Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

VUNDO CRAPPO

Started by tonelab77 , Oct 28 2008 07:18 PM

Please log in to reply

#1
tonelab77

Posted 28 October 2008 - 07:18 PM

New Member

Member
6 posts

Please help. Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:04:10 PM, on 10/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\FirefoxPortable\FirefoxPortable.exe
C:\Program Files\FirefoxPortable\App\firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\SlySoft\CloneCD\CloneCD.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\logon.scr
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: uTorrent.exe.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: tmyxrg.dll nkwfcp.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

--
End of file - 8980 bytes

#2
kahdah

Posted 29 October 2008 - 04:23 AM

GeekU Teacher

Retired Staff
15,822 posts

Hello tonelab77

Welcome to G2Go.

=====================

Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

#3
tonelab77

Posted 29 October 2008 - 07:52 AM

New Member

Topic Starter
Member
6 posts

Logfile of random's system information tool 1.04 (written by random/random)
Run by Pinga at 2008-10-29 06:49:30
Microsoft Windows XP Professional Service Pack 2
System drive C: has 284 GB (40%) free of 715 GB
Total RAM: 1023 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:40 AM, on 10/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\FirefoxPortable\FirefoxPortable.exe
C:\Program Files\FirefoxPortable\App\firefox\firefox.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\system32\logonui.exe
C:\Documents and Settings\Pinga\Desktop\RSIT.exe
C:\Program Files\HijackThis\Pinga.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5CE4AC3B-CCEE-4AC9-87ED-5C31036EE99F} - C:\WINDOWS\system32\nnnOGVNF.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\yayvUNde.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: uTorrent.exe.lnk = C:\Program Files\uTorrent\uTorrent.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: tmyxrg.dll
O23 - Service: Norton2009 Reset (.norton2009Reset) - Unknown owner - C:\Program Files\Norton2009Reset.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COM+ Component Service (COMCSVC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)
O23 - Service: COM+ System Service (COMSS) - Unknown owner - C:\WINDOWS\system32\SSMS.EXE (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network DDE Connections (NETDDEC) - Unknown owner - C:\WINDOWS\system32\winmgnt.exe (file missing)
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe

--
End of file - 9789 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2006-05-10 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CE4AC3B-CCEE-4AC9-87ED-5C31036EE99F}]
C:\WINDOWS\system32\nnnOGVNF.dll [2008-10-24 243712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-20 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-20 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2004-07-29 190616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD417378-F411-4B77-BBEE-4893BB670D4C}]
C:\WINDOWS\system32\yayvUNde.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2006-05-10 131072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-20 144792]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"ProfilerU"=C:\Program Files\Saitek\SD6\Software\ProfilerU.exe [2007-10-02 233472]
"SaiMfd"=C:\Program Files\Saitek\SD6\Software\SaiMfd.exe [2007-10-02 131072]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Google Update"=C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 133104]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2005-05-19 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 820 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S0EIC1.EXE [2002-04-10 74240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe [2003-03-04 86100]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-09-07 25214]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
uTorrent.exe.lnk - C:\Program Files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="tmyxrg.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{FD417378-F411-4B77-BBEE-4893BB670D4C}"=C:\WINDOWS\system32\yayvUNde.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\mirc.exe"="C:\WINDOWS\system32\mirc.exe:*:Enabled:mIRC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 1 months======

2008-10-29 06:49:30 ----D---- C:\rsit
2008-10-28 17:59:58 ----D---- C:\Program Files\HijackThis
2008-10-28 17:54:16 ----D---- C:\Lop SD
2008-10-28 10:32:33 ----SH---- C:\WINDOWS\system32\fcwtshno.ini
2008-10-28 10:32:28 ----A---- C:\WINDOWS\system32\onhstwcf.dll
2008-10-28 10:29:29 ----A---- C:\WINDOWS\system32\nkwfcp.dll
2008-10-28 10:29:28 ----A---- C:\WINDOWS\system32\wyxkejgu.dll
2008-10-27 10:31:01 ----A---- C:\WINDOWS\system32\tmyxrg.dll
2008-10-27 10:30:58 ----A---- C:\WINDOWS\system32\tcpanrep.dll
2008-10-27 10:30:54 ----SH---- C:\WINDOWS\system32\tvuaqcxn.ini
2008-10-27 10:30:47 ----A---- C:\WINDOWS\system32\nxcqauvt.dll
2008-10-26 10:49:19 ----A---- C:\WINDOWS\wininit.ini
2008-10-26 10:29:17 ----ASH---- C:\WINDOWS\system32\hcepbork.ini
2008-10-26 10:27:43 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-26 10:27:42 ----D---- C:\Program Files\Symantec
2008-10-26 10:27:42 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-26 10:25:54 ----D---- C:\Program Files\Windows Sidebar
2008-10-26 10:25:54 ----D---- C:\Program Files\Norton AntiVirus
2008-10-26 10:25:51 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-26 10:25:14 ----D---- C:\Program Files\NortonInstaller
2008-10-26 10:25:14 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 09:56:36 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-10-26 09:56:36 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 09:53:39 ----D---- C:\Program Files\Lavasoft
2008-10-25 10:35:11 ----ASH---- C:\WINDOWS\system32\hdjrfqex.ini
2008-10-25 10:29:11 ----A---- C:\WINDOWS\system32\kdvzqb.dll
2008-10-25 10:29:08 ----A---- C:\WINDOWS\system32\ahptksla.dll
2008-10-25 01:43:34 ----A---- C:\WINDOWS\system32\pvognx(2).dll
2008-10-24 18:48:04 ----A---- C:\WINDOWS\system32\27256083-.txt
2008-10-24 18:47:45 ----ASH---- C:\WINDOWS\system32\FNVGOnnn.ini2
2008-10-24 18:47:45 ----ASH---- C:\WINDOWS\system32\FNVGOnnn.ini
2008-10-24 18:47:38 ----A---- C:\WINDOWS\system32\nnnOGVNF.dll
2008-10-17 17:31:57 ----D---- C:\WINDOWS\system32\Silabs
2008-10-17 17:31:57 ----D---- C:\Program Files\DIFX
2008-10-17 17:31:55 ----D---- C:\Program Files\XIM 360
2008-10-17 16:46:01 ----A---- C:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-10-17 16:45:56 ----D---- C:\Program Files\Microsoft Xbox 360 Accessories
2008-10-17 16:45:52 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-10-17 13:19:22 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-10-17 13:14:57 ----D---- C:\Documents and Settings\All Users\Application Data\Saitek
2008-10-17 13:14:56 ----D---- C:\Program Files\Saitek
2008-10-17 13:10:55 ----A---- C:\WINDOWS\system32\BtCoreIf.dll
2008-10-17 13:10:28 ----D---- C:\Program Files\Common Files\Logishrd
2008-10-17 13:04:27 ----D---- C:\Documents and Settings\Pinga\Application Data\Logitech
2008-10-17 13:04:16 ----D---- C:\Documents and Settings\Pinga\Application Data\Leadertech
2008-10-17 13:04:15 ----D---- C:\Program Files\Common Files\LogiShared
2008-10-17 13:03:45 ----HDC---- C:\WINDOWS\$NtUninstallWdf01005$
2008-10-17 13:02:57 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-17 13:02:52 ----A---- C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-10-17 13:02:52 ----A---- C:\WINDOWS\KHALMNPR.Exe
2008-10-17 13:02:35 ----A---- C:\WINDOWS\system32\KemXML.dll
2008-10-17 13:02:35 ----A---- C:\WINDOWS\system32\KemWnd.dll
2008-10-17 13:02:35 ----A---- C:\WINDOWS\system32\KemUtil.dll
2008-10-17 13:02:35 ----A---- C:\WINDOWS\system32\kemutb.dll
2008-10-17 13:02:24 ----D---- C:\Program Files\Common Files\Logitech
2008-10-17 13:02:18 ----D---- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-17 13:02:14 ----D---- C:\Program Files\Logitech
2008-10-17 13:02:09 ----D---- C:\Documents and Settings\Pinga\Application Data\InstallShield
2008-10-17 13:01:50 ----D---- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-16 15:40:59 ----D---- C:\Program Files\AltBinz
2008-10-16 15:03:01 ----D---- C:\Documents and Settings\Pinga\Application Data\SuperNZB
2008-10-16 15:02:05 ----D---- C:\Program Files\SuperNZB
2008-10-16 14:53:45 ----D---- C:\WINDOWS\system32\sounds
2008-10-16 14:53:45 ----D---- C:\WINDOWS\system32\logs
2008-10-16 14:53:45 ----D---- C:\WINDOWS\system32\download
2008-10-16 14:53:45 ----D---- C:\WINDOWS\system32\channels
2008-10-13 22:12:23 ----D---- C:\Program Files\ImgBurn
2008-10-12 16:56:11 ----A---- C:\WINDOWS\system32\wmpns.dll
2008-10-12 14:39:38 ----D---- C:\Program Files\iPod
2008-10-12 14:39:37 ----D---- C:\Program Files\iTunes
2008-10-12 14:39:37 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 14:23:10 ----D---- C:\Program Files\Safari
2008-10-11 17:15:17 ----D---- C:\Program Files\uTorrent

======List of files/folders modified in the last 1 months======

2008-10-29 06:49:32 ----D---- C:\WINDOWS\Prefetch
2008-10-29 06:49:21 ----D---- C:\Documents and Settings\Pinga\Application Data\uTorrent
2008-10-29 06:47:11 ----D---- C:\WINDOWS\Temp
2008-10-28 23:44:39 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-28 19:52:44 ----D---- C:\Documents and Settings\Pinga\Application Data\Mozilla
2008-10-28 19:44:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-28 17:59:58 ----RD---- C:\Program Files
2008-10-28 10:32:37 ----D---- C:\WINDOWS\system32
2008-10-27 11:45:06 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-27 11:45:06 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-27 11:45:04 ----HD---- C:\WINDOWS\inf
2008-10-26 12:36:25 ----SHD---- C:\WINDOWS\Installer
2008-10-26 12:36:09 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-26 12:36:09 ----D---- C:\WINDOWS\pchealth
2008-10-26 10:54:21 ----D---- C:\WINDOWS
2008-10-26 10:51:25 ----A---- C:\WINDOWS\system32\es32.dll
2008-10-26 10:29:07 ----SHD---- C:\System Volume Information
2008-10-26 10:28:16 ----AD---- C:\WINDOWS\system32\drivers
2008-10-26 10:27:42 ----D---- C:\Program Files\Common Files
2008-10-26 10:03:49 ----A---- C:\WINDOWS\CDRip.INI
2008-10-26 10:03:48 ----A---- C:\WINDOWS\CDPlayer.ini
2008-10-25 23:24:06 ----A---- C:\WINDOWS\NeroDigital.ini
2008-10-25 10:24:55 ----D---- C:\WINDOWS\system32\config
2008-10-25 10:24:51 ----D---- C:\WINDOWS\system32\wbem
2008-10-25 10:24:50 ----D---- C:\WINDOWS\Registration
2008-10-25 10:24:13 ----D---- C:\WINDOWS\system32\Restore
2008-10-24 18:29:35 ----D---- C:\Documents and Settings\Pinga\Application Data\Apple Computer
2008-10-17 18:32:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-17 17:31:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-10-17 16:45:54 ----D---- C:\WINDOWS\system32\DirectX
2008-10-17 13:33:45 ----SD---- C:\Documents and Settings\Pinga\Application Data\Microsoft
2008-10-17 13:10:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-10-17 13:03:14 ----D---- C:\WINDOWS\WinSxS
2008-10-17 13:03:14 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-10-16 16:46:33 ----A---- C:\WINDOWS\system32\urls.ini
2008-10-16 16:46:33 ----A---- C:\WINDOWS\system32\mirc.ini
2008-10-16 14:54:39 ----A---- C:\WINDOWS\system32\servers.ini
2008-10-12 22:40:56 ----D---- C:\Program Files\Apple Software Update
2008-10-12 22:39:35 ----SD---- C:\WINDOWS\Tasks
2008-10-12 14:38:25 ----D---- C:\Program Files\QuickTime
2008-10-12 14:38:06 ----D---- C:\Program Files\Common Files\Apple
2008-10-12 14:18:27 ----D---- C:\Program Files\Bonjour
2008-10-10 10:20:47 ----RSD---- C:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys []
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081027.007\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSP.SYS []
R1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SRTSPX.SYS []
R1 SYMTDI;SYMTDI; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMTDI.SYS []
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-04-21 8064]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-03 701440]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2005-05-03 27392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081028.054\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081028.054\NAVEX15.SYS []
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-09-08 47360]
R3 SaiH80C0;SaiH80C0; C:\WINDOWS\system32\DRIVERS\SaiH80C0.sys [2007-05-01 132232]
R3 SaiMini;SaiMini; C:\WINDOWS\system32\DRIVERS\SaiMini.sys [2007-10-05 14080]
R3 SaiNtBus;SaiNtBus; C:\WINDOWS\system32\drivers\SaiBus.sys [2007-10-05 35200]
R3 SIUSBXP;SIUSBXP; C:\WINDOWS\system32\drivers\SiUSBXp.sys [2008-09-05 14848]
R3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMDNS.SYS []
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;SYMFW; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMFW.SYS []
R3 SYMIDS;SYMIDS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMIDS.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-10-26 35888]
R3 SYMNDIS;SYMNDIS; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMNDIS.SYS []
R3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMREDRV.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2008-10-26 35888]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-20 147456]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-02-28 303104]
R2 Norton AntiVirus;Norton AntiVirus; C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe [2008-10-26 115560]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 .norton2009Reset;Norton2009 Reset; C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]
S2 COMCSVC;COM+ Component Service; C:\WINDOWS\system32\winmgnt.exe []
S2 COMSS;COM+ System Service; C:\WINDOWS\system32\SSMS.EXE []
S2 NETDDEC;Network DDE Connections; C:\WINDOWS\system32\winmgnt.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-09-07 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-09-07 654848]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-10-29 06:49:43

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware 6 Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe GoLive CS (ENG)-->"C:\Program Files\InstallShield Installation Information\{D3E4251D-8364-4698-B0E0-A7C799384403}\setup.exe"
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe InDesign CS-->RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Alt.Binz 0.25.0-->C:\Program Files\AltBinz\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bink and Smacker-->C:\PROGRA~1\RADVideo\UNWISE.EXE C:\PROGRA~1\RADVideo\INSTALL.LOG
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
ConvertXtoDVD 2.1.4.162-->"C:\Program Files\vso\ConvertXtoDVD\unins000.exe"
coverXP (remove only)-->"C:\Program Files\coverXP\cxp-uninst.exe"
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVDInfoPro-->MsiExec.exe /I{32611C62-474D-47B1-B347-06453D430A28}
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
FileSpecs extension for Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\FILESP~1\INSTALL.LOG
FlashFXP v3-->"C:\Program Files\FlashFXP\unins000.exe"
Google Gears-->MsiExec.exe /I{95774351-6087-3A3B-8CA8-70BEE49D2BD5}
HexDump extension for Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\HEXDUM~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\HEXDUM~1\INSTALL.LOG
HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lavavo CD Ripper-->"C:\Program Files\Lavavo Software\Lavavo CD Ripper\unins000.exe"
Lexmark X5100 Series-->C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBAUN5C.EXE -dLexmark X5100 Series
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x0009 -removeonly
LSP Explorer Pluginfor Ad-aware 6-->C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\Plugins\LSPEXP~1\INSTALL.LOG
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Xbox 360 Accessories 1.1-->MsiExec.exe /X{66F0AC35-4805-44BC-A3D4-347D4196F9B3}
mIRC-->"C:\WINDOWS\system32\csrs.exe" -uninstall
MobileMe Control Panel-->MsiExec.exe /I{2604C0F9-BFD3-4BA0-9EB5-22537C648F03}
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Norton AntiVirus-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\562C4DD5\16.0.0.125\InstStub.exe /X
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Saitek SD6 Programming Software 6.0.10.7-->MsiExec.exe /X{DC6CD4F8-6AF8-4B47-A25A-9D9560D3845E}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
SnagIt 8-->MsiExec.exe /I{93699C3E-005E-4294-87CA-F5B7DE2CD687}
Sothink SWF Decompiler-->"C:\Program Files\SourceTec\Sothink SWF Decompiler\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SuperNZB v3.2.1-->"C:\Program Files\SuperNZB\unins000.exe"
Trillian Pro 3.1 Build 121-->"C:\Program Files\Trillian Pro\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Windows Driver Package - Microsoft (xnacc) XnaComposite (09/15/2005 6.0.5221.0)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\DPinst.exe /u C:\WINDOWS\system32\DRVSTORE\xnacc_4235D8ED6E73BA11CECA5AA18BC5564AD86E4DA2\xnacc.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xbox 360 Input Machine (Driver Removal)-->C:\WINDOWS\system32\Silabs\DriverUninstaller.exe USBXpress\XIM360&10C4&EA61

======Security center information======

AV: Norton AntiVirus

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

#4
kahdah

Posted 29 October 2008 - 08:30 AM

GeekU Teacher

Retired Staff
15,822 posts

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

#5
tonelab77

Posted 29 October 2008 - 05:59 PM

New Member

Topic Starter
Member
6 posts

ComboFix 08-10-30.04 - Pinga 2008-10-29 16:44:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.570 [GMT -7:00]
Running from: C:\Documents and Settings\Pinga\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ahptksla.dll
C:\WINDOWS\system32\btiifpxc.dll
C:\WINDOWS\system32\cxpfiitb.ini
C:\WINDOWS\system32\fcwtshno.ini
C:\WINDOWS\system32\FNVGOnnn.ini
C:\WINDOWS\system32\FNVGOnnn.ini2
C:\WINDOWS\system32\hcepbork.ini
C:\WINDOWS\system32\hdjrfqex.ini
C:\WINDOWS\system32\kdvzqb.dll
C:\WINDOWS\system32\nnnOGVNF.dll
C:\WINDOWS\system32\nxcqauvt.dll
C:\WINDOWS\system32\pvognx(2).dll
C:\WINDOWS\system32\servers.ini
C:\WINDOWS\system32\tcpanrep.dll
C:\WINDOWS\system32\tmyxrg.dll
C:\WINDOWS\system32\tvuaqcxn.ini
C:\WINDOWS\system32\umfyslsv.dll
C:\WINDOWS\system32\zoonwe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMCSVC
-------\Legacy_NETDDEC
-------\Service_COMCSVC
-------\Service_COMSS
-------\Service_NETDDEC

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-29 06:49 . 2008-10-29 06:49 <DIR> d-------- C:\rsit
2008-10-28 17:54 . 2008-10-28 17:54 <DIR> d-------- C:\Lop SD
2008-10-26 10:49 . 2008-10-26 10:49 95 --a------ C:\WINDOWS\wininit.ini
2008-10-26 10:28 . 2008-10-26 10:26 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-26 10:27 . 2008-10-26 10:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-26 10:27 . 2008-10-26 10:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-26 10:27 . 2008-10-26 10:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-26 10:27 . 2008-10-26 10:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-26 10:27 . 2008-10-26 10:27 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-26 10:27 . 2008-10-26 10:27 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-26 10:26 . 2008-10-26 10:26 <DIR> d-------- C:\WINDOWS\system32\drivers\NAV
2008-10-26 10:25 . 2008-10-26 10:26 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-26 10:25 . 2008-10-26 10:25 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-26 10:25 . 2008-10-26 10:26 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-10-26 10:25 . 2008-10-26 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 10:25 . 2008-10-26 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-26 09:56 . 2008-10-26 10:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 09:56 . 2008-10-26 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 09:53 . 2008-10-26 09:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-17 18:32 . 2007-05-01 16:01 63,588 -ra------ C:\WINDOWS\system32\SaiD80C0.pr0
2008-10-17 17:35 . 2008-10-17 17:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-10-17 17:33 . 2008-09-05 09:00 18,944 --a------ C:\WINDOWS\system32\drivers\SiLib.sys
2008-10-17 17:33 . 2008-09-05 09:00 14,848 --a------ C:\WINDOWS\system32\drivers\SiUSBXp.sys
2008-10-17 17:31 . 2008-10-17 17:33 <DIR> d-------- C:\WINDOWS\system32\Silabs
2008-10-17 17:31 . 2008-10-26 14:57 <DIR> d-------- C:\Program Files\XIM 360
2008-10-17 17:31 . 2008-10-17 17:31 <DIR> d-------- C:\Program Files\DIFX
2008-10-17 16:46 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-10-17 16:46 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2008-10-17 16:45 . 2008-10-17 16:45 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-10-17 16:45 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-17 13:19 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-17 13:19 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-10-17 13:17 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-17 13:17 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-17 13:14 . 2008-10-17 13:14 <DIR> d-------- C:\Program Files\Saitek
2008-10-17 13:14 . 2008-10-17 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Saitek
2008-10-17 13:10 . 2008-10-17 13:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-10-17 13:10 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-10-17 13:04 . 2008-10-17 13:04 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-10-17 13:04 . 2008-10-17 13:04 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Logitech
2008-10-17 13:04 . 2008-10-17 13:04 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Leadertech
2008-10-17 13:03 . 2008-10-17 13:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-17 13:03 . 2008-10-17 13:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-10-17 13:03 . 2008-10-17 13:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-17 13:02 . 2008-10-17 13:02 <DIR> d-------- C:\Program Files\Logitech
2008-10-17 13:02 . 2008-10-17 13:10 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-10-17 13:02 . 2008-10-17 13:02 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\InstallShield
2008-10-17 13:02 . 2008-10-17 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-17 13:02 . 2007-06-22 12:34 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-10-17 13:02 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-10-17 13:02 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-10-17 13:02 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-10-17 13:02 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-10-17 13:02 . 2008-02-29 03:12 76,304 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-10-17 13:02 . 2008-02-29 03:13 36,880 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-10-17 13:02 . 2008-02-29 03:13 35,344 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-10-17 13:02 . 2008-02-29 03:13 28,944 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-10-17 13:02 . 2008-02-29 03:12 20,240 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-10-17 13:01 . 2008-10-17 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-16 15:40 . 2008-10-16 15:42 <DIR> d-------- C:\Program Files\AltBinz
2008-10-16 15:03 . 2008-10-16 15:22 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\SuperNZB
2008-10-16 15:02 . 2008-10-16 15:02 <DIR> d-------- C:\Program Files\SuperNZB
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\sounds
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\logs
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\download
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\channels
2008-10-13 22:12 . 2008-10-13 22:12 <DIR> d-------- C:\Program Files\ImgBurn
2008-10-12 16:56 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-12 14:39 . 2008-10-12 14:39 <DIR> d-------- C:\Program Files\iTunes
2008-10-12 14:39 . 2008-10-12 14:39 <DIR> d-------- C:\Program Files\iPod
2008-10-12 14:39 . 2008-10-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 14:23 . 2008-10-12 14:23 <DIR> d-------- C:\Program Files\Safari
2008-10-11 17:15 . 2008-10-11 17:15 <DIR> d-------- C:\Program Files\uTorrent
2008-10-09 12:17 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-09 12:17 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-09-20 20:09 . 2008-09-20 20:10 <DIR> d-------- C:\Program Files\Macromedia
2008-09-20 20:09 . 2008-09-20 20:12 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-09-20 20:07 . 2008-09-20 20:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-20 20:05 . 2008-09-20 20:20 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\AdobeAUM
2008-09-20 19:59 . 2008-10-17 13:10 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-20 19:51 . 2008-09-20 19:51 <DIR> d-------- C:\WINDOWS\Sun
2008-09-20 19:51 . 2008-09-20 19:51 <DIR> d-------- C:\Program Files\Sun
2008-09-20 19:50 . 2008-09-20 19:50 <DIR> d-------- C:\Program Files\Java
2008-09-20 19:50 . 2008-09-20 19:50 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-09-20 19:50 . 2008-09-20 19:50 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-20 19:49 . 2008-09-20 20:07 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-17 06:16 . 2008-09-17 06:16 549,159 -rahs---- C:\Program Files\Norton2009Reset.exe
2008-09-10 09:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-08 20:00 . 2008-09-08 20:00 <DIR> d-------- C:\Program Files\FirefoxPortable
2008-09-08 11:11 . 2008-10-25 23:24 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-08 10:05 . 2008-10-24 18:29 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Apple Computer
2008-09-08 10:04 . 2008-09-08 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-08 10:03 . 2008-10-17 17:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-08 10:03 . 2008-10-12 14:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-08 10:03 . 2008-10-12 22:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-08 10:03 . 2008-09-08 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-08 09:57 . 2008-09-08 10:01 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\ImgBurn
2008-09-08 09:44 . 2008-09-08 09:44 <DIR> d-------- C:\Program Files\vso
2008-09-08 09:44 . 2008-09-08 09:45 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Vso
2008-09-08 09:44 . 2008-09-08 09:44 81,920 --a------ C:\Documents and Settings\Pinga\Application Data\ezpinst.exe
2008-09-08 09:44 . 2008-09-08 09:44 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-08 09:44 . 2008-09-08 09:44 47,360 --a------ C:\Documents and Settings\Pinga\Application Data\pcouffin.sys
2008-09-08 09:44 . 2008-10-27 10:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-08 09:39 . 2008-09-08 12:09 <DIR> d-------- C:\Program Files\Trillian Pro
2008-09-08 09:37 . 2008-09-08 09:37 <DIR> d-------- C:\Program Files\SourceTec
2008-09-08 09:37 . 2008-09-08 09:37 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-09-08 09:12 . 2008-10-30 16:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-08 08:36 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-08 08:36 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-07 23:22 . 2008-09-07 23:22 <DIR> d-------- C:\Program Files\TechSmith
2008-09-07 23:22 . 2008-09-07 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-07 23:21 . 2008-09-07 23:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-07 23:19 . 2008-09-07 23:19 <DIR> d-------- C:\Program Files\RipIt4Me
2008-09-07 23:18 . 2008-09-07 23:19 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-09-07 23:17 . 2008-09-07 23:18 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\RipIt4Me
2008-09-07 23:16 . 2008-09-07 23:16 <DIR> d-------- C:\Program Files\RADVideo
2008-09-07 23:16 . 2008-09-07 23:16 <DIR> d-------- C:\Program Files\Qwix101
2008-09-07 23:14 . 2008-09-07 23:14 2,023,424 --a------ C:\WINDOWS\system32\mirc.exe
2008-09-07 23:14 . 2008-09-07 23:14 234,909 --a------ C:\WINDOWS\system32\mirc.hlp
2008-09-07 23:14 . 2008-09-07 23:14 68,925 --a------ C:\WINDOWS\system32\ircintro.hlp
2008-09-07 23:14 . 2008-10-16 16:46 5,393 --a------ C:\WINDOWS\system32\mirc.ini
2008-09-07 23:14 . 2008-09-07 23:14 2,568 --a------ C:\WINDOWS\system32\popups.ini
2008-09-07 23:14 . 2008-10-16 16:46 355 --a------ C:\WINDOWS\system32\urls.ini
2008-09-07 23:14 . 2008-09-07 23:14 287 --a------ C:\WINDOWS\system32\aliases.ini
2008-09-07 23:10 . 2008-09-07 23:10 <DIR> d-------- C:\Program Files\Lavavo Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 17:51 44,880 ----a-w C:\WINDOWS\system32\es32.dll
2008-09-07 19:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-20 144792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^uTorrent.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uTorrent.exe.lnk
backup=C:\WINDOWS\pss\uTorrent.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 06:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 820 Series]
--a------ 2002-04-10 03:00 74240 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S0EIC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-07 13:35 133104 C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
--a------ 2003-03-04 07:49 86100 C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
--a------ 2007-10-02 10:10 233472 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2007-10-02 10:10 131072 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1206:TCP"= 1206:TCP:WindowsAutoupdate
"1853:TCP"= 1853:TCP:WindowsAutoupdate
"53:TCP"= 53:TCP:Dns

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-10-26 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-10-26 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-10-26 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081027.007\IDSxpx86.sys [2008-10-26 274808]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-20 147456]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
R3 SaiH80C0;SaiH80C0;C:\WINDOWS\system32\DRIVERS\SaiH80C0.sys [2007-05-01 132232]
R3 SIUSBXP;SIUSBXP;C:\WINDOWS\system32\drivers\SiUSBXp.sys [2008-09-05 14848]
S2 .norton2009Reset;Norton2009 Reset;C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-29 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 13:35]
.
- - - - ORPHANS REMOVED - - - -

BHO-{FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\yayvUNde.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\yayvUNde.dll

.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 16:48:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-10-30 16:52:18 - machine was rebooted [Pinga]
ComboFix-quarantined-files.txt 2008-10-30 23:52:13

Pre-Run: 320,453,111,808 bytes free
Post-Run: 320,443,830,272 bytes free

308 --- E O F --- 2008-09-22 23:26:58

ComboFix 08-10-30.04 - Pinga 2008-10-29 16:44:24.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.570 [GMT -7:00]
Running from: C:\Documents and Settings\Pinga\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\system32\ahptksla.dll
C:\WINDOWS\system32\btiifpxc.dll
C:\WINDOWS\system32\cxpfiitb.ini
C:\WINDOWS\system32\fcwtshno.ini
C:\WINDOWS\system32\FNVGOnnn.ini
C:\WINDOWS\system32\FNVGOnnn.ini2
C:\WINDOWS\system32\hcepbork.ini
C:\WINDOWS\system32\hdjrfqex.ini
C:\WINDOWS\system32\kdvzqb.dll
C:\WINDOWS\system32\nnnOGVNF.dll
C:\WINDOWS\system32\nxcqauvt.dll
C:\WINDOWS\system32\pvognx(2).dll
C:\WINDOWS\system32\servers.ini
C:\WINDOWS\system32\tcpanrep.dll
C:\WINDOWS\system32\tmyxrg.dll
C:\WINDOWS\system32\tvuaqcxn.ini
C:\WINDOWS\system32\umfyslsv.dll
C:\WINDOWS\system32\zoonwe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_COMCSVC
-------\Legacy_NETDDEC
-------\Service_COMCSVC
-------\Service_COMSS
-------\Service_NETDDEC

((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-30 )))))))))))))))))))))))))))))))
.

2008-10-29 06:49 . 2008-10-29 06:49 <DIR> d-------- C:\rsit
2008-10-28 17:54 . 2008-10-28 17:54 <DIR> d-------- C:\Lop SD
2008-10-26 10:49 . 2008-10-26 10:49 95 --a------ C:\WINDOWS\wininit.ini
2008-10-26 10:28 . 2008-10-26 10:26 35,888 -ra------ C:\WINDOWS\system32\drivers\SymIM.sys
2008-10-26 10:27 . 2008-10-26 10:27 <DIR> d-------- C:\Program Files\Symantec
2008-10-26 10:27 . 2008-10-26 10:31 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-10-26 10:27 . 2008-10-26 10:27 124,464 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-26 10:27 . 2008-10-26 10:27 60,808 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-26 10:27 . 2008-10-26 10:27 10,635 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-26 10:27 . 2008-10-26 10:27 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-26 10:26 . 2008-10-26 10:26 <DIR> d-------- C:\WINDOWS\system32\drivers\NAV
2008-10-26 10:25 . 2008-10-26 10:26 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-10-26 10:25 . 2008-10-26 10:25 <DIR> d-------- C:\Program Files\NortonInstaller
2008-10-26 10:25 . 2008-10-26 10:26 <DIR> d-------- C:\Program Files\Norton AntiVirus
2008-10-26 10:25 . 2008-10-26 10:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-10-26 10:25 . 2008-10-26 10:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Norton
2008-10-26 09:56 . 2008-10-26 10:13 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-26 09:56 . 2008-10-26 11:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-26 09:53 . 2008-10-26 09:53 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-17 18:32 . 2007-05-01 16:01 63,588 -ra------ C:\WINDOWS\system32\SaiD80C0.pr0
2008-10-17 17:35 . 2008-10-17 17:35 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2008-10-17 17:33 . 2008-09-05 09:00 18,944 --a------ C:\WINDOWS\system32\drivers\SiLib.sys
2008-10-17 17:33 . 2008-09-05 09:00 14,848 --a------ C:\WINDOWS\system32\drivers\SiUSBXp.sys
2008-10-17 17:31 . 2008-10-17 17:33 <DIR> d-------- C:\WINDOWS\system32\Silabs
2008-10-17 17:31 . 2008-10-26 14:57 <DIR> d-------- C:\Program Files\XIM 360
2008-10-17 17:31 . 2008-10-17 17:31 <DIR> d-------- C:\Program Files\DIFX
2008-10-17 16:46 . 2007-02-26 18:15 1,421,216 --a------ C:\WINDOWS\system32\WdfCoInstaller01001.dll
2008-10-17 16:46 . 2007-02-26 18:15 61,984 --a------ C:\WINDOWS\system32\drivers\xusb21.sys
2008-10-17 16:45 . 2008-10-17 16:45 <DIR> d-------- C:\Program Files\Microsoft Xbox 360 Accessories
2008-10-17 16:45 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-17 13:19 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-10-17 13:19 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-10-17 13:17 . 2004-08-03 22:58 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-10-17 13:17 . 2004-08-03 22:58 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-10-17 13:14 . 2008-10-17 13:14 <DIR> d-------- C:\Program Files\Saitek
2008-10-17 13:14 . 2008-10-17 13:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Saitek
2008-10-17 13:10 . 2008-10-17 13:11 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-10-17 13:10 . 2008-05-02 02:38 301,656 --a------ C:\WINDOWS\system32\BtCoreIf.dll
2008-10-17 13:04 . 2008-10-17 13:04 <DIR> d-------- C:\Program Files\Common Files\LogiShared
2008-10-17 13:04 . 2008-10-17 13:04 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Logitech
2008-10-17 13:04 . 2008-10-17 13:04 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Leadertech
2008-10-17 13:03 . 2008-10-17 13:03 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-10-17 13:03 . 2008-10-17 13:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2008-10-17 13:03 . 2008-10-17 13:03 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-10-17 13:02 . 2008-10-17 13:02 <DIR> d-------- C:\Program Files\Logitech
2008-10-17 13:02 . 2008-10-17 13:10 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-10-17 13:02 . 2008-10-17 13:02 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\InstallShield
2008-10-17 13:02 . 2008-10-17 13:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Logitech
2008-10-17 13:02 . 2007-06-22 12:34 1,419,232 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-10-17 13:02 . 2008-05-02 02:39 170,512 --a------ C:\WINDOWS\system32\kemutb.dll
2008-10-17 13:02 . 2008-05-02 02:39 145,936 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-10-17 13:02 . 2008-05-02 02:40 117,264 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-10-17 13:02 . 2008-05-02 02:40 84,496 --a------ C:\WINDOWS\system32\KemXML.dll
2008-10-17 13:02 . 2008-02-29 03:12 76,304 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-10-17 13:02 . 2008-02-29 03:13 36,880 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-10-17 13:02 . 2008-02-29 03:13 35,344 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-10-17 13:02 . 2008-02-29 03:13 28,944 --a------ C:\WINDOWS\system32\drivers\LUsbFilt.sys
2008-10-17 13:02 . 2008-02-29 03:12 20,240 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-10-17 13:01 . 2008-10-17 13:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-10-16 15:40 . 2008-10-16 15:42 <DIR> d-------- C:\Program Files\AltBinz
2008-10-16 15:03 . 2008-10-16 15:22 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\SuperNZB
2008-10-16 15:02 . 2008-10-16 15:02 <DIR> d-------- C:\Program Files\SuperNZB
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\sounds
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\logs
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\download
2008-10-16 14:53 . 2008-10-16 14:53 <DIR> d-------- C:\WINDOWS\system32\channels
2008-10-13 22:12 . 2008-10-13 22:12 <DIR> d-------- C:\Program Files\ImgBurn
2008-10-12 16:56 . 2004-08-04 05:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-12 14:39 . 2008-10-12 14:39 <DIR> d-------- C:\Program Files\iTunes
2008-10-12 14:39 . 2008-10-12 14:39 <DIR> d-------- C:\Program Files\iPod
2008-10-12 14:39 . 2008-10-12 14:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-12 14:23 . 2008-10-12 14:23 <DIR> d-------- C:\Program Files\Safari
2008-10-11 17:15 . 2008-10-11 17:15 <DIR> d-------- C:\Program Files\uTorrent
2008-10-09 12:17 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-09 12:17 . 2001-08-17 13:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-09-20 20:09 . 2008-09-20 20:10 <DIR> d-------- C:\Program Files\Macromedia
2008-09-20 20:09 . 2008-09-20 20:12 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-09-20 20:07 . 2008-09-20 20:07 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-09-20 20:05 . 2008-09-20 20:20 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\AdobeAUM
2008-09-20 19:59 . 2008-10-17 13:10 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-09-20 19:51 . 2008-09-20 19:51 <DIR> d-------- C:\WINDOWS\Sun
2008-09-20 19:51 . 2008-09-20 19:51 <DIR> d-------- C:\Program Files\Sun
2008-09-20 19:50 . 2008-09-20 19:50 <DIR> d-------- C:\Program Files\Java
2008-09-20 19:50 . 2008-09-20 19:50 410,976 --a------ C:\WINDOWS\system32\deploytk.dll
2008-09-20 19:50 . 2008-09-20 19:50 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-20 19:49 . 2008-09-20 20:07 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-09-17 06:16 . 2008-09-17 06:16 549,159 -rahs---- C:\Program Files\Norton2009Reset.exe
2008-09-10 09:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-09-08 20:00 . 2008-09-08 20:00 <DIR> d-------- C:\Program Files\FirefoxPortable
2008-09-08 11:11 . 2008-10-25 23:24 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-08 10:05 . 2008-10-24 18:29 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Apple Computer
2008-09-08 10:04 . 2008-09-08 10:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-08 10:03 . 2008-10-17 17:31 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-08 10:03 . 2008-10-12 14:38 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-08 10:03 . 2008-10-12 22:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-08 10:03 . 2008-09-08 10:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-08 09:57 . 2008-09-08 10:01 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\ImgBurn
2008-09-08 09:44 . 2008-09-08 09:44 <DIR> d-------- C:\Program Files\vso
2008-09-08 09:44 . 2008-09-08 09:45 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\Vso
2008-09-08 09:44 . 2008-09-08 09:44 81,920 --a------ C:\Documents and Settings\Pinga\Application Data\ezpinst.exe
2008-09-08 09:44 . 2008-09-08 09:44 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-09-08 09:44 . 2008-09-08 09:44 47,360 --a------ C:\Documents and Settings\Pinga\Application Data\pcouffin.sys
2008-09-08 09:44 . 2008-10-27 10:54 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-09-08 09:39 . 2008-09-08 12:09 <DIR> d-------- C:\Program Files\Trillian Pro
2008-09-08 09:37 . 2008-09-08 09:37 <DIR> d-------- C:\Program Files\SourceTec
2008-09-08 09:37 . 2008-09-08 09:37 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-09-08 09:12 . 2008-10-30 16:38 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-08 08:36 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-09-08 08:36 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-07 23:22 . 2008-09-07 23:22 <DIR> d-------- C:\Program Files\TechSmith
2008-09-07 23:22 . 2008-09-07 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TechSmith
2008-09-07 23:21 . 2008-09-07 23:21 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-09-07 23:19 . 2008-09-07 23:19 <DIR> d-------- C:\Program Files\RipIt4Me
2008-09-07 23:18 . 2008-09-07 23:19 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-09-07 23:17 . 2008-09-07 23:18 <DIR> d-------- C:\Documents and Settings\Pinga\Application Data\RipIt4Me
2008-09-07 23:16 . 2008-09-07 23:16 <DIR> d-------- C:\Program Files\RADVideo
2008-09-07 23:16 . 2008-09-07 23:16 <DIR> d-------- C:\Program Files\Qwix101
2008-09-07 23:14 . 2008-09-07 23:14 2,023,424 --a------ C:\WINDOWS\system32\mirc.exe
2008-09-07 23:14 . 2008-09-07 23:14 234,909 --a------ C:\WINDOWS\system32\mirc.hlp
2008-09-07 23:14 . 2008-09-07 23:14 68,925 --a------ C:\WINDOWS\system32\ircintro.hlp
2008-09-07 23:14 . 2008-10-16 16:46 5,393 --a------ C:\WINDOWS\system32\mirc.ini
2008-09-07 23:14 . 2008-09-07 23:14 2,568 --a------ C:\WINDOWS\system32\popups.ini
2008-09-07 23:14 . 2008-10-16 16:46 355 --a------ C:\WINDOWS\system32\urls.ini
2008-09-07 23:14 . 2008-09-07 23:14 287 --a------ C:\WINDOWS\system32\aliases.ini
2008-09-07 23:10 . 2008-09-07 23:10 <DIR> d-------- C:\Program Files\Lavavo Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 17:51 44,880 ----a-w C:\WINDOWS\system32\es32.dll
2008-09-07 19:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-29 17:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 16:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-07-19 05:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 05:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 05:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 05:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 05:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Google Update"="C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-07 133104]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-20 144792]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^uTorrent.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\uTorrent.exe.lnk
backup=C:\WINDOWS\pss\uTorrent.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2004-12-14 02:12 483328 C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-10-01 12:57 111936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2005-05-19 06:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo 820 Series]
--a------ 2002-04-10 03:00 74240 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S0EIC1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-07 13:35 133104 C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X5100 Series]
--a------ 2003-03-04 07:49 86100 C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfilerU]
--a------ 2007-10-02 10:10 233472 C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SaiMfd]
--a------ 2007-10-02 10:10 131072 C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-09-16 12:16 1833296 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 03:12 76304 C:\WINDOWS\KHALMNPR.Exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\mirc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1206:TCP"= 1206:TCP:WindowsAutoupdate
"1853:TCP"= 1853:TCP:WindowsAutoupdate
"53:TCP"= 53:TCP:Dns

R0 SymEFA;Symantec Extended File Attributes;C:\WINDOWS\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-10-26 309296]
R1 BHDrvx86;Symantec Heuristics Driver;C:\WINDOWS\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-10-26 254512]
R1 ccHP;Symantec Hash Provider;C:\WINDOWS\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-10-26 362544]
R1 IDSxpx86;IDSxpx86;C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081027.007\IDSxpx86.sys [2008-10-26 274808]
R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-20 147456]
R2 Norton AntiVirus;Norton AntiVirus;C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
R3 SaiH80C0;SaiH80C0;C:\WINDOWS\system32\DRIVERS\SaiH80C0.sys [2007-05-01 132232]
R3 SIUSBXP;SIUSBXP;C:\WINDOWS\system32\drivers\SiUSBXp.sys [2008-09-05 14848]
S2 .norton2009Reset;Norton2009 Reset;C:\Program Files\Norton2009Reset.exe [2008-09-17 549159]
.
Contents of the 'Scheduled Tasks' folder

2008-10-25 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-10-29 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Pinga\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-07 13:35]
.
- - - - ORPHANS REMOVED - - - -

BHO-{FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\yayvUNde.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellExecuteHooks-{FD417378-F411-4B77-BBEE-4893BB670D4C} - C:\WINDOWS\system32\yayvUNde.dll

.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 -: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 -: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 -: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-30 16:48:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2008-10-30 16:52:18 - machine was rebooted [Pinga]
ComboFix-quarantined-files.txt 2008-10-30 23:52:13

Pre-Run: 320,453,111,808 bytes free
Post-Run: 320,443,830,272 bytes free

308 --- E O F --- 2008-09-22 23:26:58

#6
kahdah

Posted 29 October 2008 - 07:16 PM

GeekU Teacher

Retired Staff
15,822 posts

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
=======================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

#7
tonelab77

Posted 29 October 2008 - 08:52 PM

New Member

Topic Starter
Member
6 posts

Malwarebytes' Anti-Malware 1.30
Database version: 1337
Windows 5.1.2600 Service Pack 2

10/30/2008 7:51:28 PM
mbam-log-2008-10-30 (19-51-28).txt

Scan type: Quick Scan
Objects scanned: 48142
Time elapsed: 3 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{fd417378-f411-4b77-bbee-4893bb670d4c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd417378-f411-4b77-bbee-4893bb670d4c} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8
kahdah

Posted 30 October 2008 - 03:59 AM

GeekU Teacher

Retired Staff
15,822 posts

OK please proceed with the kaspersky scan thanks.

#9
tonelab77

Posted 01 November 2008 - 10:54 AM

New Member

Topic Starter
Member
6 posts

18 hours and still only 43% with kapersky scan

#10
kahdah

Posted 01 November 2008 - 12:04 PM

GeekU Teacher

Retired Staff
15,822 posts

Please stop it and do the following instead:

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode.

You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left unneutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it Kas.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.