Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help and Spyware Removal Computer Help Forums Windows Startup Programs Database Virus, Spyware, and Malware Removal Guides Computer Tutorials Uninstall Database File Database Computer Glossary Computer Resources
 

Welcome Guest ( Log In | Click here to Register a free account now! )



Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.
MalwareByte's Anti-Malware Download

> Forum Guidelines

Read this topic before posting a log.


DO NOT post a ComboFix log unless requested to.


Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages V  < 1 2 3 >  
Closed TopicStart new topic
> Infected With Smit-Fraud-C. Core Service Trojans, Need Help In Removing It
JepthasDaughter
post Oct 31 2008, 03:16 AM
Post #16


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
Hi Again Mark:)

Well, I'm VERY very careful about not clicking links in any emails unless I'm absolutely sure I know the source and definitely know better. As a matter of fact, have received over the last 2 years at least 1-2 "spoofed" mails trying desperately to make me think they're from Paypal but I never never clicked on them (I always "hover" before I click any dang link LOL) and have turned them over to Paypal. However, because I DO have 2 "idiot" daughters both of whom know better but being of the "teenage" mentality and never listen to "Mama", it is a big possibility that one of them caused this whole darn mess for me. And for sure, MySpace has been completely banned from visitation on My computer but I guess there's always the possibility that one of them "sneaked" and heaven knows what might have happened:( I guess I'm going to have to resort to placing a password after all on the computer just to keep them off of it, but to be safe! Sorry to talk so much! Anyway.....


Below are the results of the 3 things you requested. However, the last 2 times you've asked me to do the RSIT thing, it will NOT provide an info.txt file (minimized or not) although it did the very first time I ran it. It is only giving me the log.txt file. So not sure what's going on there!

BIT DEFENDER SCAN

BitDefender Log File

Product : BitDefender Internet Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Full System Scan
Log date : 00:36:57 31/10/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\full_scan\1225431417_1_02.xml

Scan Paths:Path 0000: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0001: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
Path 0002: C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
Path 0003: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0004: C:\WINDOWS\System32\svchost.exe
Path 0005: C:\WINDOWS\System32\alg.exe
Path 0006: C:\WINDOWS\system32\dllhost.exe
Path 0007: C:\WINDOWS\eHome\ehmsas.exe
Path 0008: C:\Program Files\iPod\bin\iPodService.exe
Path 0009: C:\Program Files\Windows Media Player\WMPNetwk.exe
Path 0010: c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Path 0011: C:\WINDOWS\ehome\mcrdsvc.exe
Path 0012: C:\WINDOWS\system32\svchost.exe
Path 0013: C:\WINDOWS\system32\svchost.exe
Path 0014: C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
Path 0015: c:\Program Files\Common Files\LightScribe\LSSrvc.exe
Path 0016: C:\WINDOWS\System32\svchost.exe
Path 0017: C:\WINDOWS\eHome\ehSched.exe
Path 0018: C:\WINDOWS\eHome\ehRecvr.exe
Path 0019: c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
Path 0020: C:\WINDOWS\system32\spoolsv.exe
Path 0021: C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
Path 0022: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Path 0023: C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Path 0024: C:\Program Files\Windows Media Player\WMPNSCFG.exe
Path 0025: C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
Path 0026: C:\Program Files\Messenger\msmsgs.exe
Path 0027: C:\WINDOWS\system32\ctfmon.exe
Path 0028: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
Path 0029: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Path 0030: C:\Program Files\iTunes\iTunesHelper.exe
Path 0031: C:\Program Files\Logitech\iTouch\iTouch.exe
Path 0032: C:\Program Files\QuickTime\qttask.exe
Path 0033: C:\WINDOWS\system32\ElkCtrl.exe
Path 0034: C:\Program Files\Logitech\Video\CameraAssistant.exe
Path 0035: C:\WINDOWS\system32\LVCOMSX.EXE
Path 0036: C:\WINDOWS\ALCWZRD.EXE
Path 0037: C:\WINDOWS\SOUNDMAN.EXE
Path 0038: C:\WINDOWS\AGRSMMSG.exe
Path 0039: C:\WINDOWS\ehome\ehtray.exe
Path 0040: C:\WINDOWS\Explorer.EXE
Path 0041: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
Path 0042: C:\WINDOWS\system32\svchost.exe
Path 0043: C:\WINDOWS\system32\svchost.exe
Path 0044: C:\WINDOWS\System32\svchost.exe
Path 0045: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Path 0046: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
Path 0047: C:\WINDOWS\system32\svchost.exe
Path 0048: C:\WINDOWS\system32\svchost.exe
Path 0049: C:\WINDOWS\system32\lsass.exe
Path 0050: C:\WINDOWS\system32\services.exe
Path 0051: C:\WINDOWS\system32\winlogon.exe
Path 0052: C:\WINDOWS\system32\csrss.exe
Path 0053: \SystemRoot\System32\smss.exe
Path 0054: C:\
Path 0055: D:\

Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes

Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : No
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :

Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None

Scan engines summaryNumber of virus signatures : 1996343
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7

Overall scan summaryScanned items : 222291
Infected items : 0
Suspicious items : 0
Resolved items : 0
Unresolved items : 36
Password-protected items : 36
Individual viruses found : 0
Scanned directories : 17625
Scanned boot sectors : 6
Scanned archives : 3
Input-output errors : 64
Scan time : 01:18:49
Files per second : 46

Scanned processes summaryScanned : 54
Infected : 0

Scanned registry keys summaryScanned : 1344
Infected : 0

Scanned cookies summaryScanned : 1344
Infected : 0

Objects that were not scanned:Object Name Reason Final Status
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip=]kr_done1 Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BraveSentry.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService1.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService1.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService10.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService11.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService12.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService12.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService13.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService13.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService14.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService15.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService2.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService3.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService4.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService4.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService5.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService5.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService6.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService7.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService8.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService8.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService9.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCCoreService9.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]wr.txt Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinSmallazl.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip=]sbRecovery.reg Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch.zip=]sbRecovery.ini Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip=]msnav32.ax Password-protected No action was possible
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip=]sbRecovery.ini Password-protected No action was possible


GMER SCAN

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-31 02:54:47
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xA6FD9BCE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xA6FD9CBC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xA6FD9B32]

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Messenger\msmsgs.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02262F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02262DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [02262D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Messenger\msmsgs.exe[340] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02262DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[1332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[1332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[1332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\eHome\ehmsas.exe[1332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\HP_Administrator\Desktop\gmer.exe[1488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01A02F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01A02DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [01A02D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1816] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01A02DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CB2F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CB2DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00CB2D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe[3276] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CB2DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.14 ----

RSIT LOG

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-10-31 02:56:35
Microsoft Windows XP Professional Service Pack 3
System drive C: has 194 GB (85%) free of 229 GB
Total RAM: 1015 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:56:44 AM, on 10/31/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\IncrediMail\bin\ImNotfy.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 11151 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-13 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-10-13 2742272]
"regcmdcons"=c:\hp\bin\cloaker.exe [1999-11-07 27136]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 98304]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-10-20 716800]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"LXCCCATS"=rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
"PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"cdloader"=C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe [2008-08-22 50520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-12-01 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImSc.exe"="C:\Program Files\IncrediMail\bin\ImSc.exe:*:Enabled:IncrediMail"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53d0f2-8743-11d9-99a0-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-10-31 02:27:20 ----A---- C:\WINDOWS\gmer.ini
2008-10-31 02:27:17 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-31 02:27:17 ----A---- C:\WINDOWS\gmer.dll
2008-10-31 02:27:16 ----A---- C:\WINDOWS\gmer.exe
2008-10-27 02:35:21 ----D---- C:\Program Files\EsetOnlineScanner
2008-10-27 01:49:16 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-10-27 01:49:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 01:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 01:35:37 ----D---- C:\_OTMoveIt
2008-10-27 00:59:45 ----D---- C:\WINDOWS\ERDNT
2008-10-27 00:57:35 ----D---- C:\Program Files\ERUNT
2008-10-24 18:51:07 ----D---- C:\rsit
2008-10-23 22:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 15:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-22 05:57:32 ----D---- C:\WINDOWS\Prefetch
2008-10-22 05:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-22 05:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-22 05:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-22 05:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-22 05:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-22 05:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-22 05:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-22 05:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-22 05:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-22 05:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-22 05:51:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-22 05:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-22 05:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-22 05:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-22 05:44:41 ----D---- C:\WINDOWS\system32\scripting
2008-10-22 05:44:41 ----D---- C:\WINDOWS\l2schemas
2008-10-22 05:44:40 ----D---- C:\WINDOWS\system32\bits
2008-10-22 05:42:26 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-22 05:35:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-21 00:21:46 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-21 00:21:24 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-10-21 00:17:41 ----D---- C:\WINDOWS\Internet Logs
2008-10-20 02:09:28 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitDefender
2008-10-20 02:09:02 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-20 02:04:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Motive
2008-10-20 01:58:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-20 01:51:24 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-19 21:09:02 ----A---- C:\WINDOWS\bdagent.INI
2008-10-19 18:34:39 ----A---- C:\WINDOWS\wininit.ini
2008-10-19 17:52:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-19 17:52:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-19 05:34:25 ----D---- C:\Program Files\BitDefender
2008-10-19 05:32:52 ----D---- C:\Program Files\Common Files\BitDefender
2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\java.exe
2008-10-18 04:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-18 04:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 04:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-18 04:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-18 04:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-16 21:01:45 ----D---- C:\Program Files\Lavasoft
2008-10-16 21:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 20:59:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-10 11:24:20 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp

======List of files/folders modified in the last 1 months======

2008-10-31 02:47:33 ----D---- C:\WINDOWS\system32
2008-10-31 02:40:12 ----D---- C:\WINDOWS\Temp
2008-10-31 02:27:20 ----D---- C:\WINDOWS
2008-10-31 02:27:17 ----D---- C:\WINDOWS\system32\drivers
2008-10-31 02:10:14 ----D---- C:\WINDOWS\Registration
2008-10-31 02:10:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-31 02:09:50 ----A---- C:\WINDOWS\iTouch.ini
2008-10-31 02:08:34 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-29 11:27:25 ----D---- C:\Program Files
2008-10-29 11:24:35 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-10-27 23:36:16 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2008-10-27 02:47:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-27 01:35:47 ----D---- C:\Program Files\Common Files
2008-10-25 18:54:15 ----D---- C:\Sig Tags
2008-10-23 22:03:50 ----HD---- C:\WINDOWS\inf
2008-10-23 22:03:39 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-23 22:03:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 15:36:55 ----A---- C:\WINDOWS\imsins.BAK
2008-10-22 06:01:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 05:59:17 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-10-22 05:58:40 ----AC---- C:\WINDOWS\setuplog.txt
2008-10-22 05:56:55 ----D---- C:\WINDOWS\system32\Setup
2008-10-22 05:56:55 ----D---- C:\WINDOWS\ime
2008-10-22 05:56:55 ----D---- C:\WINDOWS\AppPatch
2008-10-22 05:56:55 ----D---- C:\Program Files\Messenger
2008-10-22 05:56:54 ----D---- C:\WINDOWS\system32\wbem
2008-10-22 05:56:53 ----SD---- C:\WINDOWS\Fonts
2008-10-22 05:56:15 ----D---- C:\WINDOWS\security
2008-10-22 05:55:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 05:49:48 ----RSD---- C:\WINDOWS\assembly
2008-10-22 05:45:12 ----D---- C:\WINDOWS\WinSxS
2008-10-22 05:44:55 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-22 05:44:55 ----D---- C:\WINDOWS\network diagnostic
2008-10-22 05:44:55 ----D---- C:\WINDOWS\Help
2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\usmt
2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\en-US
2008-10-22 05:44:41 ----SHD---- C:\WINDOWS\Installer
2008-10-22 05:44:40 ----D---- C:\WINDOWS\PeerNet
2008-10-22 05:44:40 ----D---- C:\Program Files\Movie Maker
2008-10-22 05:44:40 ----AD---- C:\WINDOWS\system32\en
2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\Restore
2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\npp
2008-10-22 05:42:06 ----D---- C:\WINDOWS\mui
2008-10-22 05:42:05 ----D---- C:\WINDOWS\msagent
2008-10-22 05:42:04 ----D---- C:\WINDOWS\srchasst
2008-10-22 05:42:03 ----D---- C:\Program Files\NetMeeting
2008-10-22 05:42:02 ----D---- C:\WINDOWS\system32\Com
2008-10-22 05:42:00 ----D---- C:\Program Files\Windows NT
2008-10-22 05:41:59 ----D---- C:\Program Files\Outlook Express
2008-10-22 05:41:57 ----D---- C:\Program Files\Common Files\System
2008-10-22 05:41:42 ----D---- C:\WINDOWS\system32\oobe
2008-10-22 05:41:41 ----D---- C:\WINDOWS\system
2008-10-22 05:38:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-22 05:32:14 ----D---- C:\WINDOWS\ehome
2008-10-20 22:05:09 ----D---- C:\Program Files\Trend Micro
2008-10-20 02:13:10 ----HD---- C:\Config.Msi
2008-10-20 02:00:08 ----SD---- C:\WINDOWS\Tasks
2008-10-20 02:00:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-19 04:21:44 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-18 23:02:25 ----D---- C:\Program Files\Java
2008-10-18 04:25:18 ----D---- C:\Program Files\Internet Explorer
2008-10-18 04:24:19 ----A---- C:\WINDOWS\win.ini
2008-10-16 17:15:31 ----AC---- C:\WINDOWS\EyeCand3.INI
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 07:53:23 ----D---- C:\Program Files\Lx_cats
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-11-11 160256]
R2 CX88ENC;Conexant 2388x MPEG Encoder; C:\WINDOWS\system32\drivers\cx88enc.sys [2004-11-11 297344]
R2 CXTUNE;Conexant 2388x Tuner; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2004-11-11 31360]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-20 103944]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CXAVXBAR;Conexant 2388x Crossbar Dual Input ; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-11-11 9472]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-13 2287104]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2004-03-10 12953]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-31 85969]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-12-05 7136]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-12-05 916096]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-16 611664]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2004-09-23 38912]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-20 393216]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-10-20 1527808]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------

Thanks again for all you help! smile.gif
Go to the top of the page
 
+Quote Post
mas_pogi
post Nov 1 2008, 12:40 PM
Post #17


Carpal Tunnel of Love
******

Group: Members
Posts: 1,473
Joined: 30-November 07
From:
Member No.: 173,678
Hi Jepthas.


We are almost finish. We will just have to clean up some remanants of past installations.

Please do the following instructions;
  1. We will remove the remnants of Norton AV. Please choose the product you have

    Download and run the Norton Removal Tool
    And follow the removal instructions in there.

  2. Please uninstall the following program using ADD/REMOVE programs at the Control Panel.

    Live Update 2.5

  3. Copy and paste the following text into Notepad:

    CODE
    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]


    Save this as "fixme.reg" . Choose to save as *all files and place it on your Desktop.
    Double-click fixme.reg

  4. Goto
    Click on

    Then key in
    CODE
    sc delete tmcomm


  5. Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    1. Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    2. Scroll down to where it says "Java Runtime Environment (JRE)6 Update 10...allows end-users to run Java applications".
    3. Click the "Download" button to the right.
    4. Select your Platform: "Windows" (OR if you are on a x64 system, "Windows x64")
    5. Select your Language: "Multi-Language".
    6. Read the License Agreement, and then check the box that says: "Accept License Agreement".
    7. Click Continue and the page will refresh.
    8. Click on the link to download Windows Offline Installation and save the file to your desktop.
    9. Close any programs you may have running - especially your web browser.
    10. Go to Start > Settings > Control Panel, double-click on Add/Remove Programs (Or "Uninstall a Program" on Vista) and remove all older versions of Java.
    11. Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    12. Click the Remove or Change/Remove button.
    13. Follow the onscreen instructions for the Java uninstaller.
    14. Repeat as many times as necessary to remove each Java version.
    15. Reboot your computer once all Java components are removed.
    16. Then from your desktop double-click on jre-6u10-windows-i586-p.exe (Or jre-6u10-windows-x64.exe for x64 systems)
    17. Follow the on screen instructions to install the latest Java version.

  6. Reboot your computer in normal mode.

    • Run random's system information tool (RSIT) again from your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
In your reply, please post

RSIT's log.txt and info.txt

Mark
Go to the top of the page
 
+Quote Post
JepthasDaughter
post Nov 1 2008, 03:39 PM
Post #18


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
Hi Mark:)

STILL no info.txt file when I ran RSIT!! But I do have the log.txt file which is copied & pasted below:

Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Administrator at 2008-11-01 15:33:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 194 GB (85%) free of 229 GB
Total RAM: 1015 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:33:54 PM, on 11/1/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

--
End of file - 11065 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-01 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-01 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-13 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-10-13 2742272]
"regcmdcons"=c:\hp\bin\cloaker.exe [1999-11-07 27136]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 98304]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-10-20 716800]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632]
"LXCCCATS"=rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXCCtime.dll []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-01 136600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072]
"PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576]
"LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"cdloader"=C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe [2008-08-22 50520]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe

C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2004-12-01 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\IncrediMail\bin\ImSc.exe"="C:\Program Files\IncrediMail\bin\ImSc.exe:*:Enabled:IncrediMail"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack"
"C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe"="C:\Documents and Settings\HP_Administrator\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Enabled:Norton Removal Tool"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53d0f2-8743-11d9-99a0-806d6172696f}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-11-01 15:29:29 ----A---- C:\WINDOWS\system32\javaws.exe
2008-11-01 15:29:29 ----A---- C:\WINDOWS\system32\javaw.exe
2008-11-01 15:29:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-11-01 15:29:28 ----A---- C:\WINDOWS\system32\java.exe
2008-11-01 15:07:39 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-31 02:27:20 ----A---- C:\WINDOWS\gmer.ini
2008-10-31 02:27:17 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-10-31 02:27:17 ----A---- C:\WINDOWS\gmer.dll
2008-10-31 02:27:16 ----A---- C:\WINDOWS\gmer.exe
2008-10-27 02:35:21 ----D---- C:\Program Files\EsetOnlineScanner
2008-10-27 01:49:16 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes
2008-10-27 01:49:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-27 01:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-27 01:35:37 ----D---- C:\_OTMoveIt
2008-10-27 00:59:45 ----D---- C:\WINDOWS\ERDNT
2008-10-27 00:57:35 ----D---- C:\Program Files\ERUNT
2008-10-24 18:51:07 ----D---- C:\rsit
2008-10-23 22:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-22 15:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-10-22 05:57:32 ----D---- C:\WINDOWS\Prefetch
2008-10-22 05:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-22 05:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-22 05:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-22 05:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-22 05:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-10-22 05:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-10-22 05:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2008-10-22 05:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-10-22 05:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-10-22 05:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-10-22 05:51:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-10-22 05:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-10-22 05:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-10-22 05:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-10-22 05:44:41 ----D---- C:\WINDOWS\system32\scripting
2008-10-22 05:44:41 ----D---- C:\WINDOWS\l2schemas
2008-10-22 05:44:40 ----D---- C:\WINDOWS\system32\bits
2008-10-22 05:42:26 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-22 05:35:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-10-21 00:21:46 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-21 00:21:24 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-10-21 00:17:41 ----D---- C:\WINDOWS\Internet Logs
2008-10-20 02:09:28 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitDefender
2008-10-20 02:09:02 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-10-20 02:04:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Motive
2008-10-20 01:58:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-10-20 01:51:24 ----D---- C:\WINDOWS\SxsCaPendDel
2008-10-19 21:09:02 ----A---- C:\WINDOWS\bdagent.INI
2008-10-19 18:34:39 ----A---- C:\WINDOWS\wininit.ini
2008-10-19 17:52:05 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-19 17:52:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-19 05:34:25 ----D---- C:\Program Files\BitDefender
2008-10-19 05:32:52 ----D---- C:\Program Files\Common Files\BitDefender
2008-10-18 04:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-10-18 04:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-18 04:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-10-18 04:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-10-18 04:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-10-16 21:01:45 ----D---- C:\Program Files\Lavasoft
2008-10-16 21:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-16 20:59:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-10 11:24:20 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp

======List of files/folders modified in the last 1 months======

2008-11-01 15:32:05 ----D---- C:\WINDOWS\Temp
2008-11-01 15:31:35 ----D---- C:\WINDOWS\Registration
2008-11-01 15:31:31 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 15:31:28 ----D---- C:\WINDOWS
2008-11-01 15:31:18 ----A---- C:\WINDOWS\iTouch.ini
2008-11-01 15:30:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-01 15:29:32 ----SHD---- C:\WINDOWS\Installer
2008-11-01 15:29:32 ----HD---- C:\Config.Msi
2008-11-01 15:29:29 ----D---- C:\WINDOWS\system32
2008-11-01 15:29:05 ----D---- C:\Program Files\Java
2008-11-01 15:25:31 ----D---- C:\Program Files\Common Files
2008-11-01 15:11:55 ----D---- C:\Program Files
2008-11-01 15:10:14 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-01 01:06:55 ----D---- C:\Sig Tags
2008-10-31 02:27:17 ----D---- C:\WINDOWS\system32\drivers
2008-10-29 11:24:35 ----AC---- C:\WINDOWS\ntbtlog.txt
2008-10-27 23:36:16 ----AC---- C:\WINDOWS\IE4 Error Log.txt
2008-10-27 02:47:35 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-10-23 22:03:50 ----HD---- C:\WINDOWS\inf
2008-10-23 22:03:39 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-10-23 22:03:10 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-22 15:36:55 ----A---- C:\WINDOWS\imsins.BAK
2008-10-22 06:01:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-22 05:59:17 ----AC---- C:\WINDOWS\OEWABLog.txt
2008-10-22 05:58:40 ----AC---- C:\WINDOWS\setuplog.txt
2008-10-22 05:56:55 ----D---- C:\WINDOWS\system32\Setup
2008-10-22 05:56:55 ----D---- C:\WINDOWS\ime
2008-10-22 05:56:55 ----D---- C:\WINDOWS\AppPatch
2008-10-22 05:56:55 ----D---- C:\Program Files\Messenger
2008-10-22 05:56:54 ----D---- C:\WINDOWS\system32\wbem
2008-10-22 05:56:53 ----SD---- C:\WINDOWS\Fonts
2008-10-22 05:56:15 ----D---- C:\WINDOWS\security
2008-10-22 05:55:56 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-22 05:49:48 ----RSD---- C:\WINDOWS\assembly
2008-10-22 05:45:12 ----D---- C:\WINDOWS\WinSxS
2008-10-22 05:44:55 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-22 05:44:55 ----D---- C:\WINDOWS\network diagnostic
2008-10-22 05:44:55 ----D---- C:\WINDOWS\Help
2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\usmt
2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\en-US
2008-10-22 05:44:40 ----D---- C:\WINDOWS\PeerNet
2008-10-22 05:44:40 ----D---- C:\Program Files\Movie Maker
2008-10-22 05:44:40 ----AD---- C:\WINDOWS\system32\en
2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\Restore
2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\npp
2008-10-22 05:42:06 ----D---- C:\WINDOWS\mui
2008-10-22 05:42:05 ----D---- C:\WINDOWS\msagent
2008-10-22 05:42:04 ----D---- C:\WINDOWS\srchasst
2008-10-22 05:42:03 ----D---- C:\Program Files\NetMeeting
2008-10-22 05:42:02 ----D---- C:\WINDOWS\system32\Com
2008-10-22 05:42:00 ----D---- C:\Program Files\Windows NT
2008-10-22 05:41:59 ----D---- C:\Program Files\Outlook Express
2008-10-22 05:41:57 ----D---- C:\Program Files\Common Files\System
2008-10-22 05:41:42 ----D---- C:\WINDOWS\system32\oobe
2008-10-22 05:41:41 ----D---- C:\WINDOWS\system
2008-10-22 05:38:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-22 05:32:14 ----D---- C:\WINDOWS\ehome
2008-10-20 22:05:09 ----D---- C:\Program Files\Trend Micro
2008-10-20 02:00:08 ----SD---- C:\WINDOWS\Tasks
2008-10-20 02:00:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-19 04:21:44 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-10-18 04:25:18 ----D---- C:\Program Files\Internet Explorer
2008-10-18 04:24:19 ----A---- C:\WINDOWS\win.ini
2008-10-16 17:15:31 ----AC---- C:\WINDOWS\EyeCand3.INI
2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll
2008-10-15 07:53:23 ----D---- C:\Program Files\Lx_cats
2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys []
R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys []
R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS []
R2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-11-11 160256]
R2 CX88ENC;Conexant 2388x MPEG Encoder; C:\WINDOWS\system32\drivers\cx88enc.sys [2004-11-11 297344]
R2 CXTUNE;Conexant 2388x Tuner; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2004-11-11 31360]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-20 103944]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-08-12 228672]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CXAVXBAR;Conexant 2388x Crossbar Dual Input ; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-11-11 9472]
R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-13 2287104]
R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2004-03-10 12953]
R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368]
R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-10-31 85969]
S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-12-05 7136]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-12-05 916096]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-16 611664]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-01 152984]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2004-09-23 38912]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-20 393216]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-10-20 1527808]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------
Go to the top of the page
 
+Quote Post
mas_pogi
post Nov 1 2008, 08:00 PM
Post #19


Carpal Tunnel of Love
******

Group: Members
Posts: 1,473
Joined: 30-November 07
From:
Member No.: 173,678
Hi Jepthas,
QUOTE
STILL no info.txt file when I ran RSIT!!

Thats ok.

Hows your computer now?

Any other issues you want to address?


Mark

This post has been edited by mas_pogi: Nov 1 2008, 08:01 PM
Go to the top of the page
 
+Quote Post
JepthasDaughter
post Nov 1 2008, 11:07 PM
Post #20


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
Everything is fine although I DO still get an "error message" (but without indication of what KIND) when I leave Internet Explorer. I can deal with that....I just want to know if I am CLEAN.

Keeping fingers crossed that you will say YES, YOU'RE CLEAN!!

Thanks Mark!!
Go to the top of the page
 
+Quote Post
mas_pogi
post Nov 2 2008, 12:18 AM
Post #21


Carpal Tunnel of Love
******

Group: Members
Posts: 1,473
Joined: 30-November 07
From:
Member No.: 173,678
hi Jepthas.

QUOTE
I DO still get an "error message" (but without indication of what KIND) when I leave Internet Explorer. I can deal with that

What error could that be? A screen shot would be very ok.


Mark

This post has been edited by mas_pogi: Nov 2 2008, 12:18 AM
Go to the top of the page
 
+Quote Post
JepthasDaughter
post Nov 2 2008, 01:07 AM
Post #22


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
Well, a "box" opens up when I close IE at the top of which says "Internet Explorer has encountered a problem and needs to close. We are sorry for the inconvenience. Please tell Microsoft about this problem." Then it gives the options of "Debug", "Send Error Report" or "Don't Send". When I clicked on what the "report" would say, below is what I was able to copy & paste to Notepad:

AppName: iexplore.exe AppVer: 7.0.6000.16735 ModName: unknown
ModVer: 0.0.0.0 Offset: 62911b2f

So I'm not sure what this means....actually the above doesn't read as more than what my "settings" are:( If I try to "debug", it always gives me an error that PC Doctor is unable to fix:(

THANKS!
Go to the top of the page
 
+Quote Post
mas_pogi
post Nov 2 2008, 01:15 AM
Post #23


Carpal Tunnel of Love
******

Group: Members
Posts: 1,473
Joined: 30-November 07
From:
Member No.: 173,678
Hi Jepthas.

Ok. I'll ask my colleagues about it. I don't know what it means too.

Thanks.

Mark
Go to the top of the page
 
+Quote Post
JepthasDaughter
post Nov 2 2008, 01:22 AM
Post #24


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
I also tried to right click, or highlight and copy/paste the more "detailed" report that was to be sent to Microsoft; however, it would not left me do either option. However, when I clicked on the "debug" button....THIS time, no error regarding PC Doctor came up.

You haven't said anything about whether or not my computer is "clean" of the trojans. I really need to know so I can let my friends and customers know. I've lost a good deal of business this past week (and the last) because of fear of infecting someone. Would it help to run one more time that Kaspersky Online Scanner and see what the results may be?

Thanks again!
Go to the top of the page
 
+Quote Post
mas_pogi
post Nov 2 2008, 01:37 AM
Post #25


Carpal Tunnel of Love
******

Group: Members
Posts: 1,473
Joined: 30-November 07
From:
Member No.: 173,678
Hi Jepthas.

Please be patient. thumbup2.gif

I will tell you that your computer is clean when it is really clean.

Thanks.

Mark
Go to the top of the page
 
+Quote Post
JepthasDaughter
post Nov 2 2008, 01:45 AM
Post #26


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
LOL....sorry to be such a PITA:) sad.gif

Hmmm.....this time when I closed out IE just a few minutes ago, I got another of those "error messages" but this time it actually gave me the following (in addition to the other I spoke about earlier):

The instruction at "0x629118ce" referenced memory at "0x629118ce". The memory could not be "read".

This again is similar to those other error messages I was getting at the beginning of this week and which I spoke to you about.


Thanks dear Mark.....if not for you, I would be up a creek without a paddle for sure! wacko.gif
Go to the top of the page
 
+Quote Post
mas_pogi
post Nov 2 2008, 08:05 AM
Post #27


Carpal Tunnel of Love
******

Group: Members
Posts: 1,473
Joined: 30-November 07
From:
Member No.: 173,678
Hi Jepthas,

About the error,
Can you still remember what site you visited when you got an error? Let me know.

Do the errors occurr if they run IE in "safe mode" (not machine safe mode) but starting IE without any add-ons.
Start> all programs> accessories> system tools> Internet Explorer (no add-ons)

Does error still occur? Try browsing your favorite websites.


Why not use Firefox? Its more safer smile.gif

Mark
Go to the top of the page
 
+Quote Post
JepthasDaughter
post Nov 2 2008, 11:07 AM
Post #28


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
It happens if I visit my home page - which is MSN - or ANY site. Although the majority of my "favorite sites" are pixel sites, it will occur even after visiting my home page; but again, it happens when visiting what I visit the most - pixel/graphic sites.

Interestingly, I never knew that there was a "safe IE" mode! And after testing this just now twice, I discover that I will get NO error messages!!

And I would like to use Firefox as an alternative knowing that it IS safer (so far LOL); but have just been leery of downloading it with all the other stuff I have on my computer. Afraid to keep adding "programs" not wanting to compromise my Paint Shop Pro "capabilities" LOL.

My husband DID download Firefox on his laptop recently (uses Windows Vista); however, he quickly discovered that it seemed to cause his computer to "freeze-up" on visiting various sites and not able to do much and so he removed it. Would that be because not all sites are Firefox "compatible"? I DO know that the reason I make my website graphics in a "pseudo-Firefox" layout is because many pixel artists/afficianados are using Firefox (MANY using Word Press set-ups which I will not use LOL) but since I've never used it, I have no idea if my website "layout" even looks "good" in Firefox LOL.

If you can suggest a reputable place to download Firefox and can assure me that I will not be downloading yet another Trojan (or error LOL) then I would be more than happy to give it a try:)

Thanks Mark! smile.gif
Go to the top of the page
 
+Quote Post
mas_pogi
post Nov 2 2008, 11:38 AM
Post #29


Carpal Tunnel of Love
******

Group: Members
Posts: 1,473
Joined: 30-November 07
From:
Member No.: 173,678
hi.

Could you try this one.

At Iexplorer(not in safe mode)
,
GOTO Tools>Manage Add-ons>Enable or Disable add-ons....

Could you list down the add-ons under this.



Let me know in your next reply.

Mark
Go to the top of the page
 
+Quote Post
JepthasDaughter
post Nov 2 2008, 12:24 PM
Post #30


Member
**

Group: Members
Posts: 18
Joined: 19-October 08
Member No.: 247,922
Hi Mark:)

2 screen shots of the Manage Add-Ons (as I had to scroll down a bit to get all of them). They are attached and hope it's ok to attach them and that you CAN see them:)

Attached File  manageadd_ons_1.jpg ( 85.2k ) Number of downloads: 19


Attached File  manageadd_ons_2.jpg ( 90.26k ) Number of downloads: 15
Go to the top of the page
 
+Quote Post
« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »
 

3 Pages V  < 1 2 3 >
Closed TopicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version Time is now: 21st November 2009 - 04:21 PM


Advertise   |   About Us   |   Terms of Use   |   Privacy Policy   |   Contact Us   |   Site Map   |   Chat   |   Tutorials   |   Uninstall List
Discussion Forums   |   The Computer Glossary   |   Resources   |   RSS Feeds   |   Startups   |   The File Database   |   Virus Removal Guides

© 2003-2009 All Rights Reserved Bleeping Computer LLC.

Powered By IP.Board © 2009  IPS, Inc.