Can not delete Total Security Center

[Natalie]

Всем доброе утро.
Просьба о помощи. Безуспешно борюсь с Total Security Center.
В первый раз удалила его по вашей инструкции с помощью HijackThis и Malwarebytes Anti-Malware. После перезагрузки он появился вновь, причем в спящем виде. Его процесс активизируется если попытаться его удалить через Add/Remove Programmes.
Причем ни одна программа теперь его не распознает. Пробовала Malwarebytes Anti-Malware, TrendMicro, Super Anti Spyware, SdFix — ничто его не берет. Работала в Safe Mode (сначала не загружался, воспользовалась SafeBootKeyRepair).
В процессе борьбы видимо стерла что-то в настройках Windows, так как теперь не работает подключение к интернету — выдавало сначала ошибку 792, потом я от нее избавилась, появилась 678.
В общем, спасите, пожалуйста.
Если можно, термины Windows на английском — нет возможности сравнить с операционной системой на русском.
Спасибо,
Natalie

[Admin]

Здравствуйте, добро пожаловать на Spyware-ru форум.

Скачайте сканер RSIT кликнув по этой ссылке и сохраните файл на вашем рабочем столе.

* Дважды кликните по скачанному файлу.
* Если у вас есть файрвал (firewall) и он покажет, что программа RSIT пытается выйти в Интернет, то разрешите ей.
* Кликните по кнопке Continue.
* Когда программа закончит работу, будут показаны два лога (log.txt и info.txt).

Вставьте оба RSIT лога в ваш ответ. Каждый лог в отдельное сообщение.

[Natalie]

Валерий, здравствуйсте.
RSIT работает только при условии подключения к интернету? Спрашиваю, так как зараженный компьютер не позволяет подключиться, выдает ошибку 678.
Спасибо,
Natalie

[Natalie]

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Natalie and Ruby at 2009-10-12 21:20:18
Microsoft Windows XP Professional Service Pack 3
System drive C: has 281 GB (92%) free of 305 GB
Total RAM: 2038 MB (75% free)

HijackThis download failed

======Scheduled tasks folder======

C:WINDOWStasksAppleSoftwareUpdate.job
C:WINDOWStasksOGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_printenhancer.dll [2008-03-27 322880]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class — C:Program FilesHPDigital ImagingSmart Web Printinghpswp_BHO.dll [2008-03-27 501056]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«NeroFilterCheck»=C:Program FilesCommon FilesAheadLibNeroCheck.exe [2007-03-01 153136]
«SecurDisc»=C:Program FilesNeroNero 7InCDNBHGui.exe [2007-05-15 1628208]
«InCD»=C:Program FilesNeroNero 7InCDInCD.exe [2007-05-15 1057328]
«RemoteControl»=C:Program FilesCyberLinkPowerDVDPDVDServ.exe [2006-11-23 56928]
«LanguageShortcut»=C:Program FilesCyberLinkPowerDVDLanguageLanguage.exe [2006-12-05 54832]
«LGODDFU»=C:Program Fileslg_fwupdatefwupdate.exe [2006-08-17 249856]
«HP Software Update»=C:Program FilesHPHP Software UpdateHPWuSchd2.exe [2008-03-25 49152]
«hpqSRMon»=C:Program FilesHPDigital ImagingbinhpqSRMon.exe [2008-03-13 81920]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2009-05-26 413696]
«UserFaultCheck»=C:WINDOWSsystem32dumprep 0 -u []
«UfSeAgnt.exe»=C:Program FilesTrend MicroInternet SecurityUfSeAgnt.exe [2009-09-30 1020248]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-14 15360]
«SUPERAntiSpyware»=C:Program FilesSUPERAntiSpywareSUPERAntiSpyware.exe [2009-09-15 1998576]

C:WINDOWSsystem322048
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe

C:Documents and SettingsNatalie and RubyStart MenuProgramsStartup
scandisk.lnk — C:WINDOWSsystem32rundll32.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2007-10-12 208896]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»=C:Program FilesSUPERAntiSpywareSASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=145

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«HonorAutoRunSetting»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:setupHPZnui01.exe»=»D:setupHPZnui01.exe:*:Enabled:hpznui01.exe»
«C:Program FilesHPDigital Imagingbinhpqtra08.exe»=»C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital Imagingbinhpoews01.exe»=»C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesHPDigital Imagingbinhpiscnapp.exe»=»C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe»
«C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe»=»C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe»
«C:Program FilesHPDigital Imagingbinhpqpsapp.exe»=»C:Program FilesHPDigital Imagingbinhpqpsapp.exe:*:Enabled:hpqpsapp.exe»
«C:Program FilesHPDigital Imagingbinhpqpse.exe»=»C:Program FilesHPDigital Imagingbinhpqpse.exe:*:Enabled:hpqpse.exe»
«C:Program FilesHPDigital Imagingbinhpqsudi.exe»=»C:Program FilesHPDigital Imagingbinhpqsudi.exe:*:Enabled:hpqsudi.exe»
«C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe»=»C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe»
«C:Program FilesHPDigital Imagingbinhpqgpc01.exe»=»C:Program FilesHPDigital Imagingbinhpqgpc01.exe:*:Enabled:hpqgpc01.exe»
«C:WINDOWSsystem32usmtmigwiz.exe»=»C:WINDOWSsystem32usmtmigwiz.exe:*:Enabled:Files and Settings Transfer Wizard»
«C:Documents and SettingsNatalie and RubyApplication DataJuniper NetworksSetup ClientJuniperSetupClient.exe»=»C:Documents and SettingsNatalie and RubyApplication DataJuniper NetworksSetup ClientJuniperSetupClient.exe:*:Enabled:Juniper Setup Client»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«»=»C:WINDOWSsystemsvchost.exe:*:Enabled:KL»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»
«C:Program FilesICQ6.5ICQ.exe»=»C:Program FilesICQ6.5ICQ.exe:*:Enabled:ICQ6»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«D:setupHPZnui01.exe»=»D:setupHPZnui01.exe:*:Enabled:hpznui01.exe»
«C:Program FilesHPDigital Imagingbinhpqtra08.exe»=»C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital Imagingbinhpoews01.exe»=»C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesHPDigital Imagingbinhpiscnapp.exe»=»C:Program FilesHPDigital Imagingbinhpiscnapp.exe:*:Enabled:hpiscnapp.exe»
«C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe»=»C:Program FilesCommon FilesHPDigital ImagingbinhpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe»
«C:Program FilesHPDigital Imagingbinhpqpsapp.exe»=»C:Program FilesHPDigital Imagingbinhpqpsapp.exe:*:Enabled:hpqpsapp.exe»
«C:Program FilesHPDigital Imagingbinhpqpse.exe»=»C:Program FilesHPDigital Imagingbinhpqpse.exe:*:Enabled:hpqpse.exe»
«C:Program FilesHPDigital Imagingbinhpqsudi.exe»=»C:Program FilesHPDigital Imagingbinhpqsudi.exe:*:Enabled:hpqsudi.exe»
«C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe»=»C:Program FilesHPDigital Imagingbinhpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe»
«C:Program FilesHPDigital Imagingbinhpqgpc01.exe»=»C:Program FilesHPDigital Imagingbinhpqgpc01.exe:*:Enabled:hpqgpc01.exe»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesWindows LiveMessengerwlcsdk.exe»=»C:Program FilesWindows LiveMessengerwlcsdk.exe:*:Enabled:Windows Live Call»
«C:Program FilesWindows LiveMessengermsnmsgr.exe»=»C:Program FilesWindows LiveMessengermsnmsgr.exe:*:Enabled:Windows Live Messenger»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{0ec32ad4-b378-11de-bf27-001d923a0dbe}]
shellAutoRuncommand — RECYCLautrun.exe
shellopencommand — RECYCLautrun.exe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{ef50f20a-9c55-11de-bedb-001d923a0dbe}]
shellAutoRuncommand — E:RECYCLautrun.exe
shellopencommand — E:RECYCLautrun.exe

======List of files/folders created in the last 1 months======

2009-10-12 21:20:18 —-D—- C:rsit
2009-10-10 14:27:30 —-D—- C:WINDOWSERUNT
2009-10-10 12:58:36 —-A—- C:WINDOWSntbtlog.txt
2009-10-10 12:52:38 —-A—- C:SAFEBOOT_REPAIR.TXT
2009-10-10 12:44:08 —-D—- C:SDFix
2009-10-07 21:54:48 —-D—- C:Documents and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2009-10-07 21:54:23 —-D—- C:Program FilesSUPERAntiSpyware
2009-10-07 21:54:23 —-D—- C:Documents and SettingsNatalie and RubyApplication DataSUPERAntiSpyware.com
2009-10-07 21:53:58 —-D—- C:Program FilesCommon FilesWise Installation Wizard
2009-10-07 19:39:39 —-D—- C:Documents and SettingsNatalie and RubyApplication DataMalwarebytes
2009-10-07 19:39:17 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-10-07 19:39:17 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-10-06 21:42:05 —-A—- C:WINDOWSUPGRADE.TXT
2009-10-05 19:36:43 —-HD—- C:WINDOWSsystem32GroupPolicy
2009-09-30 22:56:44 —-D—- C:Documents and SettingsAll UsersApplication DataTrend Micro
2009-09-30 22:56:33 —-D—- C:Program FilesTrend Micro
2009-09-30 20:45:14 —-D—- C:Program FilesMozilla Firefox
2009-09-29 19:38:44 —-D—- C:Program FilesCommon FilesTSUninstall
2009-09-29 19:38:28 —-D—- C:Program FilesTS
2009-09-29 18:15:27 —-A—- C:WINDOWSuniqina.exe
2009-09-29 18:15:27 —-A—- C:WINDOWSsystem32ozyk.vbs
2009-09-29 18:15:27 —-A—- C:WINDOWSqoze.vbs
2009-09-29 18:15:27 —-A—- C:WINDOWSiwujalyv.vbs
2009-09-29 18:15:27 —-A—- C:WINDOWSimyly.com
2009-09-25 20:30:20 —-D—- C:Documents and SettingsAll UsersApplication DataOffice Genuine Advantage
2009-09-25 20:30:19 —-D—- C:Documents and SettingsNatalie and RubyApplication DataOffice Genuine Advantage
2009-09-21 19:38:32 —-D—- C:Program FilesICQ6.5
2009-09-21 19:36:46 —-D—- C:WINDOWSsystem32appmgmt
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32zh-TW
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32zh-HK
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32tr-TR
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32sv-SE
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32pt-BR
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32nl-NL
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32nb-NO
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32ko-KR
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32it-IT
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32he-IL
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32fr-FR
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32fi-FI
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32es-ES
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32el-GR
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32de-DE
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32da-DK
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32ar-SA
2009-09-19 22:30:03 —-HDC—- C:WINDOWS$NtUninstallKB961503$
2009-09-19 22:29:55 —-D—- C:Program FilesMicrosoft CAPICOM 2.1.0.2
2009-09-19 18:49:13 —-A—- C:WINDOWSsystem32muweb.dll
2009-09-19 18:49:13 —-A—- C:WINDOWSsystem32mucltui.dll.mui
2009-09-19 18:49:13 —-A—- C:WINDOWSsystem32mucltui.dll
2009-09-19 11:03:25 —-D—- C:Program FilesICQ6Toolbar
2009-09-19 11:03:23 —-D—- C:Documents and SettingsNatalie and RubyApplication DataMozilla
2009-09-19 11:03:23 —-D—- C:Documents and SettingsAll UsersApplication DataICQ
2009-09-19 11:03:11 —-D—- C:Documents and SettingsNatalie and RubyApplication DataICQ
2009-09-19 10:51:46 —-D—- C:Program FilesMicrosoft
2009-09-19 10:51:31 —-D—- C:Program FilesWindows Live SkyDrive
2009-09-19 10:51:25 —-D—- C:Program FilesWindows Live
2009-09-19 10:49:23 —-D—- C:Program FilesCommon FilesWindows Live
2009-09-19 00:12:37 —-HDC—- C:WINDOWS$NtUninstallKB951978$
2009-09-19 00:12:34 —-HDC—- C:WINDOWS$NtUninstallKB956744$
2009-09-19 00:12:29 —-HDC—- C:WINDOWS$NtUninstallKB973540_WM9$
2009-09-19 00:12:24 —-HDC—- C:WINDOWS$NtUninstallKB954459$
2009-09-17 23:32:58 —-D—- C:WINDOWSPrefetch
2009-09-17 18:59:41 —-HDC—- C:WINDOWS$NtUninstallKB973869$
2009-09-17 18:59:37 —-HDC—- C:WINDOWS$NtUninstallKB973815$
2009-09-17 18:59:34 —-HDC—- C:WINDOWS$NtUninstallKB973507$
2009-09-17 18:59:31 —-HDC—- C:WINDOWS$NtUninstallKB973354$
2009-09-17 18:59:25 —-HDC—- C:WINDOWS$NtUninstallKB971657$
2009-09-17 18:59:22 —-HDC—- C:WINDOWS$NtUninstallKB971633$
2009-09-17 18:59:18 —-HDC—- C:WINDOWS$NtUninstallKB971557$
2009-09-17 18:59:15 —-HDC—- C:WINDOWS$NtUninstallKB970238$
2009-09-17 18:59:11 —-HDC—- C:WINDOWS$NtUninstallKB968537$
2009-09-17 18:59:06 —-HDC—- C:WINDOWS$NtUninstallKB968389$
2009-09-17 18:59:02 —-HDC—- C:WINDOWS$NtUninstallKB967715$
2009-09-17 18:58:59 —-HDC—- C:WINDOWS$NtUninstallKB961501$
2009-09-17 18:58:56 —-HDC—- C:WINDOWS$NtUninstallKB961371$
2009-09-17 18:58:48 —-HDC—- C:WINDOWS$NtUninstallKB961118$
2009-09-17 18:58:45 —-HDC—- C:WINDOWS$NtUninstallKB960859$
2009-09-17 18:58:41 —-HDC—- C:WINDOWS$NtUninstallKB960803$
2009-09-17 18:58:38 —-HDC—- C:WINDOWS$NtUninstallKB960763$
2009-09-17 18:58:35 —-HDC—- C:WINDOWS$NtUninstallKB960225$
2009-09-17 18:58:31 —-HDC—- C:WINDOWS$NtUninstallKB959426$
2009-09-17 18:58:28 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-09-17 18:58:25 —-HDC—- C:WINDOWS$NtUninstallKB958644$
2009-09-17 18:58:22 —-HDC—- C:WINDOWS$NtUninstallKB957097$
2009-09-17 18:58:18 —-HDC—- C:WINDOWS$NtUninstallKB956844$
2009-09-17 18:58:15 —-HDC—- C:WINDOWS$NtUninstallKB956803$
2009-09-17 18:58:12 —-HDC—- C:WINDOWS$NtUninstallKB956802$
2009-09-17 18:58:06 —-HDC—- C:WINDOWS$NtUninstallKB956572$
2009-09-17 18:58:01 —-HDC—- C:WINDOWS$NtUninstallKB955069$
2009-09-17 18:57:58 —-HDC—- C:WINDOWS$NtUninstallKB954600$
2009-09-17 18:57:55 —-HDC—- C:WINDOWS$NtUninstallKB952954$
2009-09-17 18:57:51 —-HDC—- C:WINDOWS$NtUninstallKB952287$
2009-09-17 18:57:48 —-HDC—- C:WINDOWS$NtUninstallKB952004$
2009-09-17 18:57:44 —-HDC—- C:WINDOWS$NtUninstallKB951748$
2009-09-17 18:57:41 —-HDC—- C:WINDOWS$NtUninstallKB951376-v2$
2009-09-17 18:57:37 —-HDC—- C:WINDOWS$NtUninstallKB951066$
2009-09-17 18:57:34 —-HDC—- C:WINDOWS$NtUninstallKB950974$
2009-09-17 18:57:31 —-HDC—- C:WINDOWS$NtUninstallKB950762$
2009-09-17 18:57:28 —-HDC—- C:WINDOWS$NtUninstallKB946648$
2009-09-17 18:57:25 —-HDC—- C:WINDOWS$NtUninstallKB938464-v2$
2009-09-17 18:57:21 —-HDC—- C:WINDOWS$NtUninstallKB923561$
2009-09-17 18:55:46 —-D—- C:WINDOWSsystem32scripting
2009-09-17 18:55:46 —-D—- C:WINDOWSsystem32en
2009-09-17 18:55:46 —-D—- C:WINDOWSsystem32bits
2009-09-17 18:55:46 —-D—- C:WINDOWSl2schemas
2009-09-17 18:53:44 —-D—- C:WINDOWSnetwork diagnostic
2009-09-17 18:52:32 —-HDC—- C:WINDOWS$NtServicePackUninstall$

======List of files/folders modified in the last 1 months======

2009-10-12 21:20:03 —-D—- C:WINDOWSsystem32CatRoot2
2009-10-12 21:19:43 —-D—- C:WINDOWSTemp
2009-10-12 21:18:25 —-A—- C:WINDOWSlgfwup.ini
2009-10-12 21:18:23 —-D—- C:Program Fileslg_fwupdate
2009-10-10 20:30:35 —-A—- C:WINDOWSSchedLgU.Txt
2009-10-10 14:37:37 —-D—- C:WINDOWSsystem32
2009-10-10 14:30:37 —-D—- C:WINDOWS
2009-10-10 14:30:37 —-D—- C:Program FilesCommon Files
2009-10-10 14:28:59 —-RSHDC—- C:WINDOWSsystem32dllcache
2009-10-10 13:16:50 —-D—- C:WINDOWSsystem32drivers
2009-10-10 12:52:36 —-D—- C:WINDOWSrepair
2009-10-10 12:40:40 —-D—- C:WINDOWSsystem322048
2009-10-07 21:54:49 —-SHD—- C:WINDOWSInstaller
2009-10-07 21:54:49 —-HD—- C:Config.Msi
2009-10-07 21:54:23 —-RD—- C:Program Files
2009-10-07 21:42:42 —-D—- C:Documents and SettingsNatalie and RubyApplication DataHPAppData
2009-10-07 19:52:44 —-D—- C:WINDOWSsystem
2009-10-05 19:36:51 —-D—- C:WINDOWSsecurity
2009-09-30 22:57:28 —-HD—- C:WINDOWSinf
2009-09-30 20:24:36 —-A—- C:WINDOWSNeroDigital.ini
2009-09-30 08:51:13 —-D—- C:WINDOWSConfig
2009-09-29 19:56:13 —-SD—- C:Documents and SettingsNatalie and RubyApplication DataMicrosoft
2009-09-29 19:50:13 —-D—- C:Program FilesInternet Explorer
2009-09-27 07:01:41 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-09-24 13:55:17 —-D—- C:WINDOWSsystem32CatRoot
2009-09-24 13:55:05 —-D—- C:Program FilesJuniper Networks
2009-09-24 13:55:03 —-D—- C:Documents and SettingsNatalie and RubyApplication DataJuniper Networks
2009-09-24 13:54:47 —-SD—- C:WINDOWSDownloaded Program Files
2009-09-21 19:21:41 —-SD—- C:WINDOWSTasks
2009-09-21 19:21:40 —-D—- C:WINDOWSsystem32en-US
2009-09-20 21:37:46 —-A—- C:WINDOWSwin.ini
2009-09-19 22:29:36 —-RSD—- C:WINDOWSFonts
2009-09-19 22:29:00 —-D—- C:Program FilesCommon FilesMicrosoft Shared
2009-09-19 22:28:46 —-D—- C:WINDOWSWinSxS
2009-09-19 18:53:54 —-HD—- C:WINDOWS$hf_mig$
2009-09-19 11:03:23 —-HD—- C:Program FilesInstallShield Installation Information
2009-09-19 10:51:36 —-SD—- C:Documents and SettingsAll UsersApplication DataMicrosoft
2009-09-19 00:12:39 —-A—- C:WINDOWSimsins.BAK
2009-09-17 23:33:32 —-A—- C:WINDOWSOEWABLog.txt
2009-09-17 23:33:09 —-A—- C:WINDOWSsetuplog.txt
2009-09-17 23:32:41 —-D—- C:WINDOWSsystem32wbem
2009-09-17 23:32:41 —-D—- C:WINDOWSsystem32Setup
2009-09-17 23:32:41 —-D—- C:WINDOWSAppPatch
2009-09-17 18:59:32 —-D—- C:Program FilesOutlook Express
2009-09-17 18:57:29 —-D—- C:Program FilesMessenger
2009-09-17 18:55:54 —-D—- C:Program FilesWindows Media Player
2009-09-17 18:55:50 —-D—- C:WINDOWSsystem32inetsrv
2009-09-17 18:55:50 —-D—- C:WINDOWSime
2009-09-17 18:55:50 —-D—- C:WINDOWSHelp
2009-09-17 18:55:46 —-D—- C:WINDOWSsystem32usmt
2009-09-17 18:55:46 —-D—- C:WINDOWSPeerNet
2009-09-17 18:55:46 —-D—- C:Program FilesMovie Maker
2009-09-17 18:54:45 —-D—- C:WINDOWSServicePackFiles
2009-09-17 18:54:43 —-D—- C:WINDOWSsystem32Restore
2009-09-17 18:54:43 —-D—- C:WINDOWSsystem32npp
2009-09-17 18:54:43 —-D—- C:WINDOWSmui
2009-09-17 18:54:43 —-D—- C:WINDOWSmsagent
2009-09-17 18:54:42 —-D—- C:WINDOWSsystem32Com
2009-09-17 18:54:42 —-D—- C:WINDOWSsrchasst
2009-09-17 18:54:42 —-D—- C:Program FilesNetMeeting
2009-09-17 18:54:40 —-D—- C:Program FilesWindows NT
2009-09-17 18:54:38 —-D—- C:Program FilesCommon FilesSystem
2009-09-17 18:54:27 —-D—- C:WINDOWSsystem32oobe
2009-09-17 18:53:12 —-D—- C:WINDOWSsystem32ReinstallBackups
2009-09-17 18:52:30 —-D—- C:WINDOWSehome

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 InCDPass;InCDPass; C:WINDOWSsystem32driversInCDPass.sys [2007-05-15 37040]
R1 incdrm;InCD Reader; C:WINDOWSsystem32driversInCDRm.sys [2007-05-15 38576]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; ??C:Program FilesSUPERAntiSpywareSASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; ??C:Program FilesSUPERAntiSpywareSASKUTIL.sys []
R1 tmtdi;Trend Micro TDI Driver; C:WINDOWSsystem32DRIVERStmtdi.sys [2009-09-30 89872]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.10.0; C:WINDOWSsystem32DRIVERSAegisP.sys [2009-07-14 21275]
R2 tmcomm;tmcomm; ??C:WINDOWSsystem32driverstmcomm.sys []
R2 tmpreflt;tmpreflt; C:WINDOWSsystem32DRIVERStmpreflt.sys [2009-09-30 36368]
R2 tmxpflt;tmxpflt; C:WINDOWSsystem32DRIVERStmxpflt.sys [2009-09-30 225808]
R2 vsapint;vsapint; C:WINDOWSsystem32DRIVERSvsapint.sys [2009-09-30 1223832]
R3 dsNcAdpt;Juniper Network Connect Adapter; C:WINDOWSsystem32DRIVERSdsNcAdpt.sys [2009-08-13 26624]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSigxpmp32.sys [2007-10-12 5776928]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2007-10-12 4609024]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2004-08-04 12160]
R3 PdiPorts;Portrait Displays low level device driver; C:WINDOWSSystem32DriversPdiPorts.sys [2006-11-16 15920]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:WINDOWSsystem32DRIVERSRtenicxp.sys [2007-10-12 94592]
R3 SASENUM;SASENUM; ??C:Program FilesSUPERAntiSpywareSASENUM.SYS []
R3 tmactmon;tmactmon; ??C:WINDOWSsystem32driverstmactmon.sys []
R3 tmcfw;Trend Micro Common Firewall Service; C:WINDOWSsystem32DRIVERSTM_CFW.sys [2009-09-30 339984]
R3 tmevtmgr;tmevtmgr; ??C:WINDOWSsystem32driverstmevtmgr.sys []
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
R4 InCDfs;InCD File System; C:WINDOWSsystem32driversInCDFs.sys [2007-05-15 118576]
S2 cblwcrejvwev;cblwcrejvwev; ??C:WINDOWSsystem32driversaeynxkgtpwl.sys []
S2 qvhini;qvhini; ??C:WINDOWSsystem32driversillvyerjiomwgf.sys []
S3 AR5211;TP-LINK Wireless Network Adapter Service; C:WINDOWSsystem32DRIVERSar5211.sys [2005-12-21 470048]
S3 catchme;catchme; ??C:DOCUME~1NATALI~1LOCALS~1Tempcatchme.sys []
S3 GMSIPCI;GMSIPCI; ??D:INSTALLGMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2008-04-16 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2008-04-16 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2008-04-16 21568]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2004-08-11 18944]
S3 WudfPf;Windows Driver Foundation — User-mode Driver Framework Platform Driver; C:WINDOWSsystem32DRIVERSWudfPf.sys [2006-11-02 76672]
S3 WudfRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSwudfrd.sys [2006-11-02 82560]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Asset Management Daemon;Asset Management Daemon; C:Program FilesCommon FilesPortrait DisplaysPluginsAMdtsslsrv.exe [2007-10-11 114688]
R2 dsNcService;Juniper Network Connect Service; C:Program FilesJuniper NetworksCommon FilesdsNcService.exe [2009-08-13 615720]
R2 DTSRVC;Portrait Displays Display Tune Service; C:Program FilesCommon FilesPortrait DisplaysSharedDTSRVC.exe [2007-10-11 65536]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 HPSLPSVC;HP Network Devices Support; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R2 InCDsrv;InCD Helper; C:Program FilesNeroNero 7InCDInCDsrv.exe [2007-05-15 1550896]
R2 Net Driver HPZ12;Net Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSSystem32svchost.exe [2008-04-14 14336]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:Program FilesCyberLinkShared FilesRichVideo.exe [2005-08-08 167936]
R2 SfCtlCom;Trend Micro Central Control Component; C:Program FilesTrend MicroInternet SecuritySfCtlCom.exe [2009-09-30 715368]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2004-08-11 38912]
R3 hpqcxs08;hpqcxs08; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
R3 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:Program FilesTrend MicroBMTMBMSRV.exe [2009-09-30 345352]
R3 TmPfw;Trend Micro Personal Firewall; C:Program FilesTrend MicroInternet SecurityTmPfw.exe [2009-09-30 497008]
R3 TmProxy;Trend Micro Proxy Service; C:Program FilesTrend MicroInternet SecurityTmProxy.exe [2009-09-30 689416]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:WINDOWSMicrosoft.NETFrameworkv3.0WPFPresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:Program FilesNeroNero 7Nero BackItUpNBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:Program FilesCommon FilesAheadLibNMIndexingService.exe [2007-05-08 271920]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2008-07-29 132096]

---

EOF

---

[Natalie]

info.txt logfile of random’s system information tool 1.06 2009-10-12 21:20:42

======Uninstall list======

—>C:Program FilesNeroNero 7\nerouninstallUNNERO.exe /UNINSTALL
—>C:WINDOWSNuNInst.exe /UNINSTALL
—>C:WINDOWSUNNeroBackItUp.exe /UNINSTALL
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
32 Bit HP CIO Components Installer—>MsiExec.exe /I{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}
Adobe Acrobat 5.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.isu» -c»C:Program FilesCommon FilesAdobeAcrobat 5.0NTUninst.dll»
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Apple Software Update—>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
DVD Suite—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}setup.exe» -uninstall
Ebook—>»C:Program FilesEbookUnInstallEbook.exe»
E-GOV.IL Sign&Verify Software — AGForm toolbar—>MsiExec.exe /I{18880887-285F-4260-989B-8B22020D756F}
forteManager—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{1883A84D-94AA-432C-9519-FA31B6B118B9}setup.exe» -l0x9 -removeonly
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»E:natalieHijackThis.exe» /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=»»
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=»»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
Hotfix for Windows XP (KB961118)—>»C:WINDOWS$NtUninstallKB961118$spuninstspuninst.exe»
Hotfix for Windows XP (KB970653-v3)—>»C:WINDOWS$NtUninstallKB970653-v3$spuninstspuninst.exe»
HP Customer Participation Program 11.0—>C:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat -forcereboot
HP Imaging Device Functions 11.0—>C:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photosmart C4500 All-In-One Driver Software 11.0 Rel .4—>C:Program FilesHPDigital Imaging{BED1705F-7558-40f7-9F52-6C6FBD58EA2E}setuphpzscr01.exe -datfile hposcr30.dat -onestop
HP Photosmart Essential 3.0—>C:Program FilesHPDigital ImagingPhotoSmartEssentialhpzscr01.exe -datfile hpqbud13.dat -forcereboot
HP Smart Web Printing—>C:Program FilesHPDigital ImagingSmart Web Printinghpzscr01.exe -datfile hpqbud15.dat
HP Solution Center 11.0—>C:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat -forcereboot
HP Update—>MsiExec.exe /X{D063F201-FAC4-4D5C-B10B-615058ADE5A7}
ICQ6.5—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Intel(R) Graphics Media Accelerator Driver—>C:WINDOWSsystem32igxpun.exe -uninstall
Java 2 Runtime Environment, SE v1.4.2_09—>MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142090}
Juniper Networks Network Connect 6.4.0—>»C:Program FilesJuniper NetworksNetwork Connect 6.4.0uninstall.exe»
Juniper Networks Network Connect 6.5.0—>»C:Program FilesJuniper NetworksNetwork Connect 6.5.0uninstall.exe»
LG ODD Auto Firmware Update—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6179550A-3E7C-499E-BCC9-9E8113E0A285}setup.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
Microsoft .NET Framework 2.0 Service Pack 2—>MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2—>MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5 SP1setup.exe
Microsoft .NET Framework 3.5 SP1—>MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard—>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office 2003 Web Components—>MsiExec.exe /I{90A4040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Access 2003 Runtime—>MsiExec.exe /I{901C040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003—>MsiExec.exe /I{9011040D-6000-11D3-8CFE-0150048383C9}
Microsoft Office XP Web Components—>MsiExec.exe /I{9026040D-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWudf01005$spuninstspuninst.exe»
Microsoft Visual C++ 2005 ATL Update kb973923 — x86 8.0.50727.4053—>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WinUsb 1.0—>»C:WINDOWS$NtUninstallwinusb0100$spuninstspuninst.exe»
Mozilla Firefox (3.5.3)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MP3 Player Utilities 4.18—>MsiExec.exe /I{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}
MSVCRT—>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)—>MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Essentials—>MsiExec.exe /X{8046A32C-88A7-45DA-B6D7-B6191E261033}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OCR Software by I.R.I.S. 11.0—>C:Program FilesHPDigital ImagingOCRhpzscr01.exe -datfile hpqbud11.dat
OGA Notifier 2.0.0048.0—>MsiExec.exe /I{B2544A03-10D0-4E5E-BA69-0362FFC20D18}
PC Camera —>C:PROGRA~1COMMON~1INSTAL~1Driver9INTEL3~1IDriver.exe /M{F4749535-2B87-498A-B74D-0A01B174E36D} /l1033
PhotoShops—>»C:Program FilesPhotoShopsUninstallPhotoShops.exe»
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}setup.exe» -uninstall
PowerProducer—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{B7A0CE06-068E-11D6-97FD-0050BACBF861}setup.exe» -uninstall
QuickTime—>MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek High Definition Audio Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime1150Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}Setup.exe» -l0x9 -removeonly
SDK—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime110Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}setup.exe» -l0x9
Security Update for CAPICOM (KB931906)—>MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)—>MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)—>»C:WINDOWSie7updatesKB938127-v2-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB969897)—>»C:WINDOWSie7updatesKB969897-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB972260)—>»C:WINDOWSie7updatesKB972260-IE7spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB968816)—>»C:WINDOWS$NtUninstallKB968816_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player (KB973540)—>»C:WINDOWS$NtUninstallKB973540_WM9L$spuninstspuninst.exe»
Security Update for Windows XP (KB923561)—>»C:WINDOWS$NtUninstallKB923561$spuninstspuninst.exe»
Security Update for Windows XP (KB938464-v2)—>»C:WINDOWS$NtUninstallKB938464-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB941569)—>»C:WINDOWS$NtUninstallKB941569$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952004)—>»C:WINDOWS$NtUninstallKB952004$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956572)—>»C:WINDOWS$NtUninstallKB956572$spuninstspuninst.exe»
Security Update for Windows XP (KB956744)—>»C:WINDOWS$NtUninstallKB956744$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956844)—>»C:WINDOWS$NtUninstallKB956844$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Security Update for Windows XP (KB958687)—>»C:WINDOWS$NtUninstallKB958687$spuninstspuninst.exe»
Security Update for Windows XP (KB959426)—>»C:WINDOWS$NtUninstallKB959426$spuninstspuninst.exe»
Security Update for Windows XP (KB960225)—>»C:WINDOWS$NtUninstallKB960225$spuninstspuninst.exe»
Security Update for Windows XP (KB960803)—>»C:WINDOWS$NtUninstallKB960803$spuninstspuninst.exe»
Security Update for Windows XP (KB960859)—>»C:WINDOWS$NtUninstallKB960859$spuninstspuninst.exe»
Security Update for Windows XP (KB961371)—>»C:WINDOWS$NtUninstallKB961371$spuninstspuninst.exe»
Security Update for Windows XP (KB961501)—>»C:WINDOWS$NtUninstallKB961501$spuninstspuninst.exe»
Security Update for Windows XP (KB968537)—>»C:WINDOWS$NtUninstallKB968537$spuninstspuninst.exe»
Security Update for Windows XP (KB970238)—>»C:WINDOWS$NtUninstallKB970238$spuninstspuninst.exe»
Security Update for Windows XP (KB971557)—>»C:WINDOWS$NtUninstallKB971557$spuninstspuninst.exe»
Security Update for Windows XP (KB971633)—>»C:WINDOWS$NtUninstallKB971633$spuninstspuninst.exe»
Security Update for Windows XP (KB971657)—>»C:WINDOWS$NtUninstallKB971657$spuninstspuninst.exe»
Security Update for Windows XP (KB971961)—>»C:WINDOWS$NtUninstallKB971961$spuninstspuninst.exe»
Security Update for Windows XP (KB973346)—>»C:WINDOWS$NtUninstallKB973346$spuninstspuninst.exe»
Security Update for Windows XP (KB973354)—>»C:WINDOWS$NtUninstallKB973354$spuninstspuninst.exe»
Security Update for Windows XP (KB973507)—>»C:WINDOWS$NtUninstallKB973507$spuninstspuninst.exe»
Security Update for Windows XP (KB973869)—>»C:WINDOWS$NtUninstallKB973869$spuninstspuninst.exe»
Segoe UI—>MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Shop for HP Supplies—>C:Program FilesHPDigital ImagingHPSSupplyhpzscr01.exe -datfile hpqbud16.dat
SUPERAntiSpyware Free Edition—>MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Trend Micro Internet Security—>C:Program FilesTrend MicroInternet Securityremove.exe
Trend Micro Internet Security—>MsiExec.exe /X{9D2B0322-44AE-460E-9283-4D2D7A9205AE}
תוספות קו 1.4.2—>C:Program FilesCavErpuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)—>C:WINDOWSsystem32msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=»»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
Update for Windows XP (KB960763)—>»C:WINDOWS$NtUninstallKB960763$spuninstspuninst.exe»
Update for Windows XP (KB961503)—>»C:WINDOWS$NtUninstallKB961503$spuninstspuninst.exe»
Update for Windows XP (KB967715)—>»C:WINDOWS$NtUninstallKB967715$spuninstspuninst.exe»
Update for Windows XP (KB968389)—>»C:WINDOWS$NtUninstallKB968389$spuninstspuninst.exe»
Update for Windows XP (KB973815)—>»C:WINDOWS$NtUninstallKB973815$spuninstspuninst.exe»
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Live Call—>MsiExec.exe /I{885A5214-9CDD-40E0-A89D-7672588748E1}
Windows Live Communications Platform—>MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials—>C:Program FilesWindows LiveInstallerwlarp.exe
Windows Live Essentials—>MsiExec.exe /I{035D48BB-503E-4F09-9D52-EC57D3411DDC}
Windows Live Messenger—>MsiExec.exe /X{634328D0-C948-4C4D-BDE9-58015B941648}
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
??? ?????? ?? Windows Live—>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
????? ?????? ?? Windows Live—>MsiExec.exe /I{BCBA462D-3E1B-416C-89F8-492020D4BBF4}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Trend Micro Internet Security (outdated)
FW: Trend Micro Personal Firewall

======System event log======

Computer Name: NATALIE-F684519
Event Code: 7000
Message: The HP Network Devices Support service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Record Number: 4339
Source Name: Service Control Manager
Time Written: 20090918003445.000000+180
Event Type: error
User:

Computer Name: NATALIE-F684519
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.

Record Number: 4338
Source Name: Service Control Manager
Time Written: 20090918003445.000000+180
Event Type: error
User:

Computer Name: NATALIE-F684519
Event Code: 10005
Message: DCOM got error «%1053» attempting to start the service HPSLPSVC with arguments «»
in order to run the server:
{10DA4F3C-CC99-4190-BE4D-58330754E882}

Record Number: 4337
Source Name: DCOM
Time Written: 20090918003445.000000+180
Event Type: error
User: NT AUTHORITYSYSTEM

Computer Name: NATALIE-F684519
Event Code: 7000
Message: The HP Network Devices Support service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Record Number: 4322
Source Name: Service Control Manager
Time Written: 20090918003443.000000+180
Event Type: error
User:

Computer Name: NATALIE-F684519
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the HP Network Devices Support service to connect.

Record Number: 4321
Source Name: Service Control Manager
Time Written: 20090918003443.000000+180
Event Type: error
User:

=====Application event log=====

Computer Name: NATALIE-F684519
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16876, faulting module hpswp_bho.dll, version 110.0.19045.0, fault address 0x00003bcf.

Record Number: 1048
Source Name: Application Error
Time Written: 20090902144629.000000+180
Event Type: error
User:

Computer Name: NATALIE-F684519
Event Code: 1517
Message: Windows saved user NATALIE-F684519Natalie and Ruby registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1038
Source Name: Userenv
Time Written: 20090902003054.000000+180
Event Type: warning
User: NT AUTHORITYSYSTEM

Computer Name: NATALIE-F684519
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16876, faulting module hpswp_bho.dll, version 110.0.19045.0, fault address 0x00003bcf.

Record Number: 1027
Source Name: Application Error
Time Written: 20090901134445.000000+180
Event Type: error
User:

Computer Name: NATALIE-F684519
Event Code: 1002
Message: Hanging application iexplore.exe, version 7.0.6000.16876, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 999
Source Name: Application Hang
Time Written: 20090829235314.000000+180
Event Type: error
User:

Computer Name: NATALIE-F684519
Event Code: 1517
Message: Windows saved user NATALIE-F684519Natalie and Ruby registry while an application or service was still using the registry during log off. The memory used by the user’s registry has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 979
Source Name: Userenv
Time Written: 20090828040250.000000+180
Event Type: warning
User: NT AUTHORITYSYSTEM

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:Program FilesQuickTimeQTSystem
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=6
«PROCESSOR_IDENTIFIER»=x86 Family 6 Model 23 Stepping 6, GenuineIntel
«PROCESSOR_REVISION»=1706
«NUMBER_OF_PROCESSORS»=2
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«CLASSPATH»=.;C:Program FilesJavaj2re1.4.2_09libextQTJava.zip
«QTJAVA»=C:Program FilesJavaj2re1.4.2_09libextQTJava.zip

---

EOF

---

[Natalie]

Валерий, помогите, пожалуйста, избавиться от паразита.

[Admin]

Необходимо произвести дополнительную проверку.
Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.

Примечание: перед использованием Combofix обязательно установите Recovery console. Как это сделать будет описано на странице, ссылку на которую я привёл выше.

[Natalie]

ComboFix 09-10-19.04 — Natalie and Ruby 10/20/2009 23:04.1.2 — NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1351 [GMT 2:00]
Running from: c:documents and settingsNatalie and RubyMy DocumentsDownloadsComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:documents and settingsAll UsersApplication Datadycokehik.bin
c:documents and settingsAll UsersApplication DataMicrosoftid.txt
c:documents and settingsAll UsersApplication Dataogonu.reg
c:documents and settingsAll UsersApplication Dataxuva.sys
c:documents and settingsAll UsersDocumentsvatitivi.pif
c:documents and settingsAll UsersDocumentswomubuk.exe
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet Filesprint.htm
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_addUserImage.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_AgatUserImage.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_Animated.htm
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_attachEmpty.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_attachFull.bmp
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_ban_moin.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_blue_bot_lft.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_bot_lft.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_bot_lft_dis.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_bot_rt.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_bot_rt_dis.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_bullet.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_bullet_blue.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_bullet_blue_eng.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_but_asher.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_but_close.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_but_remove.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_but_sgor.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_corner_topLft.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_crnr_bot_left.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_crnr_bot_right.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_crnr_top_left.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_crnr_top_right.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_del_small.GIF
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_deleteSign.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_displayAttach.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_displaySignedForm.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_displaySignerDetails.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_displaySignerStatus.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_dot.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_dotted_line.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_drop2.GIF
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_englishBackgroundPopup.jpg
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_englishContent.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_exit.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_form_bg_bottom_stretch.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_form_bg_corner_left.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_form_bg_corner_right.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_form_bg_left_stretch.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_form_bg_right_stretch.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_form1_main_bw.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_hebrewBackgroundPopup.jpg
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_hebrewContent.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_id_card.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_ikon_files.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_ikon_help.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_ikon_tohen.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_layout_an_send_end.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_left_grey.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_left2.GIF
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_leftTop.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_line.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_line_dis.jpg
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_line_gray.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_line_stretch_across.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_line_stretch_down.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_logo_israel.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_logo_israel1.jpeg
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_lookUpWindow.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_lookUpWindowReadonly.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_main_left.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_main_left1.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_main_semel.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_main_seperator.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_mashov.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_pay_button1.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_print.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_print11.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_PrintFile.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_printnush.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_right_grey.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_right2.GIF
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_rightTop.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_sand_clock3.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_saveAllAttachments.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_saveAllAttachmentsENG.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_saveAttach.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_SaveToFile.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_saveToFileEach.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_shadow_bottom.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_shadow_bottom_dis.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_shadow_Rt.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_shadow_Rt_dis.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_sign.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_sign_unverified.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_signGrey.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_SignInQuestion.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_signYellow.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_square.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_star.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_status_Animated.htm
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_statusBar.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_subtitle_corner_left.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_subtitle_with_line.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_title_corner_left.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_title_corner_lft.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_title_with_line.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_titleBG.bmp
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_ToolbarP.png
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_top_lft.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_top_lft_dis.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_top_rt.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_top_rt_dis.gif
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_trash.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsImg_verifySignature.ico
c:documents and settingsNatalie and RubyLocal SettingsTemporary Internet FilestfsStatusBar.gif
c:documents and settingsNatalie and RubyStart MenuProgramsStartupscandisk.lnk
c:documents and settingsNetworkServicentuser.dll
c:program filesCommon Filescevosymy.reg
c:program filesCommon Filestocove.inf
c:program filesCommon Fileswucysuwanu._dl
c:program filesCommon Fileszuqumofemy.pif
c:recyclerS-1-5-21-9335083243-6504679840-793465441-0764
c:windowsiwujalyv.vbs
c:windowskojotizydu.inf
c:windowsqoze.vbs
c:windowssystem32configsystemprofileStart MenuProgramsAntivirusPro_2010
c:windowssystem32configsystemprofileStart MenuProgramsAntivirusPro_2010AntivirusPro_2010.lnk
c:windowssystem32configsystemprofileStart MenuProgramsAntivirusPro_2010Uninstall.lnk
c:windowssystem32configsystemprofileStart MenuProgramsStartupscandisk.lnk
c:windowssystem32ozyk.vbs
c:windowssystem32rygucido._dl
c:windowssystem32tracert.dll
c:windowssystem32winword.exe
c:windowssystem32xixyg.ban
c:windowsuniqina.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

---

Legacy_SYNSEND

((((((((((((((((((((((((( Files Created from 2009-09-20 to 2009-10-20 )))))))))))))))))))))))))))))))
.

2009-10-19 01:18 . 2009-10-19 01:18

---

d

---

w- c:documents and settingsNatalie and RubyLocal SettingsApplication DataPCHealth
2009-10-18 06:07 . 2009-10-18 06:07

---

d

---

w- c:windowssystem32CatRoot_bak
2009-10-18 05:55 . 2008-06-13 13:10 272128 -c—-w- c:windowssystem32dllcachebthport.sys
2009-10-18 05:39 . 2008-10-24 11:10 453632 -c—-w- c:windowssystem32dllcachemrxsmb.sys
2009-10-18 05:39 . 2009-08-04 14:00 2180352 -c—-w- c:windowssystem32dllcachentoskrnl.exe
2009-10-18 05:39 . 2009-08-04 13:58 2136064 -c—-w- c:windowssystem32dllcachentkrnlmp.exe
2009-10-18 05:39 . 2009-08-04 13:13 2015744 -c—-w- c:windowssystem32dllcachentkrpamp.exe
2009-10-18 05:39 . 2009-08-04 13:13 2057728 -c—-w- c:windowssystem32dllcachentkrnlpa.exe
2009-10-17 05:17 . 2009-10-17 05:17

---

d

---

w- c:documents and settingsNetworkServiceLocal SettingsApplication DataApple
2009-10-16 16:02 . 2007-10-12 08:33 172032 —-a-r- c:windowssystem32igfxres.dll
2009-10-16 15:54 . 2004-08-04 12:00 8192 -c—a-w- c:windowssystem32dllcachehttpmb51.dll
2009-10-16 15:52 . 2004-08-04 12:00 16384 -c—a-w- c:windowssystem32dllcacheisignup.exe
2009-10-16 15:29 . 2004-08-04 12:00 24661 -c—a-w- c:windowssystem32dllcachespxcoins.dll
2009-10-16 15:29 . 2004-08-04 12:00 24661 —-a-w- c:windowssystem32spxcoins.dll
2009-10-16 15:29 . 2004-08-04 12:00 13312 -c—a-w- c:windowssystem32dllcacheirclass.dll
2009-10-16 15:29 . 2004-08-04 12:00 13312 —-a-w- c:windowssystem32irclass.dll
2009-10-12 19:20 . 2009-10-12 19:20

---

d

---

w- C:rsit
2009-10-10 12:27 . 2009-10-10 12:27

---

d

---

w- c:windowsERUNT
2009-10-10 10:44 . 2009-10-10 12:44

---

d

---

w- C:SDFix
2009-10-07 19:54 . 2009-10-07 19:54

---

d

---

w- c:documents and settingsAll UsersApplication DataSUPERAntiSpyware.com
2009-10-07 19:54 . 2009-10-07 19:54

---

d

---

w- c:program filesSUPERAntiSpyware
2009-10-07 19:54 . 2009-10-07 19:54

---

d

---

w- c:documents and settingsNatalie and RubyApplication DataSUPERAntiSpyware.com
2009-10-07 19:53 . 2009-10-07 19:53

---

d

---

w- c:program filesCommon FilesWise Installation Wizard
2009-10-07 17:39 . 2009-10-07 17:39

---

d

---

w- c:documents and settingsNatalie and RubyApplication DataMalwarebytes
2009-10-07 17:39 . 2009-09-10 12:54 38224 —-a-w- c:windowssystem32driversmbamswissarmy.sys
2009-10-07 17:39 . 2009-10-07 19:52

---

d

---

w- c:program filesMalwarebytes’ Anti-Malware
2009-10-07 17:39 . 2009-10-07 17:39

---

d

---

w- c:documents and settingsAll UsersApplication DataMalwarebytes
2009-10-06 19:15 . 2009-09-10 12:53 19160 —-a-w- c:windowssystem32driversmbam.sys
2009-10-05 17:36 . 2009-10-05 17:36

---

d—h—w- c:windowssystem32GroupPolicy
2009-09-30 20:57 . 2009-09-30 20:55 59920 —-a-w- c:windowssystem32driverstmactmon.sys
2009-09-30 20:57 . 2009-09-30 20:55 50704 —-a-w- c:windowssystem32driverstmevtmgr.sys
2009-09-30 20:57 . 2009-09-30 20:55 158224 —-a-w- c:windowssystem32driverstmcomm.sys
2009-09-30 20:56 . 2009-09-30 21:00

---

d

---

w- c:documents and settingsAll UsersApplication DataTrend Micro
2009-09-30 20:56 . 2009-09-30 20:57

---

d

---

w- c:program filesTrend Micro
2009-09-30 20:55 . 2009-09-30 20:55 89872 —-a-w- c:windowssystem32driverstmtdi.sys
2009-09-30 20:55 . 2009-09-30 20:55 36368 —-a-w- c:windowssystem32driverstmpreflt.sys
2009-09-30 20:55 . 2009-09-30 20:55 339984 —-a-w- c:windowssystem32driversTM_CFW.sys
2009-09-30 20:55 . 2009-09-30 20:55 225808 —-a-w- c:windowssystem32driverstmxpflt.sys
2009-09-30 20:55 . 2009-09-30 20:55 1223832 —-a-w- c:windowssystem32driversvsapint.sys
2009-09-30 18:45 . 2009-09-30 18:45 0 —-a-w- c:windowsnsreg.dat
2009-09-30 18:45 . 2009-09-30 18:45

---

d

---

w- c:documents and settingsNatalie and RubyLocal SettingsApplication DataMozilla
2009-09-29 17:48 . 2009-09-30 20:52

---

d

---

w- c:documents and settingsNatalie and Ruby.housecall6.6
2009-09-29 17:38 . 2009-09-29 17:38

---

d

---

w- c:program filesCommon FilesTSUninstall
2009-09-29 17:38 . 2009-10-19 18:58

---

d

---

w- c:program filesTS
2009-09-29 16:15 . 2009-09-29 16:15 16790 —-a-w- c:windowsimyly.com
2009-09-25 18:30 . 2009-09-25 18:30

---

d

---

w- c:documents and settingsAll UsersApplication DataOffice Genuine Advantage
2009-09-25 18:30 . 2009-09-25 18:30

---

d

---

w- c:documents and settingsNatalie and RubyApplication DataOffice Genuine Advantage
2009-09-21 17:38 . 2009-09-21 17:40

---

d

---

w- c:program filesICQ6.5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 21:09 . 2009-07-14 01:49

---

d

---

w- c:program fileslg_fwupdate
2009-10-20 11:53 . 2009-07-14 02:53

---

d

---

w- c:documents and settingsNatalie and RubyApplication DataHPAppData
2009-10-16 16:01 . 2009-07-14 01:17 71568 —-a-w- c:documents and settingsNatalie and RubyLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-10-16 15:51 . 2009-07-14 01:09 22720 —-a-w- c:windowssystem32emptyregdb.dat
2009-09-25 05:56 . 2004-08-04 12:00 662016 —-a-w- c:windowssystem32wininet.dll
2009-09-25 05:56 . 2004-08-04 12:00 81920 —-a-w- c:windowssystem32ieencode.dll
2009-09-24 11:55 . 2009-07-15 12:45

---

d

---

w- c:program filesJuniper Networks
2009-09-24 11:55 . 2009-07-15 12:44

---

d

---

w- c:documents and settingsNatalie and RubyApplication DataJuniper Networks
2009-09-21 17:39 . 2009-09-19 09:03

---

d

---

w- c:program filesICQ6Toolbar
2009-09-21 17:39 . 2009-09-19 09:03

---

d

---

w- c:documents and settingsAll UsersApplication DataICQ
2009-09-19 20:29 . 2009-09-19 20:29

---

d

---

w- c:program filesMicrosoft CAPICOM 2.1.0.2
2009-09-19 09:04 . 2009-09-19 09:03

---

d

---

w- c:documents and settingsNatalie and RubyApplication DataICQ
2009-09-19 09:03 . 2009-07-14 01:30

---

d—h—w- c:program filesInstallShield Installation Information
2009-09-19 08:58 . 2009-09-19 08:51

---

d

---

w- c:program filesWindows Live
2009-09-19 08:51 . 2009-09-19 08:51

---

d

---

w- c:program filesMicrosoft
2009-09-19 08:51 . 2009-09-19 08:51

---

d

---

w- c:program filesWindows Live SkyDrive
2009-09-19 08:49 . 2009-09-19 08:49

---

d

---

w- c:program filesCommon FilesWindows Live
2009-09-11 14:33 . 2004-08-04 12:00 133632 —-a-w- c:windowssystem32msv1_0.dll
2009-09-04 20:45 . 2004-08-04 12:00 58880 —-a-w- c:windowssystem32msasn1.dll
2009-08-26 08:16 . 2004-08-04 12:00 247326 —-a-w- c:windowssystem32strmdll.dll
2009-08-22 22:06 . 2009-08-22 22:06

---

d

---

w- c:program filesMSBuild
2009-08-22 22:05 . 2009-08-22 22:05

---

d

---

w- c:program filesReference Assemblies
2009-08-22 22:03 . 2009-08-22 22:03

---

d

---

w- c:program filesMSXML 6.0
2009-08-12 22:20 . 2009-07-15 12:45 398632 —-a-w- c:windowssystem32dsNcSmartCardProv.dll
2009-08-12 22:20 . 2009-07-15 12:45 345384 —-a-w- c:windowssystem32dsNcCredProv.dll
2009-08-12 22:18 . 2009-08-12 22:18 221184 —-a-w- c:windowssystem32dsGinaLoader.dll
2009-08-12 22:07 . 2009-03-11 16:57 26624 —-a-w- c:windowssystem32driversdsNcAdpt.sys
2009-08-05 09:11 . 2004-08-04 12:00 204800 —-a-w- c:windowssystem32mswebdvd.dll
2009-08-04 13:58 . 2004-08-04 12:00 2136064 —-a-w- c:windowssystem32ntoskrnl.exe
2009-08-04 13:13 . 2004-08-03 22:59 2015744 —-a-w- c:windowssystem32ntkrnlpa.exe
2009-08-03 12:07 . 2009-08-03 12:07 403816 —-a-w- c:windowssystem32OGACheckControl.dll
2009-08-03 12:07 . 2009-08-03 12:07 322928 —-a-w- c:windowssystem32OGAAddin.dll
2009-08-03 12:07 . 2009-08-03 12:07 230768 —-a-w- c:windowssystem32OGAEXEC.exe
2009-07-29 04:53 . 2004-08-04 12:00 82432 —-a-w- c:windowssystem32fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 —-a-w- c:windowssystem32t2embed.dll
2009-07-26 13:44 . 2009-07-26 13:44 48448 —-a-w- c:windowssystem32sirenacm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«SUPERAntiSpyware»=»c:program filesSUPERAntiSpywareSUPERAntiSpyware.exe» [2009-09-15 1998576]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«UserFaultCheck»=»c:windowssystem32dumprep 0 -u» [X]
«NeroFilterCheck»=»c:program filesCommon FilesAheadLibNeroCheck.exe» [2007-03-01 153136]
«SecurDisc»=»c:program filesNeroNero 7InCDNBHGui.exe» [2007-05-15 1628208]
«InCD»=»c:program filesNeroNero 7InCDInCD.exe» [2007-05-15 1057328]
«RemoteControl»=»c:program filesCyberLinkPowerDVDPDVDServ.exe» [2006-11-23 56928]
«LanguageShortcut»=»c:program filesCyberLinkPowerDVDLanguageLanguage.exe» [2006-12-05 54832]
«LGODDFU»=»c:program fileslg_fwupdatefwupdate.exe» [2006-08-17 249856]
«HP Software Update»=»c:program filesHPHP Software UpdateHPWuSchd2.exe» [2008-03-25 49152]
«hpqSRMon»=»c:program filesHPDigital ImagingbinhpqSRMon.exe» [2008-03-13 81920]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2009-05-26 413696]
«UfSeAgnt.exe»=»c:program filesTrend MicroInternet SecurityUfSeAgnt.exe» [2009-09-30 1020248]
«IgfxTray»=»c:windowssystem32igfxtray.exe» [2007-10-12 141848]
«HotKeysCmds»=»c:windowssystem32hkcmd.exe» [2007-10-12 166424]
«Persistence»=»c:windowssystem32igfxpers.exe» [2007-10-12 137752]
«RTHDCPL»=»RTHDCPL.EXE» — c:windowsRTHDCPL.exe [2007-10-12 16384512]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«tscuninstall»=»c:windowssystem32tscupgrd.exe» [2004-08-04 44544]

c:documents and settingsAll UsersStart MenuProgramsStartup
HP Digital Imaging Monitor.lnk — c:program filesHPDigital Imagingbinhpqtra08.exe [2008-3-25 214360]

[HKEY_USERS.defaultsoftwaremicrosoftwindowscurrentversionpoliciesexplorer]
«ForceClassicControlPanel»= 1 (0x1)

[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
«{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}»= «c:program filesSUPERAntiSpywareSASSEH.DLL» [2008-05-13 77824]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotify!SASWinLogon]
2009-09-03 13:21 548352 —-a-w- c:program filesSUPERAntiSpywareSASWINLO.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringTrendAntiVirus]
«DisableMonitoring»=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringTrendFirewall]
«DisableMonitoring»=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
«EnableFirewall»= 0 (0x0)

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hposid01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpoews01.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe»=
«c:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqpse.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe»=
«c:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe»=
«c:\WINDOWS\system32\usmt\migwiz.exe»=
«c:\Documents and Settings\Natalie and Ruby\Application Data\Juniper Networks\Setup Client\JuniperSetupClient.exe»=
«%windir%\Network Diagnostic\xpnetdiag.exe»=
«c:\Program Files\Windows Live\Messenger\wlcsdk.exe»=
«c:\Program Files\Windows Live\Messenger\msnmsgr.exe»=
«c:\Program Files\ICQ6.5\ICQ.exe»=

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileGloballyOpenPortsList]
«427:UDP»= 427:UDP:SLP_Port(427)

R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywaresasdifsv.sys [15/09/2009 11:42 9968]
R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [15/09/2009 11:42 74480]
R2 tmpreflt;tmpreflt;c:windowssystem32driverstmpreflt.sys [30/09/2009 22:55 36368]
R3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [15/09/2009 11:42 7408]
R3 TmProxy;Trend Micro Proxy Service;c:program filesTrend MicroInternet SecurityTmProxy.exe [30/09/2009 22:57 689416]
S2 cblwcrejvwev;cblwcrejvwev;??c:windowssystem32driversaeynxkgtpwl.sys —> c:windowssystem32driversaeynxkgtpwl.sys [?]
S2 qvhini;qvhini;??c:windowssystem32driversillvyerjiomwgf.sys —> c:windowssystem32driversillvyerjiomwgf.sys [?]
S3 tmcfw;Trend Micro Common Firewall Service;c:windowssystem32driversTM_CFW.sys [30/09/2009 22:55 339984]
S3 tmevtmgr;tmevtmgr;c:windowssystem32driverstmevtmgr.sys [30/09/2009 22:57 50704]
S3 TmPfw;Trend Micro Personal Firewall;c:program filesTrend MicroInternet SecurityTmPfw.exe [30/09/2009 22:57 497008]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the ‘Scheduled Tasks’ folder

2009-10-17 c:windowsTasksAppleSoftwareUpdate.job
— c:program filesApple Software UpdateSoftwareUpdate.exe [2008-07-30 09:34]

2009-10-20 c:windowsTasksOGALogon.job
— c:windowssystem32OGAEXEC.exe [2009-08-03 12:07]
.
.

---

Supplementary Scan

---

.
IE: &??? ?- Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} — hxxps://vpn.cavsystems.net/dana-cached/sc/JuniperSetupClient.cab
FF — ProfilePath — c:documents and settingsNatalie and RubyApplication DataMozillaFirefoxProfilesi3xrne4k.default
FF — plugin: c:program filesJavaj2re1.4.2_09binNPJava11.dll
FF — plugin: c:program filesJavaj2re1.4.2_09binNPJava12.dll
FF — plugin: c:program filesJavaj2re1.4.2_09binNPJava13.dll
FF — plugin: c:program filesJavaj2re1.4.2_09binNPJava14.dll
FF — plugin: c:program filesJavaj2re1.4.2_09binNPJava32.dll
FF — plugin: c:program filesJavaj2re1.4.2_09binNPJPI142_09.dll
FF — plugin: c:program filesJavaj2re1.4.2_09binNPOJI610.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF — HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} — c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
— — — — ORPHANS REMOVED — — — —

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} — (no file)
HKU-Default-Run-calc — c:docume~1LOCALS~1ntuser.dll
AddRemove-HijackThis — e:natalieHijackThis.exe
AddRemove-TS — c:program filesTStsc.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-20 23:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

---

DLLs Loaded Under Running Processes

---

— — — — — — — > ‘winlogon.exe'(896)
c:program filesSUPERAntiSpywareSASWINLO.dll

— — — — — — — > ‘explorer.exe'(4072)
c:windowssystem32msi.dll
.

---

Other Running Processes

---

.
c:program filesJuniper NetworksCommon FilesdsNcService.exe
c:program filesNeroNero 7InCDInCDsrv.exe
c:program filesCyberLinkShared FilesRichVideo.exe
c:program filesTrend MicroInternet SecuritySfCtlCom.exe
c:combofixCF29251.exe
c:windowssystem32igfxsrvc.exe
c:windowssystem32msiexec.exe
c:windowssystem32MsiExec.exe
c:combofixPEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-20 23:13 — machine was rebooted
ComboFix-quarantined-files.txt 2009-10-20 21:13

Pre-Run: 296,217,894,912 bytes free
Post-Run: 296,987,074,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT=»Microsoft Windows Recovery Console» /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS=»Microsoft Windows XP Professional» /noexecute=optin /fastdetect

— — End Of File — — EA8AC1D8CD07D0093F604D1E170F976C

[Admin]

Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:

Folder::

c:program filesCommon FilesTSUninstall

c:program filesTS



File::

c:windowsimyly.com

c:windowssystem32driversaeynxkgtpwl.sys

c:windowssystem32driversillvyerjiomwgf.sys



Driver::

cblwcrejvwev

qvhini

Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.

[Natalie]

Валерий,добрый вечер.
Не запускается, выдает ошибку:
Were you trying to run CFSscript?
The name CFSscript appears to be incorrectly spelt.

[Admin]

Похоже вы сохранили скрипт набранный в блокноте под неправильным именем.
Попробуйте выполнить инструкцию из моего предыдущего сообщения ещё раз.
Скрипт вы должны сохранить под именем CFScript

[Автор]

Сообщения