Infected With Smit-Fraud-C. Core Service Trojans

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > HijackThis Logs and Virus/Trojan/Spyware/Malware Removal

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

3 Pages

1 2 3 >

Infected With Smit-Fraud-C. Core Service Trojans, Need Help In Removing It

Options

JepthasDaughter View Member Profile	Oct 20 2008, 10:25 PM Post #1
Member Group: Members Posts: 18 Joined: 19-October 08 Member No.: 247,922	After going thru all the steps posted in the "Read Before You Post" several times over, Spybot still tells me that my Windows XP computer is infected with the Smit-Fraud-C. Core Service trojan(s) - 4 of them actually. Instructions by Spybot are to "Close file handles of the core cahce (cache?).dsk and core.sys residing in the folder \windows\system32\drivers." I do not know how to do this and I don't want to do something that may make things worse. Would appreciate VERY much some expert help for this problem. Thank you! Below is my "hijackthis.log" txt file: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:05:50 PM, on 10/20/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehSched.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {B7812551-960A-45ED-835E-788878EA0BE2} - C:\Program Files\Messenger\holemuwy.dll (file missing) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\RunOnce: [SpybotDeletingA6684] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - HKLM\..\RunOnce: [SpybotDeletingC6806] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - HKLM\..\RunOnce: [SpybotDeletingA8199] command /c del "C:\WINDOWS\system32\drivers\core.sys" O4 - HKLM\..\RunOnce: [SpybotDeletingC2686] cmd /c del "C:\WINDOWS\system32\drivers\core.sys" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\RunOnce: [SpybotDeletingB1714] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - HKCU\..\RunOnce: [SpybotDeletingD2985] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk" O4 - HKCU\..\RunOnce: [SpybotDeletingB9979] command /c del "C:\WINDOWS\system32\drivers\core.sys" O4 - HKCU\..\RunOnce: [SpybotDeletingD5671] cmd /c del "C:\WINDOWS\system32\drivers\core.sys" O4 - Startup: TA_Start.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\thinksnet.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 12678 bytes

mas_pogi View Member Profile	Oct 23 2008, 08:25 AM Post #2
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	Hello JepthasDaughter, My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem. As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. Please do not run any other tool untill instructed to do so! Please reply to this thread, do not start another! Please tell me about any problems that have occurred during the fix. Please tell me of any other symptoms you may be having as these can help also. Please try as much as possible not to run anything while executing a fix. If you still need help, please follow the instruction below; Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) With Regards, mas_pogi

JepthasDaughter View Member Profile	Oct 23 2008, 08:37 PM Post #3
Member Group: Members Posts: 18 Joined: 19-October 08 Member No.: 247,922	Thank you SO much for answering me:) In the last 3 days, I HAVE had to do the Windows Updates but that is all that I have "run" in regards to "tools". And, in the last 2-3 days, I've started experiencing problems that are NEW, i.e. getting error messages after closing out Internet Explorer (after having been online for any length of time, short or long). The error messages are as follows: 1. iexplore.exe - Application Error - "The instruction at 0x629118ce reference memory at 0x629118ce. The memory could not be read. Click OK to terminate the program. Click on cancel to debug the program." 2. iexplore.exe - Application Error - "The instruction at 062911b2f reference memory at 0x629118ce. The memory could not be read. Click OK to terminate the program. Click on cancel to debug the program." 3. iexplore.exe - Application Error - "The instruction at 0x398410a reference memory at 0x03c3ac08. The memory could not be read. Click OK to terminate the program. Click on cancel to debug the program." 4. iexplore.exe - Application Error - "The instruction at 0x0388410a reference memory at 0x036b3ac08. The memory could not be read. Click OK to terminate the program. Click on cancel to debug the program." Also....VERY scary....computer has started to "shut-down" all on its own if left for brief moments idling:( This started after I had installed one of those fire-walls that were recommended by HIJACKTHIS - i.e. Zone-Gate. As a matter of fact, the next morning my computer wouldn't boot up at all but thankfully, was finally able to get it to after several hours. And I immediately removed the firewall (Zone Gate) when I did get the computer back up running. So the only firewalls I have at present are the Windows Firewall and the firewall that came with the 30-day trial of Bit Defender. I haven't run any other "fixes" while running another. Other than running AdAware & BitDefender every day, those are the only ones done on a daily basis. Since the Windows Updates have been added to the computer SINCE I sent the "original" HiJackThis .txt file, if you wish me to do a new one let me know. And ANYTHING you can do to help me get rid of this infection would be so greatly appreciated! I've been out of contact with my friends the last 5 days because I'm terrified of emailing them for fear of infecting them too. Being a disabled "shut-in", this has posed quite a hardship. Thank you SO much!! ********************************** Hello JepthasDaughter, My name is Mas_pogi(mark,mp) and I will be helping you with your Malware problem. As I am still in training I will be helping you under supervision of our expert teachers, so there may be a delay between posts. Please do not run any other tool untill instructed to do so! Please reply to this thread, do not start another! Please tell me about any problems that have occurred during the fix. Please tell me of any other symptoms you may be having as these can help also. Please try as much as possible not to run anything while executing a fix. If you still need help, please follow the instruction below; Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) With Regards, mas_pogi

mas_pogi View Member Profile	Oct 24 2008, 05:17 AM Post #4
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	Hi JepthasDaughter. Please do this one. Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) Do not attach them. Maark

JepthasDaughter View Member Profile	Oct 24 2008, 07:06 PM Post #5
Member Group: Members Posts: 18 Joined: 19-October 08 Member No.: 247,922	Here you go and again thanks! INFO TXT FILE info.txt logfile of random's system information tool 1.04 2008-10-24 18:51:28 ======Uninstall list====== -->C:\PROGRA~1\Yahoo!\Common\unyt.exe -->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu -->c:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf ABBYY FineReader 6.0 Sprint Plus-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Agere Systems PCI Soft Modem-->agrsmdel BitDefender Internet Security 2009-->MsiExec.exe /X{0B246DA8-309B-4BFD-B2DE-6CB584CCC3EF} Blackhawk Striker 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\758619C0-7C97-42BB-B1E9-775F72FDAD1E\Uninstall.exe" Blasterball 2 from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D2DACBCD-E1FE-4C32-A49B-1EB0743D1E79\Uninstall.exe" Blasterball 2 Remix from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C84A7C5-2762-4932-96BF-44A77202DCC3\Uninstall.exe" Bounce Symphony from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\5DAA9E44-1B31-41CD-88A8-228EDED6E36E\Uninstall.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Crystal Maze from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\3D61540E-C88C-4358-B6A1-DC26648F2A3D\Uninstall.exe" DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN Easy Internet Sign-up-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033 Filters Unlimited 2.0-->"c:\Plugins\Filters Unlimited 2.0\unins000.exe" GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe" Help and Support Additions-->C:\PROGRA~1\HELPAN~1\UNWISE.EXE C:\PROGRA~1\HELPAN~1\INSTALL.LOG High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" HP Deskjet Preloaded Printer Drivers-->MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878} HP Image Zone 4.5.3-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat HP Image Zone for Media Center PC-->MsiExec.exe /X{8D0C57BC-4942-4960-BB6D-142456D6F233} HP Image Zone Plus 4.5.3-->C:\Program Files\HP\Digital Imaging\{D0420D64-8D33-4374-A2B2-9225C7925CA6}\setup\hpzscr01.exe -datfile hpdscr01.dat HP Photosmart Cameras 4.0-->C:\Program Files\HP\Digital Imaging\{4C04DF1B-6A39-4299-9DD1-1FA60000266E}\setup\hpzscr01.exe -datfile hpiscr01.dat HP PSC & OfficeJet 4.0-->"C:\Program Files\HP\Digital Imaging\{A1062847-0846-427A-92A1-BB8251A91E91}\setup\hpzscr01.exe" -datfile hposcr04.dat HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1} HP Tunes-->MsiExec.exe /X{6ACC5F14-DE57-4AF3-82A8-49166A78C42C} HPIZplus450-->MsiExec.exe /X{7B98685A-4E21-4A4F-A2D6-DC557042BADA} IncrediMail JunkFilter Plus-->C:\PROGRA~1\INCRED~1\bin\imsetup.exe /remove /addon:JunkFilterPlus IncrediMail Xe-->C:\Program Files\IncrediMail\bin\ImSetup.exe /remove /addon:IncrediMail /log:IncMail.log Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2782 PCI\VEN_8086&DEV_2582 IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9 InterVideo DiscLabel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3F058C0-A21C-452D-8D99-95B1A45F417D}\setup.exe" REMOVEALL InterVideo WinDVD Creator-->"C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925} Jasc Paint Shop Pro 9.01 - (9.0.1.1)-->C:\Program Files\Jasc Software Inc\Paint Shop Pro 9\Unwise.exe /R /U C:\PROGRA~1\JASCSO~1\PAINTS~1\INSTALL.LOG Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0} Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Lexmark 3300 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxccUNST.EXE -NOLICENSE Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\Uninst.exe LiveUpdate 2.5 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL Logitech iTouch Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{036AA4D4-6D32-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 UNINSTALL Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9 Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9} Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914} Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44} MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} muvee autoProducer 3.5 magicMoments - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B103C8A7-D1CC-4B1A-BD41-883F652E097D}\setup.exe" -l0x9 muvee autoProducer unPlugged - HPD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D8E4A88B-E35A-4F3B-AB60-42E7DB0EC765}\setup.exe" -l0x9 Norton Security Center-->MsiExec.exe /X{503AA035-41E2-4858-B31F-1E49AC66C309} Orbital from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\24E45CE4-1683-4B71-B8AD-8D7B0A209088\Uninstall.exe" Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe" Overball from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\A8B63E91-BB8C-41FF-B530-5BB13C915612\Uninstall.exe" Paint Shop Pro 7 Anniversary Edition-->MsiExec.exe /I{D6DE02C7-1F47-11D4-9515-00105AE4B89A} PC-Doctor for Windows-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0C66761E-497A-4BE3-AE0D-8EC30FC9A9AA} /l1033 Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat Polar Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\1FFA88DF-0AC3-4D9E-9139-5FF98813C12C\Uninstall.exe" Polar Golfer from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\55275778-F7D9-4BA0-95F4-DEFD71ADDFD9\Uninstall.exe" Pop-Up Stopper Free Edition-->C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG Python 2.2 pywin32 extensions (build 203)-->"C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log" Python 2.2.3-->C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks\|RealPlayer\|6.0 Road Ready Streetwise from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\7D048B8F-76EB-4BFA-9629-2A5881C9F7A3\Uninstall.exe" Secure Game Player-->C:\Program Files\SkillJam Technologies\Secure Player\Uninstall.exe Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe" Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Shrek 2 Ogre Bowler from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\581538B9-2ED3-45E2-96CB-22AD8F811D2A\Uninstall.exe" Skin Creator-->C:\PROGRA~1\INCRED~1\UNWISE.EXE C:\PROGRA~1\INCRED~1\SKINCR~1.LOG Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19} Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Super Granny from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\0C20CAB1-F8BC-4AC1-A796-535B005C1B83\Uninstall.exe" the flux collection-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Photoshp\Plugins\DeIsL1.isu" Tradewinds from HP Media Center (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\B3FF79F4-CDA8-4845-A7C0-9CE017719F36\Uninstall.exe" TurboTax Deluxe Deduction Maximizer 2006-->C:\Program Files\TurboTax\Deluxe 2006\TaxUnst.EXE "C:\Program Files\TurboTax\Deluxe 2006\Uninstall.log" -NoGui Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731 WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Format SDK Hotfix - KB891122-->"C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe" Windows Media Player 10 Hotfix [See KB889858 for more information]-->C:\WINDOWS\$NtUninstallKB889858$\spuninst\spuninst.exe Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB888316-->C:\WINDOWS\$NtUninstallKB888316$\spuninst\spuninst.exe Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Yahoo! Browser Services-->C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe ======Security center information====== AV: BitDefender Antivirus FW: BitDefender Firewall ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel "PROCESSOR_REVISION"=0403 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- LOG TXT FILE Logfile of random's system information tool 1.04 (written by random/random) Run by HP_Administrator at 2008-10-24 18:51:07 Microsoft Windows XP Professional Service Pack 3 System drive C: has 194 GB (85%) free of 229 GB Total RAM: 1015 MB (49% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:51:23 PM, on 10/24/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\ALCMTR.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\eHome\ehRecvr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\IncrediMail\bin\IMApp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {06647158-359E-4D10-A8DE-E6145DA90BE9} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {B7812551-960A-45ED-835E-788878EA0BE2} - C:\Program Files\Messenger\holemuwy.dll (file missing) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: TA_Start.lnk = C:\Documents and Settings\HP_Administrator\Local Settings\Temp\thinksnet.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 11828 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06647158-359E-4D10-A8DE-E6145DA90BE9}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7812551-960A-45ED-835E-788878EA0BE2}] C:\Program Files\Messenger\holemuwy.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-13 77824] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-10-13 2742272] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2004-10-13 57344] "regcmdcons"=c:\hp\bin\cloaker.exe [1999-11-07 27136] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280] "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472] "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728] "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 98304] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll [] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-10-20 716800] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072] "PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] "cdloader"=C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe [2008-08-22 50520] "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup TA_Start.lnk - C:\Documents and Settings\HP_Administrator\Local Settings\Temp\thinksnet.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-12-01 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"=C:\Program Files\InterMute\SpySubtract\sshook.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe::Enabled:BackWeb for Pavilion" "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe::Enabled:Earthlink" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe::Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe::Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe::Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe::Enabled:IncrediMail" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe::Enabled:IncrediMail Installer" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe::Enabled:IncrediMail Installer" "C:\Program Files\IncrediMail\bin\ImSc.exe"="C:\Program Files\IncrediMail\bin\ImSc.exe::Enabled:IncrediMail" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server" "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe::Enabled:magicJack" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe::enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53d0f2-8743-11d9-99a0-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 ======List of files/folders created in the last 1 months====== 2008-10-24 18:51:07 ----D---- C:\rsit 2008-10-23 22:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-22 15:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-10-22 05:57:32 ----D---- C:\WINDOWS\Prefetch 2008-10-22 05:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-22 05:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-22 05:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-22 05:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-22 05:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-10-22 05:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-10-22 05:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-10-22 05:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-10-22 05:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-10-22 05:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-10-22 05:51:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-10-22 05:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-10-22 05:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-10-22 05:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-10-22 05:44:41 ----D---- C:\WINDOWS\system32\scripting 2008-10-22 05:44:41 ----D---- C:\WINDOWS\l2schemas 2008-10-22 05:44:40 ----D---- C:\WINDOWS\system32\bits 2008-10-22 05:42:26 ----D---- C:\WINDOWS\ServicePackFiles 2008-10-22 05:35:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-10-21 00:21:46 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-10-21 00:21:24 ----A---- C:\WINDOWS\system32\SpOrder.dll 2008-10-21 00:17:41 ----D---- C:\WINDOWS\Internet Logs 2008-10-20 02:09:28 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitDefender 2008-10-20 02:09:02 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-10-20 02:04:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Motive 2008-10-20 01:58:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-10-20 01:51:24 ----D---- C:\WINDOWS\SxsCaPendDel 2008-10-19 21:09:02 ----A---- C:\WINDOWS\bdagent.INI 2008-10-19 18:34:39 ----A---- C:\WINDOWS\wininit.ini 2008-10-19 17:52:05 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-10-19 17:52:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-19 05:34:25 ----D---- C:\Program Files\BitDefender 2008-10-19 05:32:52 ----D---- C:\Program Files\Common Files\BitDefender 2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\javaws.exe 2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\javaw.exe 2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\java.exe 2008-10-18 04:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$ 2008-10-18 04:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-18 04:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$ 2008-10-18 04:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$ 2008-10-18 04:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$ 2008-10-16 21:01:45 ----D---- C:\Program Files\Lavasoft 2008-10-16 21:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-16 20:59:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-10 11:24:20 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp ======List of files/folders modified in the last 1 months====== 2008-10-24 18:43:42 ----D---- C:\WINDOWS\system32 2008-10-24 18:00:37 ----A---- C:\WINDOWS\iTouch.ini 2008-10-24 17:56:54 ----D---- C:\WINDOWS\Temp 2008-10-24 17:28:00 ----D---- C:\WINDOWS\Registration 2008-10-24 17:27:39 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-24 17:27:35 ----D---- C:\WINDOWS 2008-10-23 22:04:30 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-23 22:03:50 ----HD---- C:\WINDOWS\inf 2008-10-23 22:03:39 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-10-23 22:03:10 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-22 15:36:55 ----A---- C:\WINDOWS\imsins.BAK 2008-10-22 06:01:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-22 05:59:17 ----AC---- C:\WINDOWS\OEWABLog.txt 2008-10-22 05:58:40 ----AC---- C:\WINDOWS\setuplog.txt 2008-10-22 05:56:55 ----D---- C:\WINDOWS\system32\Setup 2008-10-22 05:56:55 ----D---- C:\WINDOWS\ime 2008-10-22 05:56:55 ----D---- C:\WINDOWS\AppPatch 2008-10-22 05:56:55 ----D---- C:\Program Files\Messenger 2008-10-22 05:56:54 ----D---- C:\WINDOWS\system32\wbem 2008-10-22 05:56:53 ----SD---- C:\WINDOWS\Fonts 2008-10-22 05:56:47 ----D---- C:\WINDOWS\system32\drivers 2008-10-22 05:56:15 ----D---- C:\WINDOWS\security 2008-10-22 05:55:56 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-22 05:49:48 ----RSD---- C:\WINDOWS\assembly 2008-10-22 05:45:12 ----D---- C:\WINDOWS\WinSxS 2008-10-22 05:44:55 ----D---- C:\WINDOWS\system32\inetsrv 2008-10-22 05:44:55 ----D---- C:\WINDOWS\network diagnostic 2008-10-22 05:44:55 ----D---- C:\WINDOWS\Help 2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\usmt 2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\en-US 2008-10-22 05:44:41 ----SHD---- C:\WINDOWS\Installer 2008-10-22 05:44:40 ----D---- C:\WINDOWS\PeerNet 2008-10-22 05:44:40 ----D---- C:\Program Files\Movie Maker 2008-10-22 05:44:40 ----AD---- C:\WINDOWS\system32\en 2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\Restore 2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\npp 2008-10-22 05:42:06 ----D---- C:\WINDOWS\mui 2008-10-22 05:42:05 ----D---- C:\WINDOWS\msagent 2008-10-22 05:42:04 ----D---- C:\WINDOWS\srchasst 2008-10-22 05:42:03 ----D---- C:\Program Files\NetMeeting 2008-10-22 05:42:02 ----D---- C:\WINDOWS\system32\Com 2008-10-22 05:42:00 ----D---- C:\Program Files\Windows NT 2008-10-22 05:41:59 ----D---- C:\Program Files\Outlook Express 2008-10-22 05:41:57 ----D---- C:\Program Files\Common Files\System 2008-10-22 05:41:42 ----D---- C:\WINDOWS\system32\oobe 2008-10-22 05:41:41 ----D---- C:\WINDOWS\system 2008-10-22 05:38:43 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-22 05:32:14 ----D---- C:\WINDOWS\ehome 2008-10-21 17:23:12 ----D---- C:\Program Files 2008-10-20 22:05:09 ----D---- C:\Program Files\Trend Micro 2008-10-20 02:13:10 ----HD---- C:\Config.Msi 2008-10-20 02:00:08 ----SD---- C:\WINDOWS\Tasks 2008-10-20 02:00:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-19 05:32:52 ----D---- C:\Program Files\Common Files 2008-10-19 04:21:44 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-10-18 23:02:25 ----D---- C:\Program Files\Java 2008-10-18 04:25:18 ----D---- C:\Program Files\Internet Explorer 2008-10-18 04:24:19 ----A---- C:\WINDOWS\win.ini 2008-10-16 17:15:31 ----AC---- C:\WINDOWS\EyeCand3.INI 2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-15 07:53:23 ----D---- C:\Program Files\Lx_cats 2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll 2008-10-01 02:10:19 ----D---- C:\Sig Tags ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 core;core; C:\WINDOWS\system32\drivers\core.sys [2007-06-16 72832] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys [] R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [] R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS [] R2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-11-11 160256] R2 CX88ENC;Conexant 2388x MPEG Encoder; C:\WINDOWS\system32\drivers\cx88enc.sys [2004-11-11 297344] R2 CXTUNE;Conexant 2388x Tuner; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2004-11-11 31360] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-20 103944] R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-08-12 228672] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [] R3 CXAVXBAR;Conexant 2388x Crossbar Dual Input ; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-11-11 9472] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-13 2287104] R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2004-03-10 12953] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S2 asc355;asc355; C:\WINDOWS\system32\drivers\asc355.sys [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys [] S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-12-05 7136] S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-12-05 916096] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112] S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-16 611664] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2004-09-23 38912] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-20 393216] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-10-20 1527808] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680] R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF-----------------

mas_pogi View Member Profile	Oct 27 2008, 12:29 AM Post #6
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	hi. Sorry for the delay. Please bear with me as we clean your machine. Backup Your Registry with ERUNT Please use the following link and scroll down to ERUNT and download it. http://aumha.org/freeware/freeware.php For version with the Installer: Use the setup program to install ERUNT on your computer For the zipped version: Unzip all the files into a folder of your choice. Click Erunt.exe to backup your registry to the folder of your choice. Note: to restore your registry, go to the folder and start ERDNT.exe I see you are running Teatimer. I suggest you to disable it because it can interfere with the changes you'll make on your system. When everything is done and your log is clean again, you can enable it again. If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it. How to disable TeaTimer <== click me for instructions. After you disabled Teatimer, download ResetTeaTimer.bat to your desktop. (In case you use Firefox, rightclick the link and choose "save as"). Doubleclick ResetTeaTimer.bat and let it run. This will only take a few seconds. Download and Run OTMoveIT Please download OTMoveIt2 by OldTimerto your desktop. Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the quotebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): QUOTE [kill explorer] core<delete service> asc355<delete service> C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\drivers\asc355.sys HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06647158-359E-4D10-A8DE-E6145DA90BE9} HKEY_CLASSES_ROOT\CLSID\{06647158-359E-4D10-A8DE-E6145DA90BE9} HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr EmptyTemp purity [start explorer] Return to OTMoveIt2, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad. The log is automatically saved and can be viewed by clicking the Logs* tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes. Reboot you computer in normal mode. Are you still using this app? InterMute Or was uninstalled? Let me know in your next reply. Also..If you browse to your drive D...what was is the size of that drive? Please make sure that you can view all hidden files. Instructions on how to do this can be found here: How to see hidden files in Windows Please click this link-->Jotti When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit. <filepath>d:\info.exe Please post back the results of the scan in your next post. If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/ Run ESET Online Scan Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX. Check (tick) this box: YES, I accept the Terms of Use. Click on the Start button next to it. When prompted to run ActiveX. click Yes. You will be asked to install an ActiveX. Click Install. Once installed, the scanner will be initialized. After the scanner is initialized, click Start. Uncheck (untick) Remove found threats box. Check (tick) Scan unwanted applications. Click on Scan. It will start scanning. Please be patient. Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt. Run random's system information tool (RSIT) again from your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) In you reply, please post the result of MBAM Otmoveit ESET scanner RSIT's log.txt Virustotal result Thanks Mark

JepthasDaughter View Member Profile	Oct 27 2008, 07:59 AM Post #7
Member Group: Members Posts: 18 Joined: 19-October 08 Member No.: 247,922	OK....have done it all:) Below are the final results of everything: Answers to Your Questions 1. Am I still using Intermute? NO, that apparently was disabled when Trend Micro was first updated 2 years ago (but which I am no longer using, using BitDefender on trial basis now). 2. Size of D Drive - Total size is 9.12 GB, free space is 3.24 GB MBAM Malwarebytes' Anti-Malware 1.30 Database version: 1325 Windows 5.1.2600 Service Pack 3 10/27/2008 2:02:44 AM mbam-log-2008-10-27 (02-02-44).txt Scan type: Quick Scan Objects scanned: 60340 Time elapsed: 7 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 15 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 1 Files Infected: 4 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ffffffff-b432-46fc-9143-b82b832b1b14} (Spyware.Banker) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2e9d4c81-9f27-4c14-b804-7b0f6bc88a4f} (Adware.ClickSpring) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\core (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\core (Rootkit.Agent) -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\core (Rootkit.Agent) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\WINDOWS\system32\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\system32\wsnpoem\audio.dll.cla (Trojan.Agent) -> Quarantined and deleted successfully. C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup\TA_Start.lnk (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\core.cache.dsk (Rootkit.Agent) -> Delete on reboot. C:\WINDOWS\system32\drivers\core.sys (Rootkit.Agent) -> Delete on reboot. OTMOVEIT Explorer killed successfully File/Folder not found. core service deleted successfully. asc355 service deleted successfully. File/Folder not found. File move failed. C:\WINDOWS\system32\drivers\core.sys scheduled to be moved on reboot. File/Folder C:\WINDOWS\system32\drivers\asc355.sys not found. File/Folder not found. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06647158-359E-4D10-A8DE-E6145DA90BE9} > Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06647158-359E-4D10-A8DE-E6145DA90BE9}\\ deleted successfully. < HKEY_CLASSES_ROOT\CLSID\{06647158-359E-4D10-A8DE-E6145DA90BE9} > Registry key HKEY_CLASSES_ROOT\CLSID\{06647158-359E-4D10-A8DE-E6145DA90BE9}\\ not found. < HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr > Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully. File/Folder not found. < EmptyTemp > File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log scheduled to be deleted on reboot. File delete failed. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll scheduled to be deleted on reboot. Temp folders emptied. IE temp folders emptied. < purity > C:\WINDOWS\aѕsembly moved successfully. C:\WINDOWS\system32\Ѕуmantec\Ѕуmantec moved successfully. C:\WINDOWS\system32\Ѕуmantec moved successfully. C:\WINDOWS\system32\Тasks moved successfully. C:\Program Files\Аdobe moved successfully. C:\Program Files\Common Files\Τаsks moved successfully. Explorer started successfully OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10272008_013537 Files moved on Reboot... File move failed. C:\WINDOWS\system32\drivers\core.sys scheduled to be moved on reboot. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\hpodvd09.log moved successfully. DllUnregisterServer procedure not found in C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll NOT unregistered. C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll moved successfully. ESET SCANNER # version=4 # OnlineScanner.ocx=1.0.0.635 # OnlineScannerDLLA.dll=1, 0, 0, 79 # OnlineScannerDLLW.dll=1, 0, 0, 78 # OnlineScannerUninstaller.exe=1, 0, 0, 49 # vers_standard_module=3558 (20081027) # vers_arch_module=1.064 (20080214) # vers_adv_heur_module=1.064 (20070717) # EOSSerial=c00190723bac0a4e80b60e9cab902633 # end=finished # remove_checked=false # unwanted_checked=true # utc_time=2008-10-27 11:13:23 # local_time=2008-10-27 06:13:23 (-0600, Central Daylight Time) # country="United States" # osver=5.1.2600 NT Service Pack 3 # scanned=651464 # found=2 # scan_time=12288 C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\6.0\3\27007203-5d36b578 Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-176337b-19c94ef3.class Java/TrojanDownloader.OpenStream.NAC trojan DBEE24E93B7EFBC279DAA14F64E9575E VIRUS TOTAL (Jotti Scan of D Drive) Scan taken on 27 Oct 2008 07:25:50 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing RSIT LOG Logfile of random's system information tool 1.04 (written by random/random) Run by HP_Administrator at 2008-10-27 07:41:28 Microsoft Windows XP Professional Service Pack 3 System drive C: has 194 GB (85%) free of 229 GB Total RAM: 1015 MB (48% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:41:42 AM, on 10/27/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\CameraAssistant.exe C:\WINDOWS\system32\ElkCtrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\eHome\ehRecvr.exe C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\IncrediMail\bin\IMApp.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\IncrediMail\bin\ImNotfy.exe C:\Documents and Settings\HP_Administrator\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\HP_Administrator.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {B7812551-960A-45ED-835E-788878EA0BE2} - C:\Program Files\Messenger\holemuwy.dll (file missing) O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [LXCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe" MAGICJACK O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/amun/default/mjolauncher.cab O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn.com/binframework/v10/...gr.cab31267.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://zone.msn.com/bingame/feed/default/SproutLauncher.cab O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/cnma/default/ct.cab O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: lxcc_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxcccoms.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe -- End of file - 11187 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}] Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7812551-960A-45ED-835E-788878EA0BE2}] C:\Program Files\Messenger\holemuwy.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2008-08-13 90112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAudPropShortcut.exe [2004-03-17 61952] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-06-29 88363] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-10-13 77824] "AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2004-10-13 2742272] "regcmdcons"=c:\hp\bin\cloaker.exe [1999-11-07 27136] "LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280] "LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472] "LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728] "LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144] "QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 98304] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "zBrowser Launcher"=C:\Program Files\Logitech\iTouch\iTouch.exe [2004-03-18 892928] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2004-10-13 278528] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "LXCCCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll [] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2008-10-20 716800] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-08-10 69632] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2008-07-24 243072] "PopUpStopperFreeEdition"=C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe [2005-03-17 536576] "LDM"=C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288] "cdloader"=C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\cdloader2.exe [2008-08-22 50520] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxsrvc.dll [2004-12-01 348160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}"=C:\Program Files\InterMute\SpySubtract\sshook.dll [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe::Enabled:iTunes" "C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe::Enabled:BackWeb for Pavilion" "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe::Enabled:Earthlink" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger" "C:\Program Files\IncrediMail\bin\IMApp.exe"="C:\Program Files\IncrediMail\bin\IMApp.exe::Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe::Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe::Enabled:IncrediMail" "C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe::Enabled:IncrediMail" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\magentic_install.exe::Enabled:IncrediMail Installer" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe"="C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe::Enabled:IncrediMail Installer" "C:\Program Files\IncrediMail\bin\ImSc.exe"="C:\Program Files\IncrediMail\bin\ImSc.exe::Enabled:IncrediMail" "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe::Enabled:Yahoo! Messenger" "C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe::Enabled:Yahoo! FT Server" "C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe"="C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp\magicJack.exe::Enabled:magicJack" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe::enabled:iTunes" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c1f458a-3a0f-11db-b60a-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb53d0f2-8743-11d9-99a0-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 ======List of files/folders created in the last 1 months====== 2008-10-27 02:47:33 ----D---- C:\WINDOWS\LastGood 2008-10-27 02:35:21 ----D---- C:\Program Files\EsetOnlineScanner 2008-10-27 01:49:16 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Malwarebytes 2008-10-27 01:49:10 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-27 01:49:10 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-27 01:35:37 ----D---- C:\_OTMoveIt 2008-10-27 00:59:45 ----D---- C:\WINDOWS\ERDNT 2008-10-27 00:57:35 ----D---- C:\Program Files\ERUNT 2008-10-24 18:51:07 ----D---- C:\rsit 2008-10-23 22:03:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2008-10-22 15:36:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2008-10-22 05:57:32 ----D---- C:\WINDOWS\Prefetch 2008-10-22 05:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$ 2008-10-22 05:54:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2008-10-22 05:53:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2008-10-22 05:53:34 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2008-10-22 05:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2008-10-22 05:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2008-10-22 05:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2008-10-22 05:52:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2008-10-22 05:52:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2008-10-22 05:52:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2008-10-22 05:51:43 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2008-10-22 05:51:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2008-10-22 05:51:13 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2008-10-22 05:50:58 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2008-10-22 05:44:41 ----D---- C:\WINDOWS\system32\scripting 2008-10-22 05:44:41 ----D---- C:\WINDOWS\l2schemas 2008-10-22 05:44:40 ----D---- C:\WINDOWS\system32\bits 2008-10-22 05:42:26 ----D---- C:\WINDOWS\ServicePackFiles 2008-10-22 05:35:39 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2008-10-21 00:21:46 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier 2008-10-21 00:21:24 ----A---- C:\WINDOWS\system32\SpOrder.dll 2008-10-21 00:17:41 ----D---- C:\WINDOWS\Internet Logs 2008-10-20 02:09:28 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\BitDefender 2008-10-20 02:09:02 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-10-20 02:04:26 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\Motive 2008-10-20 01:58:09 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-10-20 01:51:24 ----D---- C:\WINDOWS\SxsCaPendDel 2008-10-19 21:09:02 ----A---- C:\WINDOWS\bdagent.INI 2008-10-19 18:34:39 ----A---- C:\WINDOWS\wininit.ini 2008-10-19 17:52:05 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-10-19 17:52:05 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-19 05:34:25 ----D---- C:\Program Files\BitDefender 2008-10-19 05:32:52 ----D---- C:\Program Files\Common Files\BitDefender 2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\javaws.exe 2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\javaw.exe 2008-10-18 23:02:27 ----A---- C:\WINDOWS\system32\java.exe 2008-10-18 04:26:29 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$ 2008-10-18 04:26:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$ 2008-10-18 04:25:49 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$ 2008-10-18 04:22:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$ 2008-10-18 04:21:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$ 2008-10-16 21:01:45 ----D---- C:\Program Files\Lavasoft 2008-10-16 21:01:44 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-10-16 20:59:54 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-10-10 11:24:20 ----D---- C:\Documents and Settings\HP_Administrator\Application Data\mjusbsp ======List of files/folders modified in the last 1 months====== 2008-10-27 07:37:15 ----D---- C:\WINDOWS\system32 2008-10-27 07:32:38 ----A---- C:\WINDOWS\iTouch.ini 2008-10-27 06:46:40 ----D---- C:\WINDOWS\Temp 2008-10-27 02:47:35 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-10-27 02:47:33 ----D---- C:\WINDOWS 2008-10-27 02:35:21 ----D---- C:\Program Files 2008-10-27 02:17:37 ----D---- C:\WINDOWS\Registration 2008-10-27 02:17:05 ----D---- C:\WINDOWS\system32\CatRoot2 2008-10-27 02:06:01 ----D---- C:\WINDOWS\system32\drivers 2008-10-27 02:05:25 ----A---- C:\WINDOWS\SchedLgU.Txt 2008-10-27 01:35:47 ----D---- C:\Program Files\Common Files 2008-10-25 18:54:15 ----D---- C:\Sig Tags 2008-10-23 22:03:50 ----HD---- C:\WINDOWS\inf 2008-10-23 22:03:39 ----RSHD---- C:\WINDOWS\system32\dllcache 2008-10-23 22:03:10 ----HD---- C:\WINDOWS\$hf_mig$ 2008-10-22 15:36:55 ----A---- C:\WINDOWS\imsins.BAK 2008-10-22 06:01:51 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2008-10-22 05:59:17 ----AC---- C:\WINDOWS\OEWABLog.txt 2008-10-22 05:58:40 ----AC---- C:\WINDOWS\setuplog.txt 2008-10-22 05:56:55 ----D---- C:\WINDOWS\system32\Setup 2008-10-22 05:56:55 ----D---- C:\WINDOWS\ime 2008-10-22 05:56:55 ----D---- C:\WINDOWS\AppPatch 2008-10-22 05:56:55 ----D---- C:\Program Files\Messenger 2008-10-22 05:56:54 ----D---- C:\WINDOWS\system32\wbem 2008-10-22 05:56:53 ----SD---- C:\WINDOWS\Fonts 2008-10-22 05:56:15 ----D---- C:\WINDOWS\security 2008-10-22 05:55:56 ----D---- C:\WINDOWS\system32\CatRoot 2008-10-22 05:49:48 ----RSD---- C:\WINDOWS\assembly 2008-10-22 05:45:12 ----D---- C:\WINDOWS\WinSxS 2008-10-22 05:44:55 ----D---- C:\WINDOWS\system32\inetsrv 2008-10-22 05:44:55 ----D---- C:\WINDOWS\network diagnostic 2008-10-22 05:44:55 ----D---- C:\WINDOWS\Help 2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\usmt 2008-10-22 05:44:42 ----D---- C:\WINDOWS\system32\en-US 2008-10-22 05:44:41 ----SHD---- C:\WINDOWS\Installer 2008-10-22 05:44:40 ----D---- C:\WINDOWS\PeerNet 2008-10-22 05:44:40 ----D---- C:\Program Files\Movie Maker 2008-10-22 05:44:40 ----AD---- C:\WINDOWS\system32\en 2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\Restore 2008-10-22 05:42:06 ----D---- C:\WINDOWS\system32\npp 2008-10-22 05:42:06 ----D---- C:\WINDOWS\mui 2008-10-22 05:42:05 ----D---- C:\WINDOWS\msagent 2008-10-22 05:42:04 ----D---- C:\WINDOWS\srchasst 2008-10-22 05:42:03 ----D---- C:\Program Files\NetMeeting 2008-10-22 05:42:02 ----D---- C:\WINDOWS\system32\Com 2008-10-22 05:42:00 ----D---- C:\Program Files\Windows NT 2008-10-22 05:41:59 ----D---- C:\Program Files\Outlook Express 2008-10-22 05:41:57 ----D---- C:\Program Files\Common Files\System 2008-10-22 05:41:42 ----D---- C:\WINDOWS\system32\oobe 2008-10-22 05:41:41 ----D---- C:\WINDOWS\system 2008-10-22 05:38:43 ----D---- C:\WINDOWS\system32\ReinstallBackups 2008-10-22 05:32:14 ----D---- C:\WINDOWS\ehome 2008-10-20 22:05:09 ----D---- C:\Program Files\Trend Micro 2008-10-20 02:13:10 ----HD---- C:\Config.Msi 2008-10-20 02:00:08 ----SD---- C:\WINDOWS\Tasks 2008-10-20 02:00:08 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2008-10-19 04:21:44 ----D---- C:\Documents and Settings\All Users\Application Data\Trend Micro 2008-10-18 23:02:25 ----D---- C:\Program Files\Java 2008-10-18 04:25:18 ----D---- C:\Program Files\Internet Explorer 2008-10-18 04:24:19 ----A---- C:\WINDOWS\win.ini 2008-10-16 17:15:31 ----AC---- C:\WINDOWS\EyeCand3.INI 2008-10-15 11:34:24 ----A---- C:\WINDOWS\system32\netapi32.dll 2008-10-15 07:53:23 ----D---- C:\Program Files\Lx_cats 2008-10-07 14:19:40 ----A---- C:\WINDOWS\system32\MRT.exe 2008-10-03 12:41:15 ----A---- C:\WINDOWS\system32\ieframe.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 SbcpHid;SbcpHid; \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys [] R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys [] R2 CdaD10BA;CdaD10BA; \??\C:\WINDOWS\system32\drivers\CdaD10BA.SYS [] R2 CX23880;Conexant 23880 Video Capture; C:\WINDOWS\system32\drivers\cx88vid.sys [2004-11-11 160256] R2 CX88ENC;Conexant 2388x MPEG Encoder; C:\WINDOWS\system32\drivers\cx88enc.sys [2004-11-11 297344] R2 CXTUNE;Conexant 2388x Tuner; C:\WINDOWS\system32\drivers\CX88TUNE.sys [2004-11-11 31360] R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-08-12 108864] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-10-20 103944] R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2008-08-12 228672] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [] R3 CXAVXBAR;Conexant 2388x Crossbar Dual Input ; C:\WINDOWS\system32\drivers\cxavxbar.sys [2004-11-11 9472] R3 GEARAspiWDM;GEAR CDRom Filter; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2004-09-14 13872] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-04-26 135168] R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2004-12-01 776637] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2004-10-13 2287104] R3 itchfltr;iTouch Keyboard Filter; C:\WINDOWS\System32\Drivers\itchfltr.sys [2004-03-10 12953] R3 Iviaspi;IVI ASPI Shell; C:\WINDOWS\system32\drivers\iviaspi.sys [2003-09-11 21060] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 Pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 10368] R3 rtl8139;Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver; C:\WINDOWS\system32\DRIVERS\R8139n51.SYS [2002-10-04 46976] R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2004-03-17 113664] S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys [] S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-12-05 7136] S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-12-05 916096] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112] S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-16 611664] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2004-09-23 38912] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2008-10-20 393216] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920] R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120] R2 SymWSC;SymWMI Service; c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe [2004-08-05 308352] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2008-10-20 1527808] R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] R3 iPodService;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2004-10-13 327680] R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144] S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] S3 lxcc_device;lxcc_device; C:\WINDOWS\system32\lxcccoms.exe [2005-02-25 466944] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] -----------------EOF-----------------

mas_pogi View Member Profile	Oct 27 2008, 08:11 AM Post #8
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	hi. How is your computer now? Mark

JepthasDaughter View Member Profile	Oct 27 2008, 02:19 PM Post #9
Member Group: Members Posts: 18 Joined: 19-October 08 Member No.: 247,922	Seems to be OK and working better; however, I did notice that the online scan ESET showed 2 problems?? I'm worried about that and wondering what can be done now to get rid of those if that is possible. I need something to show to a group of friends that my computer has a "clean bill of health". Thank you:)

mas_pogi View Member Profile	Oct 27 2008, 06:11 PM Post #10
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	hi Jephas, I'm sorry to tell you that you are not clean yet. One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Follow the instruction below if you want to continue. Please do the following; You should print out these instructions, or copy them to a Notepad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site. Please reboot your computer in Safe Mode by doing the following : Restart your computer After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; Instead of Windows loading as normal, a menu with options should appear; Select the first option, to run Windows in Safe Mode, then press "Enter". Choose your usual account. Run OTMoveIT again in safe mode. Double-click OTMoveIt2.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the quotebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): QUOTE core<delete service> C:\WINDOWS\system32\drivers\core.sys C:\WINDOWS\system32\drivers\core.cache.dsk C:\Program Files\InterMute C:\WINDOWS\tasks\Symantec NetDetect.job HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} HKEY_CLASSES_ROOT\CLSID\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} EmptyTemp purity Return to OTMoveIt2, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste. Click the red button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTMoveIt2 Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Reboot yourself in normal mode if it didn't reboot. Please do a scan with Kaspersky Online Scanner Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan. Click on the Accept button and install any components it needs. The program will install and then begin downloading the latest definition files. After the files have been downloaded on the left side of the page in the Scan section select My Computer This will start the program and scan your system. The scan will take a while, so be patient and let it run. Once the scan is complete, click on View scan report Now, click on the Save Report as button. Save the file to your desktop. Copy and paste that information in your next post. In your reply, please post the result of Otmoveit Kaspersky's scanner Mark edit----- This post has been edited by mas_pogi: Oct 27 2008, 06:25 PM

JepthasDaughter View Member Profile	Oct 27 2008, 07:00 PM Post #11
Member Group: Members Posts: 18 Joined: 19-October 08 Member No.: 247,922	Heaven help me...because that seems to be the only answer:( Can you tell me if because of all of this, do I risk infecting anyone using my Incredimail program which goes thru my website (all mail to and from most generally goes thru my website server)? I need to know if using that along with attaching graphics I've made for various people would put THEM at risk because the LAST thing I want to do is "infect" my friends and customers. If it will, then that means I will have to completely shut down my Paypal account, shut down my website and, well you can imagine. I do not have the financial resources to buy a new computer....I will have to do everything possible to clean this one. As soon as I can get everything (my graphics) completely backed up (hoping the trojan won't "transfer" to back-up disks), I will be instigating the "cleaning procedure". But please DO let me know if at THE MOMENT, I stand a chance of infecting ANYONE using my Incredimail/via my website account. Thank you again for everything.....needless to say, though, I'm not a happy camper LOL:)

mas_pogi View Member Profile	Oct 27 2008, 07:12 PM Post #12
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	hi Jepthas. I know it hard to ask but please be calm. I will ask first my coach. I will discuss this with him. Please wait for awhile. Mark

mas_pogi View Member Profile	Oct 29 2008, 08:40 AM Post #13
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	hi Jepthas, Could you just proceed with the rest of the instructions in post #10? I will add all my answers in my next reply. Thank you for your patience. Mark This post has been edited by mas_pogi: Oct 29 2008, 09:34 AM

JepthasDaughter View Member Profile	Oct 29 2008, 03:11 PM Post #14
Member Group: Members Posts: 18 Joined: 19-October 08 Member No.: 247,922	Hello Mark Below are the results of the 2 things you asked that I copy & paste - done today: OTMoveIt2 - 102908 Service not present: core. File/Folder not found. File/Folder C:\WINDOWS\system32\drivers\core.sys not found. File/Folder C:\WINDOWS\system32\drivers\core.cache.dsk not found. C:\Program Files\InterMute\SpySubtract\Themes\Default moved successfully. C:\Program Files\InterMute\SpySubtract\Themes moved successfully. C:\Program Files\InterMute\SpySubtract\Sounds\Tomcat moved successfully. C:\Program Files\InterMute\SpySubtract\Sounds\Pinball moved successfully. C:\Program Files\InterMute\SpySubtract\Sounds moved successfully. C:\Program Files\InterMute\SpySubtract\Help moved successfully. C:\Program Files\InterMute\SpySubtract\Backup moved successfully. C:\Program Files\InterMute\SpySubtract moved successfully. C:\Program Files\InterMute moved successfully. C:\WINDOWS\tasks\Symantec NetDetect.job moved successfully. File/Folder not found. < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} > Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA010552-4A27-4cb1-A1BB-3E2D697F1639}\ deleted successfully. < HKEY_CLASSES_ROOT\CLSID\{FA010552-4A27-4cb1-A1BB-3E2D697F1639} > Registry key HKEY_CLASSES_ROOT\CLSID\{FA010552-4A27-4cb1-A1BB-3E2D697F1639}\\ not found. File/Folder not found. < EmptyTemp > Temp folders emptied. IE temp folders emptied. < purity > OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10292008_112724 Kaspersky Online Scan - 102908 KASPERSKY ONLINE SCANNER 7 REPORT Wednesday, October 29, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Wednesday, October 29, 2008 16:25:28 Records in database: 1356289 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ Scan statistics: Files scanned: 233303 Threat name: 5 Infected objects: 4 Suspicious objects: 2 Duration of the scan: 02:38:45 File name / Threat name / Threats count C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0dc2-726cc3f9.zip Infected: Trojan-Downloader.Java.Agent.f 1 C:\Documents and Settings\HP_Administrator\Desktop\Downloads\incredimail_install.exe Infected: not-a-virus:Downloader.Win32.ImLoader.e 1 C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Identities\{D7262387-AED1-4256-8BFF-22265B0B5C06}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2 C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\8WFC2CGN\nsp[1].htm Infected: Trojan-Downloader.JS.Agent.nk 1 C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 The selected area was scanned. -------------------------------------------- I really need to know if what is wrong will "infect" ANYONE if I use my Incredimail program. From the looks of it, it seems that it might and this is very distressing. Thanks again for all your excellent help! Jeptha's Daughter

mas_pogi View Member Profile	Oct 30 2008, 07:20 PM Post #15
Carpal Tunnel of Love Group: Members Posts: 1,473 Joined: 30-November 07 From: Member No.: 173,678	Hi Jepthas, Their are many kind of trojan. However the one that you have which is now gone is an infostealer/passwordstealer. read here. http://www.threatexpert.com/report.aspx?ui...4f-951a458b8cb4 http://www.symantec.com/security_response/...-040208-5335-99 About infecting your friend, with what you are distributing like images and graphics, it has a slim chance to infect them. You had a password stealer. It is normally installed when victim clicks a link in spoofed email regarding bank site update or runs a supposed "update" file attached to message. So be careful next time. Also, maybe you got this one when you visit some site that are compromised. Please follow the instructions below; PLease shut down tottally your Incredimail for a meantime. Then have your bitdefender updated. Run a full scan of your computer. Post the result in your next reply. Run HijackThis icon in your desktop by double-clicking it. Then do press "Do a System Scan Only". When the scan is complete place a check mark next to the following entries: O2 - BHO: (no name) - {B7812551-960A-45ED-835E-788878EA0BE2} - C:\Program Files\Messenger\holemuwy.dll (file missing) After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked." Reboot your computer in normal mode. Download ATF Cleaner to your Desktop. Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. If you use Firefox browser, do this also: Click Firefox at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: Click Opera at the top and choose Select All from the list. Close ALL Internet browsers (very important). Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Notes for Windows Vista users: On Windows Vista that "Windows Temp" is disabled, to empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator" Prefetch has been disabled on Windows Vista. As I'm not sure the effects that emptying prefetch on Windows Vista will have for the time being it I won't enable that function. Download GMER from here: http://www.gmer.net/files.php Unzip it to the desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for 'Show All'. Click on Scan. When the scan has run click Copy and paste the results (if any) into this thread. Run random's system information tool (RSIT) again from your desktop. Double click on RSIT.exe to run RSIT. Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized) In your reply, please post the result Bitdefender scan Gmer RSIT's log.txt and info.txt Mark This post has been edited by mas_pogi: Oct 30 2008, 07:21 PM

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

3 Pages

1 2 3 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 4th July 2009 - 04:35 PM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List \| Virus Removal Guides
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Malware Removal Guides Archive