Help Destroying Explorer32.Hijacker

Hi TheJoker & welcome,

Thank you for choosing Sunbelt products.

In addition to what PerryB asked; can you tell us the dll name in question & where exactly on the system it is located?

When the VIPRE scan is done and shows results for Explorer32.Hijacker, hilight the results line then click the "details" button.
It should show the complete path to the file including file name. Post that info here please.

Thank you,

Tammy

It's always in system32/msx..71.dll - forget the full name but when I look inside system32, it's not in there, but the scan says it's in there.

BTW, thank you for the quick replies. I will try the safe mode stuff ASAP.

Hi TheJoker,

I work remotely for Sunbelt Software as a malware removal specialist. Alex asked me to pop in here to assist.

If that hijacker keep showing up there must be something re-installing it.

If Normal mode scan shows the threat again can you please do the following:

We need to see what we are getting.
Can you send me the most recent Vipre Logs?
On 2K & XP they will be located here:
C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\History

On Vista the logs should be here:
C:\users\all users\application data\Sunbelt\AntiMalware\History

Application data folder is hidden so if you have not already you will need to enable system to show hidden files/folders.
How to:

http://www.bleepingcomputer.com/tutor...

To quickly locate the most recent logs click the "view" tab in the "history" folder, arrange icons by> "modified"
Newest are at bottom of folder.
Last 2 or 3 logs should do.

WE also need to see what we are not getting.
Can you also send me a Hijackthis log.

Download & install Hijackthis from here:
http://www.trendsecure.com/portal/en-...
Continue through the setup and have it create a desktop icon for you
Follow all the prompts, click Finish, and have it start HijackThis
Click the "Do a System Scan and Save a Log File" option
Save the log file and then it should open with Notepad
Exit Hijackthis when done.

Please don't be tempted to fix anything just yet. Most of the entries you see are legit/needed for proper system operation.

Send your Hijackthis log file and the Vipre history logs to coppertop(at)personainternet.com (replace (at) with @)
You can cc email to support@sunbeltsoftware.com as well.

Please include URL to this thread in your email.
Please include "Ticket#001-00-250548" in your email as well.

I may ask for more logs and/or file samples later but this should give us a good start.

Thanks,

Tammy

Hi there. I don't seem to have an "all users" folder in my Users folder, either that or I was too lazy to find the logs. Anyways, if you need more information to take this hijacker down, then I will eagerly provide it.

Here are some screenshots where the hijacker has appeared.

http://img340.imageshack.us/my.php?im...

http://img148.imageshack.us/my.php?im...

http://img148.imageshack.us/my.php?im...

Here is the risk's details:

http://img511.imageshack.us/my.php?im...

My brother used HijackThis before to get rid of a backdoor. Anyways here's the log:

-------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:44:32 PM, on 11/2/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ZoomText 9.1\ZtUac.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\java.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYP...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYP...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\AHOI\ah_ie_bho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\Windows\system32\opai.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: OpinionSquare - OpinionSquare - C:\Windows\system32\opservice.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZoomText Helper Service - Ai Squared - C:\Program Files\ZoomText 9.1\ZoomTextHelperService.exe

--
End of file - 10989 bytes

---------------------------------------------------------------------------------------------------

I will also send this as an e-mail. And thanks again for so much help.

Well I got the logs. Are they supposed to be in Excel form?

There's 6 Excel files:

SBAMUI_2.csv
SBAMUI_1.csv
SBAMUI_.csv
SBAMTray.csv
SBAMCreateRestorePoint.csv
MambaSafeModeUI.csv

And @ PerryB, I tried the Safe mode thing, then Normal mode. but it's still there.

Hi TheJoker,

Thanks for the logs.
The xml logs I am looking for are in your History folder I believe should be here (unlike what I said earlier for Vista)
C:\Users\All Users\AppData\Roaming\Sunbelt\AntiMalware\History

No need for the logs now though or showing hidden files since you provided screenshots.

Question about your HJT log.
Did you install "Opinion Square"?
You do realize it is related to MarketScore adware?

http://www.bleepingcomputer.com/unins...

If it is listed in "programs and features" in your control panel I suggest you uninstall it. I don't think you really want them tracking your internet usage.
Let me know if it uninstalled OK.

Please start Hijackthis (right click > run as administrator> OK UAC prompt)
Run system scan and check ONLY the following:

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\Windows\system32\msxml71.dll (file missing)

Close all open browser windows and explorer windows and hit "fix checked" and OK.
OK any prompts you may get for removing a BHO & CLSID.
Exit Hijackthis.

Reboot.

Please post a new Hijackthis log (run as admin) and let me know how the system is running.
Let me know how the "Opinion Square" software uninstall went.

There should be a few more registry items removed in the next VIPRE definitions update related to Explorer32.Hijacker.

If it returns again.. we'll do a little more digging.

Thanks,

Tammy

Oh and I did a 1 minute quick scan with VIPRE and it only found cookies. Maybe it's over...or is it? *thun thun thun...*

Hi TheJoker,

Looks like things are getting better. Looks like Explorer32.Hijacker is gone.

For OpinionSquare -- Sounds like it was partly uninstalled.

Do you also have C:\ProgramData\OpinionSquare <--><-->http://www.uploadmalware.com

You will see several upload slots.
In #1 please copy/paste the following:

C:\Windows\system32\opai.dll

In #2 paste in the following:

C:\Windows\system32\opservice.exe

If you have either of the OpinionSquare folders mentioned above, can you zip it up and upload it as well to the above site.

In the "URL where file was requested" box copy/paste in URL from this thread.

Hit "send file" and in a moment or 2 you should get success message.
I will be notified when files arrive.

Thanks,

Tammy

That's weird, it's not in Program Data.

HI TheJoker,

How about in C:\Program files?
Quite possible the directory has already been removed.

Any return of Explorer32.Hijacker?

Go ahead & upload those 2 other files please.(opai.dll & opservice.exe)
We need those files for the definitions.

I'd also like to search in registry for those files.
Download this tool to your desktop & unzip it to its own folder:
http://www.xs4all.nl/~fstaal01/downlo...

Once unzipped right click RegSearch.exe & choose run as administrator and OK the UAC prompt.

In the search for section paste in the following lines:

opservice
opai.dll
OpinionSquare
opsetup

then hit OK.
It will search registry & once done will give you a text output called RegSearch.txt in the RegSearch folder.

You will need to close the text file before exiting RegSearch or program might hang.

Please email RegSearch.txt to me because The forum software may mung up the registry output making it unsafe for me to draw up any needed fixes.
Having it mailed will preserve the "code".

Can you post here also an uninstall list from Hijackthis please.

Run Hijackthis as admin.
If at the main scan screen hit "config" then "misc tools" otherwise click "open misc tools options".
click "open uninstall manager"
click "save list..."
Save the list & post its contents here.

Thanks,

Tammy
coppertop(at)personainternet.com
tammys(at)sunbelt-software.com

I do not have opai.dll but I do have the opservice.exe. I uploaded that one thing at uploadmalware.com.

However, I did the a quick scan today...and it's getting worse...

http://img220.imageshack.us/my.php?im... - scan image

Anyways, I will post RegSearch.txt and the uninstall_list.txt here and e-mail it to you.

RegSearch.txt --------------------------------------------------------------------------------

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.5.0

; Results at 11/3/2008 4:49:51 PM for strings:
; 'opservice'
; 'opai.dll'
; 'opinionsquare'
; 'opsetup'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07F94112-A42E-328B-B508-702EF62BCC29}]
@="System.Runtime.InteropServices.COMException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07F94112-A42E-328B-B508-702EF62BCC29}\InprocServer32]
"Class"="System.Runtime.InteropServices.COMException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07F94112-A42E-328B-B508-702EF62BCC29}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.COMException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07F94112-A42E-328B-B508-702EF62BCC29}\ProgId]
@="System.Runtime.InteropServices.COMException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{204D5A28-46A0-3F04-BD7C-B5672631E57F}]
@="System.Runtime.InteropServices.PreserveSigAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{204D5A28-46A0-3F04-BD7C-B5672631E57F}\InprocServer32]
"Class"="System.Runtime.InteropServices.PreserveSigAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{204D5A28-46A0-3F04-BD7C-B5672631E57F}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.PreserveSigAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{204D5A28-46A0-3F04-BD7C-B5672631E57F}\ProgId]
@="System.Runtime.InteropServices.PreserveSigAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D5EC63C-1B3E-3EE4-9052-EB0D0303549C}]
@="System.Runtime.InteropServices.SafeArrayTypeMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D5EC63C-1B3E-3EE4-9052-EB0D0303549C}\InprocServer32]
"Class"="System.Runtime.InteropServices.SafeArrayTypeMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D5EC63C-1B3E-3EE4-9052-EB0D0303549C}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.SafeArrayTypeMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2D5EC63C-1B3E-3EE4-9052-EB0D0303549C}\ProgId]
@="System.Runtime.InteropServices.SafeArrayTypeMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{475E398F-8AFA-43A7-A3BE-F4EF8D6787C9}]
@="System.Runtime.InteropServices.RegistrationServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{475E398F-8AFA-43A7-A3BE-F4EF8D6787C9}\InprocServer32]
"Class"="System.Runtime.InteropServices.RegistrationServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{475E398F-8AFA-43A7-A3BE-F4EF8D6787C9}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.RegistrationServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{475E398F-8AFA-43A7-A3BE-F4EF8D6787C9}\ProgId]
@="System.Runtime.InteropServices.RegistrationServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BE89AC3-603D-36B2-AB9B-9C38866F56D5}]
@="System.Runtime.InteropServices.SafeArrayRankMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BE89AC3-603D-36B2-AB9B-9C38866F56D5}\InprocServer32]
"Class"="System.Runtime.InteropServices.SafeArrayRankMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BE89AC3-603D-36B2-AB9B-9C38866F56D5}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.SafeArrayRankMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4BE89AC3-603D-36B2-AB9B-9C38866F56D5}\ProgId]
@="System.Runtime.InteropServices.SafeArrayRankMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630A3EF1-23C6-31FE-9D25-294E3B3E7486}]
@="System.Runtime.InteropServices.ComRegisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630A3EF1-23C6-31FE-9D25-294E3B3E7486}\InprocServer32]
"Class"="System.Runtime.InteropServices.ComRegisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630A3EF1-23C6-31FE-9D25-294E3B3E7486}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.ComRegisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{630A3EF1-23C6-31FE-9D25-294E3B3E7486}\ProgId]
@="System.Runtime.InteropServices.ComRegisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{742AD1FB-B2F0-3681-B4AA-E736A3BCE4E1}]
@="System.Runtime.InteropServices.MarshalDirectiveException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{742AD1FB-B2F0-3681-B4AA-E736A3BCE4E1}\InprocServer32]
"Class"="System.Runtime.InteropServices.MarshalDirectiveException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{742AD1FB-B2F0-3681-B4AA-E736A3BCE4E1}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.MarshalDirectiveException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{742AD1FB-B2F0-3681-B4AA-E736A3BCE4E1}\ProgId]
@="System.Runtime.InteropServices.MarshalDirectiveException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78D22140-40CF-303E-BE96-B3AC0407A34D}]
@="System.Runtime.InteropServices.RuntimeEnvironment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78D22140-40CF-303E-BE96-B3AC0407A34D}\InprocServer32]
"Class"="System.Runtime.InteropServices.RuntimeEnvironment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78D22140-40CF-303E-BE96-B3AC0407A34D}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.RuntimeEnvironment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{78D22140-40CF-303E-BE96-B3AC0407A34D}\ProgId]
@="System.Runtime.InteropServices.RuntimeEnvironment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A3FD229-B2A9-347F-93D2-87F3B7F92753}]
@="System.Runtime.InteropServices.ComConversionLossAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A3FD229-B2A9-347F-93D2-87F3B7F92753}\InprocServer32]
"Class"="System.Runtime.InteropServices.ComConversionLossAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A3FD229-B2A9-347F-93D2-87F3B7F92753}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.ComConversionLossAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A3FD229-B2A9-347F-93D2-87F3B7F92753}\ProgId]
@="System.Runtime.InteropServices.ComConversionLossAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F45C7FF-1E6E-34C1-A7CC-260985392A05}]
@="System.Runtime.InteropServices.ComUnregisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F45C7FF-1E6E-34C1-A7CC-260985392A05}\InprocServer32]
"Class"="System.Runtime.InteropServices.ComUnregisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F45C7FF-1E6E-34C1-A7CC-260985392A05}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.ComUnregisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F45C7FF-1E6E-34C1-A7CC-260985392A05}\ProgId]
@="System.Runtime.InteropServices.ComUnregisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96A058CD-FAF7-386C-85BF-E47F00C81795}]
@="System.Runtime.InteropServices.InAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96A058CD-FAF7-386C-85BF-E47F00C81795}\InprocServer32]
"Class"="System.Runtime.InteropServices.InAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96A058CD-FAF7-386C-85BF-E47F00C81795}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.InAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96A058CD-FAF7-386C-85BF-E47F00C81795}\ProgId]
@="System.Runtime.InteropServices.InAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A944885-EDAF-3A81-A2FF-6A9D5D1ABFC7}]
@="System.Runtime.InteropServices.InvalidOleVariantTypeException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A944885-EDAF-3A81-A2FF-6A9D5D1ABFC7}\InprocServer32]
"Class"="System.Runtime.InteropServices.InvalidOleVariantTypeException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A944885-EDAF-3A81-A2FF-6A9D5D1ABFC7}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.InvalidOleVariantTypeException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A944885-EDAF-3A81-A2FF-6A9D5D1ABFC7}\ProgId]
@="System.Runtime.InteropServices.InvalidOleVariantTypeException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D309F77-4655-372E-84B0-B0FB4030F3B8}]
@="System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D309F77-4655-372E-84B0-B0FB4030F3B8}\InprocServer32]
"Class"="System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D309F77-4655-372E-84B0-B0FB4030F3B8}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D309F77-4655-372E-84B0-B0FB4030F3B8}\ProgId]
@="System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7248EC6-A8A5-3D07-890E-6107F8C247E5}]
@="System.Runtime.InteropServices.InvalidComObjectException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7248EC6-A8A5-3D07-890E-6107F8C247E5}\InprocServer32]
"Class"="System.Runtime.InteropServices.InvalidComObjectException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7248EC6-A8A5-3D07-890E-6107F8C247E5}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.InvalidComObjectException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7248EC6-A8A5-3D07-890E-6107F8C247E5}\ProgId]
@="System.Runtime.InteropServices.InvalidComObjectException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC681CF-E82F-361A-8280-CF4E1F844C3E}]
@="System.Runtime.InteropServices.ExternalException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC681CF-E82F-361A-8280-CF4E1F844C3E}\InprocServer32]
"Class"="System.Runtime.InteropServices.ExternalException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC681CF-E82F-361A-8280-CF4E1F844C3E}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.ExternalException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFC681CF-E82F-361A-8280-CF4E1F844C3E}\ProgId]
@="System.Runtime.InteropServices.ExternalException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5f8350b-0548-48b1-a6ee-88bd00b4a5e7}]
@="MSAA AccPropServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B81CB5ED-E654-399F-9698-C83C50665786}]
@="System.Runtime.InteropServices.OptionalAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B81CB5ED-E654-399F-9698-C83C50665786}\InprocServer32]
"Class"="System.Runtime.InteropServices.OptionalAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B81CB5ED-E654-399F-9698-C83C50665786}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.OptionalAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B81CB5ED-E654-399F-9698-C83C50665786}\ProgId]
@="System.Runtime.InteropServices.OptionalAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA805B13-468C-3A22-BF9A-818E97EFA6B7}]
@="System.Runtime.InteropServices.SEHException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA805B13-468C-3A22-BF9A-818E97EFA6B7}\InprocServer32]
"Class"="System.Runtime.InteropServices.SEHException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA805B13-468C-3A22-BF9A-818E97EFA6B7}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.SEHException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA805B13-468C-3A22-BF9A-818E97EFA6B7}\ProgId]
@="System.Runtime.InteropServices.SEHException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1C3BF79-C3E4-11D3-88E7-00902754C43A}]
@="System.Runtime.InteropServices.TypeLibConverter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1C3BF79-C3E4-11D3-88E7-00902754C43A}\InprocServer32]
"Class"="System.Runtime.InteropServices.TypeLibConverter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1C3BF79-C3E4-11D3-88E7-00902754C43A}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.TypeLibConverter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1C3BF79-C3E4-11D3-88E7-00902754C43A}\ProgId]
@="System.Runtime.InteropServices.TypeLibConverter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1EBA909-6621-346D-9CE2-39F266C9D011}]
@="System.Runtime.InteropServices.ComImportAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1EBA909-6621-346D-9CE2-39F266C9D011}\InprocServer32]
"Class"="System.Runtime.InteropServices.ComImportAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1EBA909-6621-346D-9CE2-39F266C9D011}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.ComImportAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F1EBA909-6621-346D-9CE2-39F266C9D011}\ProgId]
@="System.Runtime.InteropServices.ComImportAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}]
@="System.Runtime.InteropServices.OutAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32]
"Class"="System.Runtime.InteropServices.OutAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\InprocServer32\2.0.0.0]
"Class"="System.Runtime.InteropServices.OutAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDB2DC94-B5A0-3702-AE84-BBFA752ACB36}\ProgId]
@="System.Runtime.InteropServices.OutAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6E26E776-04F0-495D-80E4-3330352E3169}]
@="IAccPropServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{03D65B1A-BBF6-3BDC-BC53-85E02415670D}\2.0.0.0]
"Class"="System.Runtime.InteropServices.UnmanagedType"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{0E71F38E-C5E1-3094-9487-5C7DD1E998EC}\2.0.0.0]
"Class"="System.Runtime.InteropServices.GCHandleType"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{18C327E4-E4BA-3C3C-9942-274272626278}\2.0.0.0]
"Class"="System.Runtime.InteropServices.ComInterfaceType"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{26170123-45FD-30F7-987D-BF3689662B6C}\2.0.0.0]
"Class"="System.Runtime.InteropServices.ExporterEventKind"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{66E1F723-E57F-35CE-8306-3C09FB68A322}\2.0.0.0]
"Class"="System.Runtime.InteropServices.GCHandle"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{765653A0-2B24-38E4-A6F6-5CB325E8CCC9}\2.0.0.0]
"Class"="System.Runtime.InteropServices.AssemblyRegistrationFlags"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{79C2C4A6-8D21-371C-995F-52C38701B91E}\2.0.0.0]
"Class"="System.Runtime.InteropServices.CallingConvention"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8351108F-34E3-3CC9-BF5A-C76C48060835}\2.0.0.0]
"Class"="System.Runtime.InteropServices.ArrayWithOffset"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{875EB8B7-663D-3B83-B702-5AF34662B9B5}\2.0.0.0]
"Class"="System.Runtime.InteropServices.VarEnum"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{8A958A5B-626C-3D22-AB56-3EC30C9B7EE2}\2.0.0.0]
"Class"="System.Runtime.InteropServices.IDispatchImplType"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{96E0DEE8-C1CA-38A5-A3C9-52DA9B5440EF}\2.0.0.0]
"Class"="System.Runtime.InteropServices.ComMemberType"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{97AA3979-1066-3969-B278-E064BDB97DCE}\2.0.0.0]
"Class"="System.Runtime.InteropServices.TypeLibTypeFlags"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{9ABE23BD-D5D5-30F6-B127-9B3AB98F7DBB}\2.0.0.0]
"Class"="System.Runtime.InteropServices.LayoutKind"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{AD92602F-55F2-3552-A977-D93C79DB346E}\2.0.0.0]
"Class"="System.Runtime.InteropServices.TypeLibExporterFlags"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{B42619B4-0EDC-3F55-AA64-2140275FA115}\2.0.0.0]
"Class"="System.Runtime.InteropServices.ImporterEventKind"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{BF1BF727-537F-3284-9CA9-5ADF12641AB5}\2.0.0.0]
"Class"="System.Runtime.InteropServices.TypeLibFuncFlags"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{C335350A-892D-37F7-967C-99B3C4C4A301}\2.0.0.0]
"Class"="System.Runtime.InteropServices.TypeLibImporterFlags"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{C660D7A6-D1DD-3E9D-85EB-F844791E2DAE}\2.0.0.0]
"Class"="System.Runtime.InteropServices.TypeLibVarFlags"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{C71DCE2B-B87F-37A9-89ED-F1145955BCD6}\2.0.0.0]
"Class"="System.Runtime.InteropServices.HandleRef"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{D58DC4BB-3A4C-3B0C-B75F-9D0876694F3D}\2.0.0.0]
"Class"="System.Runtime.InteropServices.ClassInterfaceType"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Record\{DEAE387D-C9A7-3A9C-B772-0153A2538502}\2.0.0.0]
"Class"="System.Runtime.InteropServices.CharSet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComConversionLossAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComConversionLossAttribute]
@="System.Runtime.InteropServices.ComConversionLossAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComConversionLossAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.COMException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.COMException]
@="System.Runtime.InteropServices.COMException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.COMException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComImportAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComImportAttribute]
@="System.Runtime.InteropServices.ComImportAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComImportAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComRegisterFunctionAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComRegisterFunctionAttribute]
@="System.Runtime.InteropServices.ComRegisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComRegisterFunctionAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComUnregisterFunctionAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComUnregisterFunctionAttribute]
@="System.Runtime.InteropServices.ComUnregisterFunctionAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ComUnregisterFunctionAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ExternalException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ExternalException]
@="System.Runtime.InteropServices.ExternalException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.ExternalException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InAttribute]
@="System.Runtime.InteropServices.InAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InvalidComObjectException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InvalidComObjectException]
@="System.Runtime.InteropServices.InvalidComObjectException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InvalidComObjectException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InvalidOleVariantTypeException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InvalidOleVariantTypeException]
@="System.Runtime.InteropServices.InvalidOleVariantTypeException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.InvalidOleVariantTypeException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.MarshalDirectiveException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.MarshalDirectiveException]
@="System.Runtime.InteropServices.MarshalDirectiveException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.MarshalDirectiveException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.OptionalAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.OptionalAttribute]
@="System.Runtime.InteropServices.OptionalAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.OptionalAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.OutAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.OutAttribute]
@="System.Runtime.InteropServices.OutAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.OutAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.PreserveSigAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.PreserveSigAttribute]
@="System.Runtime.InteropServices.PreserveSigAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.PreserveSigAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.RegistrationServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.RegistrationServices]
@="System.Runtime.InteropServices.RegistrationServices"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.RegistrationServices\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.RuntimeEnvironment]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.RuntimeEnvironment]
@="System.Runtime.InteropServices.RuntimeEnvironment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.RuntimeEnvironment\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SafeArrayRankMismatchException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SafeArrayRankMismatchException]
@="System.Runtime.InteropServices.SafeArrayRankMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SafeArrayRankMismatchException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SafeArrayTypeMismatchException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SafeArrayTypeMismatchException]
@="System.Runtime.InteropServices.SafeArrayTypeMismatchException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SafeArrayTypeMismatchException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SEHException]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SEHException]
@="System.Runtime.InteropServices.SEHException"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SEHException\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute]
@="System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.SetWin32ContextInIDispatchAttribute\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.TypeLibConverter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.TypeLibConverter]
@="System.Runtime.InteropServices.TypeLibConverter"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\System.Runtime.InteropServices.TypeLibConverter\CLSID]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\Windows\\system32\\opai.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc\Parameters]
"ServiceMain"="CertPropServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OpinionSquare]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\OpinionSquare]
; Contents of value:
; C:\Windows\system32\opservice.exe /service
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6f,00,70,00,73,\
00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,65,00,78,00,65,00,20,00,2f,00,\
73,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"DisplayName"="OpinionSquare"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CertPropSvc\Parameters]
"ServiceMain"="CertPropServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\OpinionSquare]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\OpinionSquare]
; Contents of value:
; C:\Windows\system32\opservice.exe /service
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6f,00,70,00,73,\
00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,65,00,78,00,65,00,20,00,2f,00,\
73,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"DisplayName"="OpinionSquare"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc\Parameters]
"ServiceMain"="CertPropServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpinionSquare]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\OpinionSquare]
; Contents of value:
; C:\Windows\system32\opservice.exe /service
"ImagePath"=hex(2):43,00,3a,00,5c,00,57,00,69,00,6e,00,64,00,6f,00,77,00,73,00,\
5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6f,00,70,00,73,\
00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,65,00,78,00,65,00,20,00,2f,00,\
73,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00
"DisplayName"="OpinionSquare"

; End Of The Log...

---------------------------------------------------------------------------------------------------------

HijackThis's Uninstall_Log.txt--------------------------------------------------------------

32 Bit HP CIO Components Installer
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash CS3
Adobe Flash CS3 Professional
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Flash Video Encoder
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Reader 8.1.2
Adobe Setup
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Age of Empires III - The Asian Dynasties Trial
Age of Mythology Trial
Apple Mobile Device Support
Apple Software Update
Audacity 1.2.6
AutoHotkey 1.0.47.05
Bonjour
CCleaner (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Enhanced Multimedia Keyboard Solution
FlyFF Resource Manager
Gimp 2.6.1
Graph Paper Maker 8
Hardware Diagnostic Tools
Hewlett-Packard Active Check for Health Check
Hewlett-Packard Asset Agent for Health Check
Hex Workshop v5.1
HijackThis 2.0.2
HP Active Support Library
HP Active Support Library 32 bit components
HP Customer Experience Enhancements
HP Customer Feedback
HP Customer Participation Program 9.0
HP Easy Setup - Frontend
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Picasso Media Center Add-In
HP Smart Web Printing
HP Solution Center 9.0
HP Total Care Advisor
HP Update
IBM ViaVoice TTS Runtime v6.610 - UK English
IBM ViaVoice TTS Runtime v6.610 - US English
Intel(R) Matrix Storage Manager
Intel® ViivTM Software
iTunes
Java(TM) SE Runtime Environment 6 Update 1
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
MapleStory
MapleStory
Microsoft Office Home and Student 60 day trial
Microsoft Office Standard Edition 2003
Microsoft Sapi 5.1
Microsoft Sapi5 voices for XP
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
mIRC
MobileMe Control Panel
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.3)
MPlugin
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML4 Parser
muvee autoProducer 6.0
My HP Games
MySQL Server 5.0
NeoSpeech Kate
NeoSpeech Paul
NoAdware v5.0
NVIDIA Drivers
PDF Settings
PFConfig 1.0.223
PremiumSoft Navicat 8.0 Lite for MySQL
Python 2.5
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Rhapsody
Rhapsody Player Engine
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Safari
Shop for HP Supplies
ShortKeys Lite
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
VideoLAN VLC media player 0.8.6h
WampServer 2.0
WeatherBug Gadget
WildGames
Windows Media Player Firefox Plugin
WinKeySim
WinRAR archiver
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Toolbar
zMUD v5.55
ZoomText 9.1
ZoomText 9.1 Tutorial

Hope this helped.

Hi TheJoker,

Thanks for the logs.
I will go over them & reply in a bit with recommendations.

Those 24 items that showed up for Explorer32.Hijacker is most likely a result of registry items added to the defs.
You let VIPRE clean it?
If you open Vipre then click "view" > manage malware> view history.
Pick date of scan that showed items.
Hilight the Explorer32.Hijacker line then click "show details" you should see registry traces.
Take a screenshot while you have the details window open and upload it please. (imageshack is fine)

Thanks,

Tammy

TheJoker:

Do you remember where you picked up OpinionSquare?
I ask because your install and mine are a bit different. Slight different versions and file locations are different.
I'd like to try & duplicate the install on my test machine if possible.

Thanks,

Tammy

TheJoker:

I believe we have enough info to remove the remaining bits of OpinionSquare.

Click Start> programs> accessories.
Right click on "command prompt" and choose "run as administrator"
OK the UAC prompt.
A "dos" box opens.

Type the following command exactly as you see it & hit enter:

sc delete OpinionSquare

You should get a success message. Let me know if you get an error message.
Exit the command prompt.

Next, Open Hijackthis (run as admin)
Do system scan and check if present the following:

O20 - AppInit_DLLs: C:\Windows\system32\opai.dll

Close all open windows except Hijackthis & hit "fix checked" and OK.
Exit Hijackthis & reboot.

Please post a fresh hijackthis log here.
Let me know how the system is running.

Don't be alarmed if you see a few adware traces in next couple scans.
Likely a result of OpinionSquare/Marketscore items being added to definitions.

Thanks,

Tammy

Ok, thank you for all this help. Here's a picture of the 24-trace Hijacker:

http://img75.imageshack.us/my.php?ima...

You were right; it was the registry keys.

No, I don't remember where or when I installed OpinionSquare, but I know I got it for doing a survey for one of those sites that pay you money.

Next, I did the Command Prompt thing successfully, then I did HijackThis and O20 - AppInit_DLLs: C:\Windows\system32\opai.dll was there.

Here's the fresh HijackThis log------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:51:36 PM, on 11/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ZoomText 9.1\ZtUac.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYP...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYP...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\AHOI\ah_ie_bho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZoomText Helper Service - Ai Squared - C:\Program Files\ZoomText 9.1\ZoomTextHelperService.exe

--
End of file - 10698 bytes

--------------------------------------------------------------------------------------------------

Hi,

Log looks good. :)
I expected you to see some results with a couple scans after fixing those 2 HJT entries because of definition updates to Vipre.
Let me know if they keep comming back.
I don't expect they will because we were able to fix the other entries easy enough.
You may see or have seen since a few more registry traces and at least one file trace. (the one you sent me)

Looks like you had some trouble uninstalling Norton & AVG at one time or another.
It appears you are not running any other Norton products so it is just the auto update programs that need to be uninstalled.
One related entry in HJT for AVG as well that should be cleaned up to clean house a little.
Doing this should also help improve system performance because Norton will no longer be looking for updates to a non existant product.

If I am correct in thinking you no longer run Norton, these 2 items can be uninstalled via "programs and features" in your control panel:

LiveUpdate Notice (Symantec Corporation)
LiveUpdate 3.2 (Symantec Corporation)

Reboot when done.

Run Hijackthis (as admin), do system scan and check the following entry if present:

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)


Click "fix checked" and OK.
Rescan with Hijackthis (as admin) and post the new log please.
Let me know if Norton uninstalls went OK or if you had troubles.

Thank you,

Tammy

Okay, I uninstalled LiveUpdate Notice and LiveUpdate 3.2 with no troubles (I hope).

I fixed O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing) with HijackThis.

Here's this new log---------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:31:55 PM, on 11/5/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\ZoomText 9.1\ZtUac.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\hp\kbd\kbd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Movie Maker\moviemk.exe
C:\Windows\system32\mspaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYP...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYP...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\AHOI\ah_ie_bho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZoomText Helper Service - Ai Squared - C:\Program Files\ZoomText 9.1\ZoomTextHelperService.exe

--
End of file - 10628 bytes

Hi,

Glad to hear things are going well.
I still see Norton/Symantec stuff in your log.

Norton has a removal tool that will help remove the remains.
You can go to this site:
http://service1.symantec.com/Support/...

Choose the Norton product you had
Next page choose your operating system. (Vista)
Download the tool and save it someplace handy.
Advisable to disable Active Protection for Vipre while running this tool to avoid the alerts Vipre will give you due to registry changes.

Right click the file you just downloaded and choose "run as administrator"
Follow the prompts and reboot when asked.
It may require more than one reboot to complete removal.
Once done re-enable your Vipre & post a fresh Hijackthis log here please.

Let me know how system is running.
If all is well we'll clean up the tools we used & reset system restore to purge old restore points and create a fresh one.

Thanks,

Tammy

Ok, I did what you wanted and here is the HijackThis log. By the way, is it vital to ""Run as Administrator" because I used the removal tool normally.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:53 PM, on 11/7/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ZoomText 9.1\ZtUac.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYP...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkI...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkI...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYP...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AH IE BHO - {10384d0e-2bc1-48b6-844b-ad0e9e6d2511} - C:\Program Files\ZoomText 9.1\AHOI\ah_ie_bho.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Snapfish Media Detector.lnk = C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51b\bin\mysqld-nt.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: ZoomText Helper Service - Ai Squared - C:\Program Files\ZoomText 9.1\ZoomTextHelperService.exe

--
End of file - 9702 bytes

Hi TheJoker,

Log looks good.

Normally when you have to use some kind of tool that involves removing services, registry items, some files & folders on Vista it is normally needed to run tool as admin.
One needs admin privs to remove/edit services, drivers, registry, access certain files/folders and install/uninstall most software.

Unless you disabled UAC. Did you?
Disabling UAC will let you do more with less prompts but also may open you to bigger chance of getting infected or having unwanted software installed.

More on UAC here:
http://en.wikipedia.org/wiki/User_Acc...

Everything still running OK?

Well I disabled UAC because it had become a nuisance.

Everything is fine ATM.

Thank you for your support, Blender.

Good to hear all is well.

You can clean up the tools we used.

Open Hijackthis.
If it is at the scan screen click "config" then "misc tools" and "backups"
If it starts at the main options screen click "open misc tools options" then "view list of backups"
Click "delete all" and OK the prompt.
Exit Hijackthis.

You can delete RegSEarch.zip and its folder.
Also delete the Norton removal tool you downloaded/used.

Take care & surf safe!

Tammy