Iexplore.exe slowing me down!

**Leeboy** · #1 20th Jan 2009, 17:45

Hey guys and girls....How are you all doing? Im Leeboy! For the last 3 years i have had this "iexplore.exe" keep popping up in the task manager and running sometimes at 99% . I end the process and after a while back it comes and back to snail speed....I have tried Super-anti-spyware, Spybot, Avast, Kaspersky,Housecall etc... found alot of other stuff, but its stilll popping up. I even did some regcleaners.....If anyone can help me so i dont have to do a re-format that would be great....Thanks everyone.....

**Hybr!d** · #2 21st Jan 2009, 02:07

Follow the guide and one of the malware team will help.

http://www.computer-juice.com/forums...-posting-7476/

**Leeboy** · #3 25th Jan 2009, 09:47

Hi everyone....heres my Hijack this log......

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Lee Boy\Desktop\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {213EB1EE-9646-4BAD-BF9A-A8A4AB82C851} - (no file)
O2 - BHO: (no name) - {2D158233-9E42-448A-AC24-C90DD10A1B43} - (no file)
O2 - BHO: (no name) - {59174EDD-EE28-463E-B707-F9BE2EF561BA} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {83CBDBE4-8F55-46AE-B860-4D6B80D54334} - (no file)
O2 - BHO: (no name) - {99EFA023-EEBC-490C-9B57-EB44FC63E025} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {C9F8DBD5-BB2D-4872-A44C-B5D38FE53276} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DBCF58E3-59D3-4AC2-9BA9-AC57134F512A} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EACB942C-2E1D-4328-A4F1-A9CC39D743CF} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: mljjj - C:\WINDOWS\
O20 - Winlogon Notify: tuvwTJYs - tuvwTJYs.dll (file missing)
O20 - Winlogon Notify: yayyyww - C:\WINDOWS\
O22 - SharedTaskScheduler: (no name) - {e04408db-4812-4478-8d4d-e46edcffd3b6} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
--
End of file - 8731 bytes

**evilfantasy** · #4 25th Jan 2009, 11:04

Quote:

Originally Posted by Dave Hybrid

Follow the guide and one of the malware team will help.

http://www.computer-juice.com/forums...-posting-7476/

We need all of the logs in order please.

**Leeboy** · #5 26th Jan 2009, 10:06

Hi everyone, thanks for being patient with me and offering to help...I appreciate it so much. Here are the 3 logs in order....

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/26/2009 at 08:15 AM

Application Version : 4.25.1012

Core Rules Database Version : 3729
Trace Rules Database Version: 1699

Scan type : Complete Scan
Total Scan Time : 00:55:37

Memory items scanned : 541
Memory threats detected : 0
Registry items scanned : 6527
Registry threats detected : 0
File items scanned : 63976
File threats detected : 97

Adware.Tracking Cookie
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@at.atwola[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@zedo[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@media6degrees[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@adopt.specificclick[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@kaboose.112.2o7[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@data.coremetrics[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@tribalfusion[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ad.yieldmanager[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ecnext.advertserve[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@imrworldwide[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@e-2dj6wjnyemcjgap.stats.esomniture[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@revsci[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@fastclick[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ads.nascar[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@atdmt[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@casalemedia[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@specificmedia[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@veohnetwork.122.2o7[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@dmtracker[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@pornhub[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ads.sbnation[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@serving-sys[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@tracking.foxnews[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@serw.clicksor[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@focalex[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ehg-ctv.hitbox[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@advertising[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@specificclick[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@realmedia[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@rotator.adjuggler[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@adtech[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ads.pointroll[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ehg-mybc.hitbox[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@doubleclick[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@stats.spine-health[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@247realmedia[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@adbrite[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@apmebf[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@torstardigital.122.2o7[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@www.burstnet[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@nhl.112.2o7[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@kontera[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@hitbox[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@e-2dj6wjkygiazefo.stats.esomniture[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@www.keygen[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@adopt.euroclick[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@stats.adbrite[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@mediaplex[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ads.ad2games[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ad.bodybuilding[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@server.iad.liveperson[4].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@myroitracking[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@server.iad.liveperson[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ads.nba[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@2o7[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@tracking.katanamedia[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@tacoda[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@adultfriendfinder[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@chitika[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@pro-market[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@eaeacom.112.2o7[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@www.pornhub[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@bluestreak[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@adserver.adtechus[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@rbc.bridgetrack[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@te.kontera[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@invitemedia[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@www5.addfreestats[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ads.avusa.co[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@www.googleadservices[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@statcounter[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ehg-veohnetworksinc.hitbox[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@atwola[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@server.iad.liveperson[3].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@landing.trafficz[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@login.tracking101[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@ads.gamesbannernet[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@www.googleadservices[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@adlegend[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@unrulymedia[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@www.toseeka[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@msnportal.112.2o7[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@clickbank[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@interclick[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@bs.serving-sys[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@revenue[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@toseeka[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@content.yieldmanager[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@collective-media[2].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@test.coremetrics[1].txt
C:\Documents and Settings\Lee Boy\Cookies\lee_boy@trvlnet.adbureau[1].txt

Trojan.Unknown Origin
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPLICATI ON DATA\9F4B986DECC231CA
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPLICATI ON DATA\D53764CF8A2C0207

Adware.Vundo/Variant-MSFake
C:\WINDOWS\SYSTEM32\CPWIUY.DLL
C:\WINDOWS\SYSTEM32\ECESQ.DLL
C:\WINDOWS\SYSTEM32\T5RDV.DLL

Adware.Vundo Variant/Rel
C:\WINDOWS\SYSTEM32\KJJLM.TMP

Malwarebytes' Anti-Malware 1.33
Database version: 1695
Windows 5.1.2600 Service Pack 2

1/26/2009 8:59:56 AM
mbam-log-2009-01-26 (08-59-56).txt

Scan type: Quick Scan
Objects scanned: 78574
Time elapsed: 12 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:43 AM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lee Boy\Desktop\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {213EB1EE-9646-4BAD-BF9A-A8A4AB82C851} - (no file)
O2 - BHO: (no name) - {2D158233-9E42-448A-AC24-C90DD10A1B43} - (no file)
O2 - BHO: (no name) - {59174EDD-EE28-463E-B707-F9BE2EF561BA} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {83CBDBE4-8F55-46AE-B860-4D6B80D54334} - (no file)
O2 - BHO: (no name) - {99EFA023-EEBC-490C-9B57-EB44FC63E025} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {C9F8DBD5-BB2D-4872-A44C-B5D38FE53276} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DBCF58E3-59D3-4AC2-9BA9-AC57134F512A} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EACB942C-2E1D-4328-A4F1-A9CC39D743CF} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: mljjj - C:\WINDOWS\
O20 - Winlogon Notify: tuvwTJYs - tuvwTJYs.dll (file missing)
O20 - Winlogon Notify: yayyyww - C:\WINDOWS\
O22 - SharedTaskScheduler: (no name) - {e04408db-4812-4478-8d4d-e46edcffd3b6} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe

--
End of file - 8889 bytes

**evilfantasy** · #6 26th Jan 2009, 11:38

Thank you.

Download random's system information tool (RSIT) by random/random from and save it to your Desktop.

Double click on RSIT.exe to run.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open.
log.txt <will be maximized and info.txt <will be minimized
Please post the contents of both logs in the next reply.

**Leeboy** · #7 26th Jan 2009, 15:26

Thanks again and here it is....
Logfile of random's system information tool 1.05 (written by random/random)
Run by Lee Boy at 2009-01-26 14:20:47
Microsoft Windows XP Professional Service Pack 2
System drive C: has 11 GB (49%) free of 23 GB
Total RAM: 511 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:21:04 PM, on 1/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\Smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lee Boy\Desktop\RSIT.exe
C:\Program Files\trend micro\Lee Boy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nascar.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {213EB1EE-9646-4BAD-BF9A-A8A4AB82C851} - (no file)
O2 - BHO: (no name) - {2D158233-9E42-448A-AC24-C90DD10A1B43} - (no file)
O2 - BHO: (no name) - {59174EDD-EE28-463E-B707-F9BE2EF561BA} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {83CBDBE4-8F55-46AE-B860-4D6B80D54334} - (no file)
O2 - BHO: (no name) - {99EFA023-EEBC-490C-9B57-EB44FC63E025} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: (no name) - {C9F8DBD5-BB2D-4872-A44C-B5D38FE53276} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DBCF58E3-59D3-4AC2-9BA9-AC57134F512A} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EACB942C-2E1D-4328-A4F1-A9CC39D743CF} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - .DEFAULT User Startup: desktop(2).ini (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} -
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.5.0_03) -
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: mljjj - C:\WINDOWS\
O20 - Winlogon Notify: tuvwTJYs - tuvwTJYs.dll (file missing)
O20 - Winlogon Notify: yayyyww - C:\WINDOWS\
O22 - SharedTaskScheduler: (no name) - {e04408db-4812-4478-8d4d-e46edcffd3b6} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\Smc.exe
--
End of file - 8892 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{213EB1EE-9646-4BAD-BF9A-A8A4AB82C851}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{2D158233-9E42-448A-AC24-C90DD10A1B43}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{59174EDD-EE28-463E-B707-F9BE2EF561BA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll [2008-07-29 62728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-08 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{83CBDBE4-8F55-46AE-B860-4D6B80D54334}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{99EFA023-EEBC-490C-9B57-EB44FC63E025}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-19 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll [2009-01-19 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-19 522224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{C9F8DBD5-BB2D-4872-A44C-B5D38FE53276}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-08 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{DBCF58E3-59D3-4AC2-9BA9-AC57134F512A}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-08 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{EACB942C-2E1D-4328-A4F1-A9CC39D743CF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-19 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
"SmcService"=C:\PROGRA~1\Sygate\SPF\smc.exe [2004-08-13 2532576]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-01-14 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE [2009-01-20 1830128]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe [2009-01-19 39408]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-30 356352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2008-07-29 218376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjj]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvwTJYs]
tuvwTJYs.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-02 402736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyyww]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-06-01 77824]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\network\UploadMgr]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\System]
"DisableTaskMgr"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe"="C:\WINDO WS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVecto r Service"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\messenger\msmsgs.exe"="C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\BlogTorrent\btdownloadgui.exe"="C:\Program Files\BlogTorrent\btdownloadgui.exe:*:Enabled:btdo wnloadgui"
"C:\WINDOWS\TEMP\win13FC.tmp.exe"="C:\WINDOWS\TEMP \win13FC.tmp.exe:*:Enabled:win13FC.tmp"
"C:\WINDOWS\TEMP\win1430.tmp.exe"="C:\WINDOWS\TEMP \win1430.tmp.exe:*:Enabled:win1430.tmp"
"C:\DOCUME~1\LEEBOY~1\LOCALS~1\Temp\win738.tmp.exe "="C:\DOCUME~1\LEEBOY~1\LOCALS~1\Temp\win738.tmp.e xe:*:Enabled:win738.tmp"
"C:\WINDOWS\TEMP\win4558.tmp.exe"="C:\WINDOWS\TEMP \win4558.tmp.exe:*:Enabled:win4558.tmp"
"C:\WINDOWS\TEMP\win4595.tmp.exe"="C:\WINDOWS\TEMP \win4595.tmp.exe:*:Enabled:win4595.tmp"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Enabled:Sentinel Protection Server"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Enabled:Sentinel Keys Server"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32 \sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======File associations======
.js - edit -
.js - open -
======List of files/folders created in the last 1 months======
2009-01-26 14:20:50 ----D---- C:\Program Files\trend micro
2009-01-26 14:20:47 ----D---- C:\rsit
2009-01-14 06:32:49 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\PrevxCSI
2009-01-01 21:05:46 ----D---- C:\Documents and Settings\Lee Boy\Application Data\Malwarebytes
2009-01-01 21:05:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-01 21:05:37 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-01-01 16:48:08 ----D---- C:\Program Files\Kaspersky Lab
2009-01-01 16:48:08 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2009-01-01 11:32:03 ----A---- C:\WINDOWS\ntbtlog.txt
2009-01-01 11:08:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files
2008-12-31 10:19:43 ----SHD---- C:\WINDOWS\CSC
======List of files/folders modified in the last 1 months======
2009-01-26 14:20:51 ----D---- C:\WINDOWS\Temp
2009-01-26 14:20:50 ----RAD---- C:\Program Files
2009-01-26 08:30:14 ----D---- C:\WINDOWS\system32\drivers
2009-01-26 08:21:05 ----AC---- C:\WINDOWS\SchedLgU.Txt
2009-01-26 08:17:05 ----SHD---- C:\WINDOWS\system32
2009-01-25 18:23:51 ----AC---- C:\WINDOWS\NeroDigital.ini
2009-01-24 18:36:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-23 09:16:14 ----D---- C:\Documents and Settings\Lee Boy\Application Data\uTorrent
2009-01-20 16:08:12 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-20 09:54:49 ----D---- C:\Program Files\Google
2009-01-20 09:36:53 ----SD---- C:\WINDOWS\Tasks
2009-01-19 20:24:28 ----D---- C:\Documents and Settings\Lee Boy\Application Data\Adobe
2009-01-19 20:24:28 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe
2009-01-19 16:50:16 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Google
2009-01-07 06:33:50 ----D---- C:\WINDOWS
2009-01-01 21:19:41 ----D---- C:\WINDOWS\Prefetch
2009-01-01 21:16:01 ----D---- C:\Program Files\outlook
2009-01-01 16:49:55 ----SHD---- C:\Config.Msi
2009-01-01 16:49:43 ----SHD---- C:\WINDOWS\Installer
2009-01-01 16:49:18 ----HD---- C:\WINDOWS\inf
2009-01-01 16:40:41 ----D---- C:\WINDOWS\system32\config
2009-01-01 16:40:25 ----D---- C:\WINDOWS\system32\wbem
2009-01-01 16:40:25 ----D---- C:\WINDOWS\Registration
2009-01-01 16:30:33 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-01-01 16:28:46 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-01-01 12:10:28 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-31 22:11:30 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-31 21:31:40 ----AC---- C:\WINDOWS\ODBC.INI
2008-12-31 20:56:21 ----D---- C:\WINDOWS\network diagnostic
2008-12-31 20:04:07 ----D---- C:\WINDOWS\Minidump
2008-12-31 19:47:58 ----D---- C:\WINDOWS\system32\Restore
2008-12-31 17:47:24 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-31 13:19:12 ----D---- C:\Documents and Settings
2008-12-30 09:48:21 ----D---- C:\Incomplete
2008-12-30 09:36:14 ----D---- C:\MUZIK
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-01-01 213008]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2006-01-31 25900]
R1 wpsdrvnt;wpsdrvnt; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2006-09-20 90688]
R2 Vcs;Vcs support; \??\C:\WINDOWS\system32\Drivers\Vcs.sys []
R2 wg3n;SyGate for NT, wg3n; C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys [2004-08-10 14240]
R2 wg4n;SyGate for NT, wg4n; C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys [2004-08-10 14240]
R2 wg5n;SyGate for NT, wg5n; C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys [2004-08-10 14240]
R2 wg6n;SyGate for NT, wg6n; C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys [2004-08-10 14240]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-03 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2007-12-05 13184]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-03 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2006-04-13 204160]
S1 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys []
S1 seneka;seneka; C:\WINDOWS\system32\drivers\senekadovnmwrr.sys []
S2 Par1284;Par1284; C:\WINDOWS\system32\drivers\Par1284.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 MR97310_USB_DUAL_CAMERA;MR97310 CIF Dual Mode Camera; C:\WINDOWS\system32\drivers\MR97310_USB_DUAL_CAMER A.sys []
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\System32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-05-14 32896]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 vsdatant;vsdatant; C:\WINDOWS\system32\drivers\vsdatant.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-10-14 611664]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 AVP;Kaspersky Internet Security; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe [2008-07-29 206088]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-08 152984]
R2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2006-08-22 316992]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2006-09-20 206400]
R2 SmcService;Sygate Personal Firewall Pro; C:\Program Files\Sygate\SPF\Smc.exe [2004-08-13 2532576]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-27 68096]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspn et_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe [2005-09-23 66240]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-19 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-05-14 86016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-01-26 14:21:18
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1st Sound Recorder-->"C:\Program Files\1st Sound Recorder\unins000.exe"
Acoustica MP3 Audio Mixer 2.13-->C:\PROGRA~1\ACOUST~1\UNWISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0, 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_acti veX.exe
Adobe PhotoDeluxe Home Edition 4.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\PhotoDeluxe Home Edition 4.0\Uninst.isu"
Adobe Photoshop CS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x9
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Aero SWF.max 1.5.800-->C:\Program Files\SWF.max\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallI NFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove /q0
AVI/MPEG/RM/WMV Splitter 4.28-->"C:\Program Files\AVI MPEG RM WMV Splitter\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CoffeeCup GIF Animator 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11056F2C-B2AC-4110-BAAB-4CC156063C13}\Setup.exe"
Cool Edit Pro 2.1-->C:\Program Files\coolpro2\cep2unin.exe
Driver Updater Pro-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe" REMOVE=TRUE MODIFY=FALSE
Driver Updater Pro-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}\DriverUpdaterPro.exe
DVD Decrypter (Remove Only)-->"C:\Program Files\DVD Decrypter\uninstall.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}\Setup.exe" -l0x9 UNINST
EPSON WorkForce 30 Series Printer Uninstall-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FINS EEA.EXE /R /APD /P:"EPSON WorkForce 30 Series"
Express Rip Uninstall-->C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FotoSketcher - Version 1.71-->"C:\Program Files\FotoSketcher\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913 CC9D1.exe" /uninstall
HijackThis 2.0.2-->"C:\Documents and Settings\Lee Boy\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spunin st.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spunin st.exe"
HouseCall 6.6-->"C:\Documents and Settings\Lee Boy\Application Data\HouseCall 6.6\uninstaller.exe"
InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
iRiver Driver Install-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD6807C-7CC0-476B-8640-88921428379D}\Setup.exe" -l0x9
iriver Music Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5986F167-4C6C-4D03-9706-E1189B2A1462}\Setup.exe" -l0x9 anything
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
K-Lite Mega Codec Pack 1.63-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
KMA-->C:\EBook\Uninstall KMA.exe
LimeWire PRO 4.9.23-->"C:\Program Files\LimeWire\uninstall.exe"
MagicTune Premium-->C:\Program Files\InstallShield Installation Information\{D6044256-A309-43B5-9833-D3FAFE2AD24D}\setup.exe -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Mic rosoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\sp uninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationA PIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMa pping$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuni nst.exe"
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Multimedia Player-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{4D6183C0-005C-4B1F-8261-4B0F71F1C4A5}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
RecordPad Sound Recorder Uninstall-->C:\Program Files\NCH Swift Sound\RecordPad\uninst.exe
Sansa Media Converter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2A0F8F4-CE50-4857-A21C-3061682B2E87}\Setup.exe" -l0x9
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spunin st.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spunin st.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spunin st.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spunin st.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spunin st.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spunin st.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spunin st.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spunin st.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spunin st.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spunin st.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spunin st.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spunin st.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spunin st.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spunin st.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spunin st.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spunin st.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spunin st.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spunin st.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spunin st.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spunin st.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spunin st.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spunin st.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spunin st.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spunin st.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spunin st.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spunin st.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spunin st.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spunin st.exe"
Sentinel Protection Installer 7.3.1-->MsiExec.exe /I{0D6BA2B7-E76C-4E04-939F-625F8F69EE63}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ct or.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Switch Uninstall-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
Sygate Personal Firewall Pro-->MsiExec.exe /X{BF448A52-C83E-455D-B5D3-FD9E964C9419}
Total Video Converter 3.02-->"C:\Program Files\Total Video Converter\unins000.exe"
Ulead VideoStudio 7 SE Basic-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\070 1\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}\setup.exe" -l0x9
Ultra Video Splitter 3.5.6-->"C:\Program Files\Ultra Video Splitter\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spunin st.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spunin st.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spunin st.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spunin st.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spunin st.exe"
Vector Magic-->"H:\Vector Magic\Uninstall.exe"
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\I Driver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
WavePad Uninstall-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WinAVI VideoConverter-->"C:\Program Files\WinAVI VideoConverter\unins000.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\ spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spunins t.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spunins t.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spunins t.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spunins t.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spunins t.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spunins t.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spunins t.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spunins t.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spunins t.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spunins t.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spunin st.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spunins t.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spun inst.exe
WinPcap 3.1 beta3-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WorkForce 30 Series Info Center-->C:\Program Files\epson\guide\wf30_e\uninstall.exe
======Security center information======
AV: Kaspersky Internet Security
FW: Kaspersky Internet Security
System event log
Computer Name: LEEBOY-I8DUEC91
Event Code: 7035
Message: The Remote Access Connection Manager service was successfully sent a start control.
Record Number: 18319
Source Name: Service Control Manager
Time Written: 20081125172202.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: LEEBOY-I8DUEC91
Event Code: 7036
Message: The Telephony service entered the running state.
Record Number: 18318
Source Name: Service Control Manager
Time Written: 20081125172202.000000-480
Event Type: information
User:
Computer Name: LEEBOY-I8DUEC91
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.
Record Number: 18317
Source Name: Service Control Manager
Time Written: 20081125172150.000000-480
Event Type: information
User:
Computer Name: LEEBOY-I8DUEC91
Event Code: 7035
Message: The Application Layer Gateway Service service was successfully sent a start control.
Record Number: 18316
Source Name: Service Control Manager
Time Written: 20081125172150.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM
Computer Name: LEEBOY-I8DUEC91
Event Code: 7035
Message: The aswRdr service was successfully sent a start control.
Record Number: 18315
Source Name: Service Control Manager
Time Written: 20081125172150.000000-480
Event Type: information
User: NT AUTHORITY\SYSTEM
Application event log
Computer Name: LEEBOY-I8DUEC91
Event Code: 1001
Message: Checking file system on C:
The type of the file system is NTFS.

One of your disks needs to be checked for consistency. You
may cancel the disk check, but it is strongly recommended
that you continue.
Windows will now check the disk.
Cleaning up 7574 unused index entries from index $SII of file 0x9.
Cleaning up 7574 unused index entries from index $SDH of file 0x9.
Cleaning up 7574 unused security descriptors.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Windows has made corrections to the file system.
23711908 KB total disk space.
19696292 KB in 90986 files.
36392 KB in 4021 indexes.
0 KB in bad sectors.
557760 KB in use by the system.
65536 KB occupied by the log file.
3421464 KB available on disk.
4096 bytes in each allocation unit.
5927977 total allocation units on disk.
855366 allocation units available on disk.
Internal Info:
d1 6b 02 00 29 73 01 00 50 e9 01 00 00 00 00 00 .k..)s..P.......
b1 01 00 00 00 00 00 00 60 20 00 00 00 00 00 00 ........` ......
e0 d8 fb 09 00 00 00 00 fc 88 1b 3c 00 00 00 00 ...........<....
42 5b 18 08 01 00 00 00 00 00 00 00 00 00 00 00 B[..............
00 00 00 00 00 00 00 00 c4 68 54 55 01 00 00 00 .........hTU....
99 9e 36 00 00 00 00 00 70 35 07 00 6a 63 01 00 ..6.....p5..jc..
00 00 00 00 00 90 2a b2 04 00 00 00 b5 0f 00 00 ......*.........
Windows has finished checking your disk.
Please wait while your computer restarts.

Record Number: 690
Source Name: Winlogon
Time Written: 20061209210241.000000-480
Event Type: information
User:
Computer Name: LEEBOY-I8DUEC91
Event Code: 1517
Message: Windows saved user LEEBOY-I8DUEC91\Lee Boy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 689
Source Name: Userenv
Time Written: 20061209204636.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: LEEBOY-I8DUEC91
Event Code: 1800
Message: The Windows Security Center Service has started.
Record Number: 688
Source Name: SecurityCenter
Time Written: 20061203164811.000000-480
Event Type: information
User:
Computer Name: LEEBOY-I8DUEC91
Event Code: 1517
Message: Windows saved user LEEBOY-I8DUEC91\Lee Boy registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.
Record Number: 687
Source Name: Userenv
Time Written: 20061203164644.000000-480
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: LEEBOY-I8DUEC91
Event Code: 1800
Message: The Windows Security Center Service has started.
Record Number: 686
Source Name: SecurityCenter
Time Written: 20061202162406.000000-480
Event Type: information
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemR oot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;. WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
-----------------EOF-----------------

**evilfantasy** · #8 26th Jan 2009, 17:26

Go to Add or Remove Programs and uninstall:

J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6

----------

Open HijackThis and select Do a system scan only.

Place a check mark next to the following entries: (if there)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
O2 - BHO: (no name) - {213EB1EE-9646-4BAD-BF9A-A8A4AB82C851} - (no file)
O2 - BHO: (no name) - {2D158233-9E42-448A-AC24-C90DD10A1B43} - (no file)
O2 - BHO: (no name) - {59174EDD-EE28-463E-B707-F9BE2EF561BA} - (no file)
O2 - BHO: (no name) - {83CBDBE4-8F55-46AE-B860-4D6B80D54334} - (no file)
O2 - BHO: (no name) - {99EFA023-EEBC-490C-9B57-EB44FC63E025} - (no file)
O2 - BHO: (no name) - {C9F8DBD5-BB2D-4872-A44C-B5D38FE53276} - (no file)
O2 - BHO: (no name) - {DBCF58E3-59D3-4AC2-9BA9-AC57134F512A} - (no file)
O2 - BHO: (no name) - {EACB942C-2E1D-4328-A4F1-A9CC39D743CF} - (no file)
O4 - .DEFAULT User Startup: desktop(2).ini (User \'Default user\')
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} -
O20 - Winlogon Notify: mljjj - C:\WINDOWS\
O20 - Winlogon Notify: tuvwTJYs - tuvwTJYs.dll (file missing)
O20 - Winlogon Notify: yayyyww - C:\WINDOWS\
O22 - SharedTaskScheduler: (no name) - {e04408db-4812-4478-8d4d-e46edcffd3b6} - (no file)

Important: Close all windows except for HijackThis and then click Fix checked.

Exit HijackThis.

----------

Go to Start > Run and type notepad.exe then click OK

Copy and paste the below into Notepad and save as fixme.reg to Your Desktop

Code:

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{213EB1EE-9646-4BAD-BF9A-A8A4AB82C851}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D158233-9E42-448A-AC24-C90DD10A1B43}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59174EDD-EE28-463E-B707-F9BE2EF561BA}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83CBDBE4-8F55-46AE-B860-4D6B80D54334}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99EFA023-EEBC-490C-9B57-EB44FC63E025}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9F8DBD5-BB2D-4872-A44C-B5D38FE53276}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBCF58E3-59D3-4AC2-9BA9-AC57134F512A}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EACB942C-2E1D-4328-A4F1-A9CC39D743CF}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\mljjj]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tuvwTJYs]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayyyww]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"C:\WINDOWS\TEMP\win13FC.tmp.exe"=-
"C:\WINDOWS\TEMP\win1430.tmp.exe"=-
"C:\DOCUME~1\LEEBOY~1\LOCALS~1\Temp\win738.tmp.exe  "=-
"C:\WINDOWS\TEMP\win4558.tmp.exe"=-
"C:\WINDOWS\TEMP\win4595.tmp.exe"=-

Locate fixme.reg on your Desktop and double-click it. Answer Yes when prompted to merge with the Registry.

Make sure that you tell me if you receive a success message about adding the above to the registry. If you do not get a success message, it did not work.

Delete the fixme.reg from the Desktop.

----------

Clearing Temp Folder

Click on Start and then Run.
In the text box in the Run window, type %Temp% and click OK. A folder full of files and other folders will appear.
Remove everything inside the Temp folder, choose Edit and then Select All from the menu.
- Note: If you're prompted that there are hidden files in this folder, just click on OK to bypass the message.
Now that all of the files and folders are selected, hit your Delete key or choose File and then Delete from the menu.
Confirm that you want to delete the files by clicking Yes on the Confirm Multiple File Delete window that opens.
After all of the files have been deleted close the window and empty your Recycle Bin.

Run CCleaner and restart the computer.

----------

Download Lop S&D by Eric_71 and save it to your Desktop. Lop S&D will only run on Windows XP and Windows Vista

Disable your antivirus and antimalware programs so they do not interfere with the running of Lop S&D. If needed see: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you are using Windows Vista, right-click on LopSD.exe icon and select 'Run as administrator' to perform this scan.

Double-click Lop S&D.exe
Choose the language by typing of the corresponding letter and press Enter
Click OK at the informative window
Type 1, to choose Option 1 (Search) then press Enter
Wait until the end of the scan
A report will be generated, post the contents of it in your next reply.

A copy of the report can be found at this location: %systemdrive%\lopR.txt, in most cases C:\lopR.txt

**Leeboy** · #9 27th Jan 2009, 15:05

So far everything is going as planned.....I did notice a new folder on my desktop popped up called "back-ups" Also, the added registry was sucessfully loaded.....Heres the next log....

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.40GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Lee Boy ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 8.0.0.454 (Not Activated)
Firewall : Kaspersky Internet Security 8.0.0.454 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:22 Go (Free:11 Go)
D:\ (CD or DVD)
E:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)
F:\ (Local Disk) - NTFS - Total:53 Go (Free:4 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Tue 01/27/2009|13:42 )

--------------------\\ Listing folders in APPLIC~1

[12/31/2008|01:21] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[01/01/2009|08:35] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[02/09/2006|01:42] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft

[08/27/2008|12:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> {BB55CB49-6330-4B53-B9A7-7ACBC2E8F14F}
[01/19/2009|08:24] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Adobe
[01/12/2007|07:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Apple Computer
[02/10/2006|05:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> CyberLink
[06/15/2007|03:57] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> DVD Shrink
[11/06/2008|02:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> EPSON
[01/19/2009|04:50] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Google
[01/27/2009|01:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Kaspersky Lab
[01/01/2009|11:08] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Kaspersky Lab Setup Files
[10/14/2008|07:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Lavasoft
[07/11/2007|07:19] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Macromedia
[11/27/2008|10:31] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Macrovision
[01/01/2009|09:05] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Malwarebytes
[06/28/2007|10:07] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Microsoft
[03/01/2006|09:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> MSN6
[04/11/2006|10:44] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> NCH Swift Sound
[01/14/2009|06:38] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> PrevxCSI
[01/01/2009|04:28] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Spybot - Search & Destroy
[01/19/2007|05:37] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> SUPERAntiSpyware.com
[11/06/2008|02:40] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> UDL
[12/08/2008|05:33] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Ulead Systems
[02/09/2006|02:46] C:\DOCUME~1\ALLUSE~1.WIN\APPLIC~1\<DIR> Windows Genuine Advantage

[01/01/2002|01:16] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[02/09/2006|01:42] C:\DOCUME~1\DEFAUL~1.WIN\APPLIC~1\<DIR> Microsoft

[01/19/2009|08:24] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Adobe
[12/13/2008|06:52] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> AdobeUM
[04/25/2006|10:05] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Ahead
[08/26/2007|08:11] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> ArcSoft
[08/27/2008|12:45] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> ATI
[03/18/2008|06:46] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Bitstream
[02/10/2006|06:28] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Cyberlink
[11/06/2008|03:00] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> EPSON
[11/13/2006|07:23] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> FileMaker
[11/09/2006|08:36] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Google
[02/13/2006|04:16] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Help
[11/08/2008|06:44] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> HouseCall 6.6
[09/14/2006|11:28] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Identities
[08/28/2008|06:46] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> InstallShield
[02/10/2006|05:49] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> InterTrust
[10/14/2008|07:25] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Lavasoft
[04/17/2006|06:20] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Leadertech
[07/11/2007|07:36] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Macromedia
[01/01/2009|09:05] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Malwarebytes
[01/12/2007|08:44] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Media Player Classic
[10/17/2006|06:57] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Microsoft
[03/16/2008|08:56] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Mozilla
[04/11/2006|10:44] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> NCH Swift Sound
[02/20/2006|09:19] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Real
[04/11/2006|10:44] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> RecordPad
[02/13/2006|10:50] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Sun
[05/25/2006|05:48] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[03/13/2006|08:46] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Syntrillium
[03/16/2008|08:56] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Thunderbird
[05/25/2006|09:30] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> Ulead Systems
[01/23/2009|09:16] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> uTorrent
[05/22/2006|09:28] C:\DOCUME~1\LEEBOY~1\APPLIC~1\<DIR> wsInspector

[01/24/2006|01:52] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft
[10/13/2005|07:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Webroot

[02/09/2006|01:42] C:\DOCUME~1\LOCALS~1.NTA\APPLIC~1\<DIR> Microsoft

[01/24/2006|01:52] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

[05/16/2006|08:19] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> Microsoft
[07/16/2006|04:06] C:\DOCUME~1\NETWOR~1.NTA\APPLIC~1\<DIR> PhotoParade

[01/31/2006|09:55] C:\DOCUME~1\user\APPLIC~1\<DIR> .bittorrent
[07/19/2004|11:36] C:\DOCUME~1\user\APPLIC~1\<DIR> Adobe
[07/19/2004|11:36] C:\DOCUME~1\user\APPLIC~1\<DIR> AdobeUM
[01/21/2006|02:16] C:\DOCUME~1\user\APPLIC~1\<DIR> Ahead
[01/12/2006|06:25] C:\DOCUME~1\user\APPLIC~1\<DIR> Cyberlink
[05/20/2005|07:13] C:\DOCUME~1\user\APPLIC~1\<DIR> GTV
[08/03/2004|02:59] C:\DOCUME~1\user\APPLIC~1\<DIR> Help
[01/01/2002|01:20] C:\DOCUME~1\user\APPLIC~1\<DIR> Identities
[01/12/2006|05:56] C:\DOCUME~1\user\APPLIC~1\<DIR> InterTrust
[01/16/2006|11:18] C:\DOCUME~1\user\APPLIC~1\<DIR> Lavasoft
[07/15/2004|01:06] C:\DOCUME~1\user\APPLIC~1\<DIR> Macromedia
[01/09/2006|12:35] C:\DOCUME~1\user\APPLIC~1\<DIR> Media Player Classic
[10/12/2005|08:41] C:\DOCUME~1\user\APPLIC~1\<DIR> Microsoft
[07/15/2004|12:34] C:\DOCUME~1\user\APPLIC~1\<DIR> MSN6
[01/26/2006|09:13] C:\DOCUME~1\user\APPLIC~1\<DIR> Real
[10/02/2004|11:34] C:\DOCUME~1\user\APPLIC~1\<DIR> Sun
[02/06/2006|11:25] C:\DOCUME~1\user\APPLIC~1\<DIR> Vso

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[01/27/2009 01:36 PM][--ah-c---] C:\WINDOWS\tasks\SA.DAT
[08/23/2001 04:00 AM][-r-h-c---] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[01/22/2007|03:09] C:\Program Files\<DIR> 1st Sound Recorder
[02/18/2007|09:57] C:\Program Files\<DIR> 4U Computing
[04/13/2006|09:23] C:\Program Files\<DIR> Accessdiver
[02/19/2006|09:52] C:\Program Files\<DIR> Acoustica MP3 Audio Mixer
[11/27/2008|10:14] C:\Program Files\<DIR> Adobe
[04/25/2006|08:22] C:\Program Files\<DIR> Ahead
[03/01/2006|08:34] C:\Program Files\<DIR> Alwil Software
[01/19/2007|10:38] C:\Program Files\<DIR> AnvSoft
[06/28/2007|10:06] C:\Program Files\<DIR> a-squared HiJackFree
[08/27/2008|12:19] C:\Program Files\<DIR> ATI Technologies
[04/09/2006|08:55] C:\Program Files\<DIR> Autodesk
[05/28/2006|08:55] C:\Program Files\<DIR> AV VCS 3.0 Gold
[01/13/2007|08:45] C:\Program Files\<DIR> AVI MPEG RM WMV Splitter
[11/05/2007|10:25] C:\Program Files\<DIR> BitTorrent
[02/23/2008|08:04] C:\Program Files\<DIR> CCleaner
[02/23/2006|12:51] C:\Program Files\<DIR> CoffeeCup Software
[12/08/2008|05:35] C:\Program Files\<DIR> Common Files
[04/05/2006|06:26] C:\Program Files\<DIR> Conversions Plus
[03/13/2006|08:49] C:\Program Files\<DIR> coolpro2
[02/10/2006|05:37] C:\Program Files\<DIR> CyberLink
[02/21/2006|10:37] C:\Program Files\<DIR> CyberLink DVD Solution
[03/16/2008|11:32] C:\Program Files\<DIR> DiskInternals
[02/16/2006|08:31] C:\Program Files\<DIR> DVD Decrypter
[02/20/2006|12:32] C:\Program Files\<DIR> DVD Shrink
[04/09/2006|08:21] C:\Program Files\<DIR> EPCTV
[11/06/2008|02:40] C:\Program Files\<DIR> EPSON
[12/08/2008|04:33] C:\Program Files\<DIR> FotoSketcher
[02/18/2007|09:26] C:\Program Files\<DIR> Free WMA to MP3 Converter
[01/20/2009|09:54] C:\Program Files\<DIR> Google
[01/04/2007|04:19] C:\Program Files\<DIR> Google Toolbar
[01/08/2008|07:34] C:\Program Files\<DIR> Hewlett-Packard
[06/06/2007|09:32] C:\Program Files\<DIR> High Quality Photo Resizer
[03/04/2006|05:21] C:\Program Files\<DIR> HOTLLAMA Media
[10/10/2007|12:04] C:\Program Files\<DIR> ImTOO
[12/08/2008|05:33] C:\Program Files\<DIR> InstallShield Installation Information
[02/17/2006|08:37] C:\Program Files\<DIR> InterActual
[12/03/2008|11:13] C:\Program Files\<DIR> Internet Explorer
[10/14/2008|06:52] C:\Program Files\<DIR> intocartoonpro
[02/09/2006|05:59] C:\Program Files\<DIR> IrfanView
[02/20/2008|11:58] C:\Program Files\<DIR> iRiver
[01/27/2009|01:03] C:\Program Files\<DIR> Java
[01/01/2009|04:48] C:\Program Files\<DIR> Kaspersky Lab
[01/12/2007|07:40] C:\Program Files\<DIR> K-Lite Codec Pack
[10/14/2008|07:31] C:\Program Files\<DIR> Lavasoft
[05/16/2006|12:18] C:\Program Files\<DIR> LimeWire
[08/28/2008|06:46] C:\Program Files\<DIR> MagicTune Premium
[01/26/2009|08:30] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[02/09/2006|03:48] C:\Program Files\<DIR> messenger
[01/01/2002|01:49] C:\Program Files\<DIR> Microsoft ActiveSync
[01/01/2002|01:16] C:\Program Files\<DIR> microsoft frontpage
[03/02/2006|12:48] C:\Program Files\<DIR> Microsoft Office
[02/09/2006|03:09] C:\Program Files\<DIR> Movie Maker
[04/11/2006|10:41] C:\Program Files\<DIR> MP3 CD Converter
[04/11/2006|10:30] C:\Program Files\<DIR> MP3 CD Converter Professional
[06/20/2006|05:30] C:\Program Files\<DIR> MSN
[01/01/2002|01:12] C:\Program Files\<DIR> MSN Gaming Zone
[10/13/2005|10:35] C:\Program Files\<DIR> MSN Messenger
[04/11/2006|11:34] C:\Program Files\<DIR> NCH Swift Sound
[02/09/2006|03:05] C:\Program Files\<DIR> NetMeeting
[07/16/2006|04:15] C:\Program Files\<DIR> Nokia
[01/01/2009|09:16] C:\Program Files\<DIR> outlook
[05/23/2006|06:12] C:\Program Files\<DIR> Outlook Express
[12/08/2008|05:36] C:\Program Files\<DIR> Panda Security
[02/15/2008|07:39] C:\Program Files\<DIR> PhotoZoom Pro 2
[03/02/2006|09:39] C:\Program Files\<DIR> PowerISO
[05/09/2006|08:04] C:\Program Files\<DIR> QuickTime
[03/28/2006|12:00] C:\Program Files\<DIR> QuickTime Alternative
[10/30/2006|10:04] C:\Program Files\<DIR> Radical Games
[02/20/2006|09:17] C:\Program Files\<DIR> Real
[09/21/2006|06:28] C:\Program Files\<DIR> RegCleaner
[08/16/2008|06:09] C:\Program Files\<DIR> SafeNet Sentinel
[08/26/2007|07:56] C:\Program Files\<DIR> SanDisk
[01/19/2007|10:39] C:\Program Files\<DIR> Sony Corporation
[01/01/2009|04:30] C:\Program Files\<DIR> Spybot - Search & Destroy
[09/21/2006|06:30] C:\Program Files\<DIR> Startup Inspector for Windows
[01/20/2009|04:08] C:\Program Files\<DIR> SUPERAntiSpyware
[11/14/2006|08:59] C:\Program Files\<DIR> SWF.max
[02/15/2006|09:13] C:\Program Files\<DIR> Sygate
[03/03/2007|04:44] C:\Program Files\<DIR> The Logo Creator v4
[10/16/2006|01:57] C:\Program Files\<DIR> Total Video Converter
[01/26/2009|02:21] C:\Program Files\<DIR> trend micro
[12/08/2008|05:32] C:\Program Files\<DIR> TweakNow RegCleaner Pro
[05/25/2006|09:28] C:\Program Files\<DIR> Ulead Systems
[01/12/2007|11:51] C:\Program Files\<DIR> Ultra Video Splitter
[07/13/2004|07:24] C:\Program Files\<DIR> Uninstall Information
[11/05/2007|11:08] C:\Program Files\<DIR> uTorrent
[06/27/2007|06:54] C:\Program Files\<DIR> VBTUCopy
[06/27/2007|06:35] C:\Program Files\<DIR> VIA
[01/01/2002|01:59] C:\Program Files\<DIR> VIA Technologies, Inc
[05/30/2006|11:28] C:\Program Files\<DIR> WinAVI VideoConverter
[05/25/2006|09:29] C:\Program Files\<DIR> Windows Media Components
[08/28/2008|05:48] C:\Program Files\<DIR> Windows Media Connect 2
[08/28/2008|06:19] C:\Program Files\<DIR> Windows Media Player
[02/09/2006|03:05] C:\Program Files\<DIR> Windows NT
[05/22/2007|02:49] C:\Program Files\<DIR> WindowsUpdate
[01/12/2007|08:23] C:\Program Files\<DIR> WinPcap
[02/13/2006|06:02] C:\Program Files\<DIR> WinRAR
[01/12/2007|11:29] C:\Program Files\<DIR> Witcobber
[01/12/2007|11:21] C:\Program Files\<DIR> WM Recorder 10
[01/01/2002|01:16] C:\Program Files\<DIR> xerox
[08/27/2008|12:40] C:\Program Files\<DIR> XPC Tools
[04/17/2006|06:12] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[05/02/2007|05:26] C:\Program Files\Common Files\<DIR> {34FDF85D-095B-1033-1119-030310150001}
[12/13/2008|06:49] C:\Program Files\Common Files\<DIR> Adobe
[12/08/2008|04:34] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[04/25/2006|08:22] C:\Program Files\Common Files\<DIR> Ahead
[08/26/2007|07:56] C:\Program Files\Common Files\<DIR> ArcSoft
[04/09/2006|08:55] C:\Program Files\Common Files\<DIR> Autodesk Shared
[01/01/2002|01:47] C:\Program Files\Common Files\<DIR> Designer
[02/23/2005|07:15] C:\Program Files\Common Files\<DIR> Digidesign
[01/19/2007|08:49] C:\Program Files\Common Files\<DIR> Download Manager
[02/23/2006|12:19] C:\Program Files\Common Files\<DIR> FotoNation
[02/22/2006|11:23] C:\Program Files\Common Files\<DIR> InstallShield
[10/02/2004|11:32] C:\Program Files\Common Files\<DIR> Java
[01/01/2002|01:41] C:\Program Files\Common Files\<DIR> L&H
[03/09/2008|11:52] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/01/2002|01:13] C:\Program Files\Common Files\<DIR> MSSoap
[12/31/2001|04:53] C:\Program Files\Common Files\<DIR> ODBC
[02/23/2005|07:21] C:\Program Files\Common Files\<DIR> PACE Anti-Piracy
[02/20/2006|09:17] C:\Program Files\Common Files\<DIR> Real
[08/16/2008|06:09] C:\Program Files\Common Files\<DIR> SafeNet Sentinel
[01/01/2002|01:14] C:\Program Files\Common Files\<DIR> Services
[12/31/2001|04:53] C:\Program Files\Common Files\<DIR> SpeechEngines
[05/23/2006|06:12] C:\Program Files\Common Files\<DIR> System
[12/08/2008|05:33] C:\Program Files\Common Files\<DIR> Ulead Systems
[10/14/2008|07:31] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[02/20/2006|09:17] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 35 Processes )

iexplore.exe ~ [PID:3516]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-27 13:45:23
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.tmp
==> VUNDO <==

[F:2][D:1]-> C:\DOCUME~1\LEEBOY~1\LOCALS~1\Temp
[F:6][D:0]-> C:\DOCUME~1\LEEBOY~1\Cookies
[F:228][D:7]-> C:\DOCUME~1\LEEBOY~1\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Tue 01/27/2009|13:46 - Option : [1]

--------------------\\ Scan completed at 13:46:52

**evilfantasy** · #10 27th Jan 2009, 15:34

Download the OTMoveIt3 by OldTimer

Note: If you are running on Vista, right-click on OTMoveIt3.exe and choose Run As Administrator.

* Save it to your Desktop.
* Double-click OTMoveIt3.exe to run it.
* Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)

Code:

:Processes
explorer.exe

:files
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\fhhkj.ini2
C:\WINDOWS\system32\fhhkj.tmp

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

* Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
* Click the red Moveit! button.
* Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot your computer in order to finish the move process. If asked to reboot, choose Yes. If not, reboot anyway.

----------

Download ComboFix© by sUBs from one of the below links. Be sure top save it to the Desktop.

Link #1
Link #2

**Note: It is important that it is saved directly to your Desktop

Close any open Web browsers. (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your antivirus, and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Double click combofix.exe & follow the prompts.
When finished ComboFix will produce a log for you.
Post the ComboFix log in your next reply.

Important: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your antivirus and antispyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Iexplore.exe #3	jman8700	Virus, Spyware & Security	8	29th May 2008 10:39
Laptop startup severely slowing down.	KingOmega	General Software Chat	14	27th Apr 2008 10:16
Iexplore.exe #2	opetke	Virus, Spyware & Security	3	3rd Feb 2008 16:18
Another iexplore >.<	sense	Virus, Spyware & Security	20	18th Jan 2008 08:15
Hi, my computer keeps slowing down by itself i	mukz	Virus, Spyware & Security	8	3rd Jan 2008 14:22