Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The application or DLL C:\windows\system32\jutepeso.dll is not a valid windows image. Please check this against your instalation diskette. Please help


  • This topic is locked This topic is locked
29 replies to this topic

#1 zoita

zoita

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 01 February 2009 - 01:17 PM

Hello!
I'd be very grateful for any help with this problem. I have Windows XP Home Edition.
I started getting this message:
"The application or DLL C:\windows\system32\jutepeso.dll is not a valid windows image. Please check this against your instalation diskette"
after I found out that my computer is infected with Trojan.VUNDO and downloaded and ran SUPERANTISPYWARE and SHAME ON ME- deleted some files from Superantispyware Quarantine.
I get this message right after my computer begins to start up and lots of time while it is starting up. Also more when I open a new program or application.
I tried to run Windows XP repairation CD but it didn't solve the poblem.

Thank you very much


DDS (Ver_09-01-18.01) - NTFSx86
Run by Zoy at 12:37:15.78 on Sun 02/01/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.33 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Updated)
FW: Panda Antivirus Platinum 7 *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zoy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.aol.com/?src=aim
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\norton antivirus\engine\16.2.0.7\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
BHO: NoExplorer - No File
BHO: {d5984ca1-49ff-4d66-8278-091b357ea1d6} - c:\windows\system32\pafikiwu.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll
TB: {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - No File
TB: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [<NO NAME>]
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AHNSD] "c:\program files\ahnlab\smart update utility\AhnSD.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [lxdnmon.exe] "c:\program files\lexmark 2600 series\lxdnmon.exe"
mRun: [lxdnamon] "c:\program files\lexmark 2600 series\lxdnamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [dafekumoje] Rundll32.exe "c:\windows\system32\muhoyawa.dll",s
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: c:\windows\system32\kenahozi.dll c:\windows\system32\jutepeso.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = :\windows\system32\srrstr.dll 32\jutepeso.dll scecli scecli scecli scecli

================= FIREFOX ===================

FF - ProfilePath -

============= SERVICES / DRIVERS ===============

R0 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2007-4-9 42376]
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1002000.007\BHDrvx86.sys [2008-12-27 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1002000.007\cchpx86.sys [2008-12-27 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090129.001\IDSxpx86.sys [2009-1-29 274808]
R1 IkSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2007-4-9 66952]
R1 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2007-4-9 81288]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-12-26 99376]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2007-4-9 200192]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090201.003\naveng.sys [2009-2-1 89104]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090201.003\navex15.sys [2009-2-1 876112]
R4 AhnLab Task Scheduler;AhnLab Task Scheduler;c:\program files\ahnlab\smart update utility\AhnSDsv.exe [2008-7-9 174792]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\comfiltr.sys --> c:\windows\system32\drivers\COMFiltr.sys [?]

=============== Created Last 30 ================

2009-01-31 14:08 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-01-31 14:03 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-31 14:01 2,136,064 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-31 14:01 2,180,352 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-31 14:01 2,015,744 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-31 14:01 2,057,728 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-31 13:57 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-31 13:28 31,232 ac------ c:\windows\system32\dllcache\weitekp9.sys
2009-01-31 13:28 41,600 ac------ c:\windows\system32\dllcache\weitekp9.dll
2009-01-31 13:28 48,256 ac------ c:\windows\system32\dllcache\w32.dll
2009-01-31 13:26 20,736 ac------ c:\windows\system32\dllcache\ramdisk.sys
2009-01-31 13:26 16,384 ac------ c:\windows\system32\dllcache\quser.exe
2009-01-31 13:26 9,728 ac------ c:\windows\system32\dllcache\query.exe
2009-01-31 13:26 131,584 ac------ c:\windows\system32\dllcache\pmxviceo.dll
2009-01-31 13:26 11,264 ac------ c:\windows\system32\dllcache\pmxmcro.dll
2009-01-31 13:26 6,144 ac------ c:\windows\system32\dllcache\pmxgl.dll
2009-01-31 13:26 70,144 ac------ c:\windows\system32\dllcache\pintlphr.exe
2009-01-31 13:26 67,584 ac------ c:\windows\system32\dllcache\pmigrate.dll
2009-01-31 13:26 482,304 ac------ c:\windows\system32\dllcache\pintlgnt.ime
2009-01-31 13:26 38,912 ac------ c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-01-31 13:26 111,104 ac------ c:\windows\system32\dllcache\mtstocom.exe
2009-01-31 13:25 7,680 ac------ c:\windows\system32\dllcache\migregdb.exe
2009-01-31 13:25 92,416 ac------ c:\windows\system32\dllcache\mga.sys
2009-01-31 13:25 92,032 ac------ c:\windows\system32\dllcache\mga.dll
2009-01-31 13:25 65,536 ac------ c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-01-31 13:25 22,528 ac------ c:\windows\system32\dllcache\lpdsvc.dll
2009-01-31 13:25 18,944 ac------ c:\windows\system32\dllcache\lprmon.dll
2009-01-31 13:25 33,792 ac------ c:\windows\system32\dllcache\lmmib2.dll
2009-01-31 13:25 18,432 ac------ c:\windows\system32\dllcache\jupiw.dll
2009-01-31 13:25 35,328 ac------ c:\windows\system32\dllcache\iprip.dll
2009-01-31 13:25 59,392 ac------ c:\windows\system32\dllcache\imscinst.exe
2009-01-31 13:25 10,096,640 ac------ c:\windows\system32\dllcache\hwxcht.dll
2009-01-31 13:23 54,528 ac------ c:\windows\system32\dllcache\cap7146.sys
2009-01-31 13:22 208,896 ac------ c:\windows\system32\dllcache\fpmmcsat.dll
2009-01-31 13:15 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-31 13:14 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-31 13:14 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-31 13:14 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-31 13:14 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-31 13:14 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-01-31 12:53 1,086,058 a----r-- c:\windows\SET6B.tmp
2009-01-31 12:53 1,042,903 a----r-- c:\windows\SET68.tmp
2009-01-30 14:49 32,768 ac------ c:\windows\system32\dllcache\icwdl.dll
2009-01-30 14:49 214,528 ac------ c:\windows\system32\dllcache\icwconn1.exe
2009-01-30 14:49 86,016 ac------ c:\windows\system32\dllcache\icwconn2.exe
2009-01-30 14:49 20,480 ac------ c:\windows\system32\dllcache\inetwiz.exe
2009-01-30 14:27 13,753 a----r-- c:\windows\SET9E.tmp
2009-01-30 14:27 1,086,058 a----r-- c:\windows\SET91.tmp
2009-01-30 14:27 1,042,903 a----r-- c:\windows\SET8E.tmp
2009-01-30 14:26 383,685 a------- c:\windows\setupapi.old
2009-01-20 16:45 <DIR> --d----- c:\program files\Trend Micro
2009-01-20 15:01 6,144 a--sh--- c:\windows\system32\Thumbs.db
2009-01-18 00:37 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-16 22:49 19,569 a------- c:\windows\003082_.tmp
2009-01-14 17:51 13,646 a------- c:\windows\system32\wpa.bak
2009-01-14 13:08 13,753 a----r-- c:\windows\SETAC.tmp
2009-01-14 13:08 1,086,058 a----r-- c:\windows\SETA0.tmp
2009-01-14 13:08 1,042,903 a----r-- c:\windows\SET9D.tmp
2009-01-14 12:30 <DIR> --d----- c:\windows\setup.pss
2009-01-11 12:39 <DIR> --d----- c:\program files\Uniblue
2009-01-11 02:34 <DIR> --d----- c:\windows\system32\XPSViewer
2009-01-11 02:29 117,760 a------- c:\windows\system32\prntvpt.dll
2009-01-11 02:29 575,488 a------- c:\windows\system32\xpsshhdr.dll
2009-01-11 02:29 1,676,288 a------- c:\windows\system32\xpssvcs.dll
2009-01-11 02:29 <DIR> --d----- C:\f45d8e39b3eaafcf033af29a88
2009-01-11 02:27 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-11 01:49 <DIR> --d-hr-- C:\AHCache
2009-01-10 02:18 <DIR> --d----- c:\documents and settings\all users\CrypKey
2009-01-10 02:18 4 a------- c:\windows\vx86036.dat
2009-01-10 02:17 1,680 a------- c:\windows\system32\esnecil.nlp
2009-01-10 02:17 1,680 a------- c:\windows\system32\esnecil.ind
2009-01-10 02:17 71 a------- c:\windows\Crypkey.ini
2009-01-10 02:17 19,584 a------- c:\windows\system32\Ckldrv.sys
2009-01-10 02:17 27,648 a----r-- c:\windows\Setup_ck.exe
2009-01-10 02:17 165,888 a------- c:\windows\Ckconfig.exe
2009-01-10 02:17 122,880 a------- c:\windows\system32\Crypserv.exe
2009-01-10 02:17 18,432 a------- c:\windows\Setup_ck.dll
2009-01-10 02:17 11,776 a------- c:\windows\Ckrfresh.exe
2009-01-10 02:16 <DIR> --d----- c:\program files\Stellar Phoenix Windows Data Recovery
2009-01-09 20:22 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-09 20:22 <DIR> --d----- c:\docume~1\zoy\applic~1\SUPERAntiSpyware.com
2009-01-07 18:45 1,275,109 a--sh--- c:\windows\system32\emusulem.ini
2009-01-06 23:05 1,275,109 a--sh--- c:\windows\system32\ilofehub.ini
2009-01-06 20:49 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-01-06 20:46 <DIR> --d----- c:\program files\AIM6
2009-01-06 11:12 1,275,109 a--sh--- c:\windows\system32\usubetej.ini
2009-01-04 12:34 1,262,075 a--sh--- c:\windows\system32\efulofoy.ini
2009-01-03 13:16 1,262,075 a--sh--- c:\windows\system32\ekejoten.ini
2009-01-03 01:16 1,262,075 a--sh--- c:\windows\system32\uribiguz.ini

==================== Find3M ====================

2009-01-31 13:13 23,392 a------- c:\windows\system32\emptyregdb.dat
2009-01-14 19:32 82,791 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-01 23:16 42,448 a---h--- c:\windows\system32\mlfcache.dat
2008-12-26 19:50 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-26 19:50 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2008-12-26 19:50 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-26 19:50 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2008-12-11 22:08 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-11 06:57 333,184 a------- c:\windows\system32\drivers\srv.sys
0000-00-00 00:00 68,792 a--sh--- c:\windows\system32\jutepeso.dll
0000-00-00 00:00 68,792 a--sh--- c:\windows\system32\muhoyawa.dll

============= FINISH: 12:42:51.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 02 February 2009 - 06:08 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 04 February 2009 - 12:20 AM

Hi
Thank you for your help.
1.Malwarebytes
Malwarebytes' Anti-Malware 1.33
Database version: 1721
Windows 5.1.2600 Service Pack 2

2/3/2009 9:55:45 PM
mbam-log-2009-02-03 (21-55-45).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 227513
Time elapsed: 5 hour(s), 12 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d5984ca1-49ff-4d66-8278-091b357ea1d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d5984ca1-49ff-4d66-8278-091b357ea1d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dafekumoje (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{a26503fe-b3b8-4910-a9dc-9cbd25c6b8d6} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\jutepeso.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\jutepeso.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\muhoyawa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\defupabo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\suwuwari.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\garowori.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ropofotu.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jutepeso.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.

#4 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 04 February 2009 - 12:22 AM

2. RSIT log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Zoy at 2009-02-03 22:50:38
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 25 GB (16%) free of 153 GB
Total RAM: 382 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:51 PM, on 2/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zoy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Zoy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-19\..\Run: [dafekumoje] Rundll32.exe "C:\WINDOWS\system32\muhoyawa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dafekumoje] Rundll32.exe "C:\WINDOWS\system32\muhoyawa.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://rms2.invokesolutions.com/events/bin...1450/MILive.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: c:\windows\system32\kenahozi.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 13087 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{2455DA7C-FB2A-4534-BBF9-D112BBF1A548}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2008-12-26 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-08-16 5751624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2007-12-03 352256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-08-16 5751624]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AHNSD"=C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe [2008-01-28 199368]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"lxdnmon.exe"=C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [2008-03-27 660136]
"lxdnamon"=C:\Program Files\Lexmark 2600 Series\lxdnamon.exe [2008-03-27 16040]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2008-03-27 320168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
""= []
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-08-16 160592]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\kenahozi.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
:\WINDOWS\SYSTEM32\srrstr.dll

32\jutepeso.dll
scecli
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent [tfile.ru]\utorrent.exe"="C:\Program Files\uTorrent [tfile.ru]\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\network diagnostic\xpnetdiag.exe"="C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\lxdncoms.exe"="C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server"
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe"="C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: "
"C:\Program Files\Lexmark 2600 Series\frun.exe"="C:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Printing Application"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Spyware Doctor\pctsGui.exe"="C:\Program Files\Spyware Doctor\pctsGui.exe:*:Enabled:pctsGui"
"C:\Program Files\Spyware Doctor\pctsTray.exe"="C:\Program Files\Spyware Doctor\pctsTray.exe:*:Enabled:pctsTray"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22741168-e7b7-11db-86e9-0014a52654ef}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5089592e-a81d-11dc-af1a-0014a52654ef}]
shell\AutoRun\command - podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb3664ae-d6de-11dd-a374-0014a52654ef}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-02-03 22:50:38 ----D---- C:\rsit
2009-02-03 22:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-02-03 22:42:51 ----D---- C:\WINDOWS\LastGood
2009-02-02 19:56:03 ----D---- C:\Documents and Settings\Zoy\Application Data\Malwarebytes
2009-02-02 19:54:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 19:54:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-31 20:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-31 20:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-31 20:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-31 20:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-31 20:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-31 20:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-31 20:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-31 20:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-31 20:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-31 20:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-31 20:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-31 20:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-31 20:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-31 20:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-31 20:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-31 20:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-31 20:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-31 20:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-31 20:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-31 20:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-31 20:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-31 20:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-31 19:59:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-31 14:08:20 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-31 13:38:06 ----D---- C:\WINDOWS\Prefetch
2009-01-31 13:15:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-31 12:54:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-31 12:54:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-31 12:54:18 ----RA---- C:\WINDOWS\SET77.tmp
2009-01-31 12:53:59 ----RA---- C:\WINDOWS\SET6B.tmp
2009-01-31 12:53:55 ----RA---- C:\WINDOWS\SET68.tmp
2009-01-30 15:12:56 ----A---- C:\WINDOWS\ModemLog_AC97 Data Fax SoftModem with SmartCP.txt
2009-01-30 14:27:41 ----RA---- C:\WINDOWS\SET9E.tmp
2009-01-30 14:27:36 ----RA---- C:\WINDOWS\SET91.tmp
2009-01-30 14:27:32 ----RA---- C:\WINDOWS\SET8E.tmp
2009-01-20 16:45:09 ----D---- C:\Program Files\Trend Micro
2009-01-18 00:37:29 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-18 00:37:29 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-18 00:37:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-18 00:37:28 ----A---- C:\WINDOWS\system32\java.exe
2009-01-16 22:49:30 ----A---- C:\WINDOWS\003082_.tmp
2009-01-16 19:46:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-15 00:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-01-15 00:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-01-14 17:51:16 ----A---- C:\WINDOWS\system32\wpa.bak
2009-01-14 13:08:39 ----RA---- C:\WINDOWS\SETAC.tmp
2009-01-14 13:08:33 ----RA---- C:\WINDOWS\SETA0.tmp
2009-01-14 13:08:30 ----RA---- C:\WINDOWS\SET9D.tmp
2009-01-14 12:30:46 ----D---- C:\WINDOWS\setup.pss
2009-01-11 12:39:50 ----D---- C:\Program Files\Uniblue
2009-01-11 02:34:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-11 02:33:58 ----D---- C:\Program Files\MSBuild
2009-01-11 02:33:11 ----D---- C:\Program Files\Reference Assemblies
2009-01-11 02:29:43 ----A---- C:\WINDOWS\system32\prntvpt.dll
2009-01-11 02:29:42 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-11 02:29:41 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-11 02:29:40 ----D---- C:\f45d8e39b3eaafcf033af29a88
2009-01-11 02:27:06 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-11 01:49:15 ----RHD---- C:\AHCache
2009-01-10 23:31:23 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-01-10 02:17:19 ----A---- C:\WINDOWS\Crypkey.ini
2009-01-10 02:17:05 ----RA---- C:\WINDOWS\Setup_ck.exe
2009-01-10 02:17:05 ----A---- C:\WINDOWS\system32\Crypserv.exe
2009-01-10 02:17:05 ----A---- C:\WINDOWS\Setup_ck.dll
2009-01-10 02:17:05 ----A---- C:\WINDOWS\Ckrfresh.exe
2009-01-10 02:17:05 ----A---- C:\WINDOWS\Ckconfig.exe
2009-01-10 02:16:20 ----D---- C:\Program Files\Stellar Phoenix Windows Data Recovery
2009-01-10 00:36:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-09 20:22:28 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-09 20:22:28 ----D---- C:\Documents and Settings\Zoy\Application Data\SUPERAntiSpyware.com
2009-01-07 18:45:25 ----ASH---- C:\WINDOWS\system32\emusulem.ini
2009-01-06 23:05:08 ----ASH---- C:\WINDOWS\system32\ilofehub.ini
2009-01-06 21:30:58 ----D---- C:\Documents and Settings\Zoy\Application Data\acccore
2009-01-06 20:49:33 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-01-06 20:46:17 ----D---- C:\Program Files\AIM6
2009-01-06 11:12:29 ----ASH---- C:\WINDOWS\system32\usubetej.ini
2009-01-04 12:34:25 ----ASH---- C:\WINDOWS\system32\efulofoy.ini
2009-01-03 13:16:30 ----ASH---- C:\WINDOWS\system32\ekejoten.ini
2009-01-03 01:16:10 ----ASH---- C:\WINDOWS\system32\uribiguz.ini
2009-01-02 09:32:54 ----ASH---- C:\WINDOWS\system32\uyoyonef.ini
2008-12-31 14:02:57 ----ASH---- C:\WINDOWS\system32\ewipomog.ini
2008-12-30 09:51:01 ----D---- C:\Documents and Settings\Zoy\Application Data\FaxCtr
2008-12-30 02:22:37 ----D---- C:\Documents and Settings\Zoy\Application Data\Lexmark Productivity Studio
2008-12-30 02:00:09 ----D---- C:\logs
2008-12-30 01:59:31 ----A---- C:\WINDOWS\system32\lxdnvs.dll
2008-12-30 01:59:24 ----A---- C:\WINDOWS\system32\lxdncoin.dll
2008-12-30 01:58:16 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-12-30 01:57:37 ----A---- C:\WINDOWS\system32\lxdndrs.dll
2008-12-30 01:57:37 ----A---- C:\WINDOWS\system32\lxdncaps.dll
2008-12-30 01:57:36 ----A---- C:\WINDOWS\system32\lxdncnv4.dll
2008-12-30 01:56:19 ----A---- C:\WINDOWS\system32\LXF3PMON.DLL
2008-12-30 01:56:19 ----A---- C:\WINDOWS\system32\LXF3FXPU.DLL
2008-12-30 01:55:58 ----A---- C:\WINDOWS\system32\lxf3oem.dll
2008-12-30 01:55:57 ----A---- C:\WINDOWS\system32\LXF3PMRC.DLL
2008-12-30 01:55:55 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2008-12-30 01:55:55 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2008-12-30 01:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-12-30 01:55:19 ----D---- C:\Program Files\Lexmark Fax Solutions
2008-12-30 01:54:25 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-12-30 01:52:10 ----A---- C:\WINDOWS\system32\lxdnwupd.exe
2008-12-30 01:52:10 ----A---- C:\WINDOWS\system32\lxdnwupd.dll
2008-12-30 01:52:08 ----A---- C:\WINDOWS\system32\lxdnrwrd.ini
2008-12-30 01:51:52 ----A---- C:\WINDOWS\system32\LXDNinst.dll
2008-12-30 01:51:51 ----A---- C:\WINDOWS\system32\lxdninpa.dll
2008-12-30 01:51:51 ----A---- C:\WINDOWS\system32\lxdniesc.dll
2008-12-30 01:51:51 ----A---- C:\WINDOWS\system32\LXDNhcp.dll
2008-12-30 01:51:50 ----A---- C:\WINDOWS\system32\lxdnutil.dll
2008-12-30 01:51:50 ----A---- C:\WINDOWS\system32\lxdnusb1.dll
2008-12-30 01:51:50 ----A---- C:\WINDOWS\system32\lxdnserv.dll
2008-12-30 01:51:49 ----A---- C:\WINDOWS\system32\lxdnprox.dll
2008-12-30 01:51:49 ----A---- C:\WINDOWS\system32\lxdnpmui.dll
2008-12-30 01:51:49 ----A---- C:\WINDOWS\system32\lxdnlmpm.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnjswr.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdninsr.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdninsb.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnins.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnih.exe
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnhbn3.dll
2008-12-30 01:51:47 ----A---- C:\WINDOWS\system32\lxdngrd.dll
2008-12-30 01:51:47 ----A---- C:\WINDOWS\system32\lxdngf.dll
2008-12-30 01:51:47 ----A---- C:\WINDOWS\system32\lxdncub.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncur.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncu.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncoms.exe
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncomm.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncomc.dll
2008-12-30 01:51:45 ----A---- C:\WINDOWS\system32\lxdncfg.exe
2008-12-30 01:51:45 ----A---- C:\WINDOWS\system32\LXDNcfg.dll
2008-12-30 01:51:31 ----D---- C:\Program Files\Lexmark 2600 Series
2008-12-28 14:48:05 ----D---- C:\Program Files\iTunes
2008-12-28 14:48:05 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-28 14:18:06 ----D---- C:\Program Files\Safari
2008-12-26 19:50:52 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-26 19:48:00 ----D---- C:\Program Files\Windows Sidebar
2008-12-26 19:47:59 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-12-26 19:47:00 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-26 19:46:59 ----D---- C:\Program Files\NortonInstaller
2008-12-26 19:21:13 ----ASH---- C:\WINDOWS\system32\ejeforav.ini
2008-12-25 13:09:13 ----ASH---- C:\WINDOWS\system32\ikayovub.ini
2008-12-18 18:55:14 ----D---- C:\WINDOWS\ie8updates
2008-12-05 00:21:54 ----D---- C:\spoolerlogs
2008-12-04 00:55:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series
2008-11-23 21:14:29 ----D---- C:\Program Files\Windows Live Toolbar
2008-11-23 21:14:25 ----D---- C:\Program Files\Windows Live Favorites
2008-11-23 21:02:22 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-23 21:01:45 ----D---- C:\Program Files\Windows Live
2008-11-23 21:00:50 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller

======List of files/folders modified in the last 3 months======

2009-02-03 22:45:51 ----HD---- C:\WINDOWS\inf
2009-02-03 22:45:44 ----D---- C:\WINDOWS
2009-02-03 22:42:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-03 22:42:42 ----D---- C:\Program Files\Mozilla Firefox
2009-02-03 22:41:12 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-03 22:40:51 ----D---- C:\WINDOWS\Temp
2009-02-03 22:05:37 ----D---- C:\WINDOWS\system32
2009-02-03 22:02:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-03 22:02:57 ----D---- C:\WINDOWS\Help
2009-02-03 22:02:57 ----D---- C:\Program Files\Internet Explorer
2009-02-03 22:02:39 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 22:01:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-03 21:55:45 ----SHD---- C:\RECYCLER
2009-02-03 16:39:54 ----A---- C:\WINDOWS\imsins.BAK
2009-02-03 16:21:44 ----HDC---- C:\WINDOWS\ie7
2009-02-03 16:21:06 ----D---- C:\Program Files\Spyware Doctor
2009-02-03 16:09:14 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-03 15:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-02-03 15:33:00 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-02-03 15:10:49 ----SHD---- C:\WINDOWS\Installer
2009-02-03 15:10:24 ----HD---- C:\Config.Msi
2009-02-02 19:54:50 ----RD---- C:\Program Files
2009-02-01 12:22:14 ----D---- C:\Documents and Settings
2009-02-01 12:10:00 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-01 02:00:49 ----D---- C:\Documents and Settings\Zoy\Application Data\uTorrent
2009-01-31 23:34:11 ----A---- C:\WINDOWS\NeroDigital.ini
2009-01-31 20:12:47 ----D---- C:\WINDOWS\security
2009-01-31 20:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-01-31 13:45:45 ----D---- C:\WINDOWS\Registration
2009-01-31 13:43:48 ----A---- C:\WINDOWS\setuplog.txt
2009-01-31 13:43:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-31 13:42:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-31 13:38:46 ----SHD---- C:\System Volume Information
2009-01-31 13:38:46 ----D---- C:\WINDOWS\system32\Restore
2009-01-31 13:37:05 ----D---- C:\WINDOWS\system32\config
2009-01-31 13:29:25 ----D---- C:\WINDOWS\repair
2009-01-31 13:22:02 ----D---- C:\Program Files\Windows Media Player
2009-01-31 13:18:48 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-31 13:16:25 ----D---- C:\WINDOWS\system32\ias
2009-01-31 13:15:24 ----RD---- C:\WINDOWS\Web
2009-01-31 13:14:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-31 13:14:14 ----A---- C:\WINDOWS\win.ini
2009-01-31 13:14:03 ----D---- C:\WINDOWS\system32\oobe
2009-01-31 13:13:08 ----D---- C:\WINDOWS\system32\Com
2009-01-31 12:55:10 ----A---- C:\WINDOWS\SYSTEM.INI
2009-01-31 12:54:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-31 07:30:52 ----D---- C:\WINDOWS\system
2009-01-31 07:30:51 ----D---- C:\WINDOWS\system32\Setup
2009-01-31 07:30:37 ----D---- C:\WINDOWS\system32\usmt
2009-01-31 07:30:25 ----D---- C:\WINDOWS\AppPatch
2009-01-31 07:30:22 ----D---- C:\WINDOWS\ime
2009-01-31 07:30:20 ----RSD---- C:\WINDOWS\Fonts
2009-01-31 07:30:19 ----D---- C:\WINDOWS\Media
2009-01-31 07:30:15 ----D---- C:\WINDOWS\system32\wbem
2009-01-31 07:30:03 ----D---- C:\WINDOWS\PeerNet
2009-01-31 07:29:42 ----D---- C:\WINDOWS\system32\npp
2009-01-31 07:29:33 ----D---- C:\WINDOWS\msagent
2009-01-31 07:25:14 ----D---- C:\WINDOWS\twain_32
2009-01-31 07:24:19 ----D---- C:\WINDOWS\system32\icsxml
2009-01-31 07:23:22 ----D---- C:\WINDOWS\system32\1033
2009-01-31 07:21:39 ----D---- C:\WINDOWS\Driver Cache
2009-01-30 14:50:35 ----D---- C:\WINDOWS\srchasst
2009-01-30 14:50:20 ----D---- C:\Program Files\Movie Maker
2009-01-30 14:50:02 ----D---- C:\Program Files\NetMeeting
2009-01-30 14:49:54 ----D---- C:\Program Files\Outlook Express
2009-01-30 14:49:54 ----D---- C:\Program Files\Common Files\System
2009-01-30 14:46:53 ----D---- C:\Program Files\Windows NT
2009-01-30 12:41:41 ----SH---- C:\boot.ini
2009-01-30 12:16:52 ----D---- C:\Documents and Settings\Zoy\Application Data\U3
2009-01-28 11:04:00 ----A---- C:\DTSHDSpOut.txt
2009-01-18 01:30:51 ----D---- C:\Program Files\Messenger
2009-01-18 00:57:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-18 00:50:46 ----D---- C:\WINDOWS\EHome
2009-01-18 00:34:53 ----D---- C:\Program Files\Java
2009-01-17 14:17:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-17 00:01:08 ----D---- C:\WINDOWS\ie7updates
2009-01-14 07:53:58 ----D---- C:\WINDOWS\WinSxS
2009-01-11 16:54:38 ----D---- C:\Program Files\Google
2009-01-11 13:32:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-11 13:28:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-11 13:06:22 ----SD---- C:\WINDOWS\Tasks
2009-01-11 13:00:53 ----D---- C:\Documents and Settings\Zoy\Application Data\Uniblue
2009-01-11 12:24:38 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-11 12:24:36 ----RSD---- C:\WINDOWS\assembly
2009-01-11 02:34:00 ----D---- C:\WINDOWS\system32\en-US
2009-01-11 02:31:59 ----D---- C:\WINDOWS\system32\spool
2009-01-10 00:45:06 ----D---- C:\WINDOWS\network diagnostic
2009-01-09 20:21:07 ----D---- C:\Program Files\Common Files
2009-01-06 21:11:58 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-06 20:47:12 ----D---- C:\Program Files\Common Files\AOL
2009-01-01 23:05:39 ----D---- C:\Documents and Settings\Zoy\Application Data\Apple Computer
2008-12-30 03:22:30 ----SD---- C:\Documents and Settings\Zoy\Application Data\Microsoft
2008-12-28 14:48:24 ----D---- C:\Program Files\iPod
2008-12-28 14:48:23 ----D---- C:\Program Files\Common Files\Apple
2008-12-28 14:38:03 ----D---- C:\Program Files\QuickTime
2008-12-26 20:00:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-26 19:54:16 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-26 19:50:53 ----D---- C:\Program Files\Symantec
2008-12-26 19:48:00 ----D---- C:\Program Files\Norton AntiVirus
2008-12-26 19:34:49 ----A---- C:\caisslog.txt
2008-12-26 19:28:34 ----D---- C:\WINDOWS\CAVTemp
2008-12-09 18:53:03 ----D---- C:\Program Files\Yahoo!
2008-12-09 18:52:39 ----RHD---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-11-23 21:14:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-23 21:14:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-23 21:13:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-21 14:25:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-09 21:28:26 ----D---- C:\Documents and Settings\Zoy\Application Data\Mozilla
2008-11-09 19:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-09 18:12:35 ----D---- C:\Documents and Settings\Zoy\Application Data\Adobe
2008-11-09 02:20:41 ----D---- C:\Temp
2008-11-08 10:56:45 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-11 255536]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-26 362544]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090129.005\IDSxpx86.sys []
R1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2008-03-17 19584]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-11 306736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-11 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-11 198192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090203.024\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090203.024\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-11 12976]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-11 89904]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-11 34608]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-11 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-11-01 16694]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AhnLab Task Scheduler;AhnLab Task Scheduler; C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2008-01-28 174792]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-07 122880]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 lxdn_device;lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [2008-02-27 594600]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\shared\hpqwmi.exe [2005-03-04 98304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-09 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-24 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

#5 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 04 February 2009 - 12:25 AM

3. RSIT info.txt

info.txt logfile of random's system information tool 1.05 2009-02-03 22:52:07

======Uninstall list======

Sansa Media Converter-->"C:\Program Files\InstallShield Installation Information\{FC053571-8507-44E4-8B6D-AACEAB8CA57C}\setup.exe" --u:{FC053571-8507-44E4-8B6D-AACEAB8CA57C}
-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /X{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Extra Settings CS4-->MsiExec.exe /I{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Recommended Settings CS4-->MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\f58fc5a295fc517c614533a2caf2a90\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{C36C39C4-76B9-4392-BBC6-932E89CD6594}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{2274624C-5B38-41AD-AD27-CEC0924EB628}
Adobe Setup-->MsiExec.exe /I{4CE1A0C1-E416-4C83-BD32-6EABD5BCAFEE}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Adobe Stock Photos CS3-->C:\Program Files\Common Files\Adobe\Installers\cbb2ea61da9c780bd7e47a5230a9ed7\Setup.exe
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AI RoboForm (All Users)-->"C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Audio Converter 5-4-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\Audio Converter\ST6UNST.LOG"
AVS Audio Converter version 4.1-->"C:\Program Files\AVS4YOU\AVSAudioConverter\unins000.exe"
AVS DVDMenu Editor 1.2.1.19-->"C:\Program Files\Common Files\AVSMedia\AVS DVDMenu Editor\unins000.exe"
AVS Video Converter 5.6-->"C:\Program Files\AVS4YOU\AVSVideoConverter\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Axara AudioCDGrabber 2.2.1-->"C:\Program Files\Axara\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom 802.11 Wireless LAN Adapter-->C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Conexant AC-Link Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO\HXFSETUP.EXE -U -Iqta3091.inf
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
Data Fax SoftModem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C\HXFSETUP.EXE -U -IVEN_1002&DEV_4378&SUBSYS_3091103C
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Help and Support-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}\setup.exe" -l0x9 -removeonly
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP User Guides 0001-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06ECCCF4-9295-468E-851C-9529A7C181E8}\setup.exe" -l0x9 -removeonly
HP Wireless Assistant 1.01 A2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\setup.exe" -l0x9 hpquninst
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lexmark 2600 Series-->C:\Program Files\Lexmark 2600 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
LiveUpdate 3.1 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Logitech Audio Echo Cancellation Component-->MsiExec.exe /X{BEF726DD-4037-4214-8C6A-E625C02D2870}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam-->MsiExec.exe /X{7D2370AC-D8E6-4996-986A-19824F8A167C}
Logitech Video Enumerator-->MsiExec.exe /X{EA516024-D84D-41F1-814F-83175A6188F2}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{B8281D46-D846-4BB9-BC84-F1115A7BF820}\setup.exe" -runfromtemp -l0x0409 -removeonly
Maxtor Manager-->MsiExec.exe /I{B8281D46-D846-4BB9-BC84-F1115A7BF820}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
muvee autoProducer 4.0 - SE-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{534AA552-E1F1-4965-B2AA-FBDEB0730D60}\setup.exe" -l0x9
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\A5E82D02\16.2.0.7\InstStub.exe /X
Palm-->MsiExec.exe /X{32EF6F81-583E-4127-918D-D3768A8957C4}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Quick Launch Buttons 5.10 B2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Smart Update Utility (AhnLab, Inc.)-->"C:\Program Files\AhnLab\Smart Update Utility\Uninst.exe" -Uninstall
Sonic Audio Module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic Copy Module-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic Data Module-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sprint music manager -->C:\PROGRA~1\SPRINT~1\Setup.exe /remove /q0
Spyware Doctor 5.5-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Texas Instruments PCIxx21/x515 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{612DC38A-B36A-4699-88EB-12C7394DE2FC} /l1033
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
uTorrent [tfile.ru edition]-->C:\Program Files\uTorrent [tfile.ru]\uninstall.exe
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{97A96172-A963-4A37-9FFB-DA6805BB915A}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Sign-in Assistant-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zeallsoft Audio CD Burner 2.0-->"C:\Program Files\Zeallsoft\Zeallsoft Audio CD Burner\unins000.exe"

======Security center information======

AV: Norton AntiVirus
AV: Panda Antivirus Platinum 7 (disabled)
FW: Panda Antivirus Platinum 7 (disabled)

System event log

Computer Name: ZOYA-2B90056AD4
Event Code: 26
Message: Application popup: rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\jutepeso.dll is not a valid Windows image. Please check this against your installation diskette.

Record Number: 13780
Source Name: Application Popup
Time Written: 20090131130713.000000-300
Event Type: information
User:

Computer Name: ZOYA-2B90056AD4
Event Code: 26
Message: Application popup: rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\jutepeso.dll is not a valid Windows image. Please check this against your installation diskette.

Record Number: 13779
Source Name: Application Popup
Time Written: 20090131130713.000000-300
Event Type: information
User:

Computer Name: ZOYA-2B90056AD4
Event Code: 26
Message: Application popup: rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\jutepeso.dll is not a valid Windows image. Please check this against your installation diskette.

Record Number: 13778
Source Name: Application Popup
Time Written: 20090131130713.000000-300
Event Type: information
User:

Computer Name: ZOYA-2B90056AD4
Event Code: 26
Message: Application popup: rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\jutepeso.dll is not a valid Windows image. Please check this against your installation diskette.

Record Number: 13777
Source Name: Application Popup
Time Written: 20090131130712.000000-300
Event Type: information
User:

Computer Name: ZOYA-2B90056AD4
Event Code: 26
Message: Application popup: rundll32.exe - Bad Image : The application or DLL C:\WINDOWS\system32\jutepeso.dll is not a valid Windows image. Please check this against your installation diskette.

Record Number: 13776
Source Name: Application Popup
Time Written: 20090131130712.000000-300
Event Type: information
User:

Application event log

Computer Name: ZOYA-2B90056AD4
Event Code: 0
Message:
Record Number: 24209
Source Name: Viewpoint Manager Service
Time Written: 20081212125656.000000-300
Event Type: information
User:

Computer Name: ZOYA-2B90056AD4
Event Code: 0
Message:
Record Number: 24208
Source Name: gusvc
Time Written: 20081212125558.000000-300
Event Type: information
User:

Computer Name: ZOYA-2B90056AD4
Event Code: 1
Message:
Record Number: 24207
Source Name: Bonjour Service
Time Written: 20081212125555.000000-300
Event Type: information
User:

Computer Name: ZOYA-2B90056AD4
Event Code: 101
Message: Information Level: success

Rolling back the schedule; execution will occur at approximately 1:00 PM.

Record Number: 24206
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081212125549.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: ZOYA-2B90056AD4
Event Code: 101
Message: Information Level: success

Service started.

Record Number: 24205
Source Name: Automatic LiveUpdate Scheduler
Time Written: 20081212125549.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 36 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2402
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 04 February 2009 - 12:28 AM

4. -Attached- GMER result..
Thanks again

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 04 February 2009 - 01:04 AM

IMPORTANT!! Uninstall these programs first (if present..) so that they won't interfere with our fixes..

1. Ask Toolbar
2. Lavasoft Ad-Aware
3. Spybot - Search & Destroy
4. Viewpoint (all of them..)




Please re-open HijackThis and click on Do a system scan only. Check the boxes next to all the entries listed below.

O4 - HKUS\S-1-5-19\..\Run: [dafekumoje] Rundll32.exe "C:\WINDOWS\system32\muhoyawa.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [dafekumoje] Rundll32.exe "C:\WINDOWS\system32\muhoyawa.dll",s (User 'NETWORK SERVICE')
O20 - AppInit_DLLs: c:\windows\system32\kenahozi.dll


Now close all windows other than HijackThis, then click Fix checked. Close HijackThis.




NEXT


Please download the OTMoveIt3 by OldTimer
  • Save it to your Desktop.
  • Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked..
  • Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar)

    :processes
    explorer.exe
    
    :services
    
    :files
    C:\WINDOWS\system32\muhoyawa.dll
    c:\windows\system32\kenahozi.dll
    C:\WINDOWS\SYSTEM32\srrstr.dll
    C:\WINDOWS\SYSTEM32\jutepeso.dll
    C:\WINDOWS\SET??.tmp
    C:\WINDOWS\003082_.tmp
    C:\WINDOWS\system32\emusulem.ini
    C:\WINDOWS\system32\ilofehub.ini
    C:\WINDOWS\system32\usubetej.ini
    C:\WINDOWS\system32\efulofoy.ini
    C:\WINDOWS\system32\ekejoten.ini
    C:\WINDOWS\system32\uribiguz.ini
    C:\WINDOWS\system32\uyoyonef.ini
    C:\WINDOWS\system32\ewipomog.ini
    C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    C:\WINDOWS\system32\ejeforav.ini
    C:\WINDOWS\system32\ikayovub.ini
    
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLS"=""
    
    :commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Run RSIT again... Post these logs in your next reply..

1. OTMoveIt3
2. RSIT log.txt

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 04 February 2009 - 07:25 PM

Hello
You are super fast
Thank you

1. OTMoveIt3

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder C:\WINDOWS\system32\muhoyawa.dll not found.
File/Folder c:\windows\system32\kenahozi.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\srrstr.dll
C:\WINDOWS\SYSTEM32\srrstr.dll NOT unregistered.
C:\WINDOWS\SYSTEM32\srrstr.dll moved successfully.
File/Folder C:\WINDOWS\SYSTEM32\jutepeso.dll not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET68.tmp moved successfully.
C:\WINDOWS\SET6B.tmp moved successfully.
C:\WINDOWS\SET77.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SET8E.tmp moved successfully.
C:\WINDOWS\SET91.tmp moved successfully.
C:\WINDOWS\SET9D.tmp moved successfully.
C:\WINDOWS\SET9E.tmp moved successfully.
C:\WINDOWS\SETA0.tmp moved successfully.
C:\WINDOWS\SETAC.tmp moved successfully.
C:\WINDOWS\003082_.tmp moved successfully.
C:\WINDOWS\system32\emusulem.ini moved successfully.
C:\WINDOWS\system32\ilofehub.ini moved successfully.
C:\WINDOWS\system32\usubetej.ini moved successfully.
C:\WINDOWS\system32\efulofoy.ini moved successfully.
C:\WINDOWS\system32\ekejoten.ini moved successfully.
C:\WINDOWS\system32\uribiguz.ini moved successfully.
C:\WINDOWS\system32\uyoyonef.ini moved successfully.
C:\WINDOWS\system32\ewipomog.ini moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
C:\WINDOWS\system32\ejeforav.ini moved successfully.
C:\WINDOWS\system32\ikayovub.ini moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLS"|"" /E : value set successfully!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Zoy\LOCALS~1\Temp\etilqs_REf2cNRA8kqQXgezD8sY scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JETAD71.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2ac.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_418.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Zoy\Local Settings\Application Data\Mozilla\Firefox\Profiles\hfbxl2gg.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoy\Local Settings\Application Data\Mozilla\Firefox\Profiles\hfbxl2gg.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoy\Local Settings\Application Data\Mozilla\Firefox\Profiles\hfbxl2gg.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoy\Local Settings\Application Data\Mozilla\Firefox\Profiles\hfbxl2gg.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Zoy\Local Settings\Application Data\Mozilla\Firefox\Profiles\hfbxl2gg.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02042009_182358

#9 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 04 February 2009 - 07:26 PM

2. RSIT log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by Zoy at 2009-02-04 19:12:04
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 33 GB (22%) free of 153 GB
Total RAM: 382 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:13:05 PM, on 2/4/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zoy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Zoy.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://rms2.invokesolutions.com/events/bin...1450/MILive.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12556 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{2455DA7C-FB2A-4534-BBF9-D112BBF1A548}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL [2008-12-26 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-08-16 5751624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-18 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-18 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2007-12-03 352256]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2008-07-28 882416]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2008-08-16 5751624]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC []
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2005-04-01 794624]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"AHNSD"=C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe [2008-01-28 199368]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-02-01 1103240]
"mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2007-09-06 169264]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"lxdnmon.exe"=C:\Program Files\Lexmark 2600 Series\lxdnmon.exe [2008-03-27 660136]
"lxdnamon"=C:\Program Files\Lexmark 2600 Series\lxdnamon.exe [2008-03-27 16040]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2008-03-27 320168]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-18 136600]
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2005-02-02 102492]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-02-02 692316]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
""= []
"RoboForm"=C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2008-08-16 160592]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe /background []
"Aim6"=C:\Program Files\AIM6\aim6.exe [2008-10-21 50472]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-04-11 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent [tfile.ru]\utorrent.exe"="C:\Program Files\uTorrent [tfile.ru]\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\WINDOWS\network diagnostic\xpnetdiag.exe"="C:\WINDOWS\network diagnostic\xpnetdiag.exe:*:Enabled:Network Diagnostic for Windows XP"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\lxdncoms.exe"="C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:2600 Series Server"
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"="C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface"
"C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe"="C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: "
"C:\Program Files\Lexmark 2600 Series\frun.exe"="C:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Printing Application"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\Spyware Doctor\pctsGui.exe"="C:\Program Files\Spyware Doctor\pctsGui.exe:*:Enabled:pctsGui"
"C:\Program Files\Spyware Doctor\pctsTray.exe"="C:\Program Files\Spyware Doctor\pctsTray.exe:*:Enabled:pctsTray"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22741168-e7b7-11db-86e9-0014a52654ef}]
shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5089592e-a81d-11dc-af1a-0014a52654ef}]
shell\AutoRun\command - podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb3664ae-d6de-11dd-a374-0014a52654ef}]
shell\AutoRun\command - E:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2009-02-04 18:23:58 ----D---- C:\_OTMoveIt
2009-02-03 23:00:09 ----A---- C:\WINDOWS\gmer.ini
2009-02-03 23:00:02 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2009-02-03 23:00:01 ----A---- C:\WINDOWS\gmer.exe
2009-02-03 23:00:01 ----A---- C:\WINDOWS\gmer.dll
2009-02-03 22:50:38 ----D---- C:\rsit
2009-02-03 22:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2009-02-02 19:56:03 ----D---- C:\Documents and Settings\Zoy\Application Data\Malwarebytes
2009-02-02 19:54:53 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-02 19:54:50 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-31 20:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-01-31 20:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-01-31 20:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-01-31 20:10:38 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-01-31 20:09:29 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2009-01-31 20:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-01-31 20:08:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2009-01-31 20:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2009-01-31 20:07:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2009-01-31 20:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$
2009-01-31 20:05:55 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-01-31 20:05:06 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-01-31 20:04:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-01-31 20:04:00 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2009-01-31 20:02:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-31 20:02:37 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-01-31 20:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-01-31 20:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-01-31 20:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2009-01-31 20:00:41 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-01-31 20:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-01-31 20:00:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-01-31 19:59:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-01-31 14:08:20 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-01-31 13:38:06 ----D---- C:\WINDOWS\Prefetch
2009-01-31 13:15:19 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-01-31 12:54:57 ----A---- C:\WINDOWS\system32\irclass.dll
2009-01-31 12:54:56 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-01-30 15:12:56 ----A---- C:\WINDOWS\ModemLog_AC97 Data Fax SoftModem with SmartCP.txt
2009-01-20 16:45:09 ----D---- C:\Program Files\Trend Micro
2009-01-18 00:37:29 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-18 00:37:29 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-18 00:37:29 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-18 00:37:28 ----A---- C:\WINDOWS\system32\java.exe
2009-01-16 19:46:58 ----A---- C:\WINDOWS\system32\MRT.exe
2009-01-15 00:18:29 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$
2009-01-15 00:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2009-01-14 17:51:16 ----A---- C:\WINDOWS\system32\wpa.bak
2009-01-14 12:30:46 ----D---- C:\WINDOWS\setup.pss
2009-01-11 12:39:50 ----D---- C:\Program Files\Uniblue
2009-01-11 02:34:07 ----D---- C:\WINDOWS\system32\XPSViewer
2009-01-11 02:33:58 ----D---- C:\Program Files\MSBuild
2009-01-11 02:33:11 ----D---- C:\Program Files\Reference Assemblies
2009-01-11 02:29:43 ----A---- C:\WINDOWS\system32\prntvpt.dll
2009-01-11 02:29:42 ----A---- C:\WINDOWS\system32\xpsshhdr.dll
2009-01-11 02:29:41 ----A---- C:\WINDOWS\system32\xpssvcs.dll
2009-01-11 02:29:40 ----D---- C:\f45d8e39b3eaafcf033af29a88
2009-01-11 02:27:06 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-11 01:49:15 ----RHD---- C:\AHCache
2009-01-10 23:31:23 ----A---- C:\WINDOWS\UPGRADE.TXT
2009-01-10 02:17:19 ----A---- C:\WINDOWS\Crypkey.ini
2009-01-10 02:17:05 ----RA---- C:\WINDOWS\Setup_ck.exe
2009-01-10 02:17:05 ----A---- C:\WINDOWS\system32\Crypserv.exe
2009-01-10 02:17:05 ----A---- C:\WINDOWS\Setup_ck.dll
2009-01-10 02:17:05 ----A---- C:\WINDOWS\Ckrfresh.exe
2009-01-10 02:17:05 ----A---- C:\WINDOWS\Ckconfig.exe
2009-01-10 02:16:20 ----D---- C:\Program Files\Stellar Phoenix Windows Data Recovery
2009-01-10 00:36:08 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-09 20:22:28 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-09 20:22:28 ----D---- C:\Documents and Settings\Zoy\Application Data\SUPERAntiSpyware.com
2009-01-06 21:30:58 ----D---- C:\Documents and Settings\Zoy\Application Data\acccore
2009-01-06 20:49:33 ----D---- C:\Documents and Settings\All Users\Application Data\acccore
2009-01-06 20:46:17 ----D---- C:\Program Files\AIM6
2008-12-30 09:51:01 ----D---- C:\Documents and Settings\Zoy\Application Data\FaxCtr
2008-12-30 02:22:37 ----D---- C:\Documents and Settings\Zoy\Application Data\Lexmark Productivity Studio
2008-12-30 02:00:09 ----D---- C:\logs
2008-12-30 01:59:31 ----A---- C:\WINDOWS\system32\lxdnvs.dll
2008-12-30 01:59:24 ----A---- C:\WINDOWS\system32\lxdncoin.dll
2008-12-30 01:58:16 ----A---- C:\WINDOWS\system32\wiafbdrv.dll
2008-12-30 01:57:37 ----A---- C:\WINDOWS\system32\lxdndrs.dll
2008-12-30 01:57:37 ----A---- C:\WINDOWS\system32\lxdncaps.dll
2008-12-30 01:57:36 ----A---- C:\WINDOWS\system32\lxdncnv4.dll
2008-12-30 01:56:19 ----A---- C:\WINDOWS\system32\LXF3PMON.DLL
2008-12-30 01:56:19 ----A---- C:\WINDOWS\system32\LXF3FXPU.DLL
2008-12-30 01:55:58 ----A---- C:\WINDOWS\system32\lxf3oem.dll
2008-12-30 01:55:57 ----A---- C:\WINDOWS\system32\LXF3PMRC.DLL
2008-12-30 01:55:55 ----A---- C:\WINDOWS\system32\IMHOST32.DLL
2008-12-30 01:55:55 ----A---- C:\WINDOWS\system32\IMGMAN32.DLL
2008-12-30 01:55:44 ----D---- C:\Documents and Settings\All Users\Application Data\FaxCtr
2008-12-30 01:55:19 ----D---- C:\Program Files\Lexmark Fax Solutions
2008-12-30 01:54:25 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2008-12-30 01:52:10 ----A---- C:\WINDOWS\system32\lxdnwupd.exe
2008-12-30 01:52:10 ----A---- C:\WINDOWS\system32\lxdnwupd.dll
2008-12-30 01:52:08 ----A---- C:\WINDOWS\system32\lxdnrwrd.ini
2008-12-30 01:51:52 ----A---- C:\WINDOWS\system32\LXDNinst.dll
2008-12-30 01:51:51 ----A---- C:\WINDOWS\system32\lxdninpa.dll
2008-12-30 01:51:51 ----A---- C:\WINDOWS\system32\lxdniesc.dll
2008-12-30 01:51:51 ----A---- C:\WINDOWS\system32\LXDNhcp.dll
2008-12-30 01:51:50 ----A---- C:\WINDOWS\system32\lxdnutil.dll
2008-12-30 01:51:50 ----A---- C:\WINDOWS\system32\lxdnusb1.dll
2008-12-30 01:51:50 ----A---- C:\WINDOWS\system32\lxdnserv.dll
2008-12-30 01:51:49 ----A---- C:\WINDOWS\system32\lxdnprox.dll
2008-12-30 01:51:49 ----A---- C:\WINDOWS\system32\lxdnpmui.dll
2008-12-30 01:51:49 ----A---- C:\WINDOWS\system32\lxdnlmpm.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnjswr.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdninsr.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdninsb.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnins.dll
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnih.exe
2008-12-30 01:51:48 ----A---- C:\WINDOWS\system32\lxdnhbn3.dll
2008-12-30 01:51:47 ----A---- C:\WINDOWS\system32\lxdngrd.dll
2008-12-30 01:51:47 ----A---- C:\WINDOWS\system32\lxdngf.dll
2008-12-30 01:51:47 ----A---- C:\WINDOWS\system32\lxdncub.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncur.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncu.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncoms.exe
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncomm.dll
2008-12-30 01:51:46 ----A---- C:\WINDOWS\system32\lxdncomc.dll
2008-12-30 01:51:45 ----A---- C:\WINDOWS\system32\lxdncfg.exe
2008-12-30 01:51:45 ----A---- C:\WINDOWS\system32\LXDNcfg.dll
2008-12-30 01:51:31 ----D---- C:\Program Files\Lexmark 2600 Series
2008-12-28 14:48:05 ----D---- C:\Program Files\iTunes
2008-12-28 14:18:06 ----D---- C:\Program Files\Safari
2008-12-26 19:50:52 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-12-26 19:48:00 ----D---- C:\Program Files\Windows Sidebar
2008-12-26 19:47:59 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-12-26 19:47:00 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-12-26 19:46:59 ----D---- C:\Program Files\NortonInstaller
2008-12-18 18:55:14 ----D---- C:\WINDOWS\ie8updates
2008-12-05 00:21:54 ----D---- C:\spoolerlogs
2008-12-04 00:55:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series
2008-11-23 21:14:29 ----D---- C:\Program Files\Windows Live Toolbar
2008-11-23 21:14:25 ----D---- C:\Program Files\Windows Live Favorites
2008-11-23 21:02:22 ----SHDC---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-11-23 21:01:45 ----D---- C:\Program Files\Windows Live
2008-11-23 21:00:50 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller

======List of files/folders modified in the last 3 months======

2009-02-04 19:08:43 ----D---- C:\Program Files\Mozilla Firefox
2009-02-04 18:54:59 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-04 18:54:03 ----D---- C:\WINDOWS\Temp
2009-02-04 18:51:21 ----D---- C:\WINDOWS
2009-02-04 18:48:12 ----RD---- C:\Program Files
2009-02-04 18:48:12 ----D---- C:\WINDOWS\system32
2009-02-04 18:46:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-04 18:46:17 ----HD---- C:\WINDOWS\inf
2009-02-04 18:46:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-04 18:45:34 ----A---- C:\WINDOWS\imsins.BAK
2009-02-04 18:24:24 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-04 18:19:27 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-04 18:00:57 ----D---- C:\Program Files\Spyware Doctor
2009-02-04 13:34:26 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-03 23:00:02 ----D---- C:\WINDOWS\system32\drivers
2009-02-03 22:02:57 ----D---- C:\WINDOWS\Help
2009-02-03 22:02:57 ----D---- C:\Program Files\Internet Explorer
2009-02-03 21:55:45 ----SHD---- C:\RECYCLER
2009-02-03 16:21:44 ----HDC---- C:\WINDOWS\ie7
2009-02-03 15:57:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-02-03 15:33:00 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2009-02-03 15:10:49 ----SHD---- C:\WINDOWS\Installer
2009-02-03 15:10:24 ----HD---- C:\Config.Msi
2009-02-01 12:22:14 ----D---- C:\Documents and Settings
2009-02-01 12:10:00 ----A---- C:\WINDOWS\OEWABLog.txt
2009-02-01 02:00:49 ----D---- C:\Documents and Settings\Zoy\Application Data\uTorrent
2009-01-31 20:12:47 ----D---- C:\WINDOWS\security
2009-01-31 20:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB901190$
2009-01-31 13:45:45 ----D---- C:\WINDOWS\Registration
2009-01-31 13:43:48 ----A---- C:\WINDOWS\setuplog.txt
2009-01-31 13:43:12 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-31 13:42:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-01-31 13:38:46 ----SHD---- C:\System Volume Information
2009-01-31 13:38:46 ----D---- C:\WINDOWS\system32\Restore
2009-01-31 13:37:05 ----D---- C:\WINDOWS\system32\config
2009-01-31 13:29:25 ----D---- C:\WINDOWS\repair
2009-01-31 13:22:02 ----D---- C:\Program Files\Windows Media Player
2009-01-31 13:18:48 ----A---- C:\WINDOWS\ODBCINST.INI
2009-01-31 13:16:25 ----D---- C:\WINDOWS\system32\ias
2009-01-31 13:15:24 ----RD---- C:\WINDOWS\Web
2009-01-31 13:14:56 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-01-31 13:14:14 ----A---- C:\WINDOWS\win.ini
2009-01-31 13:14:03 ----D---- C:\WINDOWS\system32\oobe
2009-01-31 13:13:08 ----D---- C:\WINDOWS\system32\Com
2009-01-31 12:55:10 ----A---- C:\WINDOWS\SYSTEM.INI
2009-01-31 12:54:40 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-01-31 07:30:52 ----D---- C:\WINDOWS\system
2009-01-31 07:30:51 ----D---- C:\WINDOWS\system32\Setup
2009-01-31 07:30:37 ----D---- C:\WINDOWS\system32\usmt
2009-01-31 07:30:25 ----D---- C:\WINDOWS\AppPatch
2009-01-31 07:30:22 ----D---- C:\WINDOWS\ime
2009-01-31 07:30:20 ----RSD---- C:\WINDOWS\Fonts
2009-01-31 07:30:19 ----D---- C:\WINDOWS\Media
2009-01-31 07:30:15 ----D---- C:\WINDOWS\system32\wbem
2009-01-31 07:30:03 ----D---- C:\WINDOWS\PeerNet
2009-01-31 07:29:42 ----D---- C:\WINDOWS\system32\npp
2009-01-31 07:29:33 ----D---- C:\WINDOWS\msagent
2009-01-31 07:25:14 ----D---- C:\WINDOWS\twain_32
2009-01-31 07:24:19 ----D---- C:\WINDOWS\system32\icsxml
2009-01-31 07:23:22 ----D---- C:\WINDOWS\system32\1033
2009-01-31 07:21:39 ----D---- C:\WINDOWS\Driver Cache
2009-01-30 14:50:35 ----D---- C:\WINDOWS\srchasst
2009-01-30 14:50:20 ----D---- C:\Program Files\Movie Maker
2009-01-30 14:50:02 ----D---- C:\Program Files\NetMeeting
2009-01-30 14:49:54 ----D---- C:\Program Files\Outlook Express
2009-01-30 14:49:54 ----D---- C:\Program Files\Common Files\System
2009-01-30 14:46:53 ----D---- C:\Program Files\Windows NT
2009-01-30 12:41:41 ----SH---- C:\boot.ini
2009-01-30 12:16:52 ----D---- C:\Documents and Settings\Zoy\Application Data\U3
2009-01-28 11:04:00 ----A---- C:\DTSHDSpOut.txt
2009-01-18 01:30:51 ----D---- C:\Program Files\Messenger
2009-01-18 00:57:34 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-18 00:50:46 ----D---- C:\WINDOWS\EHome
2009-01-18 00:34:53 ----D---- C:\Program Files\Java
2009-01-17 14:17:24 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-17 00:01:08 ----D---- C:\WINDOWS\ie7updates
2009-01-14 07:53:58 ----D---- C:\WINDOWS\WinSxS
2009-01-11 16:54:38 ----D---- C:\Program Files\Google
2009-01-11 13:32:57 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-11 13:28:05 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-11 13:06:22 ----SD---- C:\WINDOWS\Tasks
2009-01-11 13:00:53 ----D---- C:\Documents and Settings\Zoy\Application Data\Uniblue
2009-01-11 12:24:38 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-11 12:24:36 ----RSD---- C:\WINDOWS\assembly
2009-01-11 02:34:00 ----D---- C:\WINDOWS\system32\en-US
2009-01-11 02:31:59 ----D---- C:\WINDOWS\system32\spool
2009-01-10 00:45:06 ----D---- C:\WINDOWS\network diagnostic
2009-01-09 20:21:07 ----D---- C:\Program Files\Common Files
2009-01-06 21:11:58 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-01-06 20:47:12 ----D---- C:\Program Files\Common Files\AOL
2009-01-01 23:05:39 ----D---- C:\Documents and Settings\Zoy\Application Data\Apple Computer
2008-12-30 03:22:30 ----SD---- C:\Documents and Settings\Zoy\Application Data\Microsoft
2008-12-28 14:48:24 ----D---- C:\Program Files\iPod
2008-12-28 14:48:23 ----D---- C:\Program Files\Common Files\Apple
2008-12-28 14:38:03 ----D---- C:\Program Files\QuickTime
2008-12-26 20:00:33 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-12-26 19:54:16 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-12-26 19:50:53 ----D---- C:\Program Files\Symantec
2008-12-26 19:48:00 ----D---- C:\Program Files\Norton AntiVirus
2008-12-26 19:34:49 ----A---- C:\caisslog.txt
2008-12-26 19:28:34 ----D---- C:\WINDOWS\CAVTemp
2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 18:53:03 ----D---- C:\Program Files\Yahoo!
2008-12-09 18:52:39 ----RHD---- C:\Documents and Settings\All Users\Application Data\yahoo!
2008-11-23 21:14:25 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-23 21:14:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-11-23 21:13:05 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-11-21 14:25:46 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-11-09 21:28:26 ----D---- C:\Documents and Settings\Zoy\Application Data\Mozilla
2008-11-09 19:36:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-09 18:12:35 ----D---- C:\Documents and Settings\Zoy\Application Data\Adobe
2008-11-09 02:20:41 ----D---- C:\Temp
2008-11-08 10:56:45 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-08-11 39424]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-11 255536]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NAV\1002000.007\ccHPx86.sys [2008-12-26 362544]
R1 eabfiltr;EABFiltr; \??\C:\WINDOWS\system32\drivers\EABFiltr.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090129.005\IDSxpx86.sys []
R1 IkSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2007-12-10 66952]
R1 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2007-12-10 81288]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2008-03-17 19584]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSP.SYS [2008-12-11 306736]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\System32\Drivers\NAV\1002000.007\SRTSPX.SYS [2008-12-11 43696]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMTDI.SYS [2008-12-11 198192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-04-11 1035264]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-03-10 371712]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-12-15 1038208]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2004-12-15 200192]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2007-02-06 25632]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090204.021\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090204.021\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2005-03-03 74496]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 SYMDNS;SYMDNS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS [2008-12-11 12976]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMFW.SYS [2008-12-11 89904]
R3 SYMIDS;SYMIDS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMIDS.SYS [2008-12-11 34608]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
R3 SYMNDIS;SYMNDIS; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMNDIS.SYS [2008-12-11 37424]
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS [2008-12-11 24624]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-02-02 191456]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-03-16 159488]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-12-15 703232]
S3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
S3 eabusb;eabusb; \??\C:\WINDOWS\system32\drivers\eabusb.sys []
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2007-02-03 22560]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-03 85969]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
S3 LVcKap;Logitech AEC Driver; C:\WINDOWS\system32\DRIVERS\LVcKap.sys [2007-02-06 1691808]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys [2007-02-06 1964064]
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2007-02-03 1507232]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2007-02-03 41504]
S3 LVUVC;QuickCam for Notebooks Deluxe(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2007-02-03 1939360]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-11-01 16694]
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-12-11 36272]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AhnLab Task Scheduler;AhnLab Task Scheduler; C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe [2008-01-28 174792]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-04-11 360448]
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-09-02 198336]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-07 122880]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-18 152984]
R2 LVPrcSrv;Process Monitor; c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2007-02-06 109344]
R2 lxdn_device;lxdn_device; C:\WINDOWS\system32\lxdncoms.exe [2008-02-27 594600]
R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2007-09-28 156976]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe [2008-12-11 115560]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-02-01 747912]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-02-01 948616]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 hpqwmi;HP WMI Interface; C:\Program Files\HPQ\shared\hpqwmi.exe [2005-03-04 98304]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon []
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-02-06 105248]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-04-09 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-24 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2006-09-02 2528960]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 04 February 2009 - 11:00 PM

Hello
You are super fast
Thank you


It just happen I was in front of computer during that time :thumbup2:



Looks good to me.. Lets do an online scan to make sure we don't miss any...


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 05 February 2009 - 08:06 PM

Hello Thank you for your fast and helpful replies
Oops Im not able to open Internet Explorer :thumbup2:

#12 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 05 February 2009 - 11:08 PM

Click on icon and nothing...

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:11:06 PM

Posted 06 February 2009 - 03:41 AM

Lets do this first...


Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 06 February 2009 - 05:55 PM

1.ComboFix log

ComboFix 09-02-06.01 - Zoy 2009-02-06 17:23:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.45 [GMT -5:00]
Running from: c:\documents and settings\Zoy\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
AV: Panda Antivirus Platinum 7 *On-access scanning disabled* (Updated)
FW: Panda Antivirus Platinum 7 *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))
.

2009-02-06 15:42 . 2009-02-06 15:42 <DIR> d-------- c:\windows\LastGood
2009-02-06 15:20 . 2009-02-06 15:23 <DIR> d-------- c:\windows\LastGood.Tmp
2009-02-04 18:23 . 2009-02-04 18:23 <DIR> d-------- C:\_OTMoveIt
2009-02-03 23:00 . 2009-02-03 23:00 250 --a------ c:\windows\gmer.ini
2009-02-03 22:50 . 2009-02-03 22:52 <DIR> d-------- C:\rsit
2009-02-03 16:26 . 2008-10-16 15:38 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2009-02-03 16:26 . 2007-04-17 04:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2009-02-03 16:26 . 2007-03-08 00:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-03 16:26 . 2008-10-16 15:38 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll
2009-02-03 16:26 . 2008-10-16 15:38 383,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dll
2009-02-03 16:26 . 2008-10-16 15:38 267,776 -----c--- c:\windows\system32\dllcache\iertutil.dll
2009-02-03 16:26 . 2008-10-16 15:38 63,488 -----c--- c:\windows\system32\dllcache\icardie.dll
2009-02-03 16:26 . 2008-10-16 15:38 52,224 -----c--- c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-03 16:26 . 2008-10-16 08:11 13,824 -----c--- c:\windows\system32\dllcache\ieudinit.exe
2009-02-02 19:56 . 2009-02-02 19:56 <DIR> d-------- c:\documents and settings\Zoy\Application Data\Malwarebytes
2009-02-02 19:55 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-02 19:54 . 2009-02-02 19:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-02 19:54 . 2009-02-02 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-02 19:54 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-31 15:40 . 2008-04-13 19:12 1,306,624 -----c--- c:\windows\system32\dllcache\msxml6.dll
2009-01-31 15:40 . 2008-04-13 12:27 79,872 -----c--- c:\windows\system32\dllcache\msxml6r.dll
2009-01-31 15:38 . 2006-12-28 14:01 19,569 --a------ c:\windows\003090_.tmp
2009-01-31 13:28 . 2004-08-04 07:00 48,256 --a--c--- c:\windows\system32\dllcache\w32.dll
2009-01-31 13:28 . 2004-08-04 07:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll
2009-01-31 13:28 . 2004-08-04 07:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys
2009-01-31 13:26 . 2008-04-13 19:11 482,304 --a--c--- c:\windows\system32\dllcache\pintlgnt.ime
2009-01-31 13:26 . 2004-08-04 07:00 131,584 --a--c--- c:\windows\system32\dllcache\pmxviceo.dll
2009-01-31 13:26 . 2008-04-13 11:43 70,144 --a--c--- c:\windows\system32\dllcache\pintlphr.exe
2009-01-31 13:26 . 2008-04-13 19:10 67,584 --a--c--- c:\windows\system32\dllcache\pmigrate.dll
2009-01-31 13:26 . 2001-08-17 22:36 38,912 --a--c--- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2009-01-31 13:26 . 2004-08-04 07:00 16,384 --a--c--- c:\windows\system32\dllcache\quser.exe
2009-01-31 13:26 . 2004-08-04 07:00 11,264 --a--c--- c:\windows\system32\dllcache\pmxmcro.dll
2009-01-31 13:26 . 2004-08-04 07:00 9,728 --a--c--- c:\windows\system32\dllcache\query.exe
2009-01-31 13:26 . 2004-08-04 07:00 6,144 --a--c--- c:\windows\system32\dllcache\pmxgl.dll
2009-01-31 13:25 . 2004-08-04 07:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-01-31 13:25 . 2004-08-04 07:00 92,416 --a--c--- c:\windows\system32\dllcache\mga.sys
2009-01-31 13:25 . 2004-08-04 07:00 92,032 --a--c--- c:\windows\system32\dllcache\mga.dll
2009-01-31 13:25 . 2001-08-17 22:36 65,536 --a--c--- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2009-01-31 13:25 . 2004-08-04 07:00 59,392 --a--c--- c:\windows\system32\dllcache\imscinst.exe
2009-01-31 13:25 . 2004-08-04 07:00 18,432 --a--c--- c:\windows\system32\dllcache\jupiw.dll
2009-01-31 13:23 . 2004-08-04 07:00 187,938 --a--c--- c:\windows\system32\dllcache\c_20005.nls
2009-01-31 13:15 . 2009-01-31 13:15 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-01-31 13:14 . 2004-08-04 07:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-01-31 13:14 . 2009-01-31 13:14 749 -rah----- c:\windows\WindowsShell.Manifest
2009-01-31 13:14 . 2009-01-31 13:14 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-31 13:14 . 2009-01-31 13:14 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-01-31 13:14 . 2009-01-31 13:14 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-01-31 12:54 . 2004-08-04 07:00 1,042,903 --a--c--- c:\windows\system32\dllcache\SP2.CAT
2009-01-31 12:54 . 2004-08-04 07:00 797,189 --a--c--- c:\windows\system32\dllcache\NT5IIS.CAT
2009-01-31 12:54 . 2004-08-04 07:00 399,645 --a--c--- c:\windows\system32\dllcache\MAPIMIG.CAT
2009-01-31 12:54 . 2004-08-04 07:00 37,484 --a--c--- c:\windows\system32\dllcache\MW770.CAT
2009-01-31 12:54 . 2004-08-04 07:00 24,661 --a------ c:\windows\system32\spxcoins.dll
2009-01-31 12:54 . 2004-08-04 07:00 24,661 --a--c--- c:\windows\system32\dllcache\spxcoins.dll
2009-01-31 12:54 . 2004-08-04 07:00 13,472 --a--c--- c:\windows\system32\dllcache\HPCRDP.CAT
2009-01-31 12:54 . 2004-08-04 07:00 13,312 --a------ c:\windows\system32\irclass.dll
2009-01-31 12:54 . 2004-08-04 07:00 13,312 --a--c--- c:\windows\system32\dllcache\irclass.dll
2009-01-31 12:54 . 2004-08-04 07:00 8,574 --a--c--- c:\windows\system32\dllcache\IASNT4.CAT
2009-01-31 12:54 . 2002-05-28 12:54 7,029 --a--c--- c:\windows\system32\dllcache\OEMBIOS.CAT
2009-01-30 14:26 . 2009-01-30 15:11 383,685 --a------ c:\windows\setupapi.old
2009-01-20 16:45 . 2009-01-20 16:45 <DIR> d-------- c:\program files\Trend Micro
2009-01-20 15:01 . 2009-01-20 15:01 6,144 --ahs---- c:\windows\system32\Thumbs.db
2009-01-18 00:37 . 2009-01-18 00:35 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-14 17:51 . 2009-01-14 17:51 13,646 --a------ c:\windows\system32\wpa.bak
2009-01-11 12:39 . 2009-01-11 12:39 <DIR> d-------- c:\program files\Uniblue
2009-01-11 02:34 . 2009-01-11 02:34 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-11 02:33 . 2009-01-11 02:33 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-11 02:33 . 2009-01-11 02:33 <DIR> d-------- c:\program files\MSBuild
2009-01-11 02:29 . 2009-01-11 02:32 <DIR> d-------- C:\f45d8e39b3eaafcf033af29a88
2009-01-11 02:29 . 2008-07-06 07:06 1,676,288 --a------ c:\windows\system32\xpssvcs.dll
2009-01-11 02:29 . 2008-07-06 07:06 575,488 --a------ c:\windows\system32\xpsshhdr.dll
2009-01-11 02:29 . 2008-07-06 07:06 117,760 --a------ c:\windows\system32\prntvpt.dll
2009-01-11 02:27 . 2009-01-11 12:00 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-11 01:49 . 2009-01-11 01:49 <DIR> dr-h----- C:\AHCache
2009-01-10 02:18 . 2009-01-10 02:18 <DIR> d-------- c:\documents and settings\All Users\CrypKey
2009-01-10 02:18 . 2009-01-10 02:18 4 --a------ c:\windows\vx86036.dat
2009-01-10 02:17 . 1999-06-18 15:49 165,888 --a------ c:\windows\Ckconfig.exe
2009-01-10 02:17 . 2008-05-07 18:29 122,880 --a------ c:\windows\system32\Crypserv.exe
2009-01-10 02:17 . 1996-05-03 11:21 27,648 -ra------ c:\windows\Setup_ck.exe
2009-01-10 02:17 . 2008-03-17 11:45 19,584 --a------ c:\windows\system32\Ckldrv.sys
2009-01-10 02:17 . 1996-05-03 09:36 18,432 --a------ c:\windows\Setup_ck.dll
2009-01-10 02:17 . 1995-07-04 12:33 11,776 --a------ c:\windows\Ckrfresh.exe
2009-01-10 02:17 . 2009-01-10 02:18 1,680 --a------ c:\windows\system32\esnecil.nlp
2009-01-10 02:17 . 2009-01-10 12:14 1,680 --a------ c:\windows\system32\esnecil.ind
2009-01-10 02:17 . 2009-01-10 02:17 71 --a------ c:\windows\Crypkey.ini
2009-01-10 02:16 . 2009-01-11 01:45 <DIR> d-------- c:\program files\Stellar Phoenix Windows Data Recovery
2009-01-09 20:22 . 2009-01-10 01:02 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-09 20:22 . 2009-01-09 20:22 <DIR> d-------- c:\documents and settings\Zoy\Application Data\SUPERAntiSpyware.com
2009-01-06 21:30 . 2009-01-06 21:31 <DIR> d-------- c:\documents and settings\Zoy\Application Data\acccore
2009-01-06 20:49 . 2009-01-06 20:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\acccore
2009-01-06 20:46 . 2009-01-06 21:28 <DIR> d-------- c:\program files\AIM6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-06 22:32 --------- d-----w c:\documents and settings\Zoy\Application Data\uTorrent
2009-02-06 22:02 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-06 18:57 --------- d-----w c:\program files\Spyware Doctor
2009-02-04 22:52 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-01-30 17:16 --------- d-----w c:\documents and settings\Zoy\Application Data\U3
2009-01-18 05:34 --------- d-----w c:\program files\Java
2009-01-11 21:54 --------- d-----w c:\program files\Google
2009-01-11 18:00 --------- d-----w c:\documents and settings\Zoy\Application Data\Uniblue
2009-01-07 01:47 --------- d-----w c:\program files\Common Files\AOL
2009-01-02 04:05 --------- d-----w c:\documents and settings\Zoy\Application Data\Apple Computer
2009-01-01 05:30 --------- d-----w c:\documents and settings\Zoy\Application Data\FaxCtr
2008-12-30 06:57 --------- d-----w c:\program files\Lexmark Fax Solutions
2008-12-30 06:57 --------- d-----w c:\program files\Lexmark 2600 Series
2008-12-30 06:55 --------- d-----w c:\program files\Abbyy FineReader 6.0 Sprint
2008-12-30 06:55 --------- d-----w c:\documents and settings\All Users\Application Data\FaxCtr
2008-12-28 19:49 --------- d-----w c:\program files\iTunes
2008-12-28 19:48 --------- d-----w c:\program files\iPod
2008-12-28 19:48 --------- d-----w c:\program files\Common Files\Apple
2008-12-28 19:38 --------- d-----w c:\program files\QuickTime
2008-12-28 19:18 --------- d-----w c:\program files\Safari
2008-12-27 01:00 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-27 00:54 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-27 00:52 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2008-12-27 00:50 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2008-12-27 00:50 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2008-12-27 00:50 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2008-12-27 00:50 --------- d-----w c:\program files\Symantec
2008-12-27 00:48 --------- d-----w c:\program files\Windows Sidebar
2008-12-27 00:48 --------- d-----w c:\program files\Norton AntiVirus
2008-12-27 00:47 --------- d-----w c:\program files\NortonInstaller
2008-12-27 00:47 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2008-12-12 03:08 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys
2008-12-09 23:59 --------- d-----w c:\program files\Windows Live
2008-12-09 23:53 --------- d-----w c:\program files\Yahoo!
2008-12-09 23:52 --------- d--h--r c:\documents and settings\All Users\Application Data\yahoo!
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-08-16 160592]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-01 794624]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"AHNSD"="c:\program files\AhnLab\Smart Update Utility\AhnSD.exe" [2008-01-28 199368]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-02-01 1103240]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2007-09-06 169264]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"lxdnmon.exe"="c:\program files\Lexmark 2600 Series\lxdnmon.exe" [2008-03-27 660136]
"lxdnamon"="c:\program files\Lexmark 2600 Series\lxdnamon.exe" [2008-03-27 16040]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2008-03-27 320168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-18 136600]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-09-08 67128]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent [tfile.ru]\\utorrent.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\Diagnostics\\LXDNdiag.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\frun.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsGui.exe"=
"c:\\Program Files\\Spyware Doctor\\pctsTray.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NAV\1002000.007\SYMEFA.SYS [?]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1002000.007\BHDrvx86.sys [2008-12-27 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1002000.007\cchpx86.sys [2008-12-27 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090129.005\IDSxpx86.sys [2009-01-29 276344]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-26 99376]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2007-04-09 200192]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - AhnLab Task Scheduler
*Deregistered* - ALG
*Deregistered* - Apple Mobile Device
*Deregistered* - Ati HotKey Poller
*Deregistered* - AudioSrv
*Deregistered* - Automatic LiveUpdate Scheduler
*Deregistered* - BITS
*Deregistered* - Bonjour Service
*Deregistered* - Browser
*Deregistered* - Crypkey License
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - helpsvc
*Deregistered* - hpqwmi
*Deregistered* - ImapiService
*Deregistered* - iPod Service
*Deregistered* - JavaQuickStarterService
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LiveUpdate
*Deregistered* - LmHosts
*Deregistered* - LVPrcSrv
*Deregistered* - LVSrvLauncher
*Deregistered* - lxdn_device
*Deregistered* - Maxtor Sync Service
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Norton AntiVirus
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - sdAuxService
*Deregistered* - sdCoreService
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22741168-e7b7-11db-86e9-0014a52654ef}]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5089592e-a81d-11dc-af1a-0014a52654ef}]
\Shell\AutoRun\command - podcastready.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb3664ae-d6de-11dd-a374-0014a52654ef}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

2009-02-06 c:\windows\Tasks\User_Feed_Synchronization-{2455DA7C-FB2A-4534-BBF9-D112BBF1A548}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 02:05]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1450/MILive.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-06 17:32:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1801674531-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-02-06 17:43:27
ComboFix-quarantined-files.txt 2009-02-06 22:43:13

Pre-Run: 33,826,496,512 bytes free
Post-Run: 33,996,988,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Setup"

344 --- E O F --- 2009-02-06 20:21:22

#15 zoita

zoita
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 06 February 2009 - 05:57 PM

2.Fresh HijackThis log Thank you!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:51:04 PM, on 2/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 2600 Series\lxdnmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lexmark 2600 Series\lxdnMsdMon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\uTorrent [tfile.ru]\utorrent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AHNSD] "C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [lxdnmon.exe] "C:\Program Files\Lexmark 2600 Series\lxdnmon.exe"
O4 - HKLM\..\Run: [lxdnamon] "C:\Program Files\Lexmark 2600 Series\lxdnamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} - http://rms2.invokesolutions.com/events/bin...1450/MILive.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AhnLab Task Scheduler - AhnLab, Inc. - C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\shared\hpqwmi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 12197 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users