- This topic has 18 ответов, 2 участника, and was last updated 16 years, 3 months назад by
.
-
Сообщения
-
Здравствуйте, заранее благодарна за вашу помощь и время! Вначале хочу вам показать, как это выглядит. Нашла на сайте американских программистов на английском языке.
http://www.bleepingcomputer.com/malware-removal/remove-system-security
Тут у них опписано как это безопасно удалить, но, на английском, боюсь что-то недопонять, поэтому решила обратиться к своим…
Точно знаю, что сцепила я это на одном из баннеров Комсомольской правды. Знал бы Ленин до чего комсомольцы додумались…
Вот, то, что у меня в компьютере…
Logfile of random’s system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2009-01-11 00:19:16
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 50 GB (73%) free of 69 GB
Total RAM: 1726 MB (62% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:48 AM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
c:WINDOWSsystem32ZuneBusEnum.exe
C:Program FilesZuneZuneLauncher.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesJavajre6binjusched.exe
C:Documents and SettingsAll UsersApplication Data4063EAE3.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSkypePlugin ManagerSkypePM.exe
C:WINDOWSpchealthhelpctrbinarieshelpctr.exe
C:WINDOWSPCHealthHelpCtrBinariesHelpSvc.exe
C:WINDOWSPCHealthHelpCtrBinariesHelpHost.exe
F:RSIT.exe
C:Program Filestrend microCompaq_Owner.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://my.earthlink.net/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: NCO 2.0 IE BHO — {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll
O2 — BHO: Symantec Intrusion Prevention — {6D53EC84-6AAE-4787-AEEE-F4628F01010C} — C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll
O2 — BHO: ConnectionServices module — {6D7B211A-88EA-490c-BAB9-3600D8D7C503} — (no file)
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: (no name) — {AA58ED58-01DD-4d91-8333-CF10577473F7} — (no file)
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: (no name) — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — (no file)
O3 — Toolbar: Show Norton Toolbar — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll
O4 — HKLM..Run: [Reminder] «C:WindowsCreatorRemind_XP.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [Zune Launcher] «c:Program FilesZuneZuneLauncher.exe»
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [osCheck] «C:Program FilesNorton 360osCheck.exe»
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [1512623998] «C:Documents and SettingsAll UsersApplication Data16610067661512623998.exe»
O4 — HKLM..Run: [359F5809-00B8-4455-A73A-9EA62A51101B] «C:Documents and SettingsAll UsersApplication Data4063EAE3.exe»
O4 — HKCU..Run: [VoipDiscount] «C:Program FilesVoipDiscount.comVoipDisc
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMesseng
O4 — HKCU..Run: [MP3 CD Extractor] «C:Program FilesMP3 CD Ext
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon Fil
O4 — HKCU..Run: [12Voip] «C:Program Files12Voip.com12Voi
O4 — HKCU..Run: [PronunciationPatterns] «C:Program FilesPronunciation Patterns TrialPronunciationPatterns.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..RunOnce: [] C:Program FilesInternet Exploreriexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.3.16&build=Symantec&a=00000082.0000001f.0000005e&b=00000082.00000045.0000011b&c=00000082.00000049.000000bb&d=00000082.0000006f.00000148
O4 — .DEFAULT User Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O6 — HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 — Extra context menu item: Add To Compaq Organize… — C:PROGRA~1HEWLET~1COMPAQ~1bin/module.main/favoritesie_add_to.html
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~4Office12EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~4Office12REFIEBAR.DLL
O9 — Extra button: Internet Connection Help — {E2D4D26B-0180-43a4-B05F-462D6D54C789} — C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (file missing)
O9 — Extra ‘Tools’ menuitem: Internet Connection Help — {E2D4D26B-0180-43a4-B05F-462D6D54C789} — C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O15 — Trusted Zone: http://dms.arkona.com
O16 — DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) — http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 — DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) — http://martins.coupons.smartsource.com/download/cscmv5X.cab
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171805186265
O16 — DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) — https://webdl.symantec.com/activex/symdlmgr.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198292891198
O16 — DPF: {CFFE5E18-79B9-431C-8CE2-AE55A16E7C09} (looksoftware newlook control) — http://dms.arkona.com/wc8/Cab/NL/newlook.cab
O17 — HKLMSystemCCSServicesTcpip..{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpip..{F2B070E7-F9AC-4B24-A23D-9BBC57A9462F}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Automatic LiveUpdate Scheduler — Symantec Corporation — C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: COM Host (comHost) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE
O23 — Service: LiveUpdate Notice — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Symantec Core LC — Unknown owner — C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 — Service: Symantec RemoteAssist — Symantec, Inc. — C:Program FilesCommon FilesSymantec SharedSupport Controlsssrc.exe—
End of file — 12163 bytes======Scheduled tasks folder======
C:WINDOWStasksEasy Internet Sign-up.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll [2008-06-30 349552][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention — C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll [2008-05-29 116088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-10 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll [2008-10-11 652784][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-10 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-10 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — Show Norton Toolbar — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll [2008-06-30 349552][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Reminder»=C:WindowsCreatorRemind_XP.exe [2004-12-14 663552]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-01-24 7311360]
«Zune Launcher»=c:Program FilesZuneZuneLauncher.exe [2008-11-10 157312]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2008-10-17 51048]
«osCheck»=C:Program FilesNorton 360osCheck.exe [2008-02-26 988512]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2004-07-28 221184]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2004-07-28 81920]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-10 136600]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k []
«1512623998»=C:Documents and SettingsAll UsersApplication Data16610067661512623998.exe [2009-01-10 1843748]
«359F5809-00B8-4455-A73A-9EA62A51101B»=C:Documents and SettingsAll UsersApplication Data4063EAE3.exe [2009-01-10 116260][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VoipDiscount»=C:Program FilesVoipDiscount.comVoipDisc []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-06-11 68856]
«MSMSGS»=C:Program FilesMesseng []
«MP3 CD Extractor»=C:Program FilesMP3 CD Ext []
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon Fil []
«12Voip»=C:Program Files12Voip.com12Voi []
«PronunciationPatterns»=C:Program FilesPronunciation Patterns TrialPronunciationPatterns.exe []
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«»=C:Program FilesInternet Exploreriexplore.exe [2008-10-15 633632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«ZuneNetworkSvc»=3C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-02-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000
«NoDrives»=0
«NoViewOnDrive»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe»=»C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections»
«C:Program FilesEarthLink TotalAccessTaskPanl.exe»=»C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink»
«C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe»=»C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe:*:Enabled:InternetCalls»
«C:Program FilesHPDigital Imagingbinhpqtra08.exe»=»C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhpofxm08.exe»=»C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:Program FilesHPDigital Imagingbinhposfx08.exe»=»C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital ImagingbinhpqCopy.exe»=»C:Program FilesHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:Program FilesHPDigital Imagingbinhpfccopy.exe»=»C:Program FilesHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:Program FilesHPDigital Imagingbinhpzwiz01.exe»=»C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe»=»C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:Program FilesHPDigital ImagingUnloadHpqDIA.exe»=»C:Program FilesHPDigital ImagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe»
«C:Program FilesHPDigital Imagingbinhpoews01.exe»=»C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe»=»C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe:*:Disabled:VoipDiscount»
«C:Program Files12Voip.com12Voip12Voip.exe»=»C:Program Files12Voip.com12Voip12Voip.exe:*:Enabled:12Voip»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesSmartHideSmartHide.exe»=»C:Program FilesSmartHideSmartHide.exe:*:Enabled:SmartHide»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe»=»C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{edcc4e1e-0ee3-11dd-9103-001731a1c41d}]
shellAutocommand — Start.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe======List of files/folders created in the last 1 months======
2009-01-11 00:19:24 —-D—- C:Program Filestrend micro
2009-01-11 00:19:16 —-D—- C:rsit
2009-01-10 20:18:49 —-A—- C:Documents and SettingsAll UsersApplication Data4063EAE3.exe
2009-01-10 20:18:40 —-D—- C:Documents and SettingsAll UsersApplication Data1661006766
2008-12-23 23:01:15 —-A—- C:WINDOWSsystem32javaws.exe
2008-12-23 23:01:15 —-A—- C:WINDOWSsystem32javaw.exe
2008-12-23 23:01:15 —-A—- C:WINDOWSsystem32java.exe======List of files/folders modified in the last 1 months======
2009-01-11 00:19:43 —-D—- C:WINDOWSTemp
2009-01-11 00:19:26 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-01-11 00:19:24 —-AD—- C:Program Files
2009-01-11 00:19:17 —-D—- C:WINDOWSPrefetch
2009-01-11 00:19:16 —-D—- C:Documents and SettingsCompaq_OwnerApplication DataSkype
2009-01-11 00:09:46 —-D—- C:Documents and SettingsCompaq_OwnerApplication DataskypePM
2009-01-10 22:58:37 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-10 22:56:35 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-10 22:22:56 —-AD—- C:WINDOWS
2009-01-09 23:02:56 —-D—- C:Program FilesSymantec
2009-01-09 23:02:56 —-A—- C:WINDOWSsystem32S32EVNT1.DLL
2009-01-04 13:08:58 —-D—- C:Program FilesMozilla Firefox 3 Beta 5
2008-12-29 10:01:02 —-D—- C:WINDOWSMinidump
2008-12-28 22:38:16 —-RSHD—- C:WINDOWSsystem32dllcache
2008-12-26 19:13:17 —-A—- C:WINDOWSDUMP490f.tmp
2008-12-25 14:10:01 —-HD—- C:WINDOWSinf
2008-12-23 23:01:29 —-SHD—- C:WINDOWSInstaller
2008-12-23 23:01:18 —-SHD—- C:Config.Msi
2008-12-23 23:01:15 —-D—- C:WINDOWSsystem32
2008-12-23 23:01:14 —-D—- C:Program FilesJava
2008-12-21 18:14:13 —-D—- C:WINDOWSsystem32FxsTmp
2008-12-18 08:01:54 —-A—- C:WINDOWSimsins.BAK
2008-12-18 08:00:35 —-HD—- C:WINDOWS$hf_mig$
2008-12-13 01:40:02 —-A—- C:WINDOWSsystem32mshtml.dll======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 36352]
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:WINDOWSSystem32DriversSRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2008-06-13 184240]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [1999-09-10 25244]
R2 CO_Mon;CO_Mon; ??C:WINDOWSsystem32driversCO_Mon.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-10-05 12544]
R2 zumbus;Zune Bus Enumerator Driver; C:WINDOWSsystem32DRIVERSzumbus.sys [2008-09-12 40832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:WINDOWSsystem32DRIVERSHSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:WINDOWSsystem32DRIVERSHSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-03-08 4246016]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driverslvusbsta.sys [2005-01-31 22016]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090110.020NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090110.020NAVEX15.SYS []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-03-03 13056]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:WINDOWSsystem32DRIVERSLV561AV.SYS [2005-01-31 211712]
R3 SRTSP;SRTSP; C:WINDOWSSystem32DriversSRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:WINDOWSSystem32DriversSYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMFW;SYMFW; C:WINDOWSSystem32DriversSYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:WINDOWSSystem32DriversSYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; ??C:PROGRA~1COMMON~1SYMANT~1SymcDataipsdefs20090102.001SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:WINDOWSsystem32DRIVERSSymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:WINDOWSSystem32DriversSYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2008-06-13 22320]
R3 tap0801;Smarthide TAP driver; C:WINDOWSsystem32DRIVERStap0801.sys [2008-02-04 55808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 usbstor;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
R3 winachsx;winachsx; C:WINDOWSsystem32DRIVERSHSX_CNXT.sys [2005-12-06 670208]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:WINDOWSsystem32driversMCSTRM.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; ??C:WINDOWSSystem32DRIVERSASPI32.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; ??C:WINDOWSsystem32DriversCOH_Mon.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2005-03-07 21744]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:WINDOWSsystem32driversnpf.sys [2005-08-02 32512]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:WINDOWSSystem32DriversSRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:WINDOWSsystem32DRIVERSSymIM.sys [2008-06-13 31280]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 WinUSB;WinUSB; C:WINDOWSsystem32DRIVERSWinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSWUDFRd.sys [2008-01-18 83328]
S4 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe [2008-02-21 238968]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-10 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-01-24 131139]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:WINDOWSsystem32ZuneBusEnum.exe [2008-11-10 60032]
R3 Symantec Core LC;Symantec Core LC; C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe [2008-05-29 1245064]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-02 69632]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe [2007-08-22 55640]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-01-20 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-10-11 168432]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE [2008-08-04 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:Program FilesCommon FilesSymantec SharedSupport Controlsssrc.exe [2008-01-29 394704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:Program FilesZuneZuneNss.exe [2008-11-10 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:WINDOWSsystem32ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
EOF
info.txt logfile of random’s system information tool 1.05 2009-01-11 00:19:52
======Uninstall list======
—>»C:Program FilesSymantecLiveUpdateLSETUP.EXE» /U
—>C:WINDOWSIsUninst.exe -fC:WINDOWSorun32.isu
—>c:WINDOWSsystem32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
—>c:WINDOWSsystem32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
—>c:WINDOWSsystem32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{4E7DC12A-3597-4A94-9429-F6C6987361B1}setup.exe» -l0x9 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{7DADB304-AF20-48C3-A780-4B4133A08817}setup.exe» -l0x9 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}setup.exe» -l0x9 -removeonly
—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}setup.exe» -l0x9 -removeonly
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe Anchor Service CS3—>MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3—>MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3—>MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting—>MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0—>MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps—>MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color — Photoshop Specific—>MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings—>C:Program FilesCommon FilesAdobeInstallers6c8e2cb4fd241c55406016127a6ab2eSetup.exe
Adobe Color Common Settings—>MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings—>MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings—>MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings—>MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3—>MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3—>MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2—>C:Program FilesCommon FilesAdobeInstallers3e054d2218e7aa282c2369d939e58ffSetup.exe
Adobe ExtendScript Toolkit 2—>MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Fonts All—>MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3—>MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3—>MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files—>MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 7.0—>C:WINDOWSISUNINST.EXE -f»C:Program FilesAdobePhotoshop 7.0Uninst.isu» -c»C:Program FilesAdobePhotoshop 7.0Uninst.dll»
Adobe Photoshop CS3—>C:Program FilesCommon FilesAdobeInstallers2ac78060bc5856b0c1cf873bb919b58Setup.exe
Adobe Photoshop CS3—>MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.3—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Setup—>MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup—>MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup—>MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Stock Photos CS3—>MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support—>MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3—>MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client—>MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin—>MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3—>MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AppCore—>MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Arkona Client Software V5R4-r2.3—>C:Program FilesArkonauninst.exe
Backup—>MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
ccCommon—>MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Compaq Connections (remove only)—>C:WINDOWSHPCPCUninstall-5577497HPBWSetup.exe -appid 5577497 -uninstall
Compaq Organize—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D0122362-6333-4DE4-93F6-A5A2F3CC101A}Setup.exe» UNINSTALL
Console Classix 4.04—>»C:Program FilesConsoleClassix.comunins000.exe»
Customer Experience Enhancement—>C:PROGRA~1COMMON~1INSTAL~1Driver1050INTEL3~1IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1033
Data Fax SoftModem with SmartCP—>C:Program FilesCONEXANTCNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1HXFSETUP.EXE -U -ITrx200Ck.inf
Easy Internet Sign-up—>C:PROGRA~1COMMON~1INSTAL~1Driver1050INTEL3~1IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1033
GearDrvs—>MsiExec.exe /I{206FD69B-F9FE-4164-81BD-D52552BC9C23}
GearDrvs—>MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
Google Toolbar for Internet Explorer—>MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer—>regsvr32 /u /s «c:program filesgooglegoogletoolbar2.dll»
High Definition Audio Driver Package — KB888111—>»C:WINDOWS$NtUninstallKB888111WXPSP2$spuninstspuninst.exe»
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)—>»C:WINDOWSie7updatesKB947864-IE7spuninstspuninst.exe»
Hotfix for Windows Media Format 11 SDK (KB929399)—>»C:WINDOWS$NtUninstallKB929399$spuninstspuninst.exe»
Hotfix for Windows Media Player 11 (KB939683)—>»C:WINDOWS$NtUninstallKB939683$spuninstspuninst.exe»
Hotfix for Windows XP (KB932716-v2)—>»C:WINDOWS$NtUninstallKB932716-v2$spuninstspuninst.exe»
Hotfix for Windows XP (KB952287)—>»C:WINDOWS$NtUninstallKB952287$spuninstspuninst.exe»
HP Boot Optimizer—>MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP Extended Capabilities 5.3—>C:Program FilesHPDigital ImagingExtCapUninstallhpzscr01.exe -datfile hpqhsc01.dat
HP Game Console—>C:Program FilesCouponsuninstall.exe
HP Imaging Device Functions 7.0—>C:Program FilesHPDigital ImagingDeviceManagementhpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential—>MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Photosmart Premier Software 6.5—>C:Program FilesHPDigital Imaginguninstallhpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 5.3.B—>»C:Program FilesHPDigital Imaging{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}setuphpzscr01.exe» -datfile hposcr07.dat
HP Software Update—>MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center & Imaging Support Tools 5.3—>C:Program FilesHPDigital ImagingeSupporthpzscr01.exe -datfile hpqbud05.dat
HP Support Overview—>»C:WINDOWSunins000.exe»
HP Web Helper—>regsvr32 /u /s «C:WINDOWSpchealthhelpctrVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USpluginwebhelper.dll»
J2SE Runtime Environment 5.0 Update 11—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) SE Runtime Environment 6 Update 1—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LiveUpdate (Symantec Corporation)—>MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v «C:Documents and SettingsAll UsersApplication DataLuUninstall.LiveUpdate»
LiveUpdate (Symantec Corporation)—>MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Microsoft .NET Framework 1.1 Hotfix (KB928366)—>»C:WINDOWSMicrosoft.NETFrameworkv1.1.4322Updateshotfix.exe» «C:WINDOWSMicrosoft.NETFrameworkv1.1.4322UpdatesM928366M928366Uninstall.msp»
Microsoft .NET Framework 1.1—>msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1—>MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1—>MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5—>C:WINDOWSMicrosoft.NETFrameworkv3.5Microsoft .NET Framework 3.5setup.exe
Microsoft .NET Framework 3.5—>MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP—>»C:WINDOWS$NtUninstallMSCompPackV1$spuninstspuninst.exe»
Microsoft Internationalized Domain Names Mitigation APIs—>»C:WINDOWS$NtServicePackUninstallIDNMitigationAPIs$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5—>»C:WINDOWS$NtUninstallWdf01005$spuninstspuninst.exe»
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWdf01007$spuninstspuninst.exe»
Microsoft National Language Support Downlevel APIs—>»C:WINDOWS$NtServicePackUninstallNLSDownlevelMapping$spuninstspuninst.exe»
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour—>MsiExec.exe /I{A01FC76F-CC09-4658-9E37-5C2F635EE708}
Microsoft Office Access MUI (English) 2007—>MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007—>MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007—>MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007—>MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial—>»C:Program FilesCommon FilesMicrosoft SharedOFFICE12Office Setup Controllersetup.exe» /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007—>MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007—>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007—>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007—>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007—>MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007—>MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007—>MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007—>MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007—>MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.7—>»C:WINDOWS$NtUninstallWudf01007$spuninstspuninst.exe»
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft WinUsb 1.0—>»C:WINDOWS$NtUninstallwinusb0100$spuninstspuninst.exe»
Microsoft Works—>MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Microsoft XML Parser SDK—>MsiExec.exe /I{2E819828-BC8D-4177-BEBB-425FAFF89E6B}
Mozilla Firefox (3.0.2)—>C:Program FilesMozilla Firefox 3 Beta 5uninstallhelper.exe
MSN—>C:Program FilesMSNMsnInstallermsninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)—>MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)—>MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)—>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)—>MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
neroxml—>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Norton 360 (Symantec Corporation)—>»C:Program FilesCommon FilesSymantec SharedSymSetup{2D617065-1C52-4240-B5BC-C0AE12157777}_2_2_0_2Setup.exe» /X
Norton 360 HTMLHelp—>MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
Norton 360—>MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
Norton 360—>MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
Norton Confidential Core—>MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
NVIDIA Drivers—>C:WINDOWSsystem32nvunrm.exe UninstallGUI
PC-Doctor 5 for Windows—>C:Program FilesPC-Doctor 5 for Windowsuninst.exe
PDF Settings—>MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
Perfect Sound Recorder 6.6—>»C:Program FilesPerfect Sound Recorderunins000.exe»
Realtek High Definition Audio Driver—>RtlUpd.exe -r -m
Security Update for 2007 Microsoft Office System (KB951550)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Step By Step Interactive Training (KB923723)—>»C:WINDOWS$NtUninstallKB923723$spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB938127)—>»C:WINDOWSie7updatesKB938127-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB942615)—>»C:WINDOWSie7updatesKB942615-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB944533)—>»C:WINDOWSie7updatesKB944533-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB950759)—>»C:WINDOWSie7updatesKB950759-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB953838)—>»C:WINDOWSie7updatesKB953838-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB956390)—>»C:WINDOWSie7updatesKB956390-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB958215)—>»C:WINDOWSie7updatesKB958215-IE7spuninstspuninst.exe»
Security Update for Windows Internet Explorer 7 (KB960714)—>»C:WINDOWSie7updatesKB960714-IE7spuninstspuninst.exe»
Security Update for Windows Media Player (KB952069)—>»C:WINDOWS$NtUninstallKB952069_WM9$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB911565)—>»C:WINDOWS$NtUninstallKB911565$spuninstspuninst.exe»
Security Update for Windows Media Player 10 (KB917734)—>»C:WINDOWS$NtUninstallKB917734_WMP10$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB936782)—>»C:WINDOWS$NtUninstallKB936782_WMP11$spuninstspuninst.exe»
Security Update for Windows Media Player 11 (KB954154)—>»C:WINDOWS$NtUninstallKB954154_WM11$spuninstspuninst.exe»
Security Update for Windows XP (KB938464)—>»C:WINDOWS$NtUninstallKB938464$spuninstspuninst.exe»
Security Update for Windows XP (KB946648)—>»C:WINDOWS$NtUninstallKB946648$spuninstspuninst.exe»
Security Update for Windows XP (KB950760)—>»C:WINDOWS$NtUninstallKB950760$spuninstspuninst.exe»
Security Update for Windows XP (KB950762)—>»C:WINDOWS$NtUninstallKB950762$spuninstspuninst.exe»
Security Update for Windows XP (KB950974)—>»C:WINDOWS$NtUninstallKB950974$spuninstspuninst.exe»
Security Update for Windows XP (KB951066)—>»C:WINDOWS$NtUninstallKB951066$spuninstspuninst.exe»
Security Update for Windows XP (KB951376)—>»C:WINDOWS$NtUninstallKB951376$spuninstspuninst.exe»
Security Update for Windows XP (KB951376-v2)—>»C:WINDOWS$NtUninstallKB951376-v2$spuninstspuninst.exe»
Security Update for Windows XP (KB951698)—>»C:WINDOWS$NtUninstallKB951698$spuninstspuninst.exe»
Security Update for Windows XP (KB951748)—>»C:WINDOWS$NtUninstallKB951748$spuninstspuninst.exe»
Security Update for Windows XP (KB952954)—>»C:WINDOWS$NtUninstallKB952954$spuninstspuninst.exe»
Security Update for Windows XP (KB953839)—>»C:WINDOWS$NtUninstallKB953839$spuninstspuninst.exe»
Security Update for Windows XP (KB954211)—>»C:WINDOWS$NtUninstallKB954211$spuninstspuninst.exe»
Security Update for Windows XP (KB954459)—>»C:WINDOWS$NtUninstallKB954459$spuninstspuninst.exe»
Security Update for Windows XP (KB954600)—>»C:WINDOWS$NtUninstallKB954600$spuninstspuninst.exe»
Security Update for Windows XP (KB955069)—>»C:WINDOWS$NtUninstallKB955069$spuninstspuninst.exe»
Security Update for Windows XP (KB956391)—>»C:WINDOWS$NtUninstallKB956391$spuninstspuninst.exe»
Security Update for Windows XP (KB956802)—>»C:WINDOWS$NtUninstallKB956802$spuninstspuninst.exe»
Security Update for Windows XP (KB956803)—>»C:WINDOWS$NtUninstallKB956803$spuninstspuninst.exe»
Security Update for Windows XP (KB956841)—>»C:WINDOWS$NtUninstallKB956841$spuninstspuninst.exe»
Security Update for Windows XP (KB957095)—>»C:WINDOWS$NtUninstallKB957095$spuninstspuninst.exe»
Security Update for Windows XP (KB957097)—>»C:WINDOWS$NtUninstallKB957097$spuninstspuninst.exe»
Security Update for Windows XP (KB958644)—>»C:WINDOWS$NtUninstallKB958644$spuninstspuninst.exe»
Skype™ 3.8—>MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SmartHide 2.0.74—>C:Program FilesSmartHideuninst.exe
Sonic Express Labeler—>MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio—>MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy—>MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data—>MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager—>MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony Picture Utility—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1PROFES~1RunTime10�1Intel32Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{D5068583-D569-468B-9755-5FBF5848F46F}setup.exe» -l0x9 /removeonly uninstall -removeonly
Sony USB Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}Setup.exe» UNINSTALL
SPBBC 32bit—>MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spybot — Search & Destroy—>»C:Program FilesSpybot — Search & Destroyunins000.exe»
Symantec Real Time Storage Protection Component—>MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Symantec Technical Support Controls—>MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
Symantec Technical Support Web Controls—>MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
TestDrive Client—>MsiExec.exe /X{36C9E08A-BE2B-40A0-83C5-576748F7B777}
Update for Microsoft Office Outlook 2007 (KB952142)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)—>msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
Update for Windows XP (KB951072-v2)—>»C:WINDOWS$NtUninstallKB951072-v2$spuninstspuninst.exe»
Update for Windows XP (KB951978)—>»C:WINDOWS$NtUninstallKB951978$spuninstspuninst.exe»
Update for Windows XP (KB953356)—>»C:WINDOWS$NtUninstallKB953356$spuninstspuninst.exe»
Update for Windows XP (KB955839)—>»C:WINDOWS$NtUninstallKB955839$spuninstspuninst.exe»
VCRedistSetup—>MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Windows Imaging Component—>»C:WINDOWS$NtUninstallWIC$spuninstspuninst.exe»
Windows Media Format 11 runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Format 11 runtime—>»C:WINDOWS$NtUninstallWMFDist11$spuninstspuninst.exe»
Windows Media Player 11—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows Media Player 11—>»C:WINDOWS$NtUninstallwmp11$spuninstspuninst.exe»
Windows XP Service Pack 3—>»C:WINDOWS$NtServicePackUninstall$spuninstspuninst.exe»
Zune Language Pack (ES)—>MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)—>MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune—>c:Program FilesZuneZuneSetup.exe /x
Zune—>MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}======Security center information======
AV: Norton 360
FW: Norton 360System event log
Computer Name: YOUR-D0F670B45A
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.Record Number: 432270
Source Name: Service Control Manager
Time Written: 20090109210503.000000-300
Event Type: information
User:Computer Name: YOUR-D0F670B45A
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.Record Number: 432269
Source Name: Service Control Manager
Time Written: 20090109210503.000000-300
Event Type: information
User: YOUR-D0F670B45ACompaq_OwnerComputer Name: YOUR-D0F670B45A
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.Record Number: 432268
Source Name: Service Control Manager
Time Written: 20090109210458.000000-300
Event Type: information
User:Computer Name: YOUR-D0F670B45A
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.Record Number: 432267
Source Name: Service Control Manager
Time Written: 20090109210458.000000-300
Event Type: information
User:Computer Name: YOUR-D0F670B45A
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.Record Number: 432266
Source Name: Service Control Manager
Time Written: 20090109210458.000000-300
Event Type: information
User: YOUR-D0F670B45ACompaq_OwnerApplication event log
Computer Name: YOUR-D0F670B45A
Event Code: 35
Message: The ‘LiveUpdate Notice’ service has started.Record Number: 54616
Source Name: ccSvcHst
Time Written: 20081220071108.000000-300
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: YOUR-D0F670B45A
Event Code: 34
Message: The ‘LiveUpdate Notice’ service is starting.Record Number: 54615
Source Name: ccSvcHst
Time Written: 20081220071104.000000-300
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: YOUR-D0F670B45A
Event Code: 35
Message: The ‘ccEvtMgr’ service has started.Record Number: 54614
Source Name: ccSvcHst
Time Written: 20081220071104.000000-300
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: YOUR-D0F670B45A
Event Code: 34
Message: The ‘ccEvtMgr’ service is starting.Record Number: 54613
Source Name: ccSvcHst
Time Written: 20081220071104.000000-300
Event Type: information
User: NT AUTHORITYSYSTEMComputer Name: YOUR-D0F670B45A
Event Code: 35
Message: The ‘ccSetMgr’ service has started.Record Number: 54612
Source Name: ccSvcHst
Time Written: 20081220071104.000000-300
Event Type: information
User: NT AUTHORITYSYSTEM======Environment variables======
«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;c:Python22
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
«PROCESSOR_REVISION»=2f02
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP
«SonicCentral»=c:Program FilesCommon FilesSonic SharedSonic Central
EOF
Здравствуйте, добро пожаловать на Spyware-ru форум.
Прочитайте описание программы Malwarebytes Anti-malware (MBAM).
Скачайте и выполните сканирование вашего компьютера. Удалите всё что будет найдено. В конце работы будет показан лог.Жду от вас MBAM лог и свежий RSIT лог (запускайте RSIT после MBAM).
Ndaaaaaa…. vse okazivaetsia namnogo interesnee! U menia poterialsia russkij jazik i k tomu je ne otkrivaetsia antivirus! Tolko ja pitajus najat na dannuju vami ssilku ona tut je zakrivaetsia! Chto-ro u menia serjoznoe! Prokliatij Norton sijaet zelionim svetom i govorit, chto zaschita vkliuchena! Chto delat???
Ja mogu skachat otsiuda
http://www.infuture.ru/article/1112
Eta ssijka otkrivaetsia, no vilazit preduprejdenie o virusax, mojet, eto Norton ????
U menia poterialsia russkij jazik
Вы сами ничего не удаляли, какие-либо файлы или ключи в реестре ?
i k tomu je ne otkrivaetsia antivirus
Возможно это результат деятельности трояна.
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделено желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:reg
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"1512623998"=-
"359F5809-00B8-4455-A73A-9EA62A51101B"=-
:files
C:Documents and SettingsAll UsersApplication Data16610067661512623998.exe
C:Documents and SettingsAll UsersApplication Data4063EAE3.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Так же к ответу приложите свежий RSIT лог.Во-первых, сразу хочу сказать огромное спасибо за ваше время и помощь! Дело в том, что в Интернет елсплоере русский язык нашелся, а в Мозила Фаерфокс русский исчез. Далее, когда хочу закрыть эксплоер высовывается окно в котором мне предлагается установить файл ImageZoneExpress.msi і предлагает мне его взять отсюда C:DOCUME~1COMPAQ~1LOCALS~1TempIXP000.TMP Но, тут то, что запрашивается не существует… это скорее одін із антівірусов меня подчистил. Вручную я ничего не чистила, не тот уровень знаний у меня о компьютере, чтобы лезть в регистры! После запуска новой программы, которую вы порекомендовали у меня получилось вот что
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\1512623998 deleted successfully.
Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun\359F5809-00B8-4455-A73A-9EA62A51101B not found.
========== FILES ==========
File/Folder C:Documents and SettingsAll UsersApplication Data16610067661512623998.exe not found.
File/Folder C:Documents and SettingsAll UsersApplication Data4063EAE3.exe not found.
========== COMMANDS ==========
File delete failed. C:DOCUME~1COMPAQ~1LOCALS~1Temphpodvd09.log scheduled to be deleted on reboot.
User’s Temp folder emptied.
User’s Temporary Internet Files folder emptied.
User’s Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:Documents and SettingsLocalServiceLocal SettingsTemporary Internet FilesContent.IE5index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:WINDOWStempJET8B19.tmp scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempPerflib_Perfdata_1ac.dat scheduled to be deleted on reboot.
File delete failed. C:WINDOWStempPerflib_Perfdata_210.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:Documents and SettingsCompaq_OwnerLocal SettingsApplication DataMozillaFirefoxProfiles5il6hoer.defaultCache_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsCompaq_OwnerLocal SettingsApplication DataMozillaFirefoxProfiles5il6hoer.defaultCache_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsCompaq_OwnerLocal SettingsApplication DataMozillaFirefoxProfiles5il6hoer.defaultCache_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsCompaq_OwnerLocal SettingsApplication DataMozillaFirefoxProfiles5il6hoer.defaultCache_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsCompaq_OwnerLocal SettingsApplication DataMozillaFirefoxProfiles5il6hoer.defaulturlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsCompaq_OwnerLocal SettingsApplication DataMozillaFirefoxProfiles5il6hoer.defaultXPC.mfl scheduled to be deleted on reboot.
File delete failed. C:Documents and SettingsCompaq_OwnerLocal SettingsApplication DataMozillaFirefoxProfiles5il6hoer.defaultXUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfullyOTMoveIt3 by OldTimer — Version 1.0.8.0 log created on 01142009_131045
А, вот, свеженький лог
ogfile of random’s system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2009-01-14 13:23:47
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 50 GB (73%) free of 69 GB
Total RAM: 1726 MB (63% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:47 AM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
c:WINDOWSsystem32ZuneBusEnum.exe
C:Program FilesZuneZuneLauncher.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesJavajre6binjusched.exe
C:Documents and SettingsAll UsersApplication Data4063EAE3.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSkypePlugin ManagerSkypePM.exe
F:RSIT.exe
C:Program Filestrend microCompaq_Owner.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://my.earthlink.net/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: NCO 2.0 IE BHO — {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll
O2 — BHO: Symantec Intrusion Prevention — {6D53EC84-6AAE-4787-AEEE-F4628F01010C} — C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll
O2 — BHO: ConnectionServices module — {6D7B211A-88EA-490c-BAB9-3600D8D7C503} — (no file)
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: (no name) — {AA58ED58-01DD-4d91-8333-CF10577473F7} — (no file)
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: (no name) — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — (no file)
O3 — Toolbar: Show Norton Toolbar — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll
O4 — HKLM..Run: [Reminder] «C:WindowsCreatorRemind_XP.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [Zune Launcher] «c:Program FilesZuneZuneLauncher.exe»
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [osCheck] «C:Program FilesNorton 360osCheck.exe»
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [1512623998] «C:Documents and SettingsAll UsersApplication Data16610067661512623998.exe»
O4 — HKLM..Run: [359F5809-00B8-4455-A73A-9EA62A51101B] «C:Documents and SettingsAll UsersApplication Data4063EAE3.exe»
O4 — HKCU..Run: [VoipDiscount] «C:Program FilesVoipDiscount.comVoipDisc
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMesseng
O4 — HKCU..Run: [MP3 CD Extractor] «C:Program FilesMP3 CD Ext
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon Fil
O4 — HKCU..Run: [12Voip] «C:Program Files12Voip.com12Voi
O4 — HKCU..Run: [PronunciationPatterns] «C:Program FilesPronunciation Patterns TrialPronunciationPatterns.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..RunOnce: [] C:Program FilesInternet Exploreriexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.3.16&build=Symantec&a=00000082.0000001f.0000005e&b=00000082.00000045.0000011b&c=00000082.00000049.000000bb&d=00000082.0000006f.00000148
O4 — .DEFAULT User Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O6 — HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 — Extra context menu item: Add To Compaq Organize… — C:PROGRA~1HEWLET~1COMPAQ~1bin/module.main/favoritesie_add_to.html
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~4Office12EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~4Office12REFIEBAR.DLL
O9 — Extra button: Internet Connection Help — {E2D4D26B-0180-43a4-B05F-462D6D54C789} — C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (file missing)
O9 — Extra ‘Tools’ menuitem: Internet Connection Help — {E2D4D26B-0180-43a4-B05F-462D6D54C789} — C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O15 — Trusted Zone: http://dms.arkona.com
O16 — DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) — http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 — DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) — http://martins.coupons.smartsource.com/download/cscmv5X.cab
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171805186265
O16 — DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) — https://webdl.symantec.com/activex/symdlmgr.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198292891198
O16 — DPF: {CFFE5E18-79B9-431C-8CE2-AE55A16E7C09} (looksoftware newlook control) — http://dms.arkona.com/wc8/Cab/NL/newlook.cab
O17 — HKLMSystemCCSServicesTcpip..{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpip..{F2B070E7-F9AC-4B24-A23D-9BBC57A9462F}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Automatic LiveUpdate Scheduler — Symantec Corporation — C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: COM Host (comHost) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE
O23 — Service: LiveUpdate Notice — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Symantec Core LC — Unknown owner — C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 — Service: Symantec RemoteAssist — Symantec, Inc. — C:Program FilesCommon FilesSymantec SharedSupport Controlsssrc.exe—
End of file — 12011 bytes======Scheduled tasks folder======
C:WINDOWStasksEasy Internet Sign-up.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}]
DDSMEkl — C:WINDOWSsystem32vumer.dll [2008-03-14 199696][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll [2008-06-30 349552][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention — C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll [2008-05-29 116088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-10 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll [2008-10-11 652784][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-10 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-10 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — Show Norton Toolbar — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll [2008-06-30 349552][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Reminder»=C:WindowsCreatorRemind_XP.exe [2004-12-14 663552]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-01-24 7311360]
«Zune Launcher»=c:Program FilesZuneZuneLauncher.exe [2008-11-10 157312]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2008-10-17 51048]
«osCheck»=C:Program FilesNorton 360osCheck.exe [2008-02-26 988512]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2004-07-28 221184]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2004-07-28 81920]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-10 136600]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunOnce]
«OTMoveIt»=C:Documents and SettingsCompaq_OwnerLocal SettingsTemporary Internet FilesContent.IE5PZPUQAT6OTMoveIt3[1].exe [2009-01-14 348160][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VoipDiscount»=C:Program FilesVoipDiscount.comVoipDisc []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-06-11 68856]
«MSMSGS»=C:Program FilesMesseng []
«MP3 CD Extractor»=C:Program FilesMP3 CD Ext []
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon Fil []
«12Voip»=C:Program Files12Voip.com12Voi []
«PronunciationPatterns»=C:Program FilesPronunciation Patterns TrialPronunciationPatterns.exe []
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«»=C:Program FilesInternet Exploreriexplore.exe [2008-10-15 633632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«ZuneNetworkSvc»=3C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifybaeecddfdbfef]
C:WINDOWSsystem32baeecddfdbfef.dll [2008-03-14 277519][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-02-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=91000000
«NoDrives»=0
«NoViewOnDrive»=0[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe»=»C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections»
«C:Program FilesEarthLink TotalAccessTaskPanl.exe»=»C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink»
«C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe»=»C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe:*:Enabled:InternetCalls»
«C:Program FilesHPDigital Imagingbinhpqtra08.exe»=»C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhpofxm08.exe»=»C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:Program FilesHPDigital Imagingbinhposfx08.exe»=»C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital ImagingbinhpqCopy.exe»=»C:Program FilesHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:Program FilesHPDigital Imagingbinhpfccopy.exe»=»C:Program FilesHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:Program FilesHPDigital Imagingbinhpzwiz01.exe»=»C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe»=»C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:Program FilesHPDigital ImagingUnloadHpqDIA.exe»=»C:Program FilesHPDigital ImagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe»
«C:Program FilesHPDigital Imagingbinhpoews01.exe»=»C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe»=»C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe:*:Disabled:VoipDiscount»
«C:Program Files12Voip.com12Voip12Voip.exe»=»C:Program Files12Voip.com12Voip12Voip.exe:*:Enabled:12Voip»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesSmartHideSmartHide.exe»=»C:Program FilesSmartHideSmartHide.exe:*:Enabled:SmartHide»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe»=»C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{928cdb6c-df27-11dd-93fe-001731a1c41d}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:m.exe /s[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{edcc4e1e-0ee3-11dd-9103-001731a1c41d}]
shellAutocommand — Start.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe======List of files/folders created in the last 1 months======
2009-01-14 13:10:45 —-D—- C:_OTMoveIt
2009-01-11 00:19:24 —-D—- C:Program Filestrend micro
2009-01-11 00:19:16 —-D—- C:rsit
2009-01-10 20:18:40 —-D—- C:Documents and SettingsAll UsersApplication Data1661006766
2008-12-23 23:01:15 —-A—- C:WINDOWSsystem32javaws.exe
2008-12-23 23:01:15 —-A—- C:WINDOWSsystem32javaw.exe
2008-12-23 23:01:15 —-A—- C:WINDOWSsystem32java.exe======List of files/folders modified in the last 1 months======
2009-01-14 13:23:49 —-D—- C:WINDOWSTemp
2009-01-14 13:23:49 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-01-14 13:05:01 —-SHD—- C:WINDOWSInstaller
2009-01-14 13:05:01 —-SHD—- C:Config.Msi
2009-01-14 13:02:24 —-AD—- C:WINDOWS
2009-01-14 11:33:13 —-D—- C:Program FilesMozilla Firefox 3 Beta 5
2009-01-14 08:32:28 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-13 23:46:02 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-13 23:35:31 —-D—- C:Documents and SettingsCompaq_OwnerApplication DataSkype
2009-01-13 21:26:36 —-D—- C:WINDOWSsystem32
2009-01-13 21:23:42 —-D—- C:WINDOWSsystem32FxsTmp
2009-01-13 18:49:50 —-D—- C:Documents and SettingsCompaq_OwnerApplication DataskypePM
2009-01-13 13:18:15 —-D—- C:WINDOWSPrefetch
2009-01-11 10:37:11 —-RASH—- C:boot.ini
2009-01-11 10:37:06 —-A—- C:WINDOWSwin.ini
2009-01-11 10:37:01 —-A—- C:WINDOWSsystem.ini
2009-01-11 00:19:24 —-AD—- C:Program Files
2009-01-09 23:02:56 —-D—- C:Program FilesSymantec
2009-01-09 23:02:56 —-A—- C:WINDOWSsystem32S32EVNT1.DLL
2008-12-29 10:01:02 —-D—- C:WINDOWSMinidump
2008-12-28 22:38:16 —-RSHD—- C:WINDOWSsystem32dllcache
2008-12-26 19:13:17 —-A—- C:WINDOWSDUMP490f.tmp
2008-12-25 14:10:01 —-HD—- C:WINDOWSinf
2008-12-23 23:01:14 —-D—- C:Program FilesJava
2008-12-18 08:01:54 —-A—- C:WINDOWSimsins.BAK
2008-12-18 08:00:35 —-HD—- C:WINDOWS$hf_mig$======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 36352]
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:WINDOWSSystem32DriversSRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2008-06-13 184240]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [1999-09-10 25244]
R2 CO_Mon;CO_Mon; ??C:WINDOWSsystem32driversCO_Mon.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-10-05 12544]
R2 zumbus;Zune Bus Enumerator Driver; C:WINDOWSsystem32DRIVERSzumbus.sys [2008-09-12 40832]
R3 COH_Mon;COH_Mon; ??C:WINDOWSsystem32DriversCOH_Mon.sys []
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:WINDOWSsystem32DRIVERSHSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:WINDOWSsystem32DRIVERSHSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-03-08 4246016]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driverslvusbsta.sys [2005-01-31 22016]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090113.049NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090113.049NAVEX15.SYS []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-03-03 13056]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:WINDOWSsystem32DRIVERSLV561AV.SYS [2005-01-31 211712]
R3 SRTSP;SRTSP; C:WINDOWSSystem32DriversSRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:WINDOWSSystem32DriversSYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMFW;SYMFW; C:WINDOWSSystem32DriversSYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:WINDOWSSystem32DriversSYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; ??C:PROGRA~1COMMON~1SYMANT~1SymcDataipsdefs20090109.001SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:WINDOWSsystem32DRIVERSSymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:WINDOWSSystem32DriversSYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2008-06-13 22320]
R3 tap0801;Smarthide TAP driver; C:WINDOWSsystem32DRIVERStap0801.sys [2008-02-04 55808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
R3 winachsx;winachsx; C:WINDOWSsystem32DRIVERSHSX_CNXT.sys [2005-12-06 670208]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:WINDOWSsystem32driversMCSTRM.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; ??C:WINDOWSSystem32DRIVERSASPI32.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2005-03-07 21744]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:WINDOWSsystem32driversnpf.sys [2005-08-02 32512]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:WINDOWSSystem32DriversSRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:WINDOWSsystem32DRIVERSSymIM.sys [2008-06-13 31280]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 WinUSB;WinUSB; C:WINDOWSsystem32DRIVERSWinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSWUDFRd.sys [2008-01-18 83328]
S4 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe [2008-02-21 238968]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-10 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-01-24 131139]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:WINDOWSsystem32ZuneBusEnum.exe [2008-11-10 60032]
R3 Symantec Core LC;Symantec Core LC; C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe [2008-05-29 1245064]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-02 69632]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe [2007-08-22 55640]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-01-20 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-10-11 168432]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE [2008-08-04 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:Program FilesCommon FilesSymantec SharedSupport Controlsssrc.exe [2008-01-29 394704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:WINDOWSsystem32ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
S4 ZuneNetworkSvc;Zune Network Sharing Service; c:Program FilesZuneZuneNss.exe [2008-11-10 5117568]
EOF
И, еще для информации, съмный хард-драйв навернулся, может, тоже Троян его уничтожил? Объясните мне темной, зачем я тратила 60 долларов на Нортон, если он не работает, я от Нортона точно так же отцепиться не могла, как от троянов сейчас…
Norton AV как и другие антивирусы не гарантирует 100% защиты, чем крупнее антивирусная компания, тем медленнее она реагирует на появление новых вредоносных программ.
Судя по логу ваш компьютер также заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов. Скачайте и запустите Flash_Disinfector, не забудьте при этом по требованию программы вставить ваш флэш диск или подключить другие внешние устройства хранения информации.Скачайте программу Combofix. Закройте все открытые окна и запустите эту программу.
После выполнения будет создан лог файл, пожалуйста вставьте его в ваш ответ.Logfile of random’s system information tool 1.05 (written by random/random)
Run by Compaq_Owner at 2009-01-25 13:31:06
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 50 GB (72%) free of 69 GB
Total RAM: 1726 MB (66% free)Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:04:47 AM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: NormalRunning processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesJavajre6binjqs.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSsystem32svchost.exe
c:WINDOWSsystem32ZuneBusEnum.exe
C:Program FilesZuneZuneLauncher.exe
C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe
C:Program FilesJavajre6binjusched.exe
C:Documents and SettingsAll UsersApplication Data4063EAE3.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesHPDigital Imagingbinhpqtra08.exe
C:Program FilesHPDigital ImagingbinhpqSTE08.exe
C:Program FilesInternet Exploreriexplore.exe
C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe
C:Program FilesSkypePhoneSkype.exe
C:Program FilesSkypePlugin ManagerSkypePM.exe
F:RSIT.exe
C:Program Filestrend microCompaq_Owner.exeR1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKCUSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R0 — HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://my.earthlink.net/
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 — HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 — HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PRESARIO&pf=desktop
R1 — HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
O2 — BHO: Adobe PDF Reader Link Helper — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: NCO 2.0 IE BHO — {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll
O2 — BHO: Symantec Intrusion Prevention — {6D53EC84-6AAE-4787-AEEE-F4628F01010C} — C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll
O2 — BHO: ConnectionServices module — {6D7B211A-88EA-490c-BAB9-3600D8D7C503} — (no file)
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: (no name) — {AA58ED58-01DD-4d91-8333-CF10577473F7} — (no file)
O2 — BHO: Google Toolbar Notifier BHO — {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} — C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O3 — Toolbar: (no name) — {2318C2B1-4965-11d4-9B18-009027A5CD4F} — (no file)
O3 — Toolbar: Show Norton Toolbar — {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll
O4 — HKLM..Run: [Reminder] «C:WindowsCreatorRemind_XP.exe»
O4 — HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 — HKLM..Run: [Zune Launcher] «c:Program FilesZuneZuneLauncher.exe»
O4 — HKLM..Run: [ccApp] «C:Program FilesCommon FilesSymantec SharedccApp.exe»
O4 — HKLM..Run: [osCheck] «C:Program FilesNorton 360osCheck.exe»
O4 — HKLM..Run: [ISUSPM Startup] C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe -startup
O4 — HKLM..Run: [ISUSScheduler] «C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe» -start
O4 — HKLM..Run: [Adobe Reader Speed Launcher] «C:Program FilesAdobeReader 8.0ReaderReader_sl.exe»
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 — HKLM..Run: [1512623998] «C:Documents and SettingsAll UsersApplication Data16610067661512623998.exe»
O4 — HKLM..Run: [359F5809-00B8-4455-A73A-9EA62A51101B] «C:Documents and SettingsAll UsersApplication Data4063EAE3.exe»
O4 — HKCU..Run: [VoipDiscount] «C:Program FilesVoipDiscount.comVoipDisc
O4 — HKCU..Run: [swg] C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMesseng
O4 — HKCU..Run: [MP3 CD Extractor] «C:Program FilesMP3 CD Ext
O4 — HKCU..Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] «C:Program FilesCommon Fil
O4 — HKCU..Run: [12Voip] «C:Program Files12Voip.com12Voi
O4 — HKCU..Run: [PronunciationPatterns] «C:Program FilesPronunciation Patterns TrialPronunciationPatterns.exe»
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..RunOnce: [] C:Program FilesInternet Exploreriexplore.exe http://www.symantec.com/techsupp/servlet/ProductMessages?module=2007&error=0&language=en&product=SymNRT&version=2008.0.3.16&build=Symantec&a=00000082.0000001f.0000005e&b=00000082.00000045.0000011b&c=00000082.00000049.000000bb&d=00000082.0000006f.00000148
O4 — .DEFAULT User Startup: Pin.lnk = C:hpbinCLOAKER.EXE (User ‘Default user’)
O4 — Global Startup: Adobe Gamma Loader.lnk = C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
O4 — Global Startup: HP Digital Imaging Monitor.lnk = C:Program FilesHPDigital Imagingbinhpqtra08.exe
O6 — HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 — Extra context menu item: Add To Compaq Organize… — C:PROGRA~1HEWLET~1COMPAQ~1bin/module.main/favoritesie_add_to.html
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~4Office12EXCEL.EXE/3000
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~4Office12REFIEBAR.DLL
O9 — Extra button: Internet Connection Help — {E2D4D26B-0180-43a4-B05F-462D6D54C789} — C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (file missing)
O9 — Extra ‘Tools’ menuitem: Internet Connection Help — {E2D4D26B-0180-43a4-B05F-462D6D54C789} — C:WINDOWSPCHEALTHHELPCTRVendorsCN=Hewlett-Packard,L=Cupertino,S=Ca,C=USIEButtonsupport.htm (file missing)
O9 — Extra button: (no name) — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 — {e2e2dd38-d088-4134-82b7-f2ba38496583} — C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O15 — Trusted Zone: http://dms.arkona.com
O16 — DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) — http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 — DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} (CMV5 Class) — http://martins.coupons.smartsource.com/download/cscmv5X.cab
O16 — DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) — http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171805186265
O16 — DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) — https://webdl.symantec.com/activex/symdlmgr.cab
O16 — DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) — http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198292891198
O16 — DPF: {CFFE5E18-79B9-431C-8CE2-AE55A16E7C09} (looksoftware newlook control) — http://dms.arkona.com/wc8/Cab/NL/newlook.cab
O17 — HKLMSystemCCSServicesTcpip..{80443072-5384-4D29-A197-604ECE8884D8}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpip..{F2B070E7-F9AC-4B24-A23D-9BBC57A9462F}: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS1ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS2ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCS3ServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O17 — HKLMSystemCCSServicesTcpipParameters: NameServer = 208.67.220.220,208.67.222.222
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 — Service: Automatic LiveUpdate Scheduler — Symantec Corporation — C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe
O23 — Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) — Apple Computer, Inc. — C:Program FilesBonjourmDNSResponder.exe
O23 — Service: Symantec Event Manager (ccEvtMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: Symantec Settings Manager (ccSetMgr) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: Symantec Lic NetConnect service (CLTNetCnService) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: COM Host (comHost) — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe
O23 — Service: FLEXnet Licensing Service — Macrovision Europe Ltd. — C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 — Service: Google Updater Service (gusvc) — Google — C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 — Service: InstallDriver Table Manager (IDriverT) — Macrovision Corporation — C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: LiveUpdate — Symantec Corporation — C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE
O23 — Service: LiveUpdate Notice — Symantec Corporation — C:Program FilesCommon FilesSymantec SharedccSvcHst.exe
O23 — Service: NVIDIA Display Driver Service (NVSvc) — NVIDIA Corporation — C:WINDOWSsystem32nvsvc32.exe
O23 — Service: Pml Driver HPZ12 — HP — C:WINDOWSsystem32HPZipm12.exe
O23 — Service: Symantec Core LC — Unknown owner — C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe
O23 — Service: Symantec RemoteAssist — Symantec, Inc. — C:Program FilesCommon FilesSymantec SharedSupport Controlsssrc.exe—
End of file — 12011 bytes======Scheduled tasks folder======
C:WINDOWStasksEasy Internet Sign-up.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper — C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll [2006-10-22 62080][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2008-11-07 1088296][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}]
DDSMEkl — C:WINDOWSsystem32vumer.dll [2009-01-24 200208][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6coIEPlg.dll [2008-06-30 349552][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention — C:PROGRA~1COMMON~1SYMANT~1IDSIPSBHO.dll [2008-05-29 116088][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2008-11-10 320920][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO — C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll [2008-10-11 652784][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2008-11-10 34816][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2008-11-10 73728][HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F}
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} — Show Norton Toolbar — C:Program FilesCommon FilesSymantec SharedcoSharedBrowser2.6CoIEPlg.dll [2008-06-30 349552][HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«Reminder»=C:WindowsCreatorRemind_XP.exe [2004-12-14 663552]
«NvCplDaemon»=C:WINDOWSsystem32NvCpl.dll [2006-01-24 7311360]
«Zune Launcher»=c:Program FilesZuneZuneLauncher.exe [2008-11-10 157312]
«ccApp»=C:Program FilesCommon FilesSymantec SharedccApp.exe [2008-10-17 51048]
«osCheck»=C:Program FilesNorton 360osCheck.exe [2008-02-26 988512]
«ISUSPM Startup»=C:PROGRA~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe [2004-07-28 221184]
«ISUSScheduler»=C:Program FilesCommon FilesInstallShieldUpdateServiceissch.exe [2004-07-28 81920]
«Adobe Reader Speed Launcher»=C:Program FilesAdobeReader 8.0ReaderReader_sl.exe [2008-10-15 39792]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2008-11-10 136600]
«KernelFaultCheck»=C:WINDOWSsystem32dumprep 0 -k [][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«VoipDiscount»=C:Program FilesVoipDiscount.comVoipDisc []
«swg»=C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe [2008-06-11 68856]
«MSMSGS»=C:Program FilesMesseng []
«MP3 CD Extractor»=C:Program FilesMP3 CD Ext []
«BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}»=C:Program FilesCommon Fil []
«12Voip»=C:Program Files12Voip.com12Voi []
«PronunciationPatterns»=C:Program FilesPronunciation Patterns TrialPronunciationPatterns.exe []
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2008-04-13 15360][HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOnce]
«»=C:Program FilesInternet Exploreriexplore.exe [2008-10-15 633632][HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
«ZuneNetworkSvc»=3C:Documents and SettingsAll UsersStart MenuProgramsStartup
Adobe Gamma Loader.lnk — C:Program FilesCommon FilesAdobeCalibrationAdobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk — C:Program FilesHPDigital Imagingbinhpqtra08.exeC:Documents and SettingsCompaq_OwnerStart MenuProgramsStartup
Picaboo.lnk — C:Program FilesPicabooPicabooPicabooMain.exe[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifybaeecddfdbfef]
C:WINDOWSsystem32baeecddfdbfef.dll [2008-03-14 277519][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2007-02-15 236928][HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad]
WPDShServiceObj — {AAA288BA-9A4C-45B0-95D7-94D524869DB5} — C:WINDOWSsystem32WPDShServiceObj.dll [2006-10-18 133632][HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkWdf01000.sys]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetwork{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=36
«NoDrives»=0
«NoViewOnDrive»=0
«NoDriveAutoRun»=FFFFFFFF[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe»=»C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections»
«C:Program FilesEarthLink TotalAccessTaskPanl.exe»=»C:Program FilesEarthLink TotalAccessTaskPanl.exe:*:Enabled:Earthlink»
«C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe»=»C:Program FilesInternetCalls.comInternetCallsInternetCalls.exe:*:Enabled:InternetCalls»
«C:Program FilesHPDigital Imagingbinhpqtra08.exe»=»C:Program FilesHPDigital Imagingbinhpqtra08.exe:*:Enabled:hpqtra08.exe»
«C:Program FilesHPDigital Imagingbinhpqste08.exe»=»C:Program FilesHPDigital Imagingbinhpqste08.exe:*:Enabled:hpqste08.exe»
«C:Program FilesHPDigital Imagingbinhpofxm08.exe»=»C:Program FilesHPDigital Imagingbinhpofxm08.exe:*:Enabled:hpofxm08.exe»
«C:Program FilesHPDigital Imagingbinhposfx08.exe»=»C:Program FilesHPDigital Imagingbinhposfx08.exe:*:Enabled:hposfx08.exe»
«C:Program FilesHPDigital Imagingbinhposid01.exe»=»C:Program FilesHPDigital Imagingbinhposid01.exe:*:Enabled:hposid01.exe»
«C:Program FilesHPDigital Imagingbinhpqscnvw.exe»=»C:Program FilesHPDigital Imagingbinhpqscnvw.exe:*:Enabled:hpqscnvw.exe»
«C:Program FilesHPDigital Imagingbinhpqkygrp.exe»=»C:Program FilesHPDigital Imagingbinhpqkygrp.exe:*:Enabled:hpqkygrp.exe»
«C:Program FilesHPDigital ImagingbinhpqCopy.exe»=»C:Program FilesHPDigital ImagingbinhpqCopy.exe:*:Enabled:hpqcopy.exe»
«C:Program FilesHPDigital Imagingbinhpfccopy.exe»=»C:Program FilesHPDigital Imagingbinhpfccopy.exe:*:Enabled:hpfccopy.exe»
«C:Program FilesHPDigital Imagingbinhpzwiz01.exe»=»C:Program FilesHPDigital Imagingbinhpzwiz01.exe:*:Enabled:hpzwiz01.exe»
«C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe»=»C:Program FilesHPDigital ImagingUnloadHpqPhUnl.exe:*:Enabled:hpqphunl.exe»
«C:Program FilesHPDigital ImagingUnloadHpqDIA.exe»=»C:Program FilesHPDigital ImagingUnloadHpqDIA.exe:*:Enabled:hpqdia.exe»
«C:Program FilesHPDigital Imagingbinhpoews01.exe»=»C:Program FilesHPDigital Imagingbinhpoews01.exe:*:Enabled:hpoews01.exe»
«C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe»=»C:Program FilesVoipDiscount.comVoipDiscountVoipDiscount.exe:*:Disabled:VoipDiscount»
«C:Program Files12Voip.com12Voip12Voip.exe»=»C:Program Files12Voip.com12Voip12Voip.exe:*:Enabled:12Voip»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»
«C:Program FilesBonjourmDNSResponder.exe»=»C:Program FilesBonjourmDNSResponder.exe:*:Enabled:Bonjour»
«C:Program FilesSmartHideSmartHide.exe»=»C:Program FilesSmartHideSmartHide.exe:*:Enabled:SmartHide»
«C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE»=»C:Program FilesMicrosoft OfficeOffice12OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe»=»C:Program FilesCompaq Connections5577497ProgramCompaq Connections.exe:*:Enabled:Compaq Connections»
«%windir%Network Diagnosticxpnetdiag.exe»=»%windir%Network Diagnosticxpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000»[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{928cdb6c-df27-11dd-93fe-001731a1c41d}]
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:m.exe /s[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{edcc4e1e-0ee3-11dd-9103-001731a1c41d}]
shellAutocommand — Start.exe
shellAutoRuncommand — C:WINDOWSsystem32RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe======List of files/folders created in the last 1 months======
2009-01-25 13:25:01 —-RASHD—- C:autorun.inf
2009-01-25 07:35:22 —-D—- C:Documents and SettingsCompaq_OwnerApplication DataPicaboo
2009-01-25 07:30:55 —-D—- C:Program FilesPicaboo
2009-01-14 13:41:59 —-HDC—- C:WINDOWS$NtUninstallKB958687$
2009-01-14 13:10:45 —-D—- C:_OTMoveIt
2009-01-11 00:19:24 —-D—- C:Program Filestrend micro
2009-01-11 00:19:16 —-D—- C:rsit
2009-01-10 20:18:40 —-D—- C:Documents and SettingsAll UsersApplication Data1661006766======List of files/folders modified in the last 1 months======
2009-01-25 13:29:10 —-D—- C:WINDOWSTemp
2009-01-25 13:27:20 —-D—- C:Program FilesMozilla Firefox 3 Beta 5
2009-01-25 13:26:34 —-D—- C:WINDOWSPrefetch
2009-01-25 09:44:11 —-D—- C:WINDOWSsystem32
2009-01-25 09:43:31 —-D—- C:WINDOWSsystem32FxsTmp
2009-01-25 07:35:47 —-D—- C:Program FilesCommon FilesSymantec Shared
2009-01-25 07:33:21 —-SHD—- C:WINDOWSInstaller
2009-01-25 07:33:21 —-SHD—- C:Config.Msi
2009-01-25 07:33:03 —-RSD—- C:WINDOWSFonts
2009-01-25 07:30:55 —-AD—- C:Program Files
2009-01-25 06:41:31 —-D—- C:WINDOWSsystem32CatRoot2
2009-01-24 23:50:52 —-A—- C:WINDOWSSchedLgU.Txt
2009-01-24 22:10:36 —-AD—- C:WINDOWS
2009-01-24 00:41:14 —-A—- C:WINDOWSsystem32vumer.dll
2009-01-18 08:25:52 —-D—- C:WINDOWSnetwork diagnostic
2009-01-18 07:08:10 —-D—- C:Temp
2009-01-17 01:29:58 —-D—- C:Documents and SettingsCompaq_OwnerApplication DataSkype
2009-01-17 00:05:05 —-D—- C:Documents and SettingsCompaq_OwnerApplication DataskypePM
2009-01-14 13:42:34 —-D—- C:Documents and SettingsAll UsersApplication DataMicrosoft Help
2009-01-14 13:42:03 —-HD—- C:WINDOWSinf
2009-01-14 13:42:01 —-RSHD—- C:WINDOWSsystem32dllcache
2009-01-14 13:42:01 —-D—- C:WINDOWSsystem32drivers
2009-01-14 13:41:29 —-HD—- C:WINDOWS$hf_mig$
2009-01-11 10:37:11 —-RASH—- C:boot.ini
2009-01-11 10:37:06 —-A—- C:WINDOWSwin.ini
2009-01-11 10:37:01 —-A—- C:WINDOWSsystem.ini
2009-01-10 22:23:04 —-A—- C:WINDOWSimsins.BAK
2009-01-09 23:02:56 —-D—- C:Program FilesSymantec
2009-01-09 23:02:56 —-A—- C:WINDOWSsystem32S32EVNT1.DLL
2009-01-09 20:35:28 —-A—- C:WINDOWSsystem32MRT.exe
2008-12-29 10:01:02 —-D—- C:WINDOWSMinidump
2008-12-26 19:13:17 —-A—- C:WINDOWSDUMP490f.tmp======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSsystem32DRIVERSAmdK8.sys [2005-03-09 36352]
R1 eeCtrl;Symantec Eraser Control driver; ??C:Program FilesCommon FilesSymantec SharedEENGINEeeCtrl.sys []
R1 SPBBCDrv;SPBBCDrv; ??C:Program FilesCommon FilesSymantec SharedSPBBCSPBBCDrv.sys []
R1 SRTSPX;SRTSPX; C:WINDOWSSystem32DriversSRTSPX.SYS [2008-01-31 43696]
R1 SYMTDI;SYMTDI; C:WINDOWSSystem32DriversSYMTDI.SYS [2008-06-13 184240]
R2 Aspi32;Aspi32; C:WINDOWSsystem32driversAspi32.sys [1999-09-10 25244]
R2 CO_Mon;CO_Mon; ??C:WINDOWSsystem32driversCO_Mon.sys []
R2 mdmxsdk;mdmxsdk; C:WINDOWSsystem32DRIVERSmdmxsdk.sys [2005-10-05 12544]
R2 zumbus;Zune Bus Enumerator Driver; C:WINDOWSsystem32DRIVERSzumbus.sys [2008-09-12 40832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; ??C:Program FilesCommon FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:WINDOWSSystem32DriversGEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:WINDOWSsystem32DRIVERSHDAudBus.sys [2008-04-13 144384]
R3 HSX_DP;HSX_DP; C:WINDOWSsystem32DRIVERSHSX_DP.sys [2005-12-06 936448]
R3 HSXHWBS2;HSXHWBS2; C:WINDOWSsystem32DRIVERSHSXHWBS2.sys [2005-12-06 241664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:WINDOWSsystem32driversRtkHDAud.sys [2006-03-08 4246016]
R3 LVUSBSta;Logitech USB Monitor Filter; C:WINDOWSsystem32driverslvusbsta.sys [2005-01-31 22016]
R3 NAVENG;NAVENG; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090125.005NAVENG.SYS []
R3 NAVEX15;NAVEX15; ??C:PROGRA~1COMMON~1SYMANT~1VIRUSD~120090125.005NAVEX15.SYS []
R3 nv;nv; C:WINDOWSsystem32DRIVERSnv4_mini.sys [2006-01-24 3535520]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:WINDOWSsystem32DRIVERSNVENETFD.sys [2006-03-03 34176]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:WINDOWSsystem32DRIVERSnvnetbus.sys [2006-03-03 13056]
R3 PID_0928;Logitech QuickCam Express(PID_0928); C:WINDOWSsystem32DRIVERSLV561AV.SYS [2005-01-31 211712]
R3 SRTSP;SRTSP; C:WINDOWSSystem32DriversSRTSP.SYS [2008-01-31 279088]
R3 SYMDNS;SYMDNS; C:WINDOWSSystem32DriversSYMDNS.SYS [2008-06-13 13616]
R3 SymEvent;SymEvent; ??C:WINDOWSsystem32DriversSYMEVENT.SYS []
R3 SYMFW;SYMFW; C:WINDOWSSystem32DriversSYMFW.SYS [2008-06-13 96432]
R3 SYMIDS;SYMIDS; C:WINDOWSSystem32DriversSYMIDS.SYS [2008-06-13 38576]
R3 SYMIDSCO;SYMIDSCO; ??C:PROGRA~1COMMON~1SYMANT~1SymcDataipsdefs20090120.001SymIDSCo.sys []
R3 SymIMMP;SymIMMP; C:WINDOWSsystem32DRIVERSSymIM.sys [2008-06-13 31280]
R3 SYMNDIS;SYMNDIS; C:WINDOWSSystem32DriversSYMNDIS.SYS [2008-06-13 37424]
R3 SYMREDRV;SYMREDRV; C:WINDOWSSystem32DriversSYMREDRV.SYS [2008-06-13 22320]
R3 tap0801;Smarthide TAP driver; C:WINDOWSsystem32DRIVERStap0801.sys [2008-02-04 55808]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:WINDOWSsystem32DRIVERSusbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:WINDOWSsystem32DRIVERSWdf01000.sys [2008-03-27 503008]
R3 winachsx;winachsx; C:WINDOWSsystem32DRIVERSHSX_CNXT.sys [2005-12-06 670208]
S1 kbdhid;Keyboard HID Driver; C:WINDOWSsystem32DRIVERSkbdhid.sys [2008-04-13 14592]
S2 MCSTRM;MCSTRM; C:WINDOWSsystem32driversMCSTRM.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; ??C:WINDOWSSystem32DRIVERSASPI32.sys []
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; ??C:WINDOWSsystem32DriversCOH_Mon.sys []
S3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2008-04-13 10368]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:WINDOWSsystem32DRIVERSHPZid412.sys [2005-03-07 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:WINDOWSsystem32DRIVERSHPZipr12.sys [2005-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:WINDOWSsystem32DRIVERSHPZius12.sys [2005-03-07 21744]
S3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2008-04-13 10880]
S3 NPF;Netgroup Packet Filter; C:WINDOWSsystem32driversnpf.sys [2005-08-02 32512]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:WINDOWSsystem32DRIVERSRTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:WINDOWSsystem32DRIVERSSONYPVU1.SYS [2001-08-17 7552]
S3 SRTSPL;SRTSPL; C:WINDOWSSystem32DriversSRTSPL.SYS [2008-01-31 317616]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2008-04-13 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:WINDOWSsystem32DRIVERSSymIM.sys [2008-06-13 31280]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2008-04-13 26368]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2008-04-13 20608]
S3 WinUSB;WinUSB; C:WINDOWSsystem32DRIVERSWinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:WINDOWSsystem32DRIVERSwpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2008-04-13 19200]
S3 WUDFRd;Windows Driver Foundation — User-mode Driver Framework Reflector; C:WINDOWSsystem32DRIVERSWUDFRd.sys [2008-01-18 83328]
S4 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2008-04-13 36352]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Automatic LiveUpdate Scheduler;Automatic LiveUpdate Scheduler; C:Program FilesSymantecLiveUpdateAluSchedulerSvc.exe [2008-02-21 238968]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:Program FilesBonjourmDNSResponder.exe [2006-02-28 229376]
R2 ccEvtMgr;Symantec Event Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 ccSetMgr;Symantec Settings Manager; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 CLTNetCnService;Symantec Lic NetConnect service; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2008-11-10 152984]
R2 LiveUpdate Notice;LiveUpdate Notice; C:Program FilesCommon FilesSymantec SharedccSvcHst.exe [2008-10-17 149352]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:WINDOWSsystem32nvsvc32.exe [2006-01-24 131139]
R2 WudfSvc;Windows Driver Foundation — User-mode Driver Framework; C:WINDOWSsystem32svchost.exe [2008-04-13 14336]
R2 ZuneBusEnum;Zune Bus Enumerator; c:WINDOWSsystem32ZuneBusEnum.exe [2008-11-10 60032]
R3 Symantec Core LC;Symantec Core LC; C:PROGRA~1COMMON~1SYMANT~1CCPD-LCsymlcsvc.exe [2008-05-29 1245064]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:WINDOWSsystem32HPZipm12.exe [2006-03-02 69632]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24 70144]
S3 comHost;COM Host; C:Program FilesCommon FilesSymantec SharedVAScannercomHost.exe [2007-08-22 55640]
S3 Fax;Fax; C:WINDOWSsystem32fxssvc.exe [2008-04-13 267776]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:Program FilesCommon FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe [2008-01-20 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:WINDOWSMicrosoft.NetFrameworkv3.0WPFPresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe [2008-10-11 168432]
S3 IDriverT;InstallDriver Table Manager; C:Program FilesCommon FilesInstallShieldDriver1050Intel 32IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication Foundationinfocard.exe [2007-10-11 864256]
S3 LiveUpdate;LiveUpdate; C:Program FilesSymantecLiveUpdateLuComServer_3_4.EXE [2008-08-04 3220856]
S3 odserv;Microsoft Office Diagnostics Service; C:Program FilesCommon FilesMicrosoft SharedOFFICE12ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2006-10-26 145184]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:Program FilesCommon FilesSymantec SharedSupport Controlsssrc.exe [2008-01-29 394704]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:Program FilesWindows Media PlayerWMPNetwk.exe [2006-10-18 913408]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:WINDOWSsystem32ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:WINDOWSMicrosoft.NETFrameworkv3.0Windows Communication FoundationSMSvcHost.exe [2007-10-11 122880]
S4 ZuneNetworkSvc;Zune Network Sharing Service; c:Program FilesZuneZuneNss.exe [2008-11-10 5117568]
EOF
Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите программу и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.:Processes
explorer.exe
:reg
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{2502BBD0-D73B-11DD-B4EC-CEBF56D89593}]
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{6D7B211A-88EA-490c-BAB9-3600D8D7C503}]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[-HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifybaeecddfdbfef]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{928cdb6c-df27-11dd-93fe-001731a1c41d}]
[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{edcc4e1e-0ee3-11dd-9103-001731a1c41d}]
:files
C:WINDOWSsystem32baeecddfdbfef.dll [2008-03-14 277519]
C:WINDOWSsystem32vumer.dll
:Commands
[emptytemp]
[start explorer]
[Reboot]Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог, вставьте его в ваш ответ.
Так же к ответу приложите свежий RSIT лог.
- Для ответа в этой теме необходимо авторизоваться.
