vundo and infogamepass? maybe more [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

1 2 >

vundo and infogamepass? maybe more [Solved], i love this place

Options

zoloft View Member Profile	Feb 12 2009, 06:31 PM Post #1
Member Posts: 55 OS: windows xp	hi guys. this is the hjt log. you guys have always been much help to me and i appreciate it. however it seems that my computer illiterateness is taking the best of me oh and i cant help but think i have too many processes running thinking its slowing my computer down....any help on that? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:27:26 PM, on 2/12/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\ehome\medctrro.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\lxcrcoms.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\TVersity\Media Server\MediaServer.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\AIM6\aim6.exe C:\Program Files\AIM6\aolsoftware.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [8c13a104] rundll32.exe "C:\WINDOWS\system32\gediwvme.dll",b O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .line6.net O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154835520453 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 12097 bytes

fenzodahl512 View Member Profile	Feb 13 2009, 04:35 AM Post #2
Trusted Helper Posts: 9,275 OS: Windows XP	Hello, my name is fenzodahl512 and welcome to Geekstogo.. Please do the following.... Please download The Comedian.exe to your desktop Double click the program to run it. It will only take around several minutes to run. It will do a series of tasks and tell you when each one is finished. You will be prompted to press any key after each step When it is done it will close and exit itself automatically. You can delete The_Comedian.exe once it is finished *NEXT* Please download Malwarebytes' Anti-Malware from HERE or HERE Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan" Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately. *NEXT* Please download RSIT by random/random and save it to your Desktop. Double click on RSIT.exe to run RSIT Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply. *NEXT* Please download GMER and unzip it to your Desktop. Open the program and click on the Rootkit tab. Make sure all the boxes on the right of the screen are checked, EXCEPT for �Show All�. Click on Scan. When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread. Post me these logs in your next reply.. Post each log in separate post.. 1. Malwarebytes' 2. RSIT log.txt 3. RSIT info.txt 4. Attach GMER result..

zoloft View Member Profile	Feb 13 2009, 12:17 PM Post #3
Member Posts: 55 OS: windows xp	malaware log Malwarebytes' Anti-Malware 1.34 Database version: 1757 Windows 5.1.2600 Service Pack 3 2/13/2009 12:39:28 PM mbam-log-2009-02-13 (12-39-28).txt Scan type: Full Scan (C:\\|) Objects scanned: 162102 Time elapsed: 1 hour(s), 8 minute(s), 30 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 2 Files Infected: 23 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\iehlprobj.iehlprobj.1 (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{f171a44f-7af5-43e1-afed-edc826a1b0f5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{f171a442-7af5-43e1-afed-edc826a1b0f5} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f171a450-7af5-43e1-afed-edc826a1b0f5} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ce7c3cf0-4b15-11d1-abed-709549c10000} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{072039ab-2117-4ed5-a85f-9b9eb903e021} (Adware.CWS) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{59ec7e90-81de-40ec-b1eb-93e3ca3ad395} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b139642c-0f49-4630-812b-37b559803458} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adware away v3.1.4.7_is1 (Rogue.AdwareAway) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8c13a104 (Trojan.Vundo.H) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away (Rogue.AdwareAway) -> Quarantined and deleted successfully. Files Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Adware Away.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Uninstall.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\Update.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Adware Away\User Manual.lnk (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\AdAway.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\AdAway.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\AdwareAway.chm (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\DiagnosticScan.SYS (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\EnumAutoRun.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\EnumDlls.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\EProcess.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\FixDesktopBackground.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\global.dll (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\ScanAtStartup.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\screenshot.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\unins000.dat (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\unins000.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\Program Files\Adware Away\Update2.exe (Rogue.AdwareAway) -> Quarantined and deleted successfully. C:\WINDOWS\system32\senekalog.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\senekapfuirwvl.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\drivers\TDSSserv.sys (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\adaway.lic (Rogue.AdwareAway) -> Quarantined and deleted successfully.

zoloft View Member Profile	Feb 13 2009, 12:17 PM Post #4
Member Posts: 55 OS: windows xp	rsit log Logfile of random's system information tool 1.05 (written by random/random) Run by Shem Han at 2009-02-13 12:59:06 Microsoft Windows XP Professional Service Pack 3 System drive C: has 29 GB (38%) free of 76 GB Total RAM: 1014 MB (37% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:59:10 PM, on 2/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\ehome\medctrro.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\lxcrcoms.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Shem Han\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Shem Han.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .line6.net O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154835520453 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11939 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}] Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] {E0E899AB-F487-11D5-8D29-0050BA6940E3} {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-01-11 15961088] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-11-09 557056] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-06 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-06 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-06 118784] "KTPWare"=C:\Program Files\Elantech\ktp.exe [2005-10-26 512000] "CHotkey"=C:\WINDOWS\mHotkey.exe [2001-12-26 472576] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182] "EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2005-11-28 569413] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-03-10 28160] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "imekrmig"=C:\IME\IMKR\imekrmig.exe [2001-01-09 44544] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-27 124656] "LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll [] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-04-25 35328] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [] "mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [] "lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-01-22 286720] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816] "EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304] "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360] "Aim6"= [] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM95\aim.exe [2006-08-01 67112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] C:\Program Files\AIM95\\DeadAIM.ocm [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 67128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe [2008-10-25 1410296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-29 1576176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-10-09 3502840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-02-13 67128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-03-31 438272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] C:\PROGRA~1\WinZip\WZQKPICK.EXE [2006-02-16 122880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-29 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-02-06 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-05-27 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "RunStartupScriptSync"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "RunStartupScriptSync"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe::Enabled:Warcraft III - The Frozen Throne" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Enabled:Remote Assistance" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe::Enabled:DCPlusPlus" "C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe::Enabled:AOL Instant Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:�IiTorrent" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe::Enabled:Launch VeohTV BETA" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe::Enabled:PnkBstrB" "C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe::Enabled:MapleStory" "C:\Nexon\MapleStory\Patcher.exe"="C:\Nexon\MapleStory\Patcher.exe::Enabled:Patcher" "C:\Nexon\MapleStory\NewPatcher.exe"="C:\Nexon\MapleStory\NewPatcher.exe::Enabled:NewPatcher" "C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe::Enabled:TVersity Media Server" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe::Enabled:Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe::Enabled:AOL Instant Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\x61.exe shell\open\command - I:\x61.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077fbf49-7833-11dc-99f3-00130244c4bb}] shell\AutoRun\command - iutox.bat shell\open\command - iutox.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd74896-f75b-11da-b7e3-0090f54bb10f}] shell\AutoRun\command - E:\pstart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206800e4-033a-11dd-9a2c-0090f54f4a35}] shell\AutoRun\command - F:\ew.cmd shell\open\command - F:\ew.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b2502a-e046-11dc-9a21-0090f54f4a35}] shell\AutoRun\command - I:\setupSNK.exe ======File associations====== .reg - open - regedit.exe "%1" % .scr - open - "%1" %* ======List of files/folders created in the last 3 months====== 2009-02-13 12:59:06 ----D---- C:\rsit 2009-02-09 22:43:23 ----D---- C:\Program Files\Common Files\MainConcept 2009-02-09 22:41:59 ----D---- C:\Program Files\Common Files\i4j_jres 2009-02-09 22:41:44 ----D---- C:\Program Files\SimpleCenter 2009-02-09 02:33:51 ----D---- C:\Rohan_USA 2009-02-02 20:26:47 ----D---- C:\Program Files\CDisplay 2009-01-27 21:01:42 ----D---- C:\VundoFix Backups 2009-01-27 21:01:42 ----A---- C:\VundoFix.txt 2009-01-26 03:08:06 ----D---- C:\WINDOWS\Prefetch 2009-01-26 02:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-01-26 02:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-01-26 02:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-01-26 02:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-01-26 02:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-01-26 02:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2009-01-26 02:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-01-26 02:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-01-26 02:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-01-26 02:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-01-26 02:53:06 ----A---- C:\WINDOWS\setuplog.txt 2009-01-26 02:39:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-01-26 02:32:06 ----A---- C:\WINDOWS\system32\SETFE0.tmp 2009-01-26 02:32:06 ----A---- C:\WINDOWS\system32\SET144.tmp 2009-01-26 02:32:05 ----A---- C:\WINDOWS\system32\SETFE1.tmp 2009-01-26 02:32:05 ----A---- C:\WINDOWS\system32\SET149.tmp 2009-01-26 02:32:05 ----A---- C:\WINDOWS\system32\SET147.tmp 2009-01-26 02:32:05 ----A---- C:\WINDOWS\system32\SET145.tmp 2009-01-26 02:32:04 ----A---- C:\WINDOWS\system32\SETFE4.tmp 2009-01-26 02:32:04 ----A---- C:\WINDOWS\system32\SET14B.tmp 2009-01-26 02:32:03 ----A---- C:\WINDOWS\system32\SET156.tmp 2009-01-26 02:32:03 ----A---- C:\WINDOWS\system32\SET153.tmp 2009-01-26 02:32:03 ----A---- C:\WINDOWS\system32\SET152.tmp 2009-01-26 02:32:02 ----N---- C:\WINDOWS\system32\wmphoto.dll 2009-01-26 02:32:02 ----A---- C:\WINDOWS\system32\SET15C.tmp 2009-01-26 02:32:01 ----N---- C:\WINDOWS\system32\wlanapi.dll 2009-01-26 02:32:01 ----A---- C:\WINDOWS\system32\SET15F.tmp 2009-01-26 02:32:01 ----A---- C:\WINDOWS\system32\SET15E.tmp 2009-01-26 02:32:00 ----A---- C:\WINDOWS\system32\SET167.tmp 2009-01-26 02:32:00 ----A---- C:\WINDOWS\system32\SET166.tmp 2009-01-26 02:32:00 ----A---- C:\WINDOWS\system32\SET164.tmp 2009-01-26 02:32:00 ----A---- C:\WINDOWS\system32\SET163.tmp 2009-01-26 02:32:00 ----A---- C:\WINDOWS\system32\SET162.tmp 2009-01-26 02:31:59 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2009-01-26 02:31:59 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2009-01-26 02:31:59 ----A---- C:\WINDOWS\system32\SETFE9.tmp 2009-01-26 02:31:59 ----A---- C:\WINDOWS\system32\SET172.tmp 2009-01-26 02:31:59 ----A---- C:\WINDOWS\system32\SET16C.tmp 2009-01-26 02:31:59 ----A---- C:\WINDOWS\system32\SET16B.tmp 2009-01-26 02:31:59 ----A---- C:\WINDOWS\system32\SET16A.tmp 2009-01-26 02:31:58 ----A---- C:\WINDOWS\system32\SET17B.tmp 2009-01-26 02:31:58 ----A---- C:\WINDOWS\system32\SET17A.tmp 2009-01-26 02:31:58 ----A---- C:\WINDOWS\system32\SET179.tmp 2009-01-26 02:31:56 ----A---- C:\WINDOWS\system32\SET182.tmp 2009-01-26 02:31:56 ----A---- C:\WINDOWS\system32\SET180.tmp 2009-01-26 02:31:56 ----A---- C:\WINDOWS\system32\SET17E.tmp 2009-01-26 02:31:55 ----A---- C:\WINDOWS\system32\SET18D.tmp 2009-01-26 02:31:55 ----A---- C:\WINDOWS\system32\SET18C.tmp 2009-01-26 02:31:55 ----A---- C:\WINDOWS\system32\SET18B.tmp 2009-01-26 02:31:55 ----A---- C:\WINDOWS\system32\SET189.tmp 2009-01-26 02:31:54 ----A---- C:\WINDOWS\system32\SET18F.tmp 2009-01-26 02:31:53 ----A---- C:\WINDOWS\system32\SET194.tmp 2009-01-26 02:31:52 ----A---- C:\WINDOWS\system32\SET19A.tmp 2009-01-26 02:31:52 ----A---- C:\WINDOWS\system32\SET197.tmp 2009-01-26 02:31:52 ----A---- C:\WINDOWS\system32\SET196.tmp 2009-01-26 02:31:52 ----A---- C:\WINDOWS\system32\SET195.tmp 2009-01-26 02:31:51 ----N---- C:\WINDOWS\system32\tspkg.dll 2009-01-26 02:31:51 ----N---- C:\WINDOWS\system32\tsgqec.dll 2009-01-26 02:31:51 ----A---- C:\WINDOWS\system32\SET1A6.tmp 2009-01-26 02:31:51 ----A---- C:\WINDOWS\system32\SET1A0.tmp 2009-01-26 02:31:50 ----A---- C:\WINDOWS\system32\SET1AA.tmp 2009-01-26 02:31:50 ----A---- C:\WINDOWS\system32\SET1A8.tmp 2009-01-26 02:31:50 ----A---- C:\WINDOWS\system32\SET1A7.tmp 2009-01-26 02:31:49 ----A---- C:\WINDOWS\system32\SET1AF.tmp 2009-01-26 02:31:49 ----A---- C:\WINDOWS\system32\SET1AE.tmp 2009-01-26 02:31:49 ----A---- C:\WINDOWS\system32\SET1AD.tmp 2009-01-26 02:31:48 ----A---- C:\WINDOWS\system32\SET1B6.tmp 2009-01-26 02:31:48 ----A---- C:\WINDOWS\system32\SET1B5.tmp 2009-01-26 02:31:47 ----A---- C:\WINDOWS\system32\SET1C7.tmp 2009-01-26 02:31:47 ----A---- C:\WINDOWS\system32\SET1C6.tmp 2009-01-26 02:31:47 ----A---- C:\WINDOWS\system32\SET1BD.tmp 2009-01-26 02:31:47 ----A---- C:\WINDOWS\system32\SET1BC.tmp 2009-01-26 02:31:47 ----A---- C:\WINDOWS\system32\SET1B9.tmp 2009-01-26 02:31:46 ----A---- C:\WINDOWS\system32\SET1CF.tmp 2009-01-26 02:31:46 ----A---- C:\WINDOWS\system32\SET1CE.tmp 2009-01-26 02:31:46 ----A---- C:\WINDOWS\system32\SET1CD.tmp 2009-01-26 02:31:46 ----A---- C:\WINDOWS\system32\SET1CC.tmp 2009-01-26 02:31:46 ----A---- C:\WINDOWS\system32\SET1CA.tmp 2009-01-26 02:31:44 ----A---- C:\WINDOWS\system32\SET1D1.tmp 2009-01-26 02:31:44 ----A---- C:\WINDOWS\system32\SET1D0.tmp 2009-01-26 02:31:41 ----A---- C:\WINDOWS\system32\SET1EA.tmp 2009-01-26 02:31:41 ----A---- C:\WINDOWS\system32\SET1E8.tmp 2009-01-26 02:31:41 ----A---- C:\WINDOWS\system32\SET1E6.tmp 2009-01-26 02:31:41 ----A---- C:\WINDOWS\system32\SET1E1.tmp 2009-01-26 02:31:39 ----A---- C:\WINDOWS\system32\SET1EC.tmp 2009-01-26 02:31:39 ----A---- C:\WINDOWS\system32\SET1EB.tmp 2009-01-26 02:31:38 ----N---- C:\WINDOWS\system32\setupn.exe 2009-01-26 02:31:38 ----A---- C:\WINDOWS\system32\SET1FA.tmp 2009-01-26 02:31:38 ----A---- C:\WINDOWS\system32\SET1F9.tmp 2009-01-26 02:31:38 ----A---- C:\WINDOWS\system32\SET1F8.tmp 2009-01-26 02:31:38 ----A---- C:\WINDOWS\system32\SET1F5.tmp 2009-01-26 02:31:38 ----A---- C:\WINDOWS\system32\SET1F4.tmp 2009-01-26 02:31:38 ----A---- C:\WINDOWS\system32\SET1F0.tmp 2009-01-26 02:31:38 ----A---- C:\WINDOWS\system32\SET1EF.tmp 2009-01-26 02:31:36 ----A---- C:\WINDOWS\system32\SET201.tmp 2009-01-26 02:31:36 ----A---- C:\WINDOWS\system32\SET200.tmp 2009-01-26 02:31:33 ----A---- C:\WINDOWS\system32\SET212.tmp 2009-01-26 02:31:33 ----A---- C:\WINDOWS\system32\SET211.tmp 2009-01-26 02:31:33 ----A---- C:\WINDOWS\system32\SET210.tmp 2009-01-26 02:31:33 ----A---- C:\WINDOWS\system32\SET20A.tmp 2009-01-26 02:31:32 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2009-01-26 02:31:32 ----A---- C:\WINDOWS\system32\SET21C.tmp 2009-01-26 02:31:32 ----A---- C:\WINDOWS\system32\SET216.tmp 2009-01-26 02:31:32 ----A---- C:\WINDOWS\system32\SET214.tmp 2009-01-26 02:31:31 ----N---- C:\WINDOWS\system32\rasqec.dll 2009-01-26 02:31:31 ----A---- C:\WINDOWS\system32\SET22E.tmp 2009-01-26 02:31:31 ----A---- C:\WINDOWS\system32\SET22D.tmp 2009-01-26 02:31:31 ----A---- C:\WINDOWS\system32\SET22C.tmp 2009-01-26 02:31:31 ----A---- C:\WINDOWS\system32\SET22A.tmp 2009-01-26 02:31:31 ----A---- C:\WINDOWS\system32\SET228.tmp 2009-01-26 02:31:30 ----N---- C:\WINDOWS\system32\qutil.dll 2009-01-26 02:31:29 ----N---- C:\WINDOWS\system32\qcliprov.dll 2009-01-26 02:31:29 ----N---- C:\WINDOWS\system32\qagentrt.dll 2009-01-26 02:31:29 ----A---- C:\WINDOWS\system32\SET232.tmp 2009-01-26 02:31:28 ----N---- C:\WINDOWS\system32\qagent.dll 2009-01-26 02:31:28 ----A---- C:\WINDOWS\system32\SET23D.tmp 2009-01-26 02:31:28 ----A---- C:\WINDOWS\system32\SET23C.tmp 2009-01-26 02:31:28 ----A---- C:\WINDOWS\system32\SET23A.tmp 2009-01-26 02:31:27 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2009-01-26 02:31:27 ----A---- C:\WINDOWS\system32\SET245.tmp 2009-01-26 02:31:27 ----A---- C:\WINDOWS\system32\SET242.tmp 2009-01-26 02:31:27 ----A---- C:\WINDOWS\system32\SET240.tmp 2009-01-26 02:31:25 ----N---- C:\WINDOWS\system32\onex.dll 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET26F.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET26D.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET26C.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET26B.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET269.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET268.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET267.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET266.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET265.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET262.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET261.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET25A.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET259.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET258.tmp 2009-01-26 02:31:24 ----A---- C:\WINDOWS\system32\SET256.tmp 2009-01-26 02:31:23 ----A---- C:\WINDOWS\system32\SET271.tmp 2009-01-26 02:31:23 ----A---- C:\WINDOWS\system32\SET270.tmp 2009-01-26 02:31:22 ----A---- C:\WINDOWS\system32\SET273.tmp 2009-01-26 02:31:21 ----A---- C:\WINDOWS\system32\SET276.tmp 2009-01-26 02:31:20 ----A---- C:\WINDOWS\system32\SET27C.tmp 2009-01-26 02:31:20 ----A---- C:\WINDOWS\system32\SET27B.tmp 2009-01-26 02:31:19 ----A---- C:\WINDOWS\system32\SET27D.tmp 2009-01-26 02:31:18 ----A---- C:\WINDOWS\system32\SET282.tmp 2009-01-26 02:31:17 ----A---- C:\WINDOWS\system32\SET28F.tmp 2009-01-26 02:31:17 ----A---- C:\WINDOWS\system32\SET28C.tmp 2009-01-26 02:31:17 ----A---- C:\WINDOWS\system32\SET28B.tmp 2009-01-26 02:31:17 ----A---- C:\WINDOWS\system32\SET289.tmp 2009-01-26 02:31:17 ----A---- C:\WINDOWS\system32\SET286.tmp 2009-01-26 02:31:17 ----A---- C:\WINDOWS\system32\SET284.tmp 2009-01-26 02:31:17 ----A---- C:\WINDOWS\system32\SET283.tmp 2009-01-26 02:31:16 ----A---- C:\WINDOWS\system32\SET297.tmp 2009-01-26 02:31:16 ----A---- C:\WINDOWS\system32\SET296.tmp 2009-01-26 02:31:16 ----A---- C:\WINDOWS\system32\SET293.tmp 2009-01-26 02:31:16 ----A---- C:\WINDOWS\system32\SET290.tmp 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\napstat.exe 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\napmontr.dll 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\napipsec.dll 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\msxml6r.dll 2009-01-26 02:31:15 ----A---- C:\WINDOWS\system32\SET29E.tmp 2009-01-26 02:31:14 ----N---- C:\WINDOWS\system32\msxml6.dll 2009-01-26 02:31:14 ----A---- C:\WINDOWS\system32\SET2A3.tmp 2009-01-26 02:31:14 ----A---- C:\WINDOWS\system32\SET2A0.tmp 2009-01-26 02:31:13 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2009-01-26 02:31:13 ----N---- C:\WINDOWS\system32\mssha.dll 2009-01-26 02:31:13 ----A---- C:\WINDOWS\system32\SET2AD.tmp 2009-01-26 02:31:13 ----A---- C:\WINDOWS\system32\SET2AC.tmp 2009-01-26 02:31:13 ----A---- C:\WINDOWS\system32\SET2A9.tmp 2009-01-26 02:31:13 ----A---- C:\WINDOWS\system32\SET2A8.tmp 2009-01-26 02:31:12 ----A---- C:\WINDOWS\system32\SET2B8.tmp 2009-01-26 02:31:12 ----A---- C:\WINDOWS\system32\SET2B7.tmp 2009-01-26 02:31:12 ----A---- C:\WINDOWS\system32\SET2B6.tmp 2009-01-26 02:31:12 ----A---- C:\WINDOWS\system32\SET2B4.tmp 2009-01-26 02:31:12 ----A---- C:\WINDOWS\system32\SET2B3.tmp 2009-01-26 02:31:08 ----A---- C:\WINDOWS\system32\SET2BC.tmp 2009-01-26 02:31:07 ----A---- C:\WINDOWS\system32\SET2BE.tmp 2009-01-26 02:31:06 ----A---- C:\WINDOWS\system32\SET2C7.tmp 2009-01-26 02:31:06 ----A---- C:\WINDOWS\system32\SET2C5.tmp 2009-01-26 02:31:06 ----A---- C:\WINDOWS\system32\SET2C3.tmp 2009-01-26 02:31:06 ----A---- C:\WINDOWS\system32\SET2C2.tmp 2009-01-26 02:31:06 ----A---- C:\WINDOWS\system32\SET2C1.tmp 2009-01-26 02:31:06 ----A---- C:\WINDOWS\system32\SET2C0.tmp 2009-01-26 02:31:06 ----A---- C:\WINDOWS\system32\SET2BF.tmp 2009-01-26 02:31:03 ----A---- C:\WINDOWS\system32\SET2D4.tmp 2009-01-26 02:31:03 ----A---- C:\WINDOWS\system32\SET2D2.tmp 2009-01-26 02:31:03 ----A---- C:\WINDOWS\system32\SET2CA.tmp 2009-01-26 02:31:02 ----A---- C:\WINDOWS\system32\SET2DC.tmp 2009-01-26 02:31:02 ----A---- C:\WINDOWS\system32\SET2DA.tmp 2009-01-26 02:31:02 ----A---- C:\WINDOWS\system32\SET2D8.tmp 2009-01-26 02:31:02 ----A---- C:\WINDOWS\system32\SET2D7.tmp 2009-01-26 02:31:02 ----A---- C:\WINDOWS\system32\SET2D6.tmp 2009-01-26 02:31:02 ----A---- C:\WINDOWS\system32\SET101B.tmp 2009-01-26 02:31:01 ----A---- C:\WINDOWS\system32\SET5E4.tmp 2009-01-26 02:31:01 ----A---- C:\WINDOWS\system32\SET5DE.tmp 2009-01-26 02:31:01 ----A---- C:\WINDOWS\system32\SET2E1.tmp 2009-01-26 02:31:00 ----A---- C:\WINDOWS\system32\SET2E4.tmp 2009-01-26 02:31:00 ----A---- C:\WINDOWS\system32\SET2E3.tmp 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\mmcperf.exe 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\mmcex.dll 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2009-01-26 02:30:58 ----A---- C:\WINDOWS\system32\SET2F6.tmp 2009-01-26 02:30:58 ----A---- C:\WINDOWS\system32\SET2EB.tmp 2009-01-26 02:30:57 ----A---- C:\WINDOWS\system32\SET2FB.tmp 2009-01-26 02:30:57 ----A---- C:\WINDOWS\system32\SET2FA.tmp 2009-01-26 02:30:56 ----A---- C:\WINDOWS\system32\SET2FC.tmp 2009-01-26 02:30:54 ----A---- C:\WINDOWS\system32\SET2FF.tmp 2009-01-26 02:30:53 ----A---- C:\WINDOWS\system32\SET311.tmp 2009-01-26 02:30:53 ----A---- C:\WINDOWS\system32\SET30F.tmp 2009-01-26 02:30:53 ----A---- C:\WINDOWS\system32\SET309.tmp 2009-01-26 02:30:53 ----A---- C:\WINDOWS\system32\SET307.tmp 2009-01-26 02:30:43 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2009-01-26 02:30:43 ----A---- C:\WINDOWS\system32\SET318.tmp 2009-01-26 02:30:43 ----A---- C:\WINDOWS\system32\SET317.tmp 2009-01-26 02:30:42 ----N---- C:\WINDOWS\system32\kmsvc.dll 2009-01-26 02:30:42 ----A---- C:\WINDOWS\system32\SET31D.tmp 2009-01-26 02:30:42 ----A---- C:\WINDOWS\system32\SET31B.tmp 2009-01-26 02:30:42 ----A---- C:\WINDOWS\system32\SET31A.tmp 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdpash.dll 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2009-01-26 02:30:41 ----A---- C:\WINDOWS\system32\SET327.tmp 2009-01-26 02:30:38 ----A---- C:\WINDOWS\system32\SET33F.tmp 2009-01-26 02:30:38 ----A---- C:\WINDOWS\system32\SET33D.tmp 2009-01-26 02:30:38 ----A---- C:\WINDOWS\system32\SET33B.tmp 2009-01-26 02:30:38 ----A---- C:\WINDOWS\system32\SET337.tmp 2009-01-26 02:30:23 ----A---- C:\WINDOWS\system32\SET349.tmp 2009-01-26 02:30:23 ----A---- C:\WINDOWS\system32\SET347.tmp 2009-01-26 02:30:23 ----A---- C:\WINDOWS\system32\SET345.tmp 2009-01-26 02:30:23 ----A---- C:\WINDOWS\system32\SET343.tmp 2009-01-26 02:30:21 ----A---- C:\WINDOWS\system32\SET35A.tmp 2009-01-26 02:30:20 ----A---- C:\WINDOWS\system32\SET365.tmp 2009-01-26 02:30:20 ----A---- C:\WINDOWS\system32\SET363.tmp 2009-01-26 02:30:20 ----A---- C:\WINDOWS\system32\SET362.tmp 2009-01-26 02:30:20 ----A---- C:\WINDOWS\system32\SET360.tmp 2009-01-26 02:30:19 ----A---- C:\WINDOWS\system32\SET369.tmp 2009-01-26 02:30:19 ----A---- C:\WINDOWS\system32\SET368.tmp 2009-01-26 02:30:18 ----A---- C:\WINDOWS\system32\SET36D.tmp 2009-01-26 02:30:16 ----A---- C:\WINDOWS\003761_.tmp 2009-01-26 02:30:15 ----A---- C:\WINDOWS\system32\SET37C.tmp 2009-01-26 02:30:15 ----A---- C:\WINDOWS\SET464.tmp 2009-01-26 02:30:14 ----A---- C:\WINDOWS\system32\SET380.tmp 2009-01-26 02:30:14 ----A---- C:\WINDOWS\system32\SET37F.tmp 2009-01-26 02:30:14 ----A---- C:\WINDOWS\system32\SET37E.tmp 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapsvc.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapqec.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eappprxy.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapphost.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eappgnui.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eappcfg.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapolqec.dll 2009-01-26 02:30:12 ----A---- C:\WINDOWS\system32\SET397.tmp 2009-01-26 02:30:12 ----A---- C:\WINDOWS\system32\SET391.tmp 2009-01-26 02:30:12 ----A---- C:\WINDOWS\system32\SET38C.tmp 2009-01-26 02:30:12 ----A---- C:\WINDOWS\system32\SET388.tmp 2009-01-26 02:30:11 ----A---- C:\WINDOWS\system32\SET3A0.tmp 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3ui.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3svc.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3msm.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3api.dll 2009-01-26 02:30:10 ----A---- C:\WINDOWS\system32\SET3AE.tmp 2009-01-26 02:30:10 ----A---- C:\WINDOWS\system32\SET3A9.tmp 2009-01-26 02:30:10 ----A---- C:\WINDOWS\system32\SET3A8.tmp 2009-01-26 02:30:09 ----N---- C:\WINDOWS\system32\dimsroam.dll 2009-01-26 02:30:09 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2009-01-26 02:30:08 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2009-01-26 02:30:08 ----A---- C:\WINDOWS\system32\SET3DA.tmp 2009-01-26 02:30:08 ----A---- C:\WINDOWS\system32\SET3D6.tmp 2009-01-26 02:30:08 ----A---- C:\WINDOWS\system32\SET3D3.tmp 2009-01-26 02:30:08 ----A---- C:\WINDOWS\system32\SET3CE.tmp 2009-01-26 02:30:08 ----A---- C:\WINDOWS\system32\SET3CB.tmp 2009-01-26 02:30:08 ----A---- C:\WINDOWS\system32\SET3CA.tmp 2009-01-26 02:30:08 ----A---- C:\WINDOWS\system32\SET3C8.tmp 2009-01-26 02:30:06 ----N---- C:\WINDOWS\system32\credssp.dll 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3F0.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3EE.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3EC.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3EB.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3E9.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3E8.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3E6.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3E4.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3E3.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3E2.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3E1.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3DF.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3DE.tmp 2009-01-26 02:30:06 ----A---- C:\WINDOWS\system32\SET3DD.tmp 2009-01-26 02:30:05 ----A---- C:\WINDOWS\system32\SET3F6.tmp 2009-01-26 02:30:05 ----A---- C:\WINDOWS\system32\SET3F5.tmp 2009-01-26 02:30:04 ----A---- C:\WINDOWS\system32\SET405.tmp 2009-01-26 02:30:04 ----A---- C:\WINDOWS\system32\SET3FE.tmp 2009-01-26 02:30:03 ----A---- C:\WINDOWS\system32\SET410.tmp 2009-01-26 02:30:03 ----A---- C:\WINDOWS\system32\SET40C.tmp 2009-01-26 02:30:02 ----A---- C:\WINDOWS\system32\SET419.tmp 2009-01-26 02:30:02 ----A---- C:\WINDOWS\system32\SET415.tmp 2009-01-26 02:30:02 ----A---- C:\WINDOWS\system32\SET413.tmp 2009-01-26 02:30:01 ----N---- C:\WINDOWS\system32\azroles.dll 2009-01-26 02:30:01 ----A---- C:\WINDOWS\system32\SET422.tmp 2009-01-26 02:30:01 ----A---- C:\WINDOWS\system32\SET421.tmp 2009-01-26 02:30:01 ----A---- C:\WINDOWS\system32\SET41E.tmp 2009-01-26 02:30:01 ----A---- C:\WINDOWS\system32\SET41D.tmp 2009-01-26 02:30:01 ----A---- C:\WINDOWS\system32\SET41C.tmp 2009-01-26 02:30:00 ----A---- C:\WINDOWS\system32\SET42C.tmp 2009-01-26 02:30:00 ----A---- C:\WINDOWS\system32\SET427.tmp 2009-01-26 02:30:00 ----A---- C:\WINDOWS\system32\SET426.tmp 2009-01-26 02:29:55 ----A---- C:\WINDOWS\system32\SET432.tmp 2009-01-26 02:29:54 ----A---- C:\WINDOWS\system32\SET435.tmp 2009-01-26 02:29:52 ----N---- C:\WINDOWS\system32\aaclient.dll 2009-01-26 02:29:52 ----A---- C:\WINDOWS\system32\SET43D.tmp 2009-01-26 02:29:52 ----A---- C:\WINDOWS\system32\SET43B.tmp 2009-01-26 02:29:52 ----A---- C:\WINDOWS\system32\SET439.tmp 2009-01-26 01:25:46 ----D---- C:\29f5d0ab55d567ac0e6b 2009-01-25 21:49:52 ----A---- C:\WINDOWS\system32\MRT.INI 2009-01-25 21:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-20 00:03:03 ----D---- C:\Program Files\uTorrent 2009-01-20 00:02:57 ----D---- C:\Documents and Settings\Shem Han\Application Data\uTorrent 2009-01-16 20:03:23 ----A---- C:\WINDOWS\system32\unrar.dll 2009-01-16 20:03:21 ----A---- C:\WINDOWS\avisplitter.ini 2009-01-16 20:03:19 ----D---- C:\Program Files\K-Lite Codec Pack 2009-01-16 20:03:16 ----D---- C:\Program Files\AviSynth 2.5 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\WMAFile.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudPlayer.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudioVisu.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudioRecord.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudioInfos.dll 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\VB6FR.DLL 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\TABCTFR.DLL 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\inetfr.DLL 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\AudFile.dll 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\A

zoloft View Member Profile	Feb 13 2009, 12:18 PM Post #5
Member Posts: 55 OS: windows xp	rsit info info.txt logfile of random's system information tool 1.05 2009-02-13 12:59:15 ======Uninstall list====== -->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9 Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002} Adobe Reader Korean Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5670-0000-7E8A45000001} AIM 6-->C:\Program Files\AIM6\uninst.exe AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM= AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" BisonCam-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4A57592C-FF92-4083-97A9-92783BD5AFB4}\Setup.exe" -l0x9 CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe" Combined Community Codec Pack 2007-07-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Counter-Strike™-->MsiExec.exe /I{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A} DC++ 0.706-->"C:\Program Files\DC++\uninstall.exe" DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DSound Stomp'n FX Vol.2 v1.0-->C:\audio\STOMPN~1\UNWISE.EXE C:\audio\STOMPN~1\INSTALL.LOG ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe" ffdshow [rev 1723] [2007-12-24]-->"C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\unins000.exe" GearBox 1.00 (Remove Only)-->C:\Program Files\Line6\GearBox\Uninstall.exe GearBox 3.00 (Remove Only)-->C:\Program Files\Line6\GearBox\Uninstall.exe Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" IK Multimedia Amplitube v1.3-->C:\PROGRA~1\IKMULT~1\AMPLIT~2\UNWISE.EXE C:\PROGRA~1\IKMULT~1\AMPLIT~2\INSTALL.LOG InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL Intel® Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Intel® PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe Java™ 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060} K-Lite Codec Pack 4.1.4 (Standard)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Korean Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ko.inf, Uninstall KTP Ware PS/2-WDM 5.0.1.9-->rundll32.exe "C:\Program Files\Elantech\KTUninst.dll",KTech_Uninstall 0 Lexmark 2400 Series-->C:\Program Files\Lexmark 2400 Series\Install\x86\Uninst.exe Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll" Line 6 Drivers 3.2.7.0 (Remove Only)-->C:\Program Files\Line6\Tools\Driver Archive\All Drivers\3.2.7.0\Uninstall.exe Line 6 Monkey 1.15 (Remove Only)-->C:\Program Files\Line6\Tools\Line 6 Monkey\Uninstall.exe Live 4.1.5-->C:\PROGRA~1\Ableton\LIVE41~1.5\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE41~1.5\Install\INSTALL.LOG LiveUpdate 3.0 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} mEoU-->MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F} mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28} Microsoft Global IME for Office XP (Korean)-->MsiExec.exe /X{A9CA9E18-F14C-4875-83A5-2CC40340FA95} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Kernel-Mode Driver Framework Feature Pack 1.1-->"C:\WINDOWS\$NtUninstallWdf01001$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office Professional Edition 2003-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 Player Utilities 4.00-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22} mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13} Multimedia / Internet Keyboard Driver VerR8.15-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0BD89C0-D39D-11D5-BBEC-00D0B740900A}\Setup.exe" -l0x9 mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Nero Digital-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL NeroVision Express Content-->C:\WINDOWS\UNNVEContent.exe /UNINSTALL Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7} Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall Real Alternative 1.52-->"C:\Program Files\Real Alternative\unins000.exe" REALTEK Gigabit and Fast Ethernet NIC Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94FB906A-CF42-4128-A509-D353026A607E}\Setup.exe" -l0x9 REMOVE Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly Rhapsody Player Engine-->MsiExec.exe /I{8A62A068-3FD6-495A-9F66-26FE94F32EC9} Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows XP (KB913433)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB913433.inf Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG StickMen War 2.5-->C:\Program Files\StickMen Screen Saver\Uninstal.exe SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Symantec AntiVirus-->MsiExec.exe /I{A011A1DC-7F1D-4EA8-BD11-0C5F9718E428} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Texas Instruments PCIxx21/x515/xx12 drivers.-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A} /l1033 TubeTilla-->MsiExec.exe /X{5701A652-0DCF-40FE-8040-5C09368EEFD6} TVersity Codec Pack 1.2-->C:\Program Files\TVersity Codec Pack\uninst.exe TVersity Media Server 1.0.0.11 RC7-->C:\Program Files\TVersity\Media Server\uninst.exe Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Veoh Web Player Beta-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe" VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u virtual pet Creature v4.2 beta 2-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\virtual pet Creature\ST6UNST.LOG" WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPcap 3.1-->C:\Program Files\WinPcap\uninstall.exe WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall Worms World Party-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A200E68-D5F4-4E70-910F-2871753A0E2B}\setup.exe" ======Security center information====== AV: Symantec AntiVirus Corporate Edition System event log Computer Name: OWNER-6F2653EF3 Event Code: 7035 Message: The Terminal Services service was successfully sent a start control. Record Number: 29300 Source Name: Service Control Manager Time Written: 20090108185949.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: OWNER-6F2653EF3 Event Code: 7036 Message: The Application Layer Gateway Service service entered the running state. Record Number: 29299 Source Name: Service Control Manager Time Written: 20090108185949.000000-300 Event Type: information User: Computer Name: OWNER-6F2653EF3 Event Code: 7035 Message: The Application Layer Gateway Service service was successfully sent a start control. Record Number: 29298 Source Name: Service Control Manager Time Written: 20090108185949.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Computer Name: OWNER-6F2653EF3 Event Code: 7036 Message: The Network Location Awareness (NLA) service entered the running state. Record Number: 29297 Source Name: Service Control Manager Time Written: 20090108185949.000000-300 Event Type: information User: Computer Name: OWNER-6F2653EF3 Event Code: 7035 Message: The Network Location Awareness (NLA) service was successfully sent a start control. Record Number: 29296 Source Name: Service Control Manager Time Written: 20090108185949.000000-300 Event Type: information User: NT AUTHORITY\SYSTEM Application event log Computer Name: OWNER-6F2653EF3 Event Code: 101 Message: msnmsgr (5220) The database engine stopped. Record Number: 27164 Source Name: ESENT Time Written: 20081025005921.000000-240 Event Type: information User: Computer Name: OWNER-6F2653EF3 Event Code: 103 Message: msnmsgr (5220) \\.\C:\Documents and Settings\Shem Han\Local Settings\Application Data\Microsoft\Messenger\elshemcampeador@hotmail.com\SharingMetadata\Working\database_868C_13B8_8C13_A1AB\dfsr.db: The database engine stopped the instance (0). Record Number: 27163 Source Name: ESENT Time Written: 20081025005921.000000-240 Event Type: information User: Computer Name: OWNER-6F2653EF3 Event Code: 704 Message: msnmsgr (5220) Online defragmentation of database '\\.\C:\Documents and Settings\Shem Han\Local Settings\Application Data\Microsoft\Messenger\elshemcampeador@hotmail.com\SharingMetadata\Working\database_868C_13B8_8C13_A1AB\dfsr.db' was interrupted and terminated. The next time online defragmentation is started on this database, it will resume from the point of interruption. Record Number: 27162 Source Name: ESENT Time Written: 20081025005920.000000-240 Event Type: information User: Computer Name: OWNER-6F2653EF3 Event Code: 701 Message: msnmsgr (5220) Online defragmentation has completed a full pass on database '\\.\C:\Documents and Settings\Shem Han\Local Settings\Application Data\Microsoft\Messenger\elshemcampeador@hotmail.com\SharingMetadata\Working\database_868C_13B8_8C13_A1AB\dfsr.db'. Record Number: 27161 Source Name: ESENT Time Written: 20081025000001.000000-240 Event Type: information User: Computer Name: OWNER-6F2653EF3 Event Code: 700 Message: msnmsgr (5220) Online defragmentation is beginning a full pass on database '\\.\C:\Documents and Settings\Shem Han\Local Settings\Application Data\Microsoft\Messenger\elshemcampeador@hotmail.com\SharingMetadata\Working\database_868C_13B8_8C13_A1AB\dfsr.db'. Record Number: 27160 Source Name: ESENT Time Written: 20081025000001.000000-240 Event Type: information User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0e08 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF-----------------

zoloft View Member Profile	Feb 13 2009, 12:23 PM Post #6
Member Posts: 55 OS: windows xp	gmer log. thanks man appreciate your help GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-02-13 13:23:22 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT 842886D0 ZwAlertResumeThread SSDT 84288790 ZwAlertThread SSDT 842B95B0 ZwAllocateVirtualMemory SSDT 842E1520 ZwConnectPort SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xAAA2C300] SSDT 84288908 ZwCreateMutant SSDT 842BE730 ZwCreateThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xAAA2CCB0] SSDT sphq.sys ZwEnumerateKey [0xF73DCCA2] SSDT sphq.sys ZwEnumerateValueKey [0xF73DD030] SSDT 842B94F0 ZwFreeVirtualMemory SSDT 842889C8 ZwImpersonateAnonymousToken SSDT 84288A88 ZwImpersonateThread SSDT 84294FB0 ZwMapViewOfSection SSDT 84288C78 ZwOpenEvent SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xAAA2CA50] SSDT 842CEF48 ZwOpenProcessToken SSDT 842CF4B8 ZwOpenThreadToken SSDT sphq.sys ZwQueryKey [0xF73DD108] SSDT 84288B88 ZwQueryValueKey SSDT 8428D490 ZwResumeThread SSDT 8428B370 ZwSetContextThread SSDT 842CF578 ZwSetInformationProcess SSDT 8428B2B0 ZwSetInformationThread SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xAAA2CF10] SSDT 842CF178 ZwSuspendProcess SSDT 84285300 ZwSuspendThread SSDT 84294EC8 ZwTerminateProcess SSDT 842853C0 ZwTerminateThread SSDT 8429F930 ZwUnmapViewOfSection SSDT 8429FAC0 ZwWriteVirtualMemory INT 0x62 ? 871B9BF8 INT 0x63 ? 871B9BF8 INT 0x63 ? 871B9BF8 INT 0x63 ? 8712BF00 INT 0x63 ? 871B9BF8 INT 0x83 ? 8712BF00 INT 0x94 ? 8712BF00 INT 0xA4 ? 8712BF00 ---- Kernel code sections - GMER 1.0.14 ---- ? sphq.sys The system cannot find the file specified. ! .text USBPORT.SYS!DllUnload F6E528AC 5 Bytes JMP 8712B4E0 .text ajqlwrv5.SYS F6D81386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ] .text ajqlwrv5.SYS F6D813AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ] .text ajqlwrv5.SYS F6D813C4 3 Bytes [ 00, 70, 02 ] .text ajqlwrv5.SYS F6D813C9 1 Byte [ 2E ] .text ajqlwrv5.SYS F6D813CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ] .text ... ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F73BF040] sphq.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F73BF13C] sphq.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F73BF0BE] sphq.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F73BF7FC] sphq.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F73BF6D2] sphq.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F73CF048] sphq.sys IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!KeGetCurrentIrql] 57B80974 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!KfRaiseIrql] 8B000000 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!KfLowerIrql] 56C35DE5 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!HalGetInterruptVector] 8D08758B IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520 IAT \SystemRoot\System32\Drivers\ajqlwrv5.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185 ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 871B71F8 AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\usbuhci \Device\USBPDO-0 8712C500 Device \Driver\dmio \Device\DmControl\DmIoDaemon 871711F8 Device \Driver\dmio \Device\DmControl\DmConfig 871711F8 Device \Driver\dmio \Device\DmControl\DmPnP 871711F8 Device \Driver\dmio \Device\DmControl\DmInfo 871711F8 Device \Driver\usbuhci \Device\USBPDO-1 8712C500 Device \Driver\usbuhci \Device\USBPDO-2 8712C500 Device \Driver\usbehci \Device\USBPDO-3 86FF41F8 Device \Driver\usbuhci \Device\USBPDO-4 8712C500 AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\PCI_PNP6628 \Device\00000063 sphq.sys Device \Driver\PCI_PNP6628 \Device\00000063 sphq.sys Device \Driver\Ftdisk \Device\HarddiskVolume1 871BA1F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{0383132F-CEF7-434E-A565-2F24A887C9D8} 84295500 Device \Driver\Cdrom \Device\CdRom0 86FE11F8 Device \Driver\Cdrom \Device\CdRom1 86FE11F8 Device \Driver\sptd \Device\1796715378 sphq.sys Device \Driver\NetBT \Device\NetBT_Tcpip_{AE8ED111-E0A4-431D-95DF-42AE25DC57CE} 84295500 Device \Driver\NetBT \Device\NetBt_Wins_Export 84295500 Device \Driver\NetBT \Device\NetbiosSmb 84295500 AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation) Device \Driver\usbuhci \Device\USBFDO-0 8712C500 Device \Driver\usbuhci \Device\USBFDO-1 8712C500 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8427D500 Device \Driver\usbuhci \Device\USBFDO-2 8712C500 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8427D500 Device \Driver\usbuhci \Device\USBFDO-3 8712C500 Device \Driver\usbehci \Device\USBFDO-4 86FF41F8 Device \Driver\Ftdisk \Device\FtControl 871BA1F8 Device \Driver\ajqlwrv5 \Device\Scsi\ajqlwrv51Port3Path0Target0Lun0 86FDF500 Device \Driver\ajqlwrv5 \Device\Scsi\ajqlwrv51 86FDF500 Device \FileSystem\Cdfs \Cdfs 8424A1F8 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 326211902 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -976890959 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0x10 0xA9 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0xC4 0x3F 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x2C 0x83 0x50 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x39 0x09 0x48 0x31 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2B 0x79 0xB7 0x38 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x8F 0x2A 0x3E 0x39 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x00 0xD4 0x77 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xF1 0x06 0x60 0x20 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x2D 0x36 0x48 0x29 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x39 0x09 0x48 0x31 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2B 0x79 0xB7 0x38 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x8F 0x2A 0x3E 0x39 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0x77 0xD2 0x68 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x3F 0xA1 0x5C 0xA8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x74 0xB2 0xEE ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xA8 0x9D 0xB5 0x0C ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x93 0x54 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0xA4 0x18 0xF0 0x43 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0x10 0xA9 0x10 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0xC4 0x3F 0x69 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x2C 0x83 0x50 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x39 0x09 0x48 0x31 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2B 0x79 0xB7 0x38 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x8F 0x2A 0x3E 0x39 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0x10 0xA9 0x10 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0xC4 0x3F 0x69 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x2C 0x83 0x50 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x39 0x09 0x48 0x31 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2B 0x79 0xB7 0x38 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x8F 0x2A 0x3E 0x39 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x95 0x10 0xA9 0x10 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xFD 0xC4 0x3F 0x69 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC9 0x2C 0x83 0x50 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x39 0x09 0x48 0x31 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x2B 0x79 0xB7 0x38 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x8F 0x2A 0x3E 0x39 ... Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FriendlyName Indeo? video 5.10 Compression Filter Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436} Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@FilterData 0x02 0x00 0x00 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo?video 5.10 Compression Filter@EncoderType 1 ---- Files - GMER 1.0.14 ---- File C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\Cache\67F53E62d01 0 bytes File C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\Cache\2A15C2ADd01 17257 bytes File C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\Cache\B41104EFd01 35879 bytes ---- EOF - GMER 1.0.14 ----

fenzodahl512 View Member Profile	Feb 13 2009, 01:12 PM Post #7
Trusted Helper Posts: 9,275 OS: Windows XP	Please download the OTMoveIt3 by OldTimer Save it to your Desktop. Please double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator") Let the Unregister Dll's and Ocx's remain ticked and Zip Files After Moves remain unticked.. Copy the codebox contents and paste it to the "Paste List of Files/Folders to Move" window (under the light Yellow bar) CODE :files C:\WINDOWS\system32\SET.tmp :commands [purity] [emptytemp] Click the red Moveit!* button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply. Close OTMoveIt3 If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. Then please run RSIT again.. Post these logs in your next reply.. Post each log in separate post.. 1. OTMoveIt3 2. RSIT log.txt

zoloft View Member Profile	Feb 13 2009, 02:06 PM Post #8
Member Posts: 55 OS: windows xp	the first one..... ========== FILES ========== C:\WINDOWS\system32\SET101B.tmp moved successfully. C:\WINDOWS\system32\SET128F.tmp moved successfully. C:\WINDOWS\system32\SET1294.tmp moved successfully. C:\WINDOWS\system32\SET12A5.tmp moved successfully. C:\WINDOWS\system32\SET12AD.tmp moved successfully. C:\WINDOWS\system32\SET12AE.tmp moved successfully. C:\WINDOWS\system32\SET12BC.tmp moved successfully. C:\WINDOWS\system32\SET144.tmp moved successfully. C:\WINDOWS\system32\SET145.tmp moved successfully. C:\WINDOWS\system32\SET147.tmp moved successfully. C:\WINDOWS\system32\SET149.tmp moved successfully. C:\WINDOWS\system32\SET14B.tmp moved successfully. C:\WINDOWS\system32\SET152.tmp moved successfully. C:\WINDOWS\system32\SET153.tmp moved successfully. C:\WINDOWS\system32\SET156.tmp moved successfully. C:\WINDOWS\system32\SET15C.tmp moved successfully. C:\WINDOWS\system32\SET15E.tmp moved successfully. C:\WINDOWS\system32\SET15F.tmp moved successfully. C:\WINDOWS\system32\SET162.tmp moved successfully. C:\WINDOWS\system32\SET163.tmp moved successfully. C:\WINDOWS\system32\SET164.tmp moved successfully. C:\WINDOWS\system32\SET166.tmp moved successfully. C:\WINDOWS\system32\SET167.tmp moved successfully. C:\WINDOWS\system32\SET16A.tmp moved successfully. C:\WINDOWS\system32\SET16B.tmp moved successfully. C:\WINDOWS\system32\SET16C.tmp moved successfully. C:\WINDOWS\system32\SET172.tmp moved successfully. C:\WINDOWS\system32\SET179.tmp moved successfully. C:\WINDOWS\system32\SET17A.tmp moved successfully. C:\WINDOWS\system32\SET17B.tmp moved successfully. C:\WINDOWS\system32\SET17E.tmp moved successfully. C:\WINDOWS\system32\SET180.tmp moved successfully. C:\WINDOWS\system32\SET182.tmp moved successfully. C:\WINDOWS\system32\SET189.tmp moved successfully. C:\WINDOWS\system32\SET18B.tmp moved successfully. C:\WINDOWS\system32\SET18C.tmp moved successfully. C:\WINDOWS\system32\SET18D.tmp moved successfully. C:\WINDOWS\system32\SET18F.tmp moved successfully. C:\WINDOWS\system32\SET194.tmp moved successfully. C:\WINDOWS\system32\SET195.tmp moved successfully. C:\WINDOWS\system32\SET196.tmp moved successfully. C:\WINDOWS\system32\SET197.tmp moved successfully. C:\WINDOWS\system32\SET19A.tmp moved successfully. C:\WINDOWS\system32\SET1A0.tmp moved successfully. C:\WINDOWS\system32\SET1A6.tmp moved successfully. C:\WINDOWS\system32\SET1A7.tmp moved successfully. C:\WINDOWS\system32\SET1A8.tmp moved successfully. C:\WINDOWS\system32\SET1AA.tmp moved successfully. C:\WINDOWS\system32\SET1AD.tmp moved successfully. C:\WINDOWS\system32\SET1AE.tmp moved successfully. C:\WINDOWS\system32\SET1AF.tmp moved successfully. C:\WINDOWS\system32\SET1B5.tmp moved successfully. C:\WINDOWS\system32\SET1B6.tmp moved successfully. C:\WINDOWS\system32\SET1B9.tmp moved successfully. C:\WINDOWS\system32\SET1BC.tmp moved successfully. C:\WINDOWS\system32\SET1BD.tmp moved successfully. C:\WINDOWS\system32\SET1C6.tmp moved successfully. C:\WINDOWS\system32\SET1C7.tmp moved successfully. C:\WINDOWS\system32\SET1CA.tmp moved successfully. C:\WINDOWS\system32\SET1CC.tmp moved successfully. C:\WINDOWS\system32\SET1CD.tmp moved successfully. C:\WINDOWS\system32\SET1CE.tmp moved successfully. C:\WINDOWS\system32\SET1CF.tmp moved successfully. C:\WINDOWS\system32\SET1D0.tmp moved successfully. C:\WINDOWS\system32\SET1D1.tmp moved successfully. C:\WINDOWS\system32\SET1E1.tmp moved successfully. C:\WINDOWS\system32\SET1E6.tmp moved successfully. C:\WINDOWS\system32\SET1E8.tmp moved successfully. C:\WINDOWS\system32\SET1EA.tmp moved successfully. C:\WINDOWS\system32\SET1EB.tmp moved successfully. C:\WINDOWS\system32\SET1EC.tmp moved successfully. C:\WINDOWS\system32\SET1EF.tmp moved successfully. C:\WINDOWS\system32\SET1F0.tmp moved successfully. C:\WINDOWS\system32\SET1F4.tmp moved successfully. C:\WINDOWS\system32\SET1F5.tmp moved successfully. C:\WINDOWS\system32\SET1F8.tmp moved successfully. C:\WINDOWS\system32\SET1F9.tmp moved successfully. C:\WINDOWS\system32\SET1FA.tmp moved successfully. C:\WINDOWS\system32\SET200.tmp moved successfully. C:\WINDOWS\system32\SET201.tmp moved successfully. C:\WINDOWS\system32\SET20A.tmp moved successfully. C:\WINDOWS\system32\SET210.tmp moved successfully. C:\WINDOWS\system32\SET211.tmp moved successfully. C:\WINDOWS\system32\SET212.tmp moved successfully. C:\WINDOWS\system32\SET214.tmp moved successfully. C:\WINDOWS\system32\SET216.tmp moved successfully. C:\WINDOWS\system32\SET21C.tmp moved successfully. C:\WINDOWS\system32\SET228.tmp moved successfully. C:\WINDOWS\system32\SET22A.tmp moved successfully. C:\WINDOWS\system32\SET22C.tmp moved successfully. C:\WINDOWS\system32\SET22D.tmp moved successfully. C:\WINDOWS\system32\SET22E.tmp moved successfully. C:\WINDOWS\system32\SET232.tmp moved successfully. C:\WINDOWS\system32\SET23A.tmp moved successfully. C:\WINDOWS\system32\SET23C.tmp moved successfully. C:\WINDOWS\system32\SET23D.tmp moved successfully. C:\WINDOWS\system32\SET240.tmp moved successfully. C:\WINDOWS\system32\SET242.tmp moved successfully. C:\WINDOWS\system32\SET245.tmp moved successfully. C:\WINDOWS\system32\SET256.tmp moved successfully. C:\WINDOWS\system32\SET258.tmp moved successfully. C:\WINDOWS\system32\SET259.tmp moved successfully. C:\WINDOWS\system32\SET25A.tmp moved successfully. C:\WINDOWS\system32\SET261.tmp moved successfully. C:\WINDOWS\system32\SET262.tmp moved successfully. C:\WINDOWS\system32\SET265.tmp moved successfully. C:\WINDOWS\system32\SET266.tmp moved successfully. C:\WINDOWS\system32\SET267.tmp moved successfully. C:\WINDOWS\system32\SET268.tmp moved successfully. C:\WINDOWS\system32\SET269.tmp moved successfully. C:\WINDOWS\system32\SET26B.tmp moved successfully. C:\WINDOWS\system32\SET26C.tmp moved successfully. C:\WINDOWS\system32\SET26D.tmp moved successfully. C:\WINDOWS\system32\SET26F.tmp moved successfully. C:\WINDOWS\system32\SET270.tmp moved successfully. C:\WINDOWS\system32\SET271.tmp moved successfully. C:\WINDOWS\system32\SET273.tmp moved successfully. C:\WINDOWS\system32\SET276.tmp moved successfully. C:\WINDOWS\system32\SET27B.tmp moved successfully. C:\WINDOWS\system32\SET27C.tmp moved successfully. C:\WINDOWS\system32\SET27D.tmp moved successfully. C:\WINDOWS\system32\SET282.tmp moved successfully. C:\WINDOWS\system32\SET283.tmp moved successfully. C:\WINDOWS\system32\SET284.tmp moved successfully. C:\WINDOWS\system32\SET286.tmp moved successfully. C:\WINDOWS\system32\SET289.tmp moved successfully. C:\WINDOWS\system32\SET28B.tmp moved successfully. C:\WINDOWS\system32\SET28C.tmp moved successfully. C:\WINDOWS\system32\SET28F.tmp moved successfully. C:\WINDOWS\system32\SET290.tmp moved successfully. C:\WINDOWS\system32\SET293.tmp moved successfully. C:\WINDOWS\system32\SET296.tmp moved successfully. C:\WINDOWS\system32\SET297.tmp moved successfully. C:\WINDOWS\system32\SET29E.tmp moved successfully. C:\WINDOWS\system32\SET2A0.tmp moved successfully. C:\WINDOWS\system32\SET2A3.tmp moved successfully. C:\WINDOWS\system32\SET2A8.tmp moved successfully. C:\WINDOWS\system32\SET2A9.tmp moved successfully. C:\WINDOWS\system32\SET2AC.tmp moved successfully. C:\WINDOWS\system32\SET2AD.tmp moved successfully. C:\WINDOWS\system32\SET2B3.tmp moved successfully. C:\WINDOWS\system32\SET2B4.tmp moved successfully. C:\WINDOWS\system32\SET2B6.tmp moved successfully. C:\WINDOWS\system32\SET2B7.tmp moved successfully. C:\WINDOWS\system32\SET2B8.tmp moved successfully. C:\WINDOWS\system32\SET2BC.tmp moved successfully. C:\WINDOWS\system32\SET2BE.tmp moved successfully. C:\WINDOWS\system32\SET2BF.tmp moved successfully. C:\WINDOWS\system32\SET2C0.tmp moved successfully. C:\WINDOWS\system32\SET2C1.tmp moved successfully. C:\WINDOWS\system32\SET2C2.tmp moved successfully. C:\WINDOWS\system32\SET2C3.tmp moved successfully. C:\WINDOWS\system32\SET2C5.tmp moved successfully. C:\WINDOWS\system32\SET2C7.tmp moved successfully. C:\WINDOWS\system32\SET2CA.tmp moved successfully. C:\WINDOWS\system32\SET2D2.tmp moved successfully. C:\WINDOWS\system32\SET2D4.tmp moved successfully. C:\WINDOWS\system32\SET2D6.tmp moved successfully. C:\WINDOWS\system32\SET2D7.tmp moved successfully. C:\WINDOWS\system32\SET2D8.tmp moved successfully. C:\WINDOWS\system32\SET2DA.tmp moved successfully. C:\WINDOWS\system32\SET2DC.tmp moved successfully. C:\WINDOWS\system32\SET2E1.tmp moved successfully. C:\WINDOWS\system32\SET2E3.tmp moved successfully. C:\WINDOWS\system32\SET2E4.tmp moved successfully. C:\WINDOWS\system32\SET2EB.tmp moved successfully. C:\WINDOWS\system32\SET2F6.tmp moved successfully. C:\WINDOWS\system32\SET2FA.tmp moved successfully. C:\WINDOWS\system32\SET2FB.tmp moved successfully. C:\WINDOWS\system32\SET2FC.tmp moved successfully. C:\WINDOWS\system32\SET2FF.tmp moved successfully. C:\WINDOWS\system32\SET307.tmp moved successfully. C:\WINDOWS\system32\SET309.tmp moved successfully. C:\WINDOWS\system32\SET30F.tmp moved successfully. C:\WINDOWS\system32\SET311.tmp moved successfully. C:\WINDOWS\system32\SET317.tmp moved successfully. C:\WINDOWS\system32\SET318.tmp moved successfully. C:\WINDOWS\system32\SET31A.tmp moved successfully. C:\WINDOWS\system32\SET31B.tmp moved successfully. C:\WINDOWS\system32\SET31D.tmp moved successfully. C:\WINDOWS\system32\SET327.tmp moved successfully. C:\WINDOWS\system32\SET337.tmp moved successfully. C:\WINDOWS\system32\SET33B.tmp moved successfully. C:\WINDOWS\system32\SET33D.tmp moved successfully. C:\WINDOWS\system32\SET33F.tmp moved successfully. C:\WINDOWS\system32\SET343.tmp moved successfully. C:\WINDOWS\system32\SET345.tmp moved successfully. C:\WINDOWS\system32\SET347.tmp moved successfully. C:\WINDOWS\system32\SET349.tmp moved successfully. C:\WINDOWS\system32\SET35A.tmp moved successfully. C:\WINDOWS\system32\SET360.tmp moved successfully. C:\WINDOWS\system32\SET362.tmp moved successfully. C:\WINDOWS\system32\SET363.tmp moved successfully. C:\WINDOWS\system32\SET365.tmp moved successfully. C:\WINDOWS\system32\SET368.tmp moved successfully. C:\WINDOWS\system32\SET369.tmp moved successfully. C:\WINDOWS\system32\SET36D.tmp moved successfully. C:\WINDOWS\system32\SET37C.tmp moved successfully. C:\WINDOWS\system32\SET37E.tmp moved successfully. C:\WINDOWS\system32\SET37F.tmp moved successfully. C:\WINDOWS\system32\SET380.tmp moved successfully. C:\WINDOWS\system32\SET388.tmp moved successfully. C:\WINDOWS\system32\SET38C.tmp moved successfully. C:\WINDOWS\system32\SET391.tmp moved successfully. C:\WINDOWS\system32\SET397.tmp moved successfully. C:\WINDOWS\system32\SET3A0.tmp moved successfully. C:\WINDOWS\system32\SET3A8.tmp moved successfully. C:\WINDOWS\system32\SET3A9.tmp moved successfully. C:\WINDOWS\system32\SET3AE.tmp moved successfully. C:\WINDOWS\system32\SET3C8.tmp moved successfully. C:\WINDOWS\system32\SET3CA.tmp moved successfully. C:\WINDOWS\system32\SET3CB.tmp moved successfully. C:\WINDOWS\system32\SET3CE.tmp moved successfully. C:\WINDOWS\system32\SET3D3.tmp moved successfully. C:\WINDOWS\system32\SET3D6.tmp moved successfully. C:\WINDOWS\system32\SET3DA.tmp moved successfully. C:\WINDOWS\system32\SET3DD.tmp moved successfully. C:\WINDOWS\system32\SET3DE.tmp moved successfully. C:\WINDOWS\system32\SET3DF.tmp moved successfully. C:\WINDOWS\system32\SET3E1.tmp moved successfully. C:\WINDOWS\system32\SET3E2.tmp moved successfully. C:\WINDOWS\system32\SET3E3.tmp moved successfully. C:\WINDOWS\system32\SET3E4.tmp moved successfully. C:\WINDOWS\system32\SET3E6.tmp moved successfully. C:\WINDOWS\system32\SET3E8.tmp moved successfully. C:\WINDOWS\system32\SET3E9.tmp moved successfully. C:\WINDOWS\system32\SET3EB.tmp moved successfully. C:\WINDOWS\system32\SET3EC.tmp moved successfully. C:\WINDOWS\system32\SET3EE.tmp moved successfully. C:\WINDOWS\system32\SET3F0.tmp moved successfully. C:\WINDOWS\system32\SET3F5.tmp moved successfully. C:\WINDOWS\system32\SET3F6.tmp moved successfully. C:\WINDOWS\system32\SET3FE.tmp moved successfully. C:\WINDOWS\system32\SET405.tmp moved successfully. C:\WINDOWS\system32\SET40C.tmp moved successfully. C:\WINDOWS\system32\SET410.tmp moved successfully. C:\WINDOWS\system32\SET413.tmp moved successfully. C:\WINDOWS\system32\SET415.tmp moved successfully. C:\WINDOWS\system32\SET419.tmp moved successfully. C:\WINDOWS\system32\SET41C.tmp moved successfully. C:\WINDOWS\system32\SET41D.tmp moved successfully. C:\WINDOWS\system32\SET41E.tmp moved successfully. C:\WINDOWS\system32\SET421.tmp moved successfully. C:\WINDOWS\system32\SET422.tmp moved successfully. C:\WINDOWS\system32\SET426.tmp moved successfully. C:\WINDOWS\system32\SET427.tmp moved successfully. C:\WINDOWS\system32\SET42C.tmp moved successfully. C:\WINDOWS\system32\SET432.tmp moved successfully. C:\WINDOWS\system32\SET435.tmp moved successfully. C:\WINDOWS\system32\SET439.tmp moved successfully. C:\WINDOWS\system32\SET43B.tmp moved successfully. C:\WINDOWS\system32\SET43D.tmp moved successfully. C:\WINDOWS\system32\SET5DE.tmp moved successfully. C:\WINDOWS\system32\SET5E4.tmp moved successfully. C:\WINDOWS\system32\SETFE0.tmp moved successfully. C:\WINDOWS\system32\SETFE1.tmp moved successfully. C:\WINDOWS\system32\SETFE4.tmp moved successfully. C:\WINDOWS\system32\SETFE9.tmp moved successfully. ========== COMMANDS ========== File delete failed. C:\DOCUME~1\SHEMHA~1\LOCALS~1\Temp\etilqs_i6Zy5WoeDjEz5z3IgjsQ scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. Local Service Temporary Internet Files folder emptied. Windows Temp folder emptied. Java cache emptied. File delete failed. C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Documents and Settings\Shem Han\Local Settings\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02132009_141601

zoloft View Member Profile	Feb 13 2009, 02:06 PM Post #9
Member Posts: 55 OS: windows xp	and the log Logfile of random's system information tool 1.05 (written by random/random) Run by Shem Han at 2009-02-13 15:04:01 Microsoft Windows XP Professional Service Pack 3 System drive C: has 29 GB (38%) free of 76 GB Total RAM: 1014 MB (37% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:04:05 PM, on 2/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\medctrro.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\lxcrcoms.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Shem Han\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Shem Han.exe R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (file missing) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .line6.net O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154835520453 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11827 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}] Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll [2008-03-25 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}] Viewpoint Toolbar BHO - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320] {E0E899AB-F487-11D5-8D29-0050BA6940E3} {D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-08-28 352256] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray"=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-01-11 15961088] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2005-11-09 557056] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-02-06 94208] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-02-06 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-02-06 118784] "KTPWare"=C:\Program Files\Elantech\ktp.exe [2005-10-26 512000] "CHotkey"=C:\WINDOWS\mHotkey.exe [2001-12-26 472576] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-05 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-11-28 602182] "EOUApp"=C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [2005-11-28 569413] "Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-03-10 28160] "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952] "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2004-08-04 44032] "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392] "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168] "imekrmig"=C:\IME\IMKR\imekrmig.exe [2001-01-09 44544] "ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2006-03-24 53408] "vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2006-05-27 124656] "LXCRCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll [] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe [] "UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u [] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768] "OneCareUI"=C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe [] "mmtask"=c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe [] "lxcrmon.exe"=C:\Program Files\Lexmark 2400 Series\lxcrmon.exe [2006-01-22 286720] "Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup [] "FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 290816] "EzPrint"=C:\Program Files\Lexmark 2400 Series\ezprint.exe [2006-02-07 98304] "AVG7_CC"=C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360] "Aim6"= [] "msnmsgr"=C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] C:\Program Files\AIM95\aim.exe [2006-08-01 67112] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] C:\Program Files\DAEMON Tools\daemon.exe -lang 1033 [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM] C:\Program Files\AIM95\\DeadAIM.ocm [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-13 67128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\oovoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] C:\Program Files\Steam\Steam.exe [2008-10-25 1410296] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2008-08-29 1576176] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] C:\Program Files\Veoh Networks\Veoh\VeohClient.exe [2008-09-26 3660848] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-10-09 3502840] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2007-02-13 67128] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [2005-03-31 438272] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] C:\PROGRA~1\WinZip\WZQKPICK.EXE [2006-02-16 122880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-08-29 352256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2006-02-06 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] C:\WINDOWS\system32\NavLogon.dll [2006-05-27 43760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-22 77824] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "RunStartupScriptSync"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "RunStartupScriptSync"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=149 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Warcraft III\Frozen Throne.exe"="C:\Program Files\Warcraft III\Frozen Throne.exe::Enabled:Warcraft III - The Frozen Throne" "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:LocalSubNet:Enabled:Remote Assistance" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\DC++\DCPlusPlus.exe"="C:\Program Files\DC++\DCPlusPlus.exe::Enabled:DCPlusPlus" "C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe::Enabled:AOL Instant Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe::Enabled:AOL Loader" "C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe::Enabled:�IiTorrent" "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe::Enabled:Launch VeohTV BETA" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe::Enabled:PnkBstrA" "C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe::Enabled:PnkBstrB" "C:\Nexon\MapleStory\MapleStory.exe"="C:\Nexon\MapleStory\MapleStory.exe::Enabled:MapleStory" "C:\Nexon\MapleStory\Patcher.exe"="C:\Nexon\MapleStory\Patcher.exe::Enabled:Patcher" "C:\Nexon\MapleStory\NewPatcher.exe"="C:\Nexon\MapleStory\NewPatcher.exe::Enabled:NewPatcher" "C:\Program Files\TVersity\Media Server\MediaServer.exe"="C:\Program Files\TVersity\Media Server\MediaServer.exe::Enabled:TVersity Media Server" "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe::Enabled:Malwarebytes' Anti-Malware" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe::Enabled:Windows Live Messenger 8.0 (Phone)" "C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe::Enabled:AOL Instant Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe::Enabled:Logitech Desktop Messenger" "C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\x61.exe shell\open\command - I:\x61.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077fbf49-7833-11dc-99f3-00130244c4bb}] shell\AutoRun\command - iutox.bat shell\open\command - iutox.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd74896-f75b-11da-b7e3-0090f54bb10f}] shell\AutoRun\command - E:\pstart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206800e4-033a-11dd-9a2c-0090f54f4a35}] shell\AutoRun\command - F:\ew.cmd shell\open\command - F:\ew.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b2502a-e046-11dc-9a21-0090f54f4a35}] shell\AutoRun\command - I:\setupSNK.exe ======File associations====== .reg - open - regedit.exe "%1" % .scr - open - "%1" %* ======List of files/folders created in the last 3 months====== 2009-02-13 14:31:39 ----A---- C:\WINDOWS\system32\msln.exe 2009-02-13 14:16:01 ----D---- C:\_OTMoveIt 2009-02-13 13:03:22 ----A---- C:\WINDOWS\gmer.ini 2009-02-13 13:03:20 ----A---- C:\WINDOWS\gmer_uninstall.cmd 2009-02-13 13:03:20 ----A---- C:\WINDOWS\gmer.exe 2009-02-13 13:03:20 ----A---- C:\WINDOWS\gmer.dll 2009-02-13 12:59:06 ----D---- C:\rsit 2009-02-09 22:43:23 ----D---- C:\Program Files\Common Files\MainConcept 2009-02-09 22:41:59 ----D---- C:\Program Files\Common Files\i4j_jres 2009-02-09 22:41:44 ----D---- C:\Program Files\SimpleCenter 2009-02-09 02:33:51 ----D---- C:\Rohan_USA 2009-02-02 20:26:47 ----D---- C:\Program Files\CDisplay 2009-01-27 21:01:42 ----D---- C:\VundoFix Backups 2009-01-27 21:01:42 ----A---- C:\VundoFix.txt 2009-01-26 03:08:06 ----D---- C:\WINDOWS\Prefetch 2009-01-26 02:58:04 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-01-26 02:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-01-26 02:57:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-01-26 02:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-01-26 02:57:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-01-26 02:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$ 2009-01-26 02:57:16 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-01-26 02:57:09 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-01-26 02:57:02 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-01-26 02:56:54 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-01-26 02:53:06 ----A---- C:\WINDOWS\setuplog.txt 2009-01-26 02:39:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-01-26 02:32:02 ----N---- C:\WINDOWS\system32\wmphoto.dll 2009-01-26 02:32:01 ----N---- C:\WINDOWS\system32\wlanapi.dll 2009-01-26 02:31:59 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2009-01-26 02:31:59 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2009-01-26 02:31:51 ----N---- C:\WINDOWS\system32\tspkg.dll 2009-01-26 02:31:51 ----N---- C:\WINDOWS\system32\tsgqec.dll 2009-01-26 02:31:38 ----N---- C:\WINDOWS\system32\setupn.exe 2009-01-26 02:31:32 ----N---- C:\WINDOWS\system32\rhttpaa.dll 2009-01-26 02:31:31 ----N---- C:\WINDOWS\system32\rasqec.dll 2009-01-26 02:31:30 ----N---- C:\WINDOWS\system32\qutil.dll 2009-01-26 02:31:29 ----N---- C:\WINDOWS\system32\qcliprov.dll 2009-01-26 02:31:29 ----N---- C:\WINDOWS\system32\qagentrt.dll 2009-01-26 02:31:28 ----N---- C:\WINDOWS\system32\qagent.dll 2009-01-26 02:31:27 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2009-01-26 02:31:25 ----N---- C:\WINDOWS\system32\onex.dll 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\napstat.exe 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\napmontr.dll 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\napipsec.dll 2009-01-26 02:31:15 ----N---- C:\WINDOWS\system32\msxml6r.dll 2009-01-26 02:31:14 ----N---- C:\WINDOWS\system32\msxml6.dll 2009-01-26 02:31:13 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2009-01-26 02:31:13 ----N---- C:\WINDOWS\system32\mssha.dll 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\mmcperf.exe 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\mmcex.dll 2009-01-26 02:30:58 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2009-01-26 02:30:43 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2009-01-26 02:30:42 ----N---- C:\WINDOWS\system32\kmsvc.dll 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdpash.dll 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2009-01-26 02:30:41 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2009-01-26 02:30:16 ----A---- C:\WINDOWS\003761_.tmp 2009-01-26 02:30:15 ----A---- C:\WINDOWS\SET464.tmp 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapsvc.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapqec.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eappprxy.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapphost.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eappgnui.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eappcfg.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2009-01-26 02:30:13 ----N---- C:\WINDOWS\system32\eapolqec.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3ui.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3svc.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3msm.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2009-01-26 02:30:10 ----N---- C:\WINDOWS\system32\dot3api.dll 2009-01-26 02:30:09 ----N---- C:\WINDOWS\system32\dimsroam.dll 2009-01-26 02:30:09 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2009-01-26 02:30:08 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2009-01-26 02:30:06 ----N---- C:\WINDOWS\system32\credssp.dll 2009-01-26 02:30:01 ----N---- C:\WINDOWS\system32\azroles.dll 2009-01-26 02:29:52 ----N---- C:\WINDOWS\system32\aaclient.dll 2009-01-26 01:25:46 ----D---- C:\29f5d0ab55d567ac0e6b 2009-01-25 21:49:52 ----A---- C:\WINDOWS\system32\MRT.INI 2009-01-25 21:47:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-01-20 00:03:03 ----D---- C:\Program Files\uTorrent 2009-01-20 00:02:57 ----D---- C:\Documents and Settings\Shem Han\Application Data\uTorrent 2009-01-16 20:03:23 ----A---- C:\WINDOWS\system32\unrar.dll 2009-01-16 20:03:21 ----A---- C:\WINDOWS\avisplitter.ini 2009-01-16 20:03:19 ----D---- C:\Program Files\K-Lite Codec Pack 2009-01-16 20:03:16 ----D---- C:\Program Files\AviSynth 2.5 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\WMAFile.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudPlayer.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudioVisu.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudioRecord.dll 2009-01-16 19:47:47 ----A---- C:\WINDOWS\system32\AudioInfos.dll 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\VB6FR.DLL 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\TABCTFR.DLL 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\inetfr.DLL 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\AudFile.dll 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\AudDisplay.dll 2009-01-16 19:47:46 ----A---- C:\WINDOWS\system32\AudDesign.dll 2009-01-16 19:47:45 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL 2009-01-16 19:47:45 ----A---- C:\WINDOWS\system32\Mscc2fr.dll 2009-01-16 19:47:45 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL 2009-01-15 23:51:12 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy) 2009-01-15 23:51:12 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy) 2009-01-15 23:51:12 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-15 23:51:12 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy) 2009-01-12 21:36:33 ----A---- C:\WINDOWS\AhnRpta.exe 2009-01-10 18:57:48 ----A---- C:\WINDOWS\expiorer.exe 2009-01-09 00:32:28 ----D---- C:\Program Files\ERUNT 2009-01-09 00:18:59 ----ASH---- C:\WINDOWS\system32\emvwideg.ini 2009-01-08 23:24:36 ----D---- C:\Documents and Settings\All Users\Application Data\SITEguard 2009-01-08 23:23:24 ----D---- C:\Program Files\Common Files\iS3 2009-01-08 23:23:23 ----D---- C:\Documents and Settings\All Users\Application Data\STOPzilla! 2009-01-08 19:14:59 ----A---- C:\WINDOWS\system32\8730657a-.txt 2009-01-06 00:09:50 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest 2009-01-06 00:09:50 ----A---- C:\WINDOWS\system32\ff_vfw.dll 2009-01-06 00:09:49 ----A---- C:\WINDOWS\system32\pthreadGC2.dll 2009-01-06 00:06:38 ----D---- C:\Program Files\TVersity Codec Pack 2009-01-06 00:04:45 ----D---- C:\Program Files\TVersity 2008-12-27 23:41:37 ----D---- C:\Program Files\oovooToolbar 2008-12-21 05:13:07 ----D---- C:\Documents and Settings\Shem Han\Application Data\InstallShield 2008-12-21 05:02:38 ----A---- C:\WINDOWS\system32\ascbalon.dll 2008-12-21 05:02:36 ----A---- C:\WINDOWS\system32\SysRestore.dll 2008-12-21 05:02:36 ----A---- C:\WINDOWS\system32\CreateLog.dll 2008-12-21 05:02:35 ----A---- C:\WINDOWS\system32\ConTest.dll 2008-12-21 05:02:28 ----D---- C:\Program Files\Ascentive 2008-12-12 03:07:50 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2008-12-12 03:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2008-12-12 03:01:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2008-12-12 03:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2008-12-08 21:54:31 ----D---- C:\Program Files\TubeTilla 2008-12-08 21:42:39 ----D---- C:\Documents and Settings\Shem Han\Application Data\Orbit 2008-11-28 15:53:48 ----D---- C:\Program Files\SystemRequirementsLab 2008-11-28 15:53:44 ----D---- C:\Documents and Settings\Shem Han\Application Data\SystemRequirementsLab ======List of files/folders modified in the last 3 months====== 2009-02-13 14:35:13 ----RSHD---- C:\WINDOWS\TEMP 2009-02-13 14:31:39 ----D---- C:\WINDOWS\system32 2009-02-13 14:26:32 ----D---- C:\Program Files\Mozilla Firefox 2009-02-13 14:25:46 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Data Fax Modem #2.txt 2009-02-13 14:24:39 ----D---- C:\Program Files\Symantec AntiVirus 2009-02-13 14:24:33 ----D---- C:\WINDOWS 2009-02-13 14:21:22 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-13 13:03:20 ----D---- C:\WINDOWS\system32\drivers 2009-02-13 12:53:09 ----D---- C:\WINDOWS\system32\Lang 2009-02-13 12:46:32 ----D---- C:\Program Files\DC++ 2009-02-13 12:39:28 ----D---- C:\Program Files 2009-02-13 11:17:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-02-13 00:50:14 ----A---- C:\WINDOWS\NeroDigital.ini 2009-02-12 22:18:13 ----D---- C:\Program Files\Warcraft III 2009-02-12 21:39:28 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-11 03:19:25 ----SD---- C:\WINDOWS\Tasks 2009-02-10 00:20:59 ----HD---- C:\Program Files\InstallShield Installation Information 2009-02-09 22:43:23 ----D---- C:\Program Files\Common Files 2009-01-26 22:26:15 ----HD---- C:\WINDOWS\inf 2009-01-26 13:07:45 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-01-26 03:05:54 ----D---- C:\WINDOWS\security 2009-01-26 02:58:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-01-26 02:58:06 ----D---- C:\WINDOWS\system32\CatRoot 2009-01-26 02:56:55 ----D---- C:\Program Files\Messenger 2009-01-26 02:55:06 ----RSD---- C:\WINDOWS\assembly 2009-01-26 02:52:16 ----D---- C:\WINDOWS\WinSxS 2009-01-26 02:52:08 ----D---- C:\WINDOWS\ServicePackFiles 2009-01-26 02:52:07 ----D---- C:\WINDOWS\ehome 2009-01-26 02:51:56 ----D---- C:\WINDOWS\system32\wbem 2009-01-26 02:51:56 ----D---- C:\WINDOWS\system32\Setup 2009-01-26 02:51:55 ----D---- C:\WINDOWS\system32\inetsrv 2009-01-26 02:51:55 ----D---- C:\WINDOWS\network diagnostic 2009-01-26 02:51:54 ----D---- C:\WINDOWS\ime 2009-01-26 02:51:54 ----D---- C:\WINDOWS\Help 2009-01-26 02:51:54 ----D---- C:\WINDOWS\AppPatch 2009-01-26 02:51:38 ----D---- C:\WINDOWS\system32\usmt 2009-01-26 02:51:38 ----D---- C:\WINDOWS\system32\en-US 2009-01-26 02:51:37 ----D---- C:\WINDOWS\system32\scripting 2009-01-26 02:51:37 ----D---- C:\WINDOWS\l2schemas 2009-01-26 02:51:36 ----D---- C:\WINDOWS\system32\en 2009-01-26 02:51:35 ----D---- C:\WINDOWS\system32\bits 2009-01-26 02:51:35 ----D---- C:\WINDOWS\PeerNet 2009-01-26 02:51:35 ----D---- C:\Program Files\Movie Maker 2009-01-26 02:48:00 ----D---- C:\WINDOWS\system32\Restore 2009-01-26 02:48:00 ----D---- C:\WINDOWS\system32\npp 2009-01-26 02:48:00 ----D---- C:\WINDOWS\mui 2009-01-26 02:47:58 ----D---- C:\WINDOWS\msagent 2009-01-26 02:47:57 ----D---- C:\WINDOWS\srchasst 2009-01-26 02:47:54 ----D---- C:\Program Files\NetMeeting 2009-01-26 02:47:53 ----D---- C:\WINDOWS\system32\Com 2009-01-26 02:47:50 ----D---- C:\Program Files\Windows NT 2009-01-26 02:47:50 ----D---- C:\Program Files\Windows Media Player 2009-01-26 02:47:50 ----D---- C:\Program Files\Outlook Express 2009-01-26 02:47:46 ----D---- C:\Program Files\Common Files\System 2009-01-26 02:47:28 ----RSD---- C:\WINDOWS\Fonts 2009-01-26 02:47:25 ----D---- C:\WINDOWS\system32\oobe 2009-01-26 02:47:23 ----D---- C:\WINDOWS\system 2009-01-26 02:43:57 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-01-26 02:26:26 ----SHD---- C:\WINDOWS\Installer 2009-01-26 02:01:24 ----D---- C:\Program Files\MSN Messenger 2009-01-26 01:59:10 ----HD---- C:\Config.Msi 2009-01-25 21:46:54 ----HD---- C:\WINDOWS\$hf_mig$ 2009-01-19 14:31:28 ----A---- C:\WINDOWS\win.ini 2009-01-16 20:10:35 ----D---- C:\Program Files\QuickTime 2009-01-16 20:10:24 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer 2009-01-16 19:53:28 ----D---- C:\WINDOWS\Minidump 2009-01-16 19:37:29 ----D---- C:\Program Files\lx_cats 2009-01-16 00:42:40 ----D---- C:\Documents and Settings\Shem Han\Application Data\Viewpoint 2009-01-11 03:15:15 ----D---- C:\Program Files\Steam 2009-01-09 20:35:28 ----A---- C:\WINDOWS\system32\MRT.exe 2009-01-09 01:36:13 ----RASH---- C:\boot.ini 2009-01-09 01:36:13 ----A---- C:\WINDOWS\system.ini 2009-01-09 01:36:12 ----D---- C:\WINDOWS\pss 2008-12-22 01:46:31 ----SD---- C:\WINDOWS\Downloaded Program Files 2008-12-21 05:25:05 ----D---- C:\Program Files\AIM95 2008-12-21 05:24:47 ----D---- C:\Program Files\Apple Software Update 2008-12-21 05:12:47 ----DC---- C:\WINDOWS\system32\DRVSTORE 2008-12-13 01:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll 2008-12-12 03:06:11 ----D---- C:\Program Files\Internet Explorer 2008-12-09 04:42:10 ----D---- C:\Program Files\Winamp 2008-12-08 21:51:56 ----D---- C:\Program Files\Common Files\Wise Installation Wizard ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [] R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-10 12160] R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-04-12 29056] R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2005-04-12 28160] R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys [] R1 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys [] R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [] R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2006-01-24 195776] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2006-07-31 21275] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-11-28 13568] R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys [] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 Cam5603D;BisonCam, NB Pro; C:\WINDOWS\System32\Drivers\BisonCam.sys [2006-04-19 788224] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-02-06 1399615] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-01-13 4137984] R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2006-09-29 29312] R3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-03-10 53632] R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-03-10 24704] R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-03-10 36480] R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-03-10 69504] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090212.003\naveng.sys [] R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090212.003\navex15.sys [] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-12-02 70912] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2005-11-09 854404] R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS [] R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2006-01-24 24768] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-19 162432] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w39n51;Intel® PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096] R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-04-12 99456] S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] S2 npkcrypt;npkcrypt; \??\C:\Nexon\MapleStory\npkcrypt.sys [] S3 ao8t9jd4;ao8t9jd4; C:\WINDOWS\system32\drivers\ao8t9jd4.sys [] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [] S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [] S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [] S3 EraserUtilDrv10822;EraserUtilDrv10822; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys [] S3 ESISTEMA53;ESISTEMA53; \??\C:\Program Files\RuanEngine\sistema32.sys [] S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2009-02-13 85969] S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-08-17 25280] S3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 Ktp;Elantech Touchpad; C:\WINDOWS\system32\DRIVERS\Ktp.sys [2005-11-28 27520] S3 L6TPortA;Service - Line 6 TonePort UX1; C:\WINDOWS\System32\Drivers\L6TPortA.sys [2006-09-29 472832] S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-02 32512] S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2002-11-20 2218] S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-20 479200] S3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2007-04-16 194362] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-11 18944] S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 XTrapD12;XTrapD12; \??\C:\WINDOWS\system32\XTrapD12.sys [] S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984] S4 Clipoc;Clipoc; C:\WINDOWS\system32\drivers\Clipoc.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664] R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2006-03-24 192160] R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2006-03-24 169632] R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2006-05-27 31472] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560] R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912] R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-11-28 114753] R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-04-12 869376] R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336] R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-11-28 217164] R2

fenzodahl512 View Member Profile	Feb 13 2009, 02:28 PM Post #10
Trusted Helper Posts: 9,275 OS: Windows XP	Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given.. Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop. Link 1 Link 2 Link 3 Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed. If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest.. When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply.. Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

zoloft View Member Profile	Feb 13 2009, 03:15 PM Post #11
Member Posts: 55 OS: windows xp	ComboFix 09-02-12.03 - Shem Han 2009-02-13 15:53:57.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.949.82.1033.18.1014.354 [GMT -5:00] Running from: c:\documents and settings\Shem Han\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\Shem Han\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat c:\windows\expiorer.exe c:\windows\system32\_005431_.tmp.dll c:\windows\system32\_005432_.tmp.dll c:\windows\system32\_005433_.tmp.dll c:\windows\system32\_005434_.tmp.dll c:\windows\system32\_005441_.tmp.dll c:\windows\system32\_005442_.tmp.dll c:\windows\system32\_005443_.tmp.dll c:\windows\system32\_005445_.tmp.dll c:\windows\system32\_005446_.tmp.dll c:\windows\system32\_005449_.tmp.dll c:\windows\system32\_005450_.tmp.dll c:\windows\system32\_005452_.tmp.dll c:\windows\system32\_005453_.tmp.dll c:\windows\system32\_005454_.tmp.dll c:\windows\system32\_005456_.tmp.dll c:\windows\system32\_005459_.tmp.dll c:\windows\system32\_005460_.tmp.dll c:\windows\system32\_005464_.tmp.dll c:\windows\system32\_005465_.tmp.dll c:\windows\system32\_005467_.tmp.dll c:\windows\system32\_005470_.tmp.dll c:\windows\system32\_005472_.tmp.dll c:\windows\system32\_005473_.tmp.dll c:\windows\system32\_005474_.tmp.dll c:\windows\system32\_005475_.tmp.dll c:\windows\system32\_005478_.tmp.dll c:\windows\system32\_005479_.tmp.dll c:\windows\system32\_005480_.tmp.dll c:\windows\system32\_005481_.tmp.dll c:\windows\system32\_005482_.tmp.dll c:\windows\system32\_005487_.tmp.dll c:\windows\system32\_005489_.tmp.dll c:\windows\system32\_005490_.tmp.dll c:\windows\system32\pthreadGC2.dll . ((((((((((((((((((((((((( Files Created from 2009-01-13 to 2009-02-13 ))))))))))))))))))))))))))))))) . 2009-02-13 14:16 . 2009-02-13 14:16 <DIR> d-------- C:\_OTMoveIt 2009-02-13 13:03 . 2009-02-13 13:03 250 --a------ c:\windows\gmer.ini 2009-02-13 12:59 . 2009-02-13 12:59 <DIR> d-------- C:\rsit 2009-02-13 11:17 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-02-09 22:43 . 2009-02-09 22:43 <DIR> d-------- c:\program files\Common Files\MainConcept 2009-02-09 22:41 . 2009-02-10 00:24 <DIR> d-------- c:\program files\SimpleCenter 2009-02-09 22:41 . 2009-02-09 22:41 <DIR> d-------- c:\program files\Common Files\i4j_jres 2009-02-09 02:33 . 2009-02-10 00:24 <DIR> d-------- C:\Rohan_USA 2009-02-02 20:26 . 2009-02-02 20:28 <DIR> d-------- c:\program files\CDisplay 2009-01-27 21:01 . 2009-01-27 21:01 <DIR> d-------- C:\VundoFix Backups 2009-01-26 02:32 . 2008-04-13 19:12 276,992 --------- c:\windows\system32\wmphoto.dll 2009-01-26 02:32 . 2008-04-13 19:12 69,120 --------- c:\windows\system32\wlanapi.dll 2009-01-26 02:30 . 2008-04-13 19:12 1,033,728 --a------ c:\windows\SET464.tmp 2009-01-26 02:29 . 2008-04-13 19:11 136,192 --------- c:\windows\system32\aaclient.dll 2009-01-26 01:25 . 2009-01-26 01:26 <DIR> d-------- C:\29f5d0ab55d567ac0e6b 2009-01-25 21:49 . 2009-01-25 21:49 127 --a------ c:\windows\system32\MRT.INI 2009-01-20 00:03 . 2009-01-20 00:03 <DIR> d-------- c:\program files\uTorrent 2009-01-20 00:02 . 2009-02-08 13:03 <DIR> d-------- c:\documents and settings\Shem Han\Application Data\uTorrent 2009-01-16 20:03 . 2009-01-16 20:03 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-01-16 20:03 . 2009-01-16 20:03 <DIR> d-------- c:\program files\AviSynth 2.5 2009-01-16 20:03 . 2007-09-04 11:56 164,352 --a------ c:\windows\system32\unrar.dll 2009-01-16 20:03 . 2008-07-30 14:09 38 --a------ c:\windows\avisplitter.ini 2009-01-15 23:51 . 2009-01-15 23:51 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2009-01-15 23:51 . 2009-01-15 23:51 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-01-15 23:51 . 2009-01-15 23:51 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-01-15 23:51 . 2009-01-15 23:51 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-13 21:04 --------- d-----w c:\program files\Symantec AntiVirus 2009-02-13 17:46 --------- d-----w c:\program files\DC++ 2009-02-13 16:17 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-02-13 03:18 --------- d-----w c:\program files\Warcraft III 2009-02-11 15:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-02-10 05:43 --------- d-----w c:\program files\TVersity Codec Pack 2009-02-10 05:23 --------- d-----w c:\program files\oovooToolbar 2009-02-10 05:20 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-26 07:01 --------- d-----w c:\program files\MSN Messenger 2009-01-17 01:10 --------- d-----w c:\program files\QuickTime 2009-01-17 01:10 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-17 00:37 --------- d-----w c:\program files\lx_cats 2009-01-16 05:42 --------- d-----w c:\documents and settings\Shem Han\Application Data\Viewpoint 2009-01-15 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla! 2009-01-11 08:15 --------- d-----w c:\program files\Steam 2009-01-09 05:33 --------- d-----w c:\program files\ERUNT 2009-01-09 04:24 --------- d-----w c:\documents and settings\All Users\Application Data\SITEguard 2009-01-09 04:23 --------- d-----w c:\program files\Common Files\iS3 2009-01-06 06:14 --------- d-----w c:\documents and settings\LocalService\Application Data\DivX 2009-01-06 05:04 --------- d-----w c:\program files\TVersity 2008-12-21 10:45 --------- d-----w c:\program files\Ascentive 2008-12-21 10:25 --------- d-----w c:\program files\AIM95 2008-12-21 10:24 --------- d-----w c:\program files\Apple Software Update 2008-12-21 10:13 --------- d-----w c:\documents and settings\Shem Han\Application Data\InstallShield 2008-12-01 21:49 0 ----a-w c:\program files\MS1B_02.png 2007-11-29 04:02 22,328 -c--a-w c:\documents and settings\Shem Han\Application Data\PnkBstrK.sys 2007-11-29 03:58 103,736 -c--a-w c:\documents and settings\Shem Han\Application Data\PnkBstrB.exe 2007-04-04 20:49 560 -c--a-w c:\program files\Global.sw 2006-10-30 03:51 1,952 -c--a-w c:\documents and settings\Shem Han\Application Data\wklnhst.dat 2004-07-22 15:51 3,432,656 -c--a-w c:\program files\ManagedDX.CAB 2004-07-20 03:58 1,156,363 ----a-w c:\program files\BDANT.cab 2004-07-20 03:53 976,020 -c--a-w c:\program files\BDAXP.cab 2004-07-09 19:17 13,265,040 -c--a-w c:\program files\dxnt.cab 2004-07-09 14:13 703,080 -c--a-w c:\program files\BDA.cab 2004-07-09 14:13 15,493,481 ----a-w c:\program files\DirectX.cab 2004-07-09 09:08 472,576 ----a-w c:\program files\dxsetup.exe 2004-07-09 09:08 2,242,560 ----a-w c:\program files\dsetup32.dll 2004-07-09 08:03 62,976 ----a-w c:\program files\DSETUP.dll 2003-05-30 14:00 892,416 ----a-w c:\program files\d3dim700.dll 2003-03-24 14:00 73,728 ----a-w c:\program files\dpnhupnp.dll 2003-03-24 14:00 720,896 ----a-w c:\program files\dpnet.dll 2003-03-24 14:00 45,056 ----a-w c:\program files\dpnhpast.dll 2003-03-24 14:00 28,672 ----a-w c:\program files\dpnsvr.exe 2003-03-24 14:00 16,384 ----a-w c:\program files\dpnlobby.dll 2001-10-30 13:10 94,208 ----a-w c:\program files\dimap.dll 2001-10-30 13:10 936 ----a-w c:\program files\diactfrm.inf 2001-10-30 13:10 692,224 ----a-w c:\program files\dinput8.dll 2001-10-30 13:10 667,648 ----a-w c:\program files\dinput.dll 2001-10-30 13:10 6,656 ----a-w c:\program files\gchand.dll 2001-10-30 13:10 491,520 ----a-w c:\program files\gcdef.dll 2001-10-30 13:10 466,944 ----a-w c:\program files\diactfrm.dll 2001-10-30 13:10 442,368 ----a-w c:\program files\joy.cpl 2001-10-30 13:10 40,960 ----a-w c:\program files\pid.dll 2001-10-30 13:10 33,882 ----a-w c:\program files\vjoyd.vxd 2001-10-30 13:10 2,352 ----a-w c:\program files\msjstick.drv 2001-10-30 13:10 12,745 ----a-w c:\program files\msanalog.vxd 2001-10-30 13:10 10,874 ----a-w c:\program files\dinput.vxd 2000-08-08 21:44 340 -c--a-w c:\program files\setup.bat 2000-08-08 21:43 4,395,575 -c--a-w c:\program files\myth.pak 2000-08-08 21:39 45,056 -c--a-w c:\program files\SETUPREG.EXE 2000-08-08 21:38 123 -c--a-w c:\program files\player.nfx 2000-08-08 21:18 34 -c--a-w c:\program files\fonts.bat 2000-08-08 21:17 0 -c--a-w c:\program files\STPENUX.DLL 2000-08-08 21:17 0 -c--a-w c:\program files\EBUSetup.sem 2000-08-07 07:11 20,992 -c--a-w c:\program files\mythxpak.exe 2000-06-28 07:00 44,452 -c----w c:\program files\Readmex.rtf 2000-06-21 16:52 32,768 -c--a-w c:\program files\replwavs.exe 2000-06-13 07:09 339,968 -c----w c:\program files\language_x1.dll 2000-06-13 06:59 53,299 -c----w c:\program files\ebueulax.dll 2000-05-27 07:58 39,647 -c----w c:\program files\EULAx.RTF 2000-04-01 04:47 301,568 -c--a-w c:\program files\myth.acm 1999-11-27 12:00 8,880 ----a-w c:\program files\hidgame.sys 1999-11-17 19:00 32,768 -c--a-w c:\program files\SETUPENU.DLL 1999-09-22 10:52 224 -c--a-w c:\program files\player.nfo 1999-09-22 09:32 57,363 -c----w c:\program files\Readme.rtf 1999-09-22 09:32 53,304 -c----w c:\program files\EBUEula.dll 1999-09-22 09:32 499,712 -c----w c:\program files\language.dll 1999-09-22 09:32 40,507 -c----w c:\program files\EULA.RTF 1999-09-22 09:32 365,568 -c----w c:\program files\HA312W32.DLL 1999-09-22 09:32 158,902 -c----w c:\program files\scenariobkg.bmp 1999-09-22 09:32 112,688 -c----w c:\program files\SHW32.DLL 1999-09-09 12:00 625,690 ----a-w c:\program files\d3dim.dll 1999-09-09 12:00 589,852 ----a-w c:\program files\d3dramp.dll 1999-09-09 12:00 30,469 ----a-w c:\program files\ddraw.vxd 1999-09-09 12:00 28,496 ----a-w c:\program files\ddraw16.dll 1999-09-09 12:00 24,092 ----a-w c:\program files\ddrawex.dll 1999-09-09 12:00 2,170 ----a-w c:\program files\dxapi.sys 1999-09-09 12:00 10,512 ----a-w c:\program files\gameenum.sys 1999-01-08 23:10 87,069 ----a-w c:\program files\d3dpmesh.dll 1999-01-08 23:10 576 ----a-w c:\program files\gmreadme.txt 1999-01-08 23:10 436,762 ----a-w c:\program files\d3drm.dll 1999-01-08 23:10 3,440,660 ----a-w c:\program files\gm16.dls 1999-01-08 23:10 107,547 ----a-w c:\program files\d3dxof.dll 1998-07-29 23:00 1,315 ----a-w c:\program files\license.txt . ------- Sigcheck ------- 2005-03-02 13:19 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll 2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\$NtServicePackUninstall$\user32.dll 2005-03-02 13:09 577024 de2db164bbb35db061af0997e4499054 c:\windows\$NtUninstallKB925902$\user32.dll 2008-04-13 19:12 578560 b26b135ff1b9f60c9388b4a7d16f600b c:\windows\ServicePackFiles\i386\user32.dll 2007-03-08 10:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\system32\user32.dll 2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\explorer.exe 2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 c:\windows\$NtServicePackUninstall$\explorer.exe 2005-04-05 13:06 1032192 dd747a14a4cadeb3de723f767de9789e c:\windows\$NtUninstallKB938828$\explorer.exe 2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 c:\windows\ServicePackFiles\i386\explorer.exe 2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe 2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\$NtServicePackUninstall$\spoolsv.exe 2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b c:\windows\ServicePackFiles\i386\spoolsv.exe 2005-06-10 18:53 57856 da81ec57acd4cdc3d4c51cf3d409af9f c:\windows\system32\spoolsv.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-06 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-06 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-06 118784] "KTPWare"="c:\program files\Elantech\ktp.exe" [2005-10-26 512000] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182] "EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2005-11-28 569413] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "imekrmig"="c:\ime\IMKR\imekrmig.exe" [2001-01-09 44544] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-27 124656] "LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2005-12-01 65536] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-01-22 286720] "FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2006-02-02 290816] "EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304] "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe] "SMSERIAL"="sm56hlpr.exe" [2005-11-09 c:\windows\sm56hlpr.exe] "CHotkey"="mHotkey.exe" [2001-12-26 c:\windows\mHotkey.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 c:\windows\KHALMNPR.Exe] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-22 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-08-29 15:20 352256 c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3acm"= l3codecp.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM] --a------ 2006-08-01 17:35 67112 c:\program files\AIM95\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-08-08 07:11 490952 c:\program files\DAEMON Tools Lite\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] --a------ 2007-02-13 04:38 67128 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-01-19 14:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a--c--- 2001-07-09 13:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] --a------ 2008-10-25 02:04 1410296 c:\program files\Steam\steam.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-08-29 15:20 1576176 c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-30 18:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] --a------ 2008-09-26 18:14 3660848 c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin] --a------ 2008-10-09 17:11 3502840 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Warcraft III\\Frozen Throne.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DC++\\DCPlusPlus.exe"= "c:\\Program Files\\AIM95\\aim.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:blizzard downloader "3724:TCP"= 3724:TCP:blizzard downloader "2967:TCP"= 2967:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:Symantec RTVScan - TCP "2967:UDP"= 2967:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:Symantec RTVScan - UDP "38293:UDP"= 38293:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - UDP "38293:TCP"= 38293:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:IntelPDS - TCP "139:TCP"= 139:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:LocalSubNet,129.49.0.0/255.255.0.0:Enabled:@xpsp2res.dll,-22002 "6881:TCP"= 6881:TCP:azureus "6889:TCP"= 6889:TCP:azureus "49153:TCP"= 49153:TCP:azur "49153:UDP"= 49153:UDP:azur1 "15126:TCP"= 15126:TCP:BitComet 15126 TCP "15126:UDP"= 15126:UDP:BitComet 15126 UDP [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2006-10-10 8944] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024] R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-05-27 115952] R2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2006-06-08 26488] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2008-10-20 24652] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-08 99376] R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2005-09-28 29312] S0 ylvzkoo;ylvzkoo;c:\windows\system32\drivers\pirgr.sys --> c:\windows\system32\drivers\pirgr.sys [?] S3 EraserUtilDrv10822;EraserUtilDrv10822;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10822.sys [?] S3 ESISTEMA53;ESISTEMA53;\??\c:\program files\RuanEngine\sistema32.sys --> c:\program files\RuanEngine\sistema32.sys [?] S3 Ktp;Elantech Touchpad;c:\windows\system32\drivers\Ktp.sys [2006-06-08 27520] S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2005-09-28 472832] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] S4 Clipoc;Clipoc; [x] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] \Shell\AutoRun\command - I:\x61.exe \Shell\open\Command - I:\x61.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077fbf49-7833-11dc-99f3-00130244c4bb}] \Shell\AutoRun\command - iutox.bat \Shell\open\Command - iutox.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd74896-f75b-11da-b7e3-0090f54bb10f}] \Shell\AutoRun\command - E:\pstart.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206800e4-033a-11dd-9a2c-0090f54f4a35}] \Shell\AutoRun\command - F:\ew.cmd \Shell\open\Command - F:\ew.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b2502a-e046-11dc-9a21-0090f54f4a35}] \Shell\AutoRun\command - I:\setupSNK.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file) HKCU-Run-Aim6 - (no file) HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_06\bin\jusched.exe HKLM-Run-OneCareUI - c:\program files\Microsoft Windows OneCare Live\winssnotify.exe HKLM-Run-mmtask - c:\program files\MusicMatch\MusicMatch Jukebox\mmtask.exe HKLM-Run-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe MSConfigStartUp-DAEMON Tools - c:\program files\DAEMON Tools\daemon.exe MSConfigStartUp-DeadAIM - c:\program files\AIM95\\DeadAIM.ocm MSConfigStartUp-oovoo - c:\program files\ooVoo\oovoo.exe MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe . ------- Supplementary Scan ------- . uStart Page = google.com mStart Page = google.com IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html Trusted Zone: line6.net Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} - hxxps://register.resnet.stonybrook.edu/CAT/CNICAT.cab FF - ProfilePath - c:\documents and settings\Shem Han\Application Data\Mozilla\Firefox\Profiles\i20tduma.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("network.protocol-handler.warn-external.veoh2", false); . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-13 16:05:26 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1032) c:\program files\SUPERAntiSpyware\SASWINLO.DLL . ------------------------ Other Running Processes ------------------------ . c:\program files\Ahead\InCD\InCDsrv.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Symantec AntiVirus\DefWatch.exe c:\windows\ehome\ehRecvr.exe c:\windows\ehome\ehSched.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\ehome\ehrec.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe c:\program files\Symantec AntiVirus\Rtvscan.exe c:\windows\system32\wdfmgr.exe c:\windows\ehome\medctrro.exe c:\windows\system32\wscntfy.exe c:\windows\system32\conime.exe c:\windows\ehome\ehmsas.exe c:\windows\system32\lxcrcoms.exe c:\program files\Symantec AntiVirus\DoScan.exe c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\MSN Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2009-02-13 16:12:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-13 21:11:58 ComboFix2.txt 2008-05-11 17:40:24 Pre-Run: 30,537,981,952 bytes free Post-Run: 30,515,761,152 bytes free Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 426 --- E O F --- 2009-02-13 08:01:38

zoloft View Member Profile	Feb 13 2009, 03:16 PM Post #12
Member Posts: 55 OS: windows xp	hjt log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:15:58 PM, on 2/13/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\system32\spupdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\ehome\medctrro.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\conime.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\eHome\ehmsas.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\mHotkey.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Lexmark 2400 Series\lxcrmon.exe C:\Program Files\Lexmark 2400 Series\ezprint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\lxcrcoms.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll (file missing) O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [imekrmig] C:\IME\IMKR\imekrmig.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: .line6.net O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {10093E98-C073-4C75-8D0E-FB5CD3A71D33} (ZoneUpwords Object) - http://messenger.zone.msn.com/binary/Upwords.cab57176.cab O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab56986.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1154835520453 O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C190FF32-96D0-445F-9F60-5CF288FD3D0F} (ActiveFormX Control) - https://register.resnet.stonybrook.edu/CAT/CNICAT.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: lxcr_device - - C:\WINDOWS\system32\lxcrcoms.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 11271 bytes

fenzodahl512 View Member Profile	Feb 13 2009, 04:01 PM Post #13
Trusted Helper Posts: 9,275 OS: Windows XP	1. Please open Notepad Click Start, then Run Type notepad.exe in the Run Box. 2. Now copy/paste the entire content of the codebox below into the Notepad window: CODE KillAll:: Driver:: ylvzkoo Clipoc File:: c:\windows\system32\drivers\pirgr.sys Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{077fbf49-7833-11dc-99f3-00130244c4bb}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bd74896-f75b-11da-b7e3-0090f54bb10f}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206800e4-033a-11dd-9a2c-0090f54f4a35}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3b2502a-e046-11dc-9a21-0090f54f4a35}] 3. Save the above as CFScript.txt 4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again. 5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply: Combofix.txt A new HijackThis log.

zoloft View Member Profile	Feb 13 2009, 07:59 PM Post #14
Member Posts: 55 OS: windows xp	the combofix is not working. there is a line still blinking and it just says scanning for infected files.....what should i do?

fenzodahl512 View Member Profile	Feb 14 2009, 12:47 AM Post #15
Trusted Helper Posts: 9,275 OS: Windows XP	Stop and delete ComboFix from the computer.. Run RSIT again and post the RSIT log.txt here

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal Trojan.Vundo, Ultimate Defender(?), and probably much more. [Solved]	9 / 722	26th December 2008 - 01:52 PM Seiaa started - last by Transience
Virus, Spyware and Trojan Removal Win32/Rootkit.Agent.ODG and maybe more [Solved] 12	17 / 677	8th May 2009 - 04:21 PM anarxaki started - last by Rorschach112
Virus, Spyware and Trojan Removal TROJAN.VUNDO.H AND DISABLED SECURITY CENTER [Solved] 12	22 / 717	25th August 2009 - 08:05 AM rodeoro started - last by Transience
Virus, Spyware and Trojan Removal Braviax and maybe more [Solved] 12	16 / 281	28th September 2009 - 04:49 AM Pocket started - last by Raktor