: 210258
Source Name: Security
Time Written: 20090516111904.000000-240
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common

Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 15 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
&qu

guestolo · « **Reply #6 on:** May 24, 2009, 01:48:24 PM »

Give me a chance to look over these logs please
In addition, can I see one more set of logs

As I can see you've had/have spyware installed on your computer

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

download Malwarebytes' Anti-Malware from Here or Here
Save the installer to desktop

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to [color=\"#006400\"]Update Malwarebytes' Anti-Malware[/color] and [color=\"#006400\"]Launch Malwarebytes' Anti-Malware[/color], then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

RachelW · « **Reply #7 on:** May 24, 2009, 02:01:34 PM »

Hi,

Is it necessary to delete my temp files as there are some that I have recently looked at that I need to keep. I can empty the cache and such from my options in my browser. Is this necessary to fix the issue. Also, I have a malware detector (Threatfire), which i installed after getting a bug a few months ago.

Is there another way that the issue can be fixed, or do you believe that the spyware and such is the issue?

Sorry, i just want to know before I go through all this. I have something uploading to a server right now and would be unable to start my computer for a few hours.

Thanks

Rachel

guestolo · « **Reply #8 on:** May 24, 2009, 02:08:38 PM »

skip deleting the temp files>>I don't know why you would keep needed files in a temp location
But that's your option

Please run Malwarebytes>>I like to eliminate malware/spyware, it doesn't help the situation

Quote

Sorry, i just want to know before I go through all this. I have something uploading to a server right now and would be unable to start my computer for a few hours.

Run Malwarebytes after that is complete

RachelW · « **Reply #9 on:** May 24, 2009, 02:31:39 PM »

Okay, thanks. I don't normally have temp files that I want, but someone sent me an email and I opened them and have not had a chance to save them yet and know that they are in the file...

I will run the malware detector later then...

Any ideas at this point what may be going on?

Rachel

RachelW · « **Reply #10 on:** May 24, 2009, 02:53:48 PM »

Here is the malware log:

Malwarebytes' Anti-Malware 1.36
Database version: 2175
Windows 5.1.2600 Service Pack 2

5/24/2009 3:52:26 PM
mbam-log-2009-05-24 (15-52-26).txt

Scan type: Quick Scan
Objects scanned: 99545
Time elapsed: 16 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 21
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 43

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxresult.rxresultfilter.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\setup.player.2k2 (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2ab289ae-4b90-4281-b2ae-1f4bb034b647} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2b96d5cc-c5b5-49a5-a69d-cc0a30f9028c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{35b7e48b-9d81-4c6c-9578-5fd4f620d886} (Spyware.MarketScore) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d1c4e81-a32a-416b-bcdb-33b3ef3617d3} (Adware.Need2Find) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rxtoolbar.tbinfo.1 (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\RX ToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{59879fa4-4790-461c-a1cc-4ec4de4ca483} (Adware.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\HTML (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight (Adware.RXToolbar) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSc29f.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSa718.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSb37c.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSb87d.tmp (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\store.db (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\CacheCatalog.rx (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rx.xml (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rxtoolbar.cfg (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\rxwebsearches.xsl (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\sfcont.bin (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\additional.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\additional_active.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\background.jpg (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\blue_hr_horz.GIF (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\gray_hr_horz.GIF (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\thumbtack.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\thumbtack_active.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\graphics\thumbtack_click.gif (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\HTML\content.htm (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\HTML\main.htm (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bKPack01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\bLabels01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.Key (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\CustomerSecret.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\nLabels01.sig (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.dat (Adware.RXToolbar) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecB.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\acrsecI.fon (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Rachel Walker.TAVARISHKA\Application Data\Google\mjkdpl.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TDSSa052.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\fmsymb.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\oberon_both.zip (Worm.Archive) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32a.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdu.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Hope that this can be helpful...

guestolo · « **Reply #11 on:** May 24, 2009, 03:17:55 PM »

Yes, very helpful, we removed some spyware apps. and discovered a rootkit on your computer
Let's make sure it's gone
Please move those important files out of your Temp folders so we can clear them as we found signs of malware in those folders

Download [color=\"#FF0000\"]> ATF Cleaner <[/color] by Atribune and save it to your Desktop.

Double Click on ATF-Cleaner.exe to Run it
Check the boxes to the left of:

Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
*Prefetch (Windows XP) only.
Java Cache

The rest are optional - if you want to remove the lot, check "Select All".
Finally click Empty Selected. When you get the "Done Cleaning" message, click OK.
If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit from the Main menu

Afterwards:
Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color]
[color=\"#0000FF\"]Link 2[/color]
[color=\"#FF0000\"]Save it ONLY to your Desktop[/color]

--------------------------------------------------------------------
[color=\"#2E8B57\"]Temporarily Disable your AntiVirus/AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with this tool
[/color]
NORTON ANTIVIRUS (by Symantec)
Please navigate to the system tray on the bottom right hand corner and find Norton's icon

* right-click it -> chose "Disable Auto-Protect."
* select a time duration >>> Choose at least 30 minutes to ensure it won't interfere
* click "Ok."
* a popup will warn that protection will now be disabled

PC TOOLS THREATFIRE

* Right-click on ThreatFire's icon near the clock (it's an orange flame) and select Suspend.
* When you see that the icon has turned from an orange flame to a blue icon with an orange strip in the middle, ThreatFire has been disabled temporarily.

Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will/may run again on startup, it will prompt that it's creating a log
This process could take up to 10 minutes, let it run uninterrupted please

RachelW · « **Reply #12 on:** May 24, 2009, 04:45:28 PM »

Hi,
My Threatfire started up again after the combofix restarted the computer and it caused it to lock up, but I re ran it and the report shows both runs so it should give you the info you needed.

"ComboFix 09-05-24.03 - Rachel Walker 05/24/2009 17:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.319 [GMT -4:00]
Running from: c:\documents and settings\Rachel Walker.TAVARISHKA\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\ezpinst.log
c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\inst.exe
c:\program files\Altnet
c:\program files\Altnet\DBBackup\Sigfiles.db
c:\program files\Altnet\Download Manager\altnetuninstall.exe
c:\program files\Altnet\Download Manager\asmend.exe
c:\program files\Altnet\Download Manager\asmps.dll
c:\program files\Altnet\Download Manager\dminfo3.cab
c:\program files\Altnet\Download Manager\dminstall7.cab
c:\program files\Altnet\Download Manager\dmsetup.bmp
c:\program files\Altnet\Download Manager\dmsetupbig.bmp
c:\program files\Altnet\Download Manager\jsinstall.cab
c:\program files\Altnet\Download Manager\jslegals.txt
c:\program files\Altnet\Download Manager\selectdir.txt
c:\program files\Altnet\Download Manager\selectdir1st.txt
c:\program files\Altnet\Points Manager\LocalPages\altnet.css
c:\program files\Altnet\Points Manager\LocalPages\gradient.gif
c:\program files\Altnet\Points Manager\LocalPages\local_firstuse.html
c:\program files\Altnet\Points Manager\LocalPages\local_points.html
c:\program files\Altnet\Points Manager\LocalPages\local_redeem.html
c:\program files\Altnet\Points Manager\LocalPages\local_start.html
c:\program files\Altnet\Points Manager\LocalPages\local_wallet.html
c:\program files\Altnet\Points Manager\LocalPages\notconnected.gif
c:\program files\Altnet\Points Manager\LocalPages\offline.gif
c:\program files\Altnet\Points Manager\LocalPages\pixel.gif
c:\program files\Altnet\Points Manager\Points Manager.exe.Manifest
c:\program files\Altnet\Points Manager\settings.cab
c:\program files\Altnet\Points Manager\setup.cab
c:\program files\Altnet\Points Manager\Skin\back-over.bmp
c:\program files\Altnet\Points Manager\Skin\back.bmp
c:\program files\Altnet\Points Manager\Skin\bottom.bmp
c:\program files\Altnet\Points Manager\Skin\bottomleft.bmp
c:\program files\Altnet\Points Manager\Skin\bottomright.bmp
c:\program files\Altnet\Points Manager\Skin\close-over.bmp
c:\program files\Altnet\Points Manager\Skin\close.bmp
c:\program files\Altnet\Points Manager\Skin\forward-over.bmp
c:\program files\Altnet\Points Manager\Skin\forward.bmp
c:\program files\Altnet\Points Manager\Skin\help-bottom.bmp
c:\program files\Altnet\Points Manager\Skin\help-over.bmp
c:\program files\Altnet\Points Manager\Skin\help-sel.bmp
c:\program files\Altnet\Points Manager\Skin\help-top.bmp
c:\program files\Altnet\Points Manager\Skin\help-topleft.bmp
c:\program files\Altnet\Points Manager\Skin\help-topright.bmp
c:\program files\Altnet\Points Manager\Skin\help.bmp
c:\program files\Altnet\Points Manager\Skin\Help.xml
c:\program files\Altnet\Points Manager\Skin\left.bmp
c:\program files\Altnet\Points Manager\Skin\maximise-over.bmp
c:\program files\Altnet\Points Manager\Skin\maximise.bmp
c:\program files\Altnet\Points Manager\Skin\mb_bottom.bmp
c:\program files\Altnet\Points Manager\Skin\mb_bottomleft.bmp
c:\program files\Altnet\Points Manager\Skin\mb_bottomright.bmp
c:\program files\Altnet\Points Manager\Skin\mb_left.bmp
c:\program files\Altnet\Points Manager\Skin\mb_right.bmp
c:\program files\Altnet\Points Manager\Skin\mb_top.bmp
c:\program files\Altnet\Points Manager\Skin\mb_topleft.bmp
c:\program files\Altnet\Points Manager\Skin\mb_topright.bmp
c:\program files\Altnet\Points Manager\Skin\message.xml
c:\program files\Altnet\Points Manager\Skin\minimise-over.bmp
c:\program files\Altnet\Points Manager\Skin\minimise.bmp
c:\program files\Altnet\Points Manager\Skin\points-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\points-over.bmp
c:\program files\Altnet\Points Manager\Skin\points-sel.bmp
c:\program files\Altnet\Points Manager\Skin\points.bmp
c:\program files\Altnet\Points Manager\Skin\redeem-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\redeem-over.bmp
c:\program files\Altnet\Points Manager\Skin\redeem-sel.bmp
c:\program files\Altnet\Points Manager\Skin\redeem.bmp
c:\program files\Altnet\Points Manager\Skin\refresh-over.bmp
c:\program files\Altnet\Points Manager\Skin\refresh.bmp
c:\program files\Altnet\Points Manager\Skin\right.bmp
c:\program files\Altnet\Points Manager\Skin\Sav3BD.tmp
c:\program files\Altnet\Points Manager\Skin\settings-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\settings-over.bmp
c:\program files\Altnet\Points Manager\Skin\settings-sel.bmp
c:\program files\Altnet\Points Manager\Skin\settings.bmp
c:\program files\Altnet\Points Manager\Skin\Skin.xml
c:\program files\Altnet\Points Manager\Skin\start-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\start-over.bmp
c:\program files\Altnet\Points Manager\Skin\start-sel.bmp
c:\program files\Altnet\Points Manager\Skin\start.bmp
c:\program files\Altnet\Points Manager\Skin\top.bmp
c:\program files\Altnet\Points Manager\Skin\topleft-pro.bmp
c:\program files\Altnet\Points Manager\Skin\topleft-reg.bmp
c:\program files\Altnet\Points Manager\Skin\topleft.bmp
c:\program files\Altnet\Points Manager\Skin\topright.bmp
c:\program files\Altnet\Points Manager\Skin\wallet-disabled.bmp
c:\program files\Altnet\Points Manager\Skin\wallet-over.bmp
c:\program files\Altnet\Points Manager\Skin\wallet-sel.bmp
c:\program files\Altnet\Points Manager\Skin\wallet.bmp
c:\program files\INSTALL.LOG
c:\program files\Mozilla Firefox\plugins\NPNd2fn.dll
c:\program files\Need2Find
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2PLUGIN.DLL
c:\program files\Need2Find\bar\1.bin\NPND2FN.DLL
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\00194656
c:\program files\Need2Find\bar\Cache\001947EC
c:\program files\Need2Find\bar\Cache\00196C1E
c:\program files\Need2Find\bar\Cache\00196D95
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\system32\Ijl11.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys

((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-24 19:34 . 2009-05-24 19:34   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Malwarebytes
2009-05-24 19:34 . 2009-04-06 19:32   15504   ----a-w   c:\windows\system32\drivers\mbam.sys
2009-05-24 19:33 . 2009-04-06 19:32   38496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-24 19:33 . 2009-05-24 19:33   --------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-24 19:33 . 2009-05-24 19:34   --------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2009-05-24 17:35 . 2009-05-24 17:37   --------   d-----w   c:\program files\trend micro
2009-05-24 17:35 . 2009-05-24 18:12   --------   d-----w   C:\rsit
2009-05-23 20:05 . 2009-05-23 20:05   3925567   ----a-w   c:\program files\FileZilla_3.2.4.1_win32-setup.exe
2009-05-23 19:52 . 2009-05-23 19:52   382976   ----a-w   c:\program files\wpk29.exe
2009-05-23 19:47 . 2009-05-23 19:47   --------   d-----w   c:\program files\Nsasoft
2009-05-23 19:46 . 2009-05-23 19:46   1371784   ----a-w   c:\program files\productkeyexplorer_setup.exe
2009-05-23 19:38 . 2009-05-23 19:38   --------   d-----w   c:\program files\keyfinder.2.0.1
2009-05-23 19:38 . 2009-05-23 19:38   337932   ----a-w   c:\program files\keyfinder.2.0.1.zip
2009-05-23 15:42 . 2009-05-15 19:54   65536   ----a-w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
2009-05-21 03:07 . 2009-05-21 03:07   390664   ----a-w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-14 19:01 . 2009-05-14 19:01   --------   d-----w   C:\b85cd6de1a21e97918
2009-05-09 20:10 . 2009-05-09 20:39   --------   d-----w   c:\program files\CamStudio
2009-05-09 20:10 . 2009-05-09 20:10   1364995   ----a-w   c:\program files\CamStudio20.exe
2009-05-06 02:41 . 2009-05-06 02:41   867416   ----a-w   c:\program files\SetupGamevance.exe
2009-05-04 16:18 . 2009-05-09 21:22   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\vlc
2009-05-04 16:15 . 2009-05-04 16:15   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Local Settings\Application Data\Graboid_Inc
2009-05-04 16:15 . 2009-05-04 16:17   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Local Settings\Application Data\Graboid
2009-05-04 16:15 . 2009-05-04 16:15   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\MozillaControl
2009-05-04 16:13 . 2009-05-04 16:13   --------   d-----w   c:\program files\Mozilla ActiveX Control v1.7.12
2009-05-04 16:12 . 2009-05-04 16:12   --------   d-----w   c:\program files\VideoLAN
2009-05-04 16:11 . 2009-05-04 16:13   --------   d-----w   c:\program files\Graboid
2009-05-04 16:09 . 2009-05-04 16:10   9060544   ----a-w   c:\program files\GraboidVideoSetup.exe
2009-05-02 07:56 . 2009-05-02 07:56   --------   d--h--w   c:\windows\PIF
2009-05-02 07:54 . 2009-05-02 07:54   --------   d-----w   c:\program files\7-Zip
2009-04-29 22:40 . 2009-04-29 22:42   --------   d-----w   C:\iOrgSoft Mod Converter OutPut
2009-04-29 22:29 . 2009-04-29 22:29   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\AVS4YOU
2009-04-29 22:29 . 2009-04-29 22:29   --------   d-----w   c:\documents and settings\All Users\Application Data\AVS4YOU
2009-04-29 22:26 . 2009-04-29 22:46   --------   d-----w   c:\program files\Common Files\AVSMedia
2009-04-29 22:26 . 2009-04-29 22:46   --------   d-----w   c:\program files\AVS4YOU
2009-04-29 22:18 . 2009-04-29 22:25   54364552   ----a-w   c:\program files\AVSVideoConverter.exe
2009-04-29 22:15 . 2009-04-29 22:15   --------   d-----w   c:\program files\iOrgSoft
2009-04-29 22:13 . 2009-04-29 22:15   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\GetRightToGo
2009-04-29 22:12 . 2009-04-29 22:12   366136   ----a-w   c:\program files\Download_iOrgSoftModConverter3.1.8_trial.exe
2009-04-29 20:17 . 2009-04-29 20:20   --------   d-----w   c:\program files\Safecracker
2009-04-29 19:55 . 2009-04-29 19:55   208480   ----a-w   c:\program files\bigfishgames_p39584727_s1_l1.exe
2009-04-29 18:24 . 2009-04-29 18:24   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Local Settings\Application Data\Hotspot_Shield
2009-04-29 18:16 . 2009-04-29 18:16   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Local Settings\Application Data\Conduit
2009-04-29 18:16 . 2008-06-26 18:34   11776   ----a-w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
2009-04-29 18:16 . 2008-06-26 18:34   114688   ----a-w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\npmozax.dll
2009-04-29 18:08 . 2009-04-29 18:08   --------   d-----w   c:\program files\Conduit
2009-04-29 18:08 . 2009-04-29 18:24   --------   d-----w   c:\program files\Hotspot_Shield
2009-04-29 18:07 . 2009-04-29 18:08   --------   d-----w   c:\program files\Hotspot Shield
2009-04-29 18:06 . 2009-04-29 18:06   3558198   ----a-w   c:\program files\HSS-1.15-install-anchorfree-76-conduit.zip
2009-04-27 18:28 . 2009-05-24 19:28   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\FileZilla
2009-04-27 18:27 . 2009-05-23 20:07   --------   d-----w   c:\program files\FileZilla FTP Client
2009-04-27 18:26 . 2009-04-27 18:26   3929393   ----a-w   c:\program files\FileZilla_3.2.4_win32-setup.exe
2009-04-25 20:52 . 2009-04-25 20:52   --------   d-----w   c:\windows\FOW4BJQY6DLT18GO

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 21:16 . 2009-04-11 17:56   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\WTablet
2009-05-24 21:16 . 2007-06-26 02:00   --------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2009-05-21 01:09 . 2007-05-02 01:48   --------   d--h--w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Move Networks
2009-05-20 04:02 . 2005-02-05 05:11   --------   d-----w   c:\program files\Common Files\Symantec Shared
2009-04-30 03:59 . 2009-02-23 01:37   --------   d-----w   c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-04-20 02:32 . 2009-04-10 20:19   --------   d-----w   c:\program files\Ice Cream Craze - Tycoon Takeover
2009-04-17 16:28 . 2009-04-17 16:28   390664   ----a-w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-04-16 21:03 . 2009-04-16 21:03   208480   ----a-w   c:\program files\bigfishgames_p38386682_s1_l1.exe
2009-04-16 18:54 . 2009-04-16 18:54   --------   d-----w   c:\program files\Sam's Real Estate
2009-04-16 03:24 . 2009-04-16 03:24   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\blg
2009-04-16 03:24 . 2009-04-16 03:24   --------   d-----w   c:\documents and settings\All Users\Application Data\blg
2009-04-16 02:00 . 2009-04-16 01:59   --------   d-----w   c:\program files\Spa Mania
2009-04-15 04:12 . 2009-04-15 04:12   --------   d-----w   c:\documents and settings\All Users\Application Data\Fugazo
2009-04-15 04:12 . 2009-04-15 04:08   --------   d-----w   c:\program files\FishCo
2009-04-15 04:05 . 2009-04-15 04:04   --------   d-----w   c:\program files\DQ Tycoon
2009-04-13 03:38 . 2009-04-13 03:38   --------   d-----w   c:\program files\Squeeze Page Wizard
2009-04-13 03:37 . 2009-04-13 03:37   0   ----a-w   C:\[email protected]
2009-04-12 02:08 . 2009-04-11 04:53   --------   d-----w   c:\program files\Nanny Mania 2 - Goes to Hollywood
2009-04-11 17:56 . 2005-08-11 01:54   --------   d-----w   c:\program files\Tablet
2009-04-11 17:54 . 2005-08-11 01:54   14221   ----a-w   c:\windows\system32\tablet.dat
2009-04-11 17:51 . 2009-04-11 17:50   8369448   ----a-w   c:\program files\WacomTablet_610-6.exe
2009-04-11 04:54 . 2009-04-11 04:54   --------   d-----w   c:\documents and settings\All Users\Application Data\Gogii
2009-04-10 20:46 . 2009-04-10 20:46   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\ShinyTales
2009-04-10 20:45 . 2009-04-10 20:25   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Be a King
2009-04-10 20:25 . 2009-04-10 20:25   --------   d-----w   c:\program files\Wonderburg
2009-04-10 20:21 . 2009-04-10 20:20   --------   d-----w   c:\program files\Be a King
2009-04-10 06:04 . 2009-04-10 06:04   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Softplicity
2009-04-10 06:04 . 2009-04-10 06:04   --------   d-----w   c:\program files\PDF Combine
2009-04-10 06:03 . 2009-04-10 06:03   1806722   ----a-w   c:\program files\PDFCombine_Download.exe
2009-04-08 19:32 . 2009-04-08 19:32   3991064   ----a-w   c:\program files\CutePDFEvl.exe
2009-04-07 03:36 . 2009-04-07 03:27   --------   d-----w   c:\program files\GPLGS
2009-04-07 03:35 . 2009-04-07 03:35   5254656   ----a-w   c:\program files\converter.exe
2009-04-07 03:33 . 2009-04-07 03:19   1613856   ----a-w   c:\program files\CuteWriter.exe
2009-04-03 18:18 . 2009-04-03 18:18   33256   ----a-w   c:\windows\system32\drivers\HssDrv.sys
2009-03-29 23:42 . 2005-05-13 16:03   125872   -c--a-w   c:\documents and settings\Rachel Walker.TAVARISHKA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-29 20:57 . 2005-05-12 04:31   --------   d-----w   c:\program files\Common Files\Adobe
2009-03-29 17:24 . 2008-08-03 16:14   --------   d-----w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Download Manager
2009-03-21 01:07 . 2009-03-21 01:07   2945816   ----a-w   c:\program files\dotnetfx3setup.exe
2009-03-09 15:34 . 2009-04-11 02:56   971776   ----a-w   c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
2009-03-03 18:19 . 2008-12-15 03:53   39184   ----a-w   c:\windows\system32\drivers\TfSysMon.sys
2009-03-03 18:19 . 2008-12-15 03:53   33040   ----a-w   c:\windows\system32\drivers\TfNetMon.sys
2009-03-03 18:19 . 2008-12-15 03:53   12560   ----a-w   c:\windows\system32\drivers\TfKbMon.sys
2009-03-03 18:19 . 2008-12-15 03:53   51472   ----a-w   c:\windows\system32\drivers\TfFsMon.sys
2009-03-01 18:22 . 2009-03-01 17:09   208480   ----a-w   c:\program files\bigfishgames_p34459394_s1_l1.exe
2009-02-28 00:10 . 2009-02-28 00:10   208480   ----a-w   c:\program files\bigfishgames_p34261019_s1_l1.exe
2009-02-27 01:30 . 2009-02-27 01:30   208480   ----a-w   c:\program files\bettysbeerbar_s1_l1_gF22T1L1_d450239732.exe
2009-02-26 01:25 . 2009-02-26 01:19   94398232   ----a-w   c:\program files\yahoo_cakemania3-1_tm6-3.exe
2009-02-22 14:52 . 2009-02-22 14:52   1837280   ----a-w   c:\program files\snpvw.exe
2008-12-15 03:52 . 2008-12-15 03:49   23150144   ----a-w   c:\program files\tfinstall.exe
2008-12-15 02:12 . 2008-12-15 02:12   9393928   ----a-w   c:\program files\Free-SpyHunter-Scanner-Install.exe
2008-12-08 18:01 . 2008-12-08 18:01   437168   ----a-w   c:\program files\msgr9us.exe
2008-12-08 17:57 . 2008-12-08 17:56   4127367   ----a-w   c:\program files\setuppoivy.exe
2008-12-08 17:42 . 2008-12-08 17:42   4171086   ----a-w   c:\program files\SetupSMSListo.exe
2008-12-08 17:21 . 2008-12-08 17:21   4148830   ----a-w   c:\program files\setupVoipwise.exe
2008-11-03 21:06 . 2008-11-03 21:06   607640   ----a-w   c:\program files\jxpiinstall.exe
2008-10-12 21:12 . 2008-10-12 21:11   27288880   ----a-w   c:\program files\QuickTimeInstaller.exe
2008-10-05 19:22 . 2008-10-05 19:20   35386936   ----a-w   c:\program files\yahoo_farmfrenzy2_tm6-3.exe
2008-09-28 20:05 . 2008-09-28 20:05   8906792   ----a-w   c:\program files\TypingMaster700.exe
2008-08-04 17:39 . 2008-08-04 17:11   486108144   ----a-w   c:\program files\ADBEPHSPCS3_WWE.exe
2008-06-01 19:03 . 2008-06-01 19:03   1427520   ----a-w   c:\program files\Silverlight.exe
2008-04-21 02:40 . 2008-04-21 02:40   284184   ----a-w   c:\program files\PopCapPluginInstaller_v2.exe
2008-03-10 17:28 . 2008-03-10 17:28   1462221   ----a-w   c:\program files\gifcon32.exe
2008-03-10 17:27 . 2008-03-10 17:27   3374896   ----a-w   c:\program files\vvpro.exe
2008-01-20 02:59 . 2008-01-20 02:49   83142656   ----a-w   c:\program files\AI10try.exe
2008-01-16 01:11 . 2008-01-16 01:11   111   ----a-w   c:\program files\kern_Font1.txt
2008-01-16 00:39 . 2008-01-16 00:39   6625744   ----a-w   c:\program files\FontCreatorSetup.exe
2008-01-06 19:51 . 2008-01-06 18:20   258512864   ----a-w   c:\program files\CorelDRAWGraphicsSuiteX3_dlm.exe
2007-10-08 02:06 . 2007-10-08 02:06   1906648   ----a-w   c:\program files\SetupAnyDVD6174.exe
2007-10-06 02:07 . 2007-10-06 02:07   4835008   ----a-w   c:\program files\1clickdvdcopyprosetup3.0.1.8.exe
2007-10-06 01:55 . 2007-10-06 01:55   615934   ----a-w   c:\program files\setup_dvd2one213.exe
2007-09-24 02:26 . 2007-09-24 02:25   8815464   ----a-w   c:\program files\RhapsodyHp.exe
2007-09-23 01:43 . 2007-09-23 01:42   11691880   ----a-w   c:\program files\NapsterSetup-US-NCOM-3.8.1.4.exe
2007-07-08 01:05 . 2007-07-08 01:04   15732984   ----a-w   c:\program files\Google_Earth_BZXD.exe
2007-02-19 02:00 . 2007-02-19 01:59   25998680   ----a-w   c:\program files\FSS_DP40.exe
2007-02-02 17:24 . 2007-02-02 17:24   1397331   ----a-w   c:\program files\MonkeyJam Setup 3.0b.050529.exe
2007-01-26 01:46 . 2007-01-26 01:41   20917185   ----a-w   c:\program files\ts32setup.zip
2006-11-14 01:30 . 2006-11-14 01:31   831259   ----a-w   c:\program files\installer_Upload2Phone.exe
2006-10-27 14:20 . 2006-02-01 02:35   1355912   ----a-w   c:\program files\install_flash_player.exe
2006-04-29 04:42 . 2005-06-02 01:05   36465208   -c--a-w   c:\program files\iTunesSetup.exe
2005-08-16 14:03 . 2005-08-16 14:03   5402624   -c--a-w   c:\program files\movlib12.exe
2005-07-30 01:59 . 2005-07-30 01:58   4999031   -c--a-w   c:\program files\Bc4000_00.zip
2005-07-08 19:32 . 2005-07-08 19:32   201728   -c--a-w   c:\program files\EOTM Flyer-July 2005.doc
2005-07-08 18:01 . 2005-07-08 18:01   210944   -c--a-w   c:\program files\EOTM Nominees flyer- July 2005.doc
2005-07-02 00:28 . 2005-07-02 00:27   4277840   -c--a-w   c:\program files\icq5_setup.exe
2005-06-30 23:26 . 2005-06-30 23:25   4610480   -c--a-w   c:\program files\icqpro2003b.exe
2005-06-24 03:05 . 2005-06-19 01:26   10048456   -c--a-w   c:\program files\yahoo_dinerdash_tm5-3.exe
2005-06-11 02:01 . 2005-06-11 02:01   317856   -c--a-w   c:\program files\esheep.exe
2005-05-12 17:22 . 2005-05-12 17:22   774144   -c--a-w   c:\program files\RngInterstitial.dll
2005-05-12 17:12 . 2005-05-12 17:11   8219278   -c--a-w   c:\program files\RhapsodyReal.EXE
2005-05-12 17:11 . 2005-05-12 17:09   10843680   -c--a-w   c:\program files\RealPlayer10-5GOLD_bb.exe
2005-05-12 17:10 . 2005-05-12 17:10   213920   -c--a-w   c:\program files\realarcade_W4D0.exe
2005-05-12 16:51 . 2005-05-12 16:51   4827968   -c--a-w   c:\program files\Firefox Setup 1.0.4.exe
2005-05-12 05:45 . 2005-05-12 05:35   4466776   -c--a-w   c:\program files\Install_AIM.exe
2007-10-08 02:07 . 2007-10-08 02:07   24   --sh--w   c:\windows\SE7AF1741.tmp
2008-06-17 02:48 . 2008-01-06 20:06   88   --sh--r   c:\windows\system32\9F9C63D044.sys
2008-06-17 02:48 . 2008-01-06 19:58   2828   --sha-w   c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-24_20.41.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-24 21:18 . 2009-05-24 21:18   16384 c:\windows\Temp\Perflib_Perfdata_a24.dat
+ 2009-05-24 21:16 . 2009-05-24 21:16   16384 c:\windows\Temp\Perflib_Perfdata_680.dat
+ 2009-05-24 21:16 . 2009-05-24 21:16   16384 c:\windows\Temp\Perflib_Perfdata_20c.dat
+ 2005-06-17 22:07 . 2007-07-27 13:41   26488 c:\windows\system32\spupdsvc.exe
+ 2008-04-05 16:51 . 2007-07-27 13:41   16760 c:\windows\system32\spmsg.dll
+ 2009-05-24 21:21 . 2009-05-24 21:21   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\7f9a09e9\3618fa52\upk8mpif.dll
+ 2009-05-24 21:21 . 2009-05-24 21:21   4096 c:\windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\7f9a09e9\3618fa52\ptic3y0j.dll
+ 2009-05-24 21:20 . 2009-05-24 21:21   3072 c:\windows\Microsoft.NET\Framework\v1.1.4322\Temporary ASP.NET Files\neodesk\7f9a09e9\3618fa52\enhg6e7b.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2008-06-25 03:17   1569304   ----a-w   c:\program files\Hotspot_Shield\tbHots.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-04-29 18:07   218160   ----a-w   c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [BU]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-29 700416]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-10-09 3502840]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-06 4347120]
"windpipe"="c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Google\fhexj6825097.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-04 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-04 688218]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-05-27 100056]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-03 136600]
"hpWirelessAssistant"="c:\program files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe" [2004-12-09 790528]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-11-05 233534]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-03-23 58992]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-12-22 344064]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-06-26 172032]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-08 3032576]
"AltnetPointsManager"="c:\program files\altnet\points manager\points manager.exe" [BU]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-09-25 229952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"NapsterShell"="c:\program files\Napster\napster.exe" [2007-01-12 323216]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-29 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"ThreatFire"="c:\program files\ThreatFire\TFTray.exe" [2009-03-03 263440]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]

c:\documents and settings\Rachel Walker.TAVARISHKA\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
MostFun.lnk - c:\program files\MostFun\Bin\MostFun.exe [2007-5-29 147456]
PowerReg Scheduler V3.exe [2007-10-21 225280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-14 241664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-14 53248]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-7-7 450560]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2006-2-10 106496]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2006-8-14 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\MostFun\\Bin\\MostFun.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"c:\\Program Files\\SMSlisto.com\\SMSlisto\\SMSlisto.exe"=
"c:\\Program Files\\PoivY.com\\PoivY\\PoivY.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ipswitch\\WS_FTP Home\\wsftpgui.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2082:TCP"= 2082:TCP:dwart

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [12/14/2008 11:53 PM 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [12/14/2008 11:53 PM 39184]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [10/4/2004 5:47 AM 98304]
R2 HssSrv;Hotspot Shield Helper Service;c:\program files\Hotspot Shield\HssWPR\hsssrv.exe [4/21/2009 9:12 PM 328752]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [10/4/2004 4:40 AM 118784]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [4/11/2009 1:55 PM 2749224]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service --> c:\program files\ThreatFire\TFService.exe service [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 10:04 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [5/12/2005 5:03 AM 192896]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [12/14/2008 11:53 PM 33040]
S3 HssTrayService;Hotspot Shield Tray Service;c:\program files\Hotspot Shield\bin\HssTrayService.exe [4/22/2009 5:34 PM 34352]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [4/11/2009 1:55 PM 15656]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2007-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-03-21 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Rachel Walker.job
- c:\progra~1\NORTON~1\Navw32.exe [2004-08-18 16:20]

2009-05-24 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-02-05 16:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
IE: &Viewpoint Search - c:\program files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
DPF: RaptisoftGameLoader - hxxp://real.gamehouse.com/real/games/raptisoft/raptisoftgameloader.cab
DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} - hxxp://games.bigfishgames.com/en_cooking-dash/online/CookingDashWeb.1.0.0.9.cab
FF - ProfilePath - c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.freecause.com/search?fr=freecause&ourmark=3&type=58819&p=
FF - component: c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
FF - component: c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - plugin: c:\documents and settings\Rachel Walker.TAVARISHKA\Application Data\Mozilla\Firefox\Profiles\f9y9h3vq.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvirtools.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 17:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?

?0?7?8?5?

?,?B?

???hLC?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74599CE1-6A23-5483-EB701B08F9A92206}\{E02CED0D-4BCF-9035-DBE164FDC4BAFF1D}\{4E02710B-D78F-2FB3-D08A702F3A48D363}*]
"526BA65ZPQS4U365YNAELLJ5XA1"=hex:01,00,01,00,00,00,00,00,50,bd,9f,8a,7e,a0,d0,
fa,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(936)
c:\windows\system32\Ati2evxx.dll
c:\program files\ThreatFire\TFWAH.dll
c:\program files\ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(992)
c:\program files\ThreatFire\TFWAH.dll

- - - - - - - > 'explorer.exe'(5292)
c:\program files\ThreatFire\TFWAH.dll
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-24 17:42
ComboFix-quarantined-files.txt 2009-05-24 21:42

Pre-Run: 13,251,145,728 bytes free
Post-Run: 13,238,345,728 bytes free

472 --- E O F --- 2009-05-23 22:47"

Hope that this helps. Thanks so much.

guestolo · « **Reply #13 on:** May 24, 2009, 05:01:07 PM »

Your Norton AntiVirus appears to be really outdated
Does it still update? Is there any part of Symantec's that you still use?
I also see other software needing updating to help secure this computer

In addition: Can you do the following
Navigate to the following folder
C:\Program Files\trend micro
Open it, inside look for Either Hijackthis.exe or Rachel Walker.exe
Right click on either one and select SEND TO>>Desktop (Create Shortcut)

Then from the Shortcut on desktop
Double click to run Hijackthis.exe
Hijackthis v2.0.2 will open

Under Main Menu, Select
Do a system scan and save a Log file
A log will open in Notepad
Copy and Paste the Whole log back here to the forum-

RachelW · « **Reply #14 on:** May 24, 2009, 05:05:37 PM »

Will do. I know that let the Norton slip. I will not be using this computer for over a year after Tuesday and really just need to back-up the files on DVD and that is my main priority right now. Do you have any ideas on why the DVD is not working properly?

I will send the log in a few minutes.

RachelW · « **Reply #15 on:** May 24, 2009, 05:07:28 PM »

Log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:50 PM, on 5/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\ThreatFire\TFService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Napster\napster.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MostFun\Bin\MostFun.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\trend micro\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1561552
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files\Hotspot_Shield\tbHots.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [StrgSync.exe] C:\Program Files\StorageSync\StrgSync.exe -w
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [windpipe] "C:\Documents and Settings\Rachel Walker.TAVARISHKA\Application Data\Google\fhexj6825097.exe" 2
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MostFun.lnk = C:\Program Files\MostFun\Bin\MostFun.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2000\Office\OSA9.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q105&bd=pavilion&pf=laptop
O16 - DPF: RaptisoftGameLoader - http://real.gamehouse.com/real/games/rapti...tgameloader.cab
O16 - DPF: {195B4BBF-E1E4-4020-9773-0A8C6F65EA35} (CPlayFirstCookingDasControl Object) - http://games.bigfishgames.com/en_cooking-d...Web.1.0.0.9.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Windows Presentation Foundation Font Cache 3.0.0.0 (FontCache3.0.0.0) - Unknown owner - C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (file missing)
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\hpbpro.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\hpboid.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: Hotspot Shield Helper Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 18191 bytes

guestolo · « **Reply #16 on:** May 24, 2009, 05:22:54 PM »

Quote

Will do. I know that let the Norton slip. I will not be using this computer for over a year after Tuesday and really just need to back-up the files on DVD and that is my main priority right now. Do you have any ideas on why the DVD is not working properly?

I will send the log in a few minutes.

Well, this is a tough call, anything, from a registry change, to stuff running in the background
So it's tough to say exactly what is causing the problem, all I know is there a small bit of cleaning to do
but we won't know if malware is causing the issue, if we aren't positive your clean

On that note: When you do go to use it again, reinfection is probably going to happen, will it effect your burning sotware, possibly

You can pull the Harddrive out of it and slave it to another computer if this is a desktop computer
that will make for easy transfer
Have you tried your burner again?
Have you tried Roxio to burn your data?
You have it installed, I would try other free software, but your computer may need updating

RachelW · « **Reply #17 on:** May 24, 2009, 05:29:38 PM »

It won't work... It is a laptop. When I get back I will be cleaning a lot of files out and then upgrading the virus protection. In the meantime I will link my computer to the desktop and burn from there.

Thanks for all your time and help.

Sincerely

Rachel

guestolo · « **Reply #18 on:** May 26, 2009, 04:44:05 PM »

Thanks for letting me know the route your taking
I'll lock this topic as you found alternative measures

On a side note: After years time, if you do want to clean this computer, why not pop back in
We can ensure the computer is clean and get some software on there to help ensure it stays that way
Unless you choose to Clean install the system and start from scratch

News:

Author Topic: Dvd issues (Read 1805 times)