Options

url.urtbk.com

I keep getting this pop up every time i log on to the internet. I am also getting a notification on the lower left hand of my screen "THIS ADVERTISEMENT BROUGHT TO YOU BY SWELL ADS FOR YOU". (pardon the CAPS). what do i do and how do i fix it? It is obvious that it is sneaky cause it got passed my webroot software and I have been lucky to catch jut about everything with it.

Smitty

Comments

  • edited August 2009
    Please note that all instructions given are customised for this computer only,
    the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post a log in the HJT forum and wait for help.


    Hello and welcome to the forums

    My name is Katana and I will be helping you to remove any infection(s) that you may have.

    Please observe these rules while we work:
    1. Please Read All Instructions Carefully
    2. If you don't understand something, stop and ask! Don't keep going on.
    3. Please do not run any other tools or scans whilst I am helping you
    4. Failure to reply within 5 days will result in the topic being closed.
    5. Please continue to respond until I give you the "All Clear"
      (Just because you can't see a problem doesn't mean it isn't there)

    If you can do those few things, everything should go smoothly laechel.gif

    Some of the logs I request will be quite large, You may need to split them over a couple of replies.

    Please Note, your security programs may give warnings for some of the tools I will ask you to use.
    Be assured, any links I give are safe






    Download and Run RSIT
    • Please download Random's System Information Tool by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open:
      • log.txt will be opened maximized.
      • info.txt will be opened minimized.
    • Please post the contents of both log.txt and info.txt.
      ( They can also be found in the C:\RSIT folder )




    Please Download GMER to your desktop

    Download GMER and extract it to your desktop.

    ***Please close any open programs ***

    Double-click gmer.exe. The program will begin to run.

    Note:- If GMER doesn't run, please Reboot and then rename gmer.exe to Look.exe and try again

    **Caution**
    These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst


    If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
    • Click Yes.
    • Once the scan is complete, you may receive another notice about rootkit activity.
    • Click OK.
    • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

    If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
    • Click the Scan button and let the program do its work. GMER will produce a log.
    • Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.


    DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

    Please post the results from the GMER scan in your reply.
  • edited August 2009
    info.txt logfile of random's system information tool 1.06 2009-08-11 19:37:10
    ======Uninstall list======
    Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
    -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    -->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
    3ivx MPEG-4 5.0.3 (remove only)-->"C:\Program Files\3ivx\3ivx MPEG-4 5.0.3\uninstaller.exe"
    Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
    Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
    Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
    Agere Systems HDA Modem-->agrsmdel
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Catalyst Control Center-->MsiExec.exe /I{53F7CF45-718B-41C3-9581-3DB1AFAF18BB}
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
    Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
    Dream Aquarium-->"C:\Program Files\Dream Aquarium\UnInstall.exe"
    DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
    FlipShare-->MsiExec.exe /X{7732DA71-2FB6-5C99-D0D9-58A2DB360895}
    Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
    Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    HP Customer Participation Program 10.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
    HP Document Manager 1.0-->C:\Program Files\HP\Digital Imaging\DocumentManager\hpzscr01.exe -datfile hpqbud18.dat
    HP Imaging Device Functions 10.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
    HP Officejet All-In-One Series-->C:\Program Files\HP\Digital Imaging\{67335AB1-6341-4f87-A5B4-7FA92CEB77A4}\setup\hpzscr01.exe -datfile hpwscr20.dat -forcereboot
    HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
    HP Smart Web Printing-->C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpzscr01.exe -datfile hpqbud15.dat
    HP Solution Center 10.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
    HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
    Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    KTP Ware PS/2-WDM 3.0.2.2-->rundll32.exe "C:\Program Files\Elantech\KTUninst.DLL",KTech_Uninstall 0
    LimeWire 5.1.4-->"C:\Program Files\LimeWire\uninstall.exe"
    MediaShow 3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
    Microsoft .NET Framework 1.0 Hotfix (KB887998)-->"C:\WINDOWS\$NtUninstallKB887998$\spuninst\spuninst.exe"
    Microsoft .NET Framework 1.0 Hotfix (KB930494)-->"C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe"
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
    mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
    MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    MSXML 4.0 SP2 and SOAP Toolkit 3.0-->MsiExec.exe /I{32343DB6-9A52-40C9-87E4-5E7C79791C87}
    O2Micro Flash Memory Card Windows Driver-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{3BB2AA79-6623-48F4-B288-0CE1C88D40D6} /l1033
    OCR Software by I.R.I.S. 10.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
    Palm Desktop by ACCESS-->MsiExec.exe /X{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}
    Philips PC Camera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}\setup.exe" -l0x9 -removeonly
    Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
    PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
    PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
    QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
    Ralink Wireless LAN Card-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAB1F336-1B7C-4057-A7BC-2922CD82A781}\setup.exe" -l0x9 -removeonly
    RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
    Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
    Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
    Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
    Shop for HP Supplies-->C:\Program Files\HP\Digital Imaging\HPSSupply\hpzscr01.exe -datfile hpqbud16.dat
    Skypeâ„¢ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Spy Sweeper Core-->MsiExec.exe /I{3F5B6210-0903-4DC6-8034-8F488AA3A782}
    SwellAdsForYou-->C:\Program Files\SwellAdsForYou\uninstall.exe uninstall=swelladsforyou
    Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
    Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Webroot Internet Security Essentials-->"C:\Program Files\Webroot\WebrootSecurity\unins000.exe" /Log="C:\DOCUME~1\Ry\LOCALS~1\Temp\Uninstall.txt"
    Windows Driver Package - Agere Systems (AGR1310_51) Net (07/20/2005 1.2.8.0)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\agr1310_ABEB23BDB9B2A7A297704F66CE8EC255583FBC0A\agr1310.inf
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
    Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
    Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
    Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
    Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
    Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
    Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
    Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
    Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
    Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
    Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
    Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe
    ======Security center information======
    AV: Webroot Internet Security Essentials (disabled)
    FW: Webroot Internet Security Essentials (disabled)
    ======System event log======
    Computer Name: SMITTY
    Event Code: 8003
    Message: The master browser has received a server announcement from the computer AMANDA-KBP
    that believes that it is the master browser for the domain on transport NetBT_Tcpip_{B07AE365-FBB1-49D.
    The master browser is stopping or an election is being forced.
    Record Number: 939
    Source Name: MRxSmb
    Time Written: 20090607133450.000000-420
    Event Type: error
    User:
    Computer Name: SMITTY
    Event Code: 1003
    Message: Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0013D370A659. The following
    error occurred:
    The operation was canceled by the user.
    .
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Record Number: 922
    Source Name: Dhcp
    Time Written: 20090607123943.000000-420
    Event Type: warning
    User:
    Computer Name: SMITTY
    Event Code: 1003
    Message: Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0013D370A659. The following
    error occurred:
    The operation was canceled by the user.
    .
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Record Number: 921
    Source Name: Dhcp
    Time Written: 20090606213147.000000-420
    Event Type: warning
    User:
    Computer Name: SMITTY
    Event Code: 1003
    Message: Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0013D370A659. The following
    error occurred:
    The operation was canceled by the user.
    .
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Record Number: 919
    Source Name: Dhcp
    Time Written: 20090606213146.000000-420
    Event Type: warning
    User:
    Computer Name: SMITTY
    Event Code: 1003
    Message: Your computer was not able to renew its address from the network (from the
    DHCP Server) for the Network Card with network address 0013D370A659. The following
    error occurred:
    The operation was canceled by the user.
    .
    Your computer will continue to try and obtain an address on its own from
    the network address (DHCP) server.
    Record Number: 906
    Source Name: Dhcp
    Time Written: 20090606180812.000000-420
    Event Type: warning
    User:
    =====Application event log=====
    Computer Name: SMITTY
    Event Code: 1517
    Message: Windows saved user SMITTY\Ry registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

    This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
    Record Number: 505
    Source Name: Userenv
    Time Written: 20090715031155.000000-420
    Event Type: warning
    User: NT AUTHORITY\SYSTEM
    Computer Name: SMITTY
    Event Code: 1524
    Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.

    Record Number: 504
    Source Name: Userenv
    Time Written: 20090715031154.000000-420
    Event Type: warning
    User: SMITTY\Ry
    Computer Name: SMITTY
    Event Code: 1000
    Message: Faulting application hpqtra08.exe, version 100.0.170.0, faulting module hpqusg.dll, version 100.0.170.0, fault address 0x00026418.
    Record Number: 493
    Source Name: Application Error
    Time Written: 20090713170449.000000-420
    Event Type: error
    User:
    Computer Name: SMITTY
    Event Code: 1000
    Message: Faulting application yahoowidgets.exe, version 4.5.2.0, faulting module yahoowidgets.exe, version 4.5.2.0, fault address 0x001644f7.
    Record Number: 446
    Source Name: Application Error
    Time Written: 20090707053840.000000-420
    Event Type: error
    User:
    Computer Name: SMITTY
    Event Code: 1002
    Message: Hanging application YahooMessenger.exe, version 9.0.0.2162, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
    Record Number: 439
    Source Name: Application Hang
    Time Written: 20090705225857.000000-420
    Event Type: error
    User:
    ======Environment variables======
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;;C:\Program Files\Common Files\HP\Digital Imaging\\bin;C:\Program Files\QuickTime\QTSystem\
    "windir"=%SystemRoot%
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2402
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
    EOF
  • edited August 2009
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Ry at 2009-08-11 19:36:47
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 66 GB (69%) free of 95 GB
    Total RAM: 895 MB (20% free)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:37:06 PM, on 8/11/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Elantech\ktp3.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Google\Google Talk\googletalk.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Ry\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Ry\Desktop\RSIT.exe
    C:\Program Files\trend micro\Ry.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hulu.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: SwellAdsForYou - {D35DA2A5-1D09-03BB-FE6E-C569BE05CFA0} - C:\Program Files\SwellAdsForYou\SwellAdsForYou.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] "AGRSMMSG.exe"
    O4 - HKLM\..\Run: [KTPWare] "C:\Program Files\Elantech\ktp3.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
    O4 - HKLM\..\Run: [ITSecMng] "C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SansaDispatch] "C:\Documents and Settings\Ry\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142030008515
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    --
    End of file - 11401 bytes
    ======Scheduled tasks folder======
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{31FDEADB-9B50-4061-A109-468FFA26BB3E}.job
    C:\WINDOWS\tasks\wrSpySweeper_L0A3A3023BD534D71A3AC6C6FAA5B3E25.job
    C:\WINDOWS\tasks\wrSpySweeper_L8FC8C709ADD64893B7244573A763B574.job
    C:\WINDOWS\tasks\wrSpySweeper_LBCA4E910EA1C49CEB497CB0A19A90570.job
    ======Registry dump======
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
    HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-18 312928]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-26 320920]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-26 259696]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-26 668656]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-26 470512]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D35DA2A5-1D09-03BB-FE6E-C569BE05CFA0}]
    SwellAdsForYou - C:\Program Files\SwellAdsForYou\SwellAdsForYou.dll [2009-07-23 155136]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-26 34816]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-26 73728]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
    HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-26 259696]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-04 50176]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-08-24 88203]
    "KTPWare"=C:\Program Files\Elantech\ktp3.exe [2006-01-18 258048]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
    "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
    "ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
    "HotSync"=C:\Program Files\PalmSource\Desktop\HotSync.exe -AllUsers []
    "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-18 198160]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
    "Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-06-26 68592]
    "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-26 136600]
    "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
    "SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-13 6345840]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2005-09-16 2048093]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]
    "Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
    "SansaDispatch"=C:\Documents and Settings\Ry\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [2009-06-13 79872]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\Ry\Start Menu\Programs\Startup
    LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
    Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-01-18 48128]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
    "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f51564d1-728d-11de-b33f-001bdc000d86}]
    shell\AutoRun\command - F:\Setup_FlipShare.exe
    shell\Setup FlipShare\command - F:\Setup_FlipShare.exe

    ======List of files/folders created in the last 1 months======
    2009-08-11 19:36:47 ----D---- C:\rsit
    2009-08-11 19:36:47 ----D---- C:\Program Files\trend micro
    2009-07-24 13:59:16 ----D---- C:\Documents and Settings\Ry\Application Data\Apple Computer
    2009-07-23 20:11:15 ----HD---- C:\WINDOWS\PIF
    2009-07-23 20:11:15 ----D---- C:\Program Files\SwellAdsForYou
    2009-07-18 10:58:47 ----D---- C:\Program Files\3ivx
    2009-07-18 10:58:13 ----D---- C:\Program Files\Pure Digital Technologies
    2009-07-18 10:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
    2009-07-16 21:54:34 ----D---- C:\Program Files\Dream Aquarium
    2009-07-15 03:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
    2009-07-15 03:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
    2009-07-15 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
    2009-07-13 20:09:33 ----A---- C:\WINDOWS\system32\hidserv.dll
    2009-07-12 11:36:12 ----D---- C:\WINDOWS\Sun
    ======List of files/folders modified in the last 1 months======
    2009-08-11 19:36:53 ----D---- C:\Documents and Settings\Ry\Application Data\LimeWire
    2009-08-11 19:36:47 ----RD---- C:\Program Files
    2009-08-11 19:35:08 ----D---- C:\WINDOWS\Temp
    2009-08-11 19:34:36 ----D---- C:\WINDOWS\Prefetch
    2009-08-11 19:30:46 ----D---- C:\Documents and Settings\Ry\Application Data\Skype
    2009-08-11 19:25:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-11 18:19:35 ----D---- C:\WINDOWS
    2009-08-09 22:15:31 ----D---- C:\Documents and Settings\Ry\Application Data\skypePM
    2009-08-09 22:14:18 ----HD---- C:\WINDOWS\inf
    2009-08-09 22:13:55 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
    2009-08-09 01:50:36 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-07-29 16:05:46 ----D---- C:\WINDOWS\system32
    2009-07-29 14:40:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-07-29 14:40:30 ----D---- C:\Program Files\Internet Explorer
    2009-07-29 14:39:21 ----HD---- C:\WINDOWS\$hf_mig$
    2009-07-29 14:38:46 ----HD---- C:\Config.Msi
    2009-07-29 14:38:44 ----SHD---- C:\WINDOWS\Installer
    2009-07-29 14:38:42 ----D---- C:\WINDOWS\WinSxS
    2009-07-28 18:56:02 ----D---- C:\Program Files\Palm
    2009-07-28 18:54:44 ----A---- C:\additdiag.txt
    2009-07-25 12:42:54 ----A---- C:\WINDOWS\win.ini
    2009-07-23 20:11:15 ----D---- C:\Program Files\Windows Media Player
    2009-07-21 21:08:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-21 21:06:49 ----D---- C:\WINDOWS\system32\drivers
    2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-19 06:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-15 03:03:03 ----A---- C:\WINDOWS\imsins.BAK
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2009-06-18 108296]
    R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-10 20747]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-08-24 1120352]
    R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver; C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys [2005-09-06 70144]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-18 1419264]
    R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
    R3 Ktp3;Elantech TouchPad; C:\WINDOWS\system32\DRIVERS\Ktp3.sys [2006-01-18 24704]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-11-24 495104]
    R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
    S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-03-25 131712]
    S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
    S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
    S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
    S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
    S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-18 405504]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2004-08-04 84992]
    R2 FlipShare Service;FlipShare Service; C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe [2008-11-13 439616]
    R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-26 152984]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2006-01-18 36864]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-04-21 4048240]
    R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-06-18 1205760]
    R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    EOF
  • edited August 2009
    Do you have the GMER log ?
  • edited August 2009
    yes
  • edited August 2009
    Do you plan on posting it so that I can see it ?
  • edited August 2009
    sorry yes i will this evening...
  • edited August 2009
    GMER 1.0.15.15020 [gmer.exe] - http://www.gmer.net
    Rootkit scan 2009-08-15 01:27:12
    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.15 ----
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwAdjustPrivilegesToken [0xED8FD820]
    SSDT 84B80A80 ZwAllocateVirtualMemory
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwConnectPort [0xED8FDD10]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateFile [0xED8FC4B0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateKey [0xED8FD480]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreatePort [0xED8FE0C0]
    SSDT 84B80FA8 ZwCreateProcess
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateProcessEx [0xED8FEA50]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateSection [0xED8FE320]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateThread [0xED8FE620]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDebugActiveProcess [0xED8FCF60]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteKey [0xED8FADD0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeleteValueKey [0xED8FAF60]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDeviceIoControlFile [0xED8FD090]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenFile [0xED8FC7C0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenProcess [0xED8FB140]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenSection [0xED8FCA70]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenThread [0xED8FD6B0]
    SSDT 84B80AF8 ZwQueueApcThread
    SSDT 84B80990 ZwReadVirtualMemory
    SSDT 84BCC0A8 ZwRenameKey
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwResumeThread [0xED8FB400]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSecureConnectPort [0xED8FDEE0]
    SSDT 84B80BE8 ZwSetContextThread
    SSDT 84B780A8 ZwSetInformationKey
    SSDT 84B80E40 ZwSetInformationProcess
    SSDT 84B80C60 ZwSetInformationThread
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSetValueKey [0xED8FAC00]
    SSDT 84B80DC8 ZwSuspendProcess
    SSDT 84B80B70 ZwSuspendThread
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateProcess [0xED8FAAB0]
    SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwTerminateThread [0xED8FB2C0]
    SSDT 84B80A08 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!ZwCallbackReturn + 23E4 805012D4 12 Bytes [C0, E0, 8F, ED, A8, 0F, B8, ...] {SHL AL, 0x8f; IN EAX, DX; TEST AL, 0xf; MOV EAX, 0x8fea5084; IN EAX, DX}
    .text ntkrnlpa.exe!ZwCallbackReturn + 2680 80501570 4 Bytes CALL 28D4CD80
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe[2868] kernel32.dll!CreateThread + 1A 7C810661 4 Bytes CALL 00450771 C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Spy Sweeper Client Executable/Webroot Software, Inc.)
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5288] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 00017DB0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 000169B0 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5288] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00016000 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5288] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00016960 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    .text C:\Program Files\Webroot\WebrootSecurity\SSU.EXE[5288] kernel32.dll!VirtualFree 7C809AF4 5 Bytes JMP 00016990 C:\Program Files\Webroot\WebrootSecurity\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
    ---- Kernel IAT/EAT - GMER 1.0.15 ----
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 84B807B8
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 84B807B8
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 84B807B8
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 84B807B8
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 84B807B8
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] 84B807B8
    IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 84B808B0
    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 84B807B8
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    Device \Driver\Tcpip \Device\Ip 844489A0
    AttachedDevice \Driver\Tcpip \Device\Ip pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    Device \Driver\Tcpip \Device\Tcp 844489A0
    AttachedDevice \Driver\Tcpip \Device\Tcp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    Device \Driver\Tcpip \Device\Udp 844489A0
    AttachedDevice \Driver\Tcpip \Device\Udp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    Device \Driver\Tcpip \Device\RawIp 844489A0
    AttachedDevice \Driver\Tcpip \Device\RawIp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
    Device \Driver\Tcpip \Device\IPMULTICAST 844489A0
    AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    ---- EOF - GMER 1.0.15 ----
  • edited August 2009
    Information

    IMPORTANT
    I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

    LimeWire 5.1.4
    I'd like you to read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.

    Also available here.

    My recommendation is you go to Control Panel > Add/Remove Programs and uninstall any P2P programs
    Please note: you must NOT use any P2P whilst we are cleaning your machine.




    Step 1

    Remove Programs

    Now click Start---Control Panel. Double click Add or Remove Programs.
    If any of the following programs are still listed there, click on the program to highlight it, and click on remove.
    • SwellAdsForYou
    Now close the Control Panel.



    Step 2

    Malwarebytes' Anti-Malware

    Please download Malwarebytes' Anti-Malware to your desktop.

    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to
      • Update Malwarebytes' Anti-Malware
      • and Launch Malwarebytes' Anti-Malware
    • then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If requested, please reboot
      • If you accidently close it, the log file is saved here and will be named like this:
      • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt




    Step 3


    Fix With HJT

    Close all other windows and then start HiJack This
    Click Do A System Scan Only
    When it has finished scanning put a check next to the following lines IF still present
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SwellAdsForYou - {D35DA2A5-1D09-03BB-FE6E-C569BE05CFA0} - C:\Program Files\SwellAdsForYou\SwellAdsForYou.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    - Close ALL open windows (especially Internet Explorer!)-
    Now click Fix checked
    Click yes to any prompts
    Close HijackThis




    Logs/Information to Post in Reply
    Please post the following logs/Information in your reply
    Some of the logs I request will be quite large, You may need to split them over a couple of replies.
    • MalwareBytes Log
    • A Fresh RSIT Log
    • How are things running now ?








    Additional Notes



    Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

    Please download Java SE Runtime Environment (JRE) . ( don't install it yet )
    • Scroll down to where it says "Java SE Runtime Environment (JRE)".
    • Click the "Download" button to the right.
      • Platform = Windows
      • Language = Multi Language
    • Check the box that says: "Accept License Agreement".
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.


    Now download JavaRa and unzip it to your desktop.

    ***Please close any instances of Internet Explorer (or other web browser) before continuing!***

    • Double-click on JavaRa.exe to start the program.
    • From the drop-down menu, choose English and click on Select.
    • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
    • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
    • A logfile will pop up. Please save it to a convenient location.


    Now install the Java SE Runtime Environment (JRE) package you downloaded
    (it comes with a toolbar pre-selected, so make sure you uncheck the box)

    You can delete JavaRa (zip and exe)
  • edited August 2009
    Malwarebytes' Anti-Malware 1.40
    Database version: 2551
    Windows 5.1.2600 Service Pack 2
    8/15/2009 2:33:55 PM
    mbam-log-2009-08-15 (14-33-55).txt
    Scan type: Full Scan (C:\|)
    Objects scanned: 163286
    Time elapsed: 34 minute(s), 27 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    (No malicious items detected)
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
  • edited August 2009
    The HijackThis is which of the programs you had me download?
  • edited August 2009
    C:\Program Files\trend micro\HijackThis.exe ( or Ry.exe )
  • edited August 2009
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by Ry at 2009-08-15 16:27:08
    Microsoft Windows XP Professional Service Pack 2
    System drive C: has 66 GB (69%) free of 95 GB
    Total RAM: 895 MB (38% free)
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:27:18 PM, on 8/15/2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehSched.exe
    C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\o2flash.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Elantech\ktp3.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
    C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\Ry\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Palm\Hotsync.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\LimeWire\LimeWire.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\ehome\ehmsas.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Documents and Settings\Ry\Desktop\RSIT.exe
    C:\Program Files\trend micro\Ry.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hulu.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe"
    O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] "AGRSMMSG.exe"
    O4 - HKLM\..\Run: [KTPWare] "C:\Program Files\Elantech\ktp3.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [hpqSRMon] "C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe"
    O4 - HKLM\..\Run: [ITSecMng] "C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" /START
    O4 - HKLM\..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers
    O4 - HKLM\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [UserFaultCheck] "%systemroot%\system32\dumprep" 0 -u
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
    O4 - HKCU\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SansaDispatch] "C:\Documents and Settings\Ry\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
    O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.averatec.com
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142030008515
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: O2Micro Flash Memory (O2Flash) - Unknown owner - C:\WINDOWS\system32\o2flash.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
    --
    End of file - 10686 bytes
    ======Scheduled tasks folder======
    C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    C:\WINDOWS\tasks\User_Feed_Synchronization-{31FDEADB-9B50-4061-A109-468FFA26BB3E}.job
    C:\WINDOWS\tasks\wrSpySweeper_L0A3A3023BD534D71A3AC6C6FAA5B3E25.job
    C:\WINDOWS\tasks\wrSpySweeper_L8FC8C709ADD64893B7244573A763B574.job
    C:\WINDOWS\tasks\wrSpySweeper_LBCA4E910EA1C49CEB497CB0A19A90570.job
    ======Registry dump======
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    &Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
    HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06 322880]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
    Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
    Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-04-16 1088296]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
    RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-06-18 312928]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-06-26 320920]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-26 259696]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-06-26 668656]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-06-26 470512]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-26 34816]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
    JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-06-26 73728]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
    HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06 542016]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-05-30 808472]
    {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-26 259696]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-04 50176]
    "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
    "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
    "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2005-08-24 88203]
    "KTPWare"=C:\Program Files\Elantech\ktp3.exe [2006-01-18 258048]
    "ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2005-08-12 45056]
    "HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
    "hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2007-08-22 80896]
    "ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
    "HotSync"=C:\Program Files\PalmSource\Desktop\HotSync.exe -AllUsers []
    "googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
    "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
    "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-06-18 198160]
    "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
    "Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-06-26 68592]
    "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
    "SpySweeper"=C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-05-13 6345840]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-08-03 419088]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"=C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe [2005-09-16 2048093]
    "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-04-16 24264488]
    "Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2009-05-26 4351216]
    "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
    "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
    "SansaDispatch"=C:\Documents and Settings\Ry\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe [2009-06-13 79872]
    "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    HotSync Manager.lnk - C:\Program Files\Palm\Hotsync.exe
    HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Documents and Settings\Ry\Start Menu\Programs\Startup
    Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    C:\WINDOWS\system32\Ati2evxx.dll [2006-01-18 48128]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WebrootSpySweeperService]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WRConsumerService]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "dontdisplaylastusername"=0
    "legalnoticecaption"=
    "legalnoticetext"=
    "shutdownwithoutlogon"=1
    "undockwithoutlogon"=1
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "NoDriveTypeAutoRun"=145
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    "HonorAutoRunSetting"=
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "D:\setup\HPZnui01.exe"="D:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe"
    "C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
    "C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
    "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f51564d1-728d-11de-b33f-001bdc000d86}]
    shell\AutoRun\command - F:\Setup_FlipShare.exe
    shell\Setup FlipShare\command - F:\Setup_FlipShare.exe

    ======List of files/folders created in the last 1 months======
    2009-08-15 10:59:10 ----D---- C:\Documents and Settings\Ry\Application Data\Malwarebytes
    2009-08-15 10:58:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2009-08-15 10:58:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
    2009-08-13 03:00:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
    2009-08-12 03:11:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
    2009-08-12 03:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
    2009-08-12 03:08:33 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
    2009-08-12 03:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
    2009-08-12 03:07:26 ----A---- C:\WINDOWS\system32\wmpns.dll
    2009-08-12 03:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$
    2009-08-12 03:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
    2009-08-12 03:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
    2009-08-12 03:04:24 ----D---- C:\WINDOWS\ServicePackFiles
    2009-08-12 03:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$
    2009-08-12 03:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
    2009-08-12 03:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB971032$
    2009-08-11 19:36:47 ----D---- C:\rsit
    2009-08-11 19:36:47 ----D---- C:\Program Files\trend micro
    2009-07-24 13:59:16 ----D---- C:\Documents and Settings\Ry\Application Data\Apple Computer
    2009-07-23 20:11:15 ----HD---- C:\WINDOWS\PIF
    2009-07-23 20:11:15 ----D---- C:\Program Files\SwellAdsForYou
    2009-07-18 10:58:47 ----D---- C:\Program Files\3ivx
    2009-07-18 10:58:13 ----D---- C:\Program Files\Pure Digital Technologies
    2009-07-18 10:58:10 ----D---- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
    ======List of files/folders modified in the last 1 months======
    2009-08-15 16:27:16 ----D---- C:\WINDOWS\Temp
    2009-08-15 16:26:53 ----D---- C:\Documents and Settings\Ry\Application Data\LimeWire
    2009-08-15 16:16:03 ----D---- C:\WINDOWS\Prefetch
    2009-08-15 15:56:18 ----D---- C:\WINDOWS
    2009-08-15 15:45:00 ----A---- C:\WINDOWS\SchedLgU.Txt
    2009-08-15 11:02:49 ----D---- C:\Documents and Settings\Ry\Application Data\Skype
    2009-08-15 10:59:01 ----D---- C:\WINDOWS\system32\drivers
    2009-08-15 10:58:54 ----RD---- C:\Program Files
    2009-08-15 10:55:13 ----D---- C:\Program Files\LimeWire
    2009-08-15 02:06:25 ----A---- C:\WINDOWS\ModemLog_Agere Systems HDA Modem.txt
    2009-08-15 02:05:16 ----D---- C:\Documents and Settings\Ry\Application Data\skypePM
    2009-08-15 02:04:14 ----HD---- C:\WINDOWS\inf
    2009-08-14 16:07:33 ----D---- C:\WINDOWS\system32\CatRoot2
    2009-08-13 20:40:13 ----D---- C:\Program Files\Palm
    2009-08-13 20:39:08 ----A---- C:\additdiag.txt
    2009-08-13 03:08:33 ----D---- C:\WINDOWS\system32
    2009-08-13 03:01:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
    2009-08-12 21:50:29 ----HD---- C:\WINDOWS\$hf_mig$
    2009-08-12 21:46:34 ----A---- C:\WINDOWS\win.ini
    2009-08-12 03:30:47 ----D---- C:\WINDOWS\system32\Setup
    2009-08-12 03:13:34 ----SHD---- C:\WINDOWS\Installer
    2009-08-12 03:13:33 ----HD---- C:\Config.Msi
    2009-08-12 03:12:11 ----A---- C:\WINDOWS\imsins.BAK
    2009-08-12 03:05:43 ----D---- C:\Program Files\Outlook Express
    2009-08-05 02:11:47 ----A---- C:\WINDOWS\system32\mswebdvd.dll
    2009-07-29 14:40:30 ----D---- C:\Program Files\Internet Explorer
    2009-07-29 14:38:42 ----D---- C:\WINDOWS\WinSxS
    2009-07-23 20:11:15 ----D---- C:\Program Files\Windows Media Player
    2009-07-21 21:08:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
    2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
    2009-07-19 06:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
    2009-07-17 11:55:28 ----A---- C:\WINDOWS\system32\atl.dll
    ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
    R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
    R1 pwipf6;pwipf6; C:\WINDOWS\system32\drivers\pwipf6.sys [2009-06-18 108296]
    R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-10-02 64128]
    R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-03-10 20747]
    R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2005-08-24 1120352]
    R3 AGR1310_51;Agere Systems ET-131x PCI-E Gigabit Ethernet Adapter XP Driver; C:\WINDOWS\system32\DRIVERS\AGR1310_51.sys [2005-09-06 70144]
    R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
    R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-01-18 1419264]
    R3 CA561;ICatch (VI) PC Camera; C:\WINDOWS\System32\Drivers\SPCA561.SYS [2002-10-01 119798]
    R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
    R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-09 4123136]
    R3 Ktp3;Elantech TouchPad; C:\WINDOWS\system32\DRIVERS\Ktp3.sys [2006-01-18 24704]
    R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
    R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
    R3 RT61;Ralink RT61 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2008-11-24 495104]
    R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2008-03-25 41472]
    R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
    R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
    R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
    R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
    S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
    S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-01-17 49920]
    S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-01-17 16496]
    S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-01-17 21568]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
    S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
    S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
    S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
    S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
    S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
    S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
    S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2008-03-25 131712]
    S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2007-11-29 36608]
    S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2008-03-19 74112]
    S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-07 18612]
    S3 TosRfSnd;Bluetooth Audio; C:\WINDOWS\system32\drivers\tosrfsnd.sys [2008-01-22 54144]
    S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-10-18 41856]
    S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
    S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
    S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
    S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
    S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
    S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
    ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
    R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-01-18 405504]
    R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\ehome\ehSched.exe [2004-08-04 84992]
    R2 FlipShare Service;FlipShare Service; C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe [2008-11-13 439616]
    R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R2 HPSLPSVC;HP Network Devices Support; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-06-26 152984]
    R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    R2 O2Flash;O2Micro Flash Memory; C:\WINDOWS\system32\o2flash.exe [2006-01-18 36864]
    R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
    R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 128360]
    R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
    R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe [2009-04-21 4048240]
    R2 WRConsumerService;Webroot Client Service; C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-06-18 1205760]
    R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
    S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
    S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-26 182768]
    S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
    S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
    EOF
  • edited August 2009
    • How are things running now ?

    Active Scan
    Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
    NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
    Please go to this site Link >> ActiveScan << LINK
    • Click the Scan Now button
    • Follow the prompts to install the Active X if necessary
    • Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
    • When the scan is finished, a report will be generated
    • Next to Scan Details click the small export to notepad button and save the report to your desktop.
    • Please post the report in your reply.
  • edited August 2009
    Things seem to be running better but for cautious sake I would like to run for 24 hours just to make sure so that way we know for a fact everything is good and I can give you an all clear or not.
  • edited August 2009
    No problem.
    It will take a few hours for the Active Scan anyway.

    Post back on Monday with the log, and an update on any problems :)
  • edited August 2009
    thank you i will
  • edited August 2009
    It's Tuesday now !
  • edited August 2009
    sorry about that. ALL CLEAR! thank you for your help.
  • edited August 2009
    Congratulations your logs look clean :)

    Let's see if I can help you keep it that way

    First lets tidy up



    OTCleanup
    Please download OTCleanup from HERE
    Click the OTC.exe icon and then click the CleanUp button.
    If you get any pop ups asking if it is OK let the program proceed. At the end the program will ask to let it reboot the computer. Let it do so.
    Let me know if there were any problems with OT CleanIt




    You can also delete any logs we have produced, and empty your Recycle bin.



    The following is some info to help you stay safe and clean.


    You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
    ( Vista users must ensure that any programs are Vista compatible BEFORE installing )

    Online Scanners
    I would recommend a scan at one or more of the following sites at least once a month.

    http://www.pandasecurity.com/activescan
    http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

    !!! Make sure that all your programs are updated !!!
    Secunia Software Inspector does all the work for you, .... see HERE for details

    AntiSpyware
      AntiSpyware is
    not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    Most of the programs in this list have a free (for Home Users ) and paid versions,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
    [*]Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites

    [*] MalwareBytes Anti-malware <<< A New and effective program
    [*]a-squared Free <<< A good "realtime" or "on demand" scanner
    [*]superantispyware <<< A good "realtime" or "on demand" scanner



    Prevention
      These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one
    • Winpatrol
      • An excellent startup manager and then some !!
      • Notifies you if programs are added to startup
      • Allows delayed startup
      • A must have addition
    • SpywareBlaster 4.0
      • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
    • SpywareGuard 2.2
      • SpywareGuard provides real-time protection against spyware.
      • Not required if you have other "realtime" antispyware or Winpatrol
    • ZonedOut
      • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
    • MVPS HOSTS
      • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
      • For information on how to download and install, please read this tutorial by WinHelp2002.
      • Not required if you are using other host file protections


    Internet Browsers
      Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.

    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available



    Cleaning Temporary Internet Files and Tracking Cookies
      Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program
    • ATF Cleaner
      • Free and very simple to use
    • CCleaner
      • Free and very flexible, you can chose which cookies to keep


    Also PLEASE read this article.....So How Did I Get Infected In The First Place

    The last and most important thing I can tell you is UPDATE.
    If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
    Malware changes on a day to day basis. You should update every week at the very least.

    If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


    If you could post back one more time to let me know everything is OK, then I can have this thread archived.

    Happy surfing K'
Sign In or Register to comment.