View Full Version : Removed fake virus alert, but still having problems.
Guilty Sp4rk
2010-02-17, 00:09
Hello, my sisters computer got a virus that displayed fake virus alerts and wouldn't let her start anything. I ran rkill, a program a trusted friend gave me and it killed the virus processes and I scanned with spybot and removed all entries, then scanned with malwarebytes and removed all. But her computer still locks up, IE stalls, and has other problems. Here is her HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:40:47 AM, on 2/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\OfficeScan NT\RAUAgent.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\Documents and Settings\Student\Local Settings\Application Data\galwvk\khvwsftav.exe
C:\program files\dna\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\srs labs\audio sandbox\srsssc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\Student\Local Settings\Application Data\galwvk\khvwsftav.exe
C:\Documents and Settings\Student\Desktop\HijackThis.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.i-dressup.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: 69.7.71.11 www.limewire.com
O1 - Hosts: 69.7.71.11 www.zango.com
O1 - Hosts: 69.7.71.11 www.myspace.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {7E5BE89C-2067-4619-A53D-1EBF363C4370} - (no file)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\OfficeScan NT\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [RemoteAgent] C:\Program Files\OfficeScan NT\RAUAgent.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Name] C:\WINDOWS\system32\cas\msname.vbs
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [lsnydfuc] C:\Documents and Settings\Student\Local Settings\Application Data\galwvk\khvwsftav.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\program files\dna\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\program files\srs labs\audio sandbox\srsssc.exe" /hideme
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [lsnydfuc] C:\Documents and Settings\Student\Local Settings\Application Data\galwvk\khvwsftav.exe
O4 - Startup: nero.bat.lnk = C:\WINDOWS\system32\nero.bat
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: (no name) - {4571FE3F-1E0A-4a78-96BB-8BC1E3332F4B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Rocketon Toolbar - {4571FE3F-1E0A-4a78-96BB-8BC1E3332F4B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.projectego.net
O15 - Trusted Zone: www.aim.com
O15 - Trusted Zone: www.aolatschool.com
O15 - Trusted Zone: ar.atwola.com
O15 - Trusted Zone: www.ar.atwola.com
O15 - Trusted Zone: www.brainpop.com
O15 - Trusted Zone: www.edgate.com
O15 - Trusted Zone: www.letsgolearn.com
O15 - Trusted Zone: http://*.msnbc.com
O15 - Trusted Zone: login.passport.net
O15 - Trusted Zone: http://*.teacherweb.com
O15 - Trusted Zone: www.worldbookonline.com
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://10.1.0.17:8180/officescan/ClientInstall/WinNTChk.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupIniCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setupini.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/setup.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://10.1.0.17:8180/officescan/clientinstall/RemoveCtrl.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: GameConsoleService - Unknown owner - C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\OfficeScan NT\ntrtscan.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Unknown owner - C:\Program Files\OfficeScan NT\tmlisten.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 13046 bytes
Hello & Welcome to Safer-Networking
Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
In the meantime please note the following:
Any recommendations made are for your computer problems only and should NOT be used on any other computer.
Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.Please note that the forum is very busy and if I don't hear from you within four days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
Thanks
Safer-Networking P2P Policy
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
BitTorrent DNA
I'd like you to read File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282).
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.
DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)
Double-Click on dds.scr and a command window will appear. This is normal
Shortly after two logs will appear, DDS.txt & Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next replyGmer
Download GMER Rootkit Scanner from here (http://www.gmer.net/download.php).
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
http://i266.photobucket.com/albums/ii277/sUBs_/th_Gmer_initScan.gif (http://i266.photobucket.com/albums/ii277/sUBs_/Gmer_initScan.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... Sections
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Note: Do not run any programs while Gmer is running.
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
Guilty Sp4rk
2010-02-24, 23:20
I have one question, will all this work in safe mode? If I boot in regular mode the computer locks up within 5 minutes. It works fine in safe mode. I trust this website and the help it gives, I just want to be sure of anything and everything before beginning the removal process. Thank you for helping me out with this.
Hi
Yes, those diagnostic tools can be run in Safe Mode. It would be preferable if you could use Normal Mode thouh.
Look try this first in Normal Mode, run RKill then both DDS & Gmer. If it works post the logs. If not then run them in Safe Mode.
Guilty Sp4rk
2010-02-27, 18:40
Attach.txt:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/7/2007 7:01:23 PM
System Uptime: 2/26/2010 6:36:26 PM (0 hours ago)
Motherboard: Hewlett-Packard | | 30B0
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52 | U10 | 1596/200mhz
Processor: AMD Turion(tm) 64 X2 Mobile Technology TL-52 | U10 | 1595/200mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 54 GiB total, 20.759 GiB free.
D: is CDROM ()
E: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP316: 11/19/2009 12:40:33 AM - System Checkpoint
RP317: 11/20/2009 1:26:36 AM - System Checkpoint
RP318: 11/21/2009 9:10:43 AM - System Checkpoint
RP319: 11/22/2009 9:13:14 AM - System Checkpoint
RP320: 11/23/2009 8:00:47 PM - System Checkpoint
RP321: 11/24/2009 9:42:55 PM - System Checkpoint
RP322: 11/25/2009 9:17:14 AM - Software Distribution Service 3.0
RP323: 11/26/2009 12:02:57 PM - System Checkpoint
RP324: 11/27/2009 12:42:09 PM - System Checkpoint
RP325: 11/28/2009 1:34:34 PM - System Checkpoint
RP326: 11/29/2009 10:18:23 PM - System Checkpoint
RP327: 11/30/2009 11:02:23 PM - System Checkpoint
RP328: 12/1/2009 11:27:31 PM - System Checkpoint
RP329: 12/2/2009 11:37:57 PM - System Checkpoint
RP330: 12/4/2009 1:36:59 AM - System Checkpoint
RP331: 12/4/2009 10:29:44 AM - Software Distribution Service 3.0
RP332: 12/5/2009 10:51:39 AM - System Checkpoint
RP333: 12/6/2009 8:33:29 AM - Software Distribution Service 3.0
RP334: 12/7/2009 1:30:09 PM - System Checkpoint
RP335: 12/8/2009 2:37:46 PM - System Checkpoint
RP336: 12/9/2009 10:08:36 PM - System Checkpoint
RP337: 12/10/2009 6:31:35 AM - Software Distribution Service 3.0
RP338: 12/11/2009 8:47:13 AM - System Checkpoint
RP339: 12/12/2009 12:40:56 PM - System Checkpoint
RP340: 12/13/2009 4:55:10 PM - System Checkpoint
RP341: 12/14/2009 10:45:34 PM - System Checkpoint
RP342: 12/15/2009 11:20:07 PM - System Checkpoint
RP343: 12/16/2009 11:20:15 PM - System Checkpoint
RP344: 12/18/2009 9:54:11 AM - System Checkpoint
RP345: 12/19/2009 1:10:33 PM - System Checkpoint
RP346: 12/20/2009 2:28:32 PM - System Checkpoint
RP347: 12/21/2009 4:06:49 PM - System Checkpoint
RP348: 12/22/2009 11:04:01 PM - System Checkpoint
RP349: 12/23/2009 11:55:07 PM - System Checkpoint
RP350: 12/25/2009 9:45:58 AM - System Checkpoint
RP351: 12/26/2009 5:54:47 PM - System Checkpoint
RP352: 12/27/2009 6:07:58 PM - System Checkpoint
RP353: 12/28/2009 7:37:06 PM - System Checkpoint
RP354: 12/29/2009 11:23:27 PM - System Checkpoint
RP355: 12/30/2009 11:28:08 PM - System Checkpoint
RP356: 12/31/2009 11:29:34 PM - System Checkpoint
RP357: 1/2/2010 12:26:55 AM - System Checkpoint
RP358: 1/3/2010 1:26:55 AM - System Checkpoint
RP359: 1/4/2010 2:26:55 AM - System Checkpoint
RP360: 1/5/2010 9:28:19 AM - System Checkpoint
RP361: 1/6/2010 2:48:13 PM - System Checkpoint
RP362: 1/7/2010 10:57:16 PM - System Checkpoint
RP363: 1/9/2010 11:38:23 AM - System Checkpoint
RP364: 1/10/2010 12:09:46 PM - System Checkpoint
RP365: 1/11/2010 10:18:49 PM - System Checkpoint
RP366: 1/13/2010 7:49:25 AM - Software Distribution Service 3.0
RP367: 1/14/2010 8:53:45 PM - System Checkpoint
RP368: 1/15/2010 9:56:19 PM - System Checkpoint
RP369: 1/16/2010 11:09:35 PM - System Checkpoint
RP370: 1/17/2010 11:49:28 PM - System Checkpoint
RP371: 1/19/2010 11:02:59 AM - System Checkpoint
RP372: 1/20/2010 11:29:39 AM - System Checkpoint
RP373: 1/21/2010 10:58:56 PM - System Checkpoint
RP374: 1/22/2010 11:09:45 PM - System Checkpoint
RP375: 1/23/2010 3:00:16 AM - Software Distribution Service 3.0
RP376: 1/24/2010 3:40:35 AM - System Checkpoint
RP377: 1/25/2010 11:47:34 AM - System Checkpoint
RP378: 1/26/2010 2:02:19 PM - System Checkpoint
RP379: 1/29/2010 6:27:51 AM - System Checkpoint
RP380: 1/30/2010 11:11:50 PM - System Checkpoint
RP381: 2/1/2010 6:21:39 AM - System Checkpoint
RP382: 2/2/2010 6:56:46 AM - System Checkpoint
RP383: 2/3/2010 7:15:47 AM - System Checkpoint
RP384: 2/4/2010 11:07:29 AM - Installed Java(TM) 6 Update 17
RP385: 2/4/2010 11:08:16 AM - Installed MSN Toolbar Setup
RP386: 2/5/2010 2:32:41 PM - System Checkpoint
RP387: 2/6/2010 3:00:15 AM - Software Distribution Service 3.0
RP388: 2/7/2010 3:04:24 AM - System Checkpoint
RP389: 2/8/2010 9:51:05 AM - System Checkpoint
RP390: 2/9/2010 8:34:32 AM - Installed Windows XP WIC.
RP391: 2/9/2010 8:37:47 AM - Installed Windows KB954550-v5.
RP392: 2/9/2010 8:37:58 AM - Printer Driver Microsoft XPS Document Writer Installed
RP393: 2/10/2010 10:02:54 AM - Printer Driver Microsoft XPS Document Writer Installed
RP394: 2/10/2010 10:04:49 AM - Software Distribution Service 3.0
RP395: 2/10/2010 11:37:55 PM - Software Distribution Service 3.0
RP396: 2/11/2010 10:35:56 PM - Software Distribution Service 3.0
RP397: 2/12/2010 11:17:50 PM - System Checkpoint
RP398: 2/14/2010 12:49:49 PM - System Checkpoint
RP399: 2/16/2010 10:03:49 AM - System Checkpoint
RP400: 2/16/2010 12:41:16 PM - Paint.NET v3.5.3
==== Installed Programs ======================
18 WoS Across America
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.4
Adobe Shockwave Player 11
Aim Plugin for QQ Games
AIM Toolbar
AMD Fusion for Gaming Beta
Application Installer 4.00.B6
ATI Catalyst Control Center
ATI Display Driver
ATL_merge_module
Big Fish Games Client
Board Games
BufferChm
Compatibility Pack for the 2007 Office system
Content Transfer
Copy
Critical Update for Windows Media Player 11 (KB959772)
CursorFX
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DivX Plus Web Player
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Download Updater (AOL LLC)
Elements
eSupportQFolder
Fable - The Lost Chapters
Faerie Solitaire
Farm Craft
Farm Frenzy 2
Farm Frenzy 3 American Pie RebelMan
Feeding Frenzy 2
Fishdom H20 Hidden Odyssey
Flux Family Secrets - The Ripple Effect
Free Realms Installer
GameHouse Games Collection: Academy of Magic
GameHouse Games Collection: Adventure Inlay
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tri-Jong
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Adventures
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Reader's Digest Super Word Power
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Turtle Bay
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Wheel of Fortune
GameHouse Games Collection: Word Jolt
GameHouse Games Collection: Word Slinger
GameHouse Games Collection: WordJong To Go
GameHouse Games Collection: Zuma Deluxe
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 10.0
HP Deskjet F4200 All-In-One Driver Software 10.0 Rel .3
HP Help and Support
HP Imaging Device Functions 10.0
HP Integrated Module with Bluetooth wireless technology
HP Notebook Accessories Product Tour
HP Photosmart and Deskjet 7.0 Software
HP Photosmart Essential 2.5
HP Quick Launch Buttons 6.00 G2
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HP User Guides 0022
HP Wireless Assistant 2.00 F1
hph_software_req
HPProductAssistant
HpSdpAppCoreApp
HPSSupply
InterVideo DVD Check
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6 Update 1
Jigsaw Collection 1.2
LightScribe 1.4.84.1
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB973686)
My Tribe
NWZ-E340 WALKMAN Guide
On2 VP3 Video for Windows Codec
OpenAL
Opera 9.63
Paint.NET v3.5.3
PSSWCORE
Puzzle Quest - Challenge of the Warlords
ROCKETON 1.0.20
Roll
Samantha Swift and the Golden Touch 1.0.3
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic DLA
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundMAX
Sprouts Adventure
SpywareBlaster v3.5.1
SRS Audio Sandbox
Status
StyleXP (remove only)
Swiff Player 1.1
Synaptics Pointing Device Driver
System Requirements Lab
Texas Instruments PCIxx21/x515/xx12 drivers.
Time to Ride 1.0
TIPCI
Toolbox
TrayApp
Trend Micro OfficeScan Client
Trickster Online
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
VideoToolkit01
Viewpoint Media Player
WebFldrs XP
WebReg
WildGames
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Yahoo! Toolbar
Yummy Drink Factory
==== Event Viewer Messages From Past Week ========
2/21/2010 9:32:43 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/21/2010 9:32:43 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/21/2010 9:17:07 AM, error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
2/21/2010 9:13:33 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/21/2010 11:39:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/21/2010 11:39:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 Fips StyleXPHelper
2/21/2010 11:38:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
==== End Of File ===========================
The next log will be in the next post, I was unable to fit everything.
Guilty Sp4rk
2010-02-27, 18:41
DDS:
DDS (Ver_09-12-01.01) - NTFSx86
Run by Student at 18:38:42.32 on Fri 02/26/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1151.694 [GMT -8:00]
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\OfficeScan NT\pccntmon.exe
C:\Program Files\OfficeScan NT\RAUAgent.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
C:\program files\dna\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\program files\srs labs\audio sandbox\srsssc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\OfficeScan NT\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\OfficeScan NT\tmlisten.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\OfficeScan NT\ofcdog.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Student\Desktop\dds.scr
C:\Program Files\OfficeScan NT\pccntupd.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\PROGRA~1\HPQ\Shared\HPQTOA~1.EXE
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.i-dressup.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: UIHost=c:\program files\tgtsoft\stylexp\logon\CurrentLogon.EXE
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7E5BE89C-2067-4619-A53D-1EBF363C4370} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SRS Audio Sandbox] "c:\program files\srs labs\audio sandbox\srsssc.exe" /hideme
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [lsnydfuc] c:\documents and settings\student\local settings\application data\galwvk\khvwsftav.exe
uRun: [Google Update] "c:\documents and settings\student\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [Cpqset] c:\program files\hewlett-packard\default settings\cpqset.exe
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [OfficeScanNT Monitor] "c:\program files\officescan nt\pccntmon.exe" -HideWindow
mRun: [RemoteAgent] c:\program files\officescan nt\RAUAgent.exe
mRun: [Smapp] c:\program files\analog devices\soundmax\Smtray.exe
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Name] c:\windows\system32\cas\msname.vbs
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [CARPService] carpserv.exe
mRun: [hpqSRMon] c:\program files\hewlett-packard\digital imaging\bin\hpqSRMon.exe
mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
mRun: [lsnydfuc] c:\documents and settings\student\local settings\application data\galwvk\khvwsftav.exe
StartupFolder: c:\docume~1\student\startm~1\programs\startup\neroba~1.lnk - c:\windows\system32\nero.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
uPolicies-explorer: NoNetConnectDisconnect = 1 (0x1)
uPolicies-explorer: NoManageMyComputerVerb = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoStartMenuNetworkPlaces = 1 (0x1)
uPolicies-explorer: DisablePersonalDirChange = 1 (0x1)
uPolicies-explorer: NoWelcomeScreen = 1 (0x1)
uPolicies-explorer: NoThemesTab = 1 (0x1)
uPolicies-explorer: NoPropertiesRecycleBin = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: DisableLockWorkstation = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {4571FE3F-1E0A-4a78-96BB-8BC1E3332F4B} - {7E5BE89C-2067-4619-A53D-1EBF363C4370}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
Trusted Zone: aim.com\www
Trusted Zone: aol.com\iknowthat.school
Trusted Zone: aolatschool.com\www
Trusted Zone: atwola.com\ar
Trusted Zone: atwola.com\www.ar
Trusted Zone: brainpop.com\www
Trusted Zone: connectionsacademy.com\schools
Trusted Zone: D
Trusted Zone: edgate.com\www
Trusted Zone: letsgolearn.com\www
Trusted Zone: msnbc.com
Trusted Zone: passport.net\login
Trusted Zone: schoolnotes.com
Trusted Zone: teacherweb.com
Trusted Zone: worldbookonline.com\www
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxp://10.1.0.17:8180/officescan/ClientInstall/WinNTChk.cab
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} - hxxp://10.1.0.17:8180/officescan/clientinstall/setupini.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxp://10.1.0.17:8180/officescan/clientinstall/setup.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxp://10.1.0.17:8180/officescan/clientinstall/RemoveCtrl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 69.7.71.11 www.limewire.com
Hosts: 69.7.71.11 www.zango.com
Hosts: 69.7.71.11 www.myspace.com
============= SERVICES / DRIVERS ===============
R2 TmFilter;Trend Micro Filter;c:\program files\officescan nt\TmXPFlt.sys [2006-9-6 225808]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\officescan nt\tmpreflt.sys [2006-9-6 36368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-18 24652]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2005-10-21 36352]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-8 135664]
=============== Created Last 30 ================
2010-02-27 02:28:21 0 d-----w- c:\windows\pss
2010-02-16 20:41:18 0 d-----w- c:\program files\Paint.NET
2010-02-16 20:20:11 0 ----a-w- c:\documents and settings\student\
2010-02-16 03:09:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-16 01:44:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & DestroyBackup
2010-02-15 17:43:29 0 ----a-w- c:\documents and settings\student\
2010-02-09 16:38:50 0 d-----w- c:\windows\system32\XPSViewer
2010-02-09 16:37:31 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-09 16:37:31 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-09 16:37:31 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-09 16:37:30 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-09 16:37:30 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-09 16:37:30 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-09 16:37:30 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-09 16:37:29 0 d-----w- C:\65bf4c39dedc69b6000e25f4af7e
2010-02-09 16:27:53 0 d--h--r- C:\AHCache
2010-02-08 04:01:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-08 04:01:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-08 04:01:22 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-08 03:33:17 0 d-sh--w- C:\found.000
2010-02-04 19:45:16 0 d-----w- c:\docume~1\alluse~1\applic~1\Sony Corporation
2010-02-04 19:43:45 0 d-----w- c:\program files\common files\Sony Shared
2010-02-04 19:42:45 0 d-----w- c:\program files\MSXML 6.0
2010-02-04 19:39:08 0 d-----w- c:\program files\Sony
2010-02-04 19:08:53 0 d-----w- c:\program files\MSN Toolbar Installer
2010-02-04 18:58:30 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-04 18:43:53 42672 ------w- c:\windows\system32\wbsys.dll
2010-02-04 18:43:52 0 d-----w- c:\program files\Stardock
==================== Find3M ====================
2010-02-16 19:58:21 49352 ----a-w- c:\docume~1\student\applic~1\GDIPFONTCACHEV1.DAT
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:53:08 2136064 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19:32 2015744 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-09-18 01:46:40 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-09-18 01:46:40 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-09-18 01:46:40 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
============= FINISH: 18:40:51.43 ===============
Final log will be in next post.
Guilty Sp4rk
2010-02-27, 18:42
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 07:15:17
Windows 5.1.2600 Service Pack 2
Running: x39f2qvt.exe; Driver: C:\DOCUME~1\Student\LOCALS~1\Temp\ffryifod.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\Cdfs \Cdfs F6CE5400
---- Threads - GMER 1.0.15 ----
Thread System [4:208] 87C23EAB
---- EOF - GMER 1.0.15 ----
Hi
Safer-Networking P2P Policy
IMPORTANT There are still signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer. Until this is removed I cannot help with your problem.
BitTorrent DNA
I'd like you to read the File Sharing, otherwise known as Peer To Peer. (P2P) (http://forums.spybot.info/showthread.php?t=282).
Go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red) & any other P2P programs.
Once this done post a new set of DDS logs
Guilty Sp4rk this is the third topic in a row archived due to lack of a follow up.
Thank you jmw3. :)