Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan-proxy.win32.horst.te (others?)


  • This topic is locked This topic is locked
8 replies to this topic

#1 insomni

insomni

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 05 April 2008 - 05:41 AM

A friend's computer seems to be pretty riddled with viruses and adware. I went through the checklist and have cleared a lot out, but I'm not sure if the machine is clear yet. I definitely want to make sure there are no Trojans! Thanks in advance for any help.

Here's the order of events: I was helping my friend with their computer and discovered that the entire C drive was shared. When I turned off sharing, AVG Free kicked in and said that a virus had been detected. Unfortunately I don't know the exact name of the virus, but it was a trojan of some kind. When I clicked the button to fix the problem, AVG returned an error. I installed Avast and did a boot scan, finding some viruses. I assume that the infected files in the McAfee SpamKiller folder were all intercepted prior to being stored there. I wasn't able to find much info on the infected folders in the system32 folder (Adware-gen). I also ran Ad-Aware and Spyware Search & Destroy, deleting everything they found (Ad-Aware I ran 3 times, until nothing showed up), and installed Comodo Firewall. I then ran the DSS scan. I ran the Kaspersky scan after that (sorry for doing it out of order, but I didn't think I'd have time for Kaspersky). I should mention that she uses a Russian version of Windows XP (I don't speak it, which made helping her interesting!). So, here is the order of the logs:

1. Avast aswBoot.txt
2. DSS main.txt
3. DSS extra.txt
4. Kaspersky


03/30/2008 07:47
Scan of all local drives
File C:\WINDOWS\system32\trkiniiz.exe is infected by Win32:Adware-gen [Adw], Repair: Error 42060 {The file was not repaired.}, Moved to chest
File C:\WINDOWS\system32\lglytzup.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000063.msg is infected by Win32:Netsky-BY [Wrm], Moved to chest
File C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000065.msg is infected by Win32:Netsky-BY [Wrm], Moved to chest
File C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000080.msg is infected by Win32:Netsky-BY [Wrm], Moved to chest
File C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000123.msg is infected by Win32:Netsky-BY [Wrm], Moved to chest
File C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000000110.msg is infected by Win32:Netsky-BY [Wrm], Moved to chest
File C:\System Volume Information\_restore{ABCC21BE-D616-4E00-8513-5AB84E902485}\RP646\A0095735.exe is infected by Win32:Adware-gen [Adw], Moved to chest
File C:\System Volume Information\_restore{ABCC21BE-D616-4E00-8513-5AB84E902485}\RP646\A0095736.exe is infected by Win32:Adware-gen [Adw], Moved to chest

Number of searched folders: 5301
Number of tested files: 86127
Number of infected files: 9

----------------------------------------
03/30/2008 13:14
Scan of all local drives

Number of searched folders: 5306
Number of tested files: 86222
Number of infected files: 0

----------------------------------------
04/03/2008 22:38
Scan of all local drives

Number of searched folders: 3888
Number of tested files: 27572
Number of infected files: 0





Deckard's System Scanner v20071014.68
Run by 1 on 2008-04-04 23:19:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
44: 2008-04-04 20:19:48 UTC - RP650 - Deckard's System Scanner Restore Point
43: 2008-04-04 16:04:25 UTC - RP649 - Installed Ad-Aware 2007
42: 2008-04-04 13:38:29 UTC - RP648 - Installed LogMeIn
41: 2008-04-03 18:56:05 UTC - RP647 - ГГЁГГІГҐГГГ Гї ГЄГГГІГГГГјГГ Гї ГІГГГЄГ
40: 2008-03-30 04:40:03 UTC - RP646 - Removed AVG 7.5


-- First Restore Point --
1: 2008-02-15 06:59:31 UTC - RP607 - ГГЁГГІГҐГГГ Гї ГЄГГГІГГГГјГГ Гї ГІГГГЄГ


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 496 MiB (512 MiB recommended).


-- HijackThis (run as 1.exe) ---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:20:59, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Documents and Settings\1\ГђГ ГЎГГГЁГ ГГІГГ\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Nnueee
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: McAfee AntiPhishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: &ГќГЄГГЇГГГІ Гў Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee AntiPhishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\program files\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Ni?aai?iua iaoa?eaeu - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DD72AEB-0887-4C45-9088-68F83484842A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DD72AEB-0887-4C45-9088-68F83484842A}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ?o?iae niauoee (Eventlog) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Neo?aa COM caiene eiiiaeo-aeneia IMAPI (ImapiService) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\system32\services.exe
O23 - Service: Aeniao?a? naaina ni?aaee aey oaaeaiiiai ?aai?aai noiea (RDSessMgr) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Nia?o-ea?ou (SCardSvr) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ?o?iaeu e iiiaauaiey i?iecaiaeoaeuiinoe (SysmonLog) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Oaiaaia eiie?iaaiea oiia (VSS) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Aaaioa? i?iecaiaeoaeuiinoe WMI (WmiApSrv) - ГЉГГГЇГГГ ГГЁГї ГЊГ ГГЄГГГГГґГІ - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 12812 bytes

-- File Associations -----------------------------------------------------------

.scr - scrfile - shell\open\command - "%1" /S "%3"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.1.6.0) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.1.6.0>
R2 BjsPort (Canon BJ Scanner Port Driver) - c:\windows\system32\drivers\bjsport.sys
R2 DbgMsg (Debug Message) - c:\windows\system32\drivers\dbgmsg.sys <Not Verified; Compuware Corporation - NuMega Lab; DriverStudio>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>

S3 aslm75 - c:\windows\system32\drivers\aslm75.sys
S3 Asushwio - c:\windows\system32\drivers\asushwio.sys
S3 MosIrUsb (MosIrUsb.sys) - c:\windows\system32\drivers\mosirusb.sys <Not Verified; ; IrDA-USB Adapter>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 OwnershipProtocol - c:\program files\intel\wireless\bin\oprotsvc.exe <Not Verified; Intel Corporation; Intel PROSet/Wireless>
R2 RegSrvc - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; RegSrvc Module>

S2 MskService (McAfee SpamKiller Server) - c:\progra~1\mcafee\spamki~1\msksrvr.exe <Not Verified; McAfee Inc.; McAfee SpamKiller>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: ГГҐГІГҐГўГГ Г ГГ ГЇГІГҐГ 1394
Device ID: V1394\NIC1394\3291910E01800
Manufacturer: Microsoft
Name: ГГҐГІГҐГўГГ Г ГГ ГЇГІГҐГ 1394
PNP Device ID: V1394\NIC1394\3291910E01800
Service: NIC1394


-- Files created between 2008-03-04 and 2008-04-04 -----------------------------

2008-04-04 19:04:30 0 d-------- C:\Program Files\Lavasoft
2008-04-04 19:04:28 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:03:29 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 16:51:39 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 16:51:34 0 d-------- C:\Program Files\SpywareBlaster
2008-04-04 16:42:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\ГђГ ГЎГГГЁГ ГГІГГ
2008-04-04 16:42:42 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Cookies
2008-04-04 16:42:42 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Application Data
2008-04-04 16:42:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Symantec
2008-04-04 16:42:42 0 d---s---- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Microsoft
2008-04-04 16:42:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InterTrust
2008-04-04 16:42:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Intel
2008-04-04 16:42:42 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Identities
2008-04-04 16:42:41 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\ГГ ГЎГГГГ
2008-04-04 16:42:41 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\ГЊГГЁ ГГГЄГіГГҐГГІГ
2008-04-04 16:42:41 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\ГГГЎГГ ГГГГҐ
2008-04-04 16:42:41 0 dr------- C:\Documents and Settings\LogMeInRemoteUser\ГѓГГ ГўГГГҐ ГГҐГГѕ
2008-04-04 16:42:41 0 d-------- C:\Documents and Settings\LogMeInRemoteUser\WINDOWS
2008-04-04 16:42:41 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\SendTo
2008-04-04 16:42:41 0 dr-h----- C:\Documents and Settings\LogMeInRemoteUser\Recent
2008-04-04 16:42:41 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\PrintHood
2008-04-04 16:42:41 524288 --ah----- C:\Documents and Settings\LogMeInRemoteUser\NTUSER.DAT
2008-04-04 16:42:41 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\NetHood
2008-04-04 16:42:41 0 d--h----- C:\Documents and Settings\LogMeInRemoteUser\Local Settings
2008-04-04 16:38:33 0 d-------- C:\Program Files\LogMeIn
2008-04-02 14:34:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 21:54:19 0 d-------- C:\Documents and Settings\1\Application Data\Comodo
2008-03-30 21:54:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-30 21:50:55 0 d-------- C:\Program Files\Comodo
2008-03-30 21:28:31 0 d-------- C:\Program Files\Trend Micro
2008-03-30 07:45:38 0 d-------- C:\Program Files\Alwil Software
2008-03-28 08:14:07 0 d-------- C:\Documents and Settings\1\Application Data\McAfee
2008-03-25 12:25:06 0 d-------- C:\Documents and Settings\1\Application Data\Uniblue
2008-03-25 07:37:09 126976 -----n--- C:\WINDOWS\system32\fppr332.dll <Not Verified; FinePrint Software, LLC; pdfFactory>
2008-03-21 09:11:56 0 d-------- C:\Documents and Settings\LocalService\Application Data\Adobe
2008-03-21 09:11:22 0 d-------- C:\Documents and Settings\LocalService\Application Data\Google
2008-03-19 20:57:53 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-19 20:57:53 0 d-------- C:\Documents and Settings\1\Application Data\skypePM
2008-03-19 20:57:27 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-03-19 20:56:50 0 d-------- C:\Program Files\Skype
2008-03-19 20:56:50 0 d-------- C:\Program Files\Common Files\Skype
2008-03-13 15:07:01 331776 -----n--- C:\WINDOWS\system32\fppmon3.dll <Not Verified; FinePrint Software, LLC; pdfFactory>


-- Find3M Report ---------------------------------------------------------------

2008-03-03 14:09:50 0 d-------- C:\Program Files\Windows Media Connect 2
2008-02-25 14:22:56 222541 --a------ C:\WINDOWS\system32\usb
2008-02-08 08:10:12 13248 --a------ C:\S3qk


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [16/12/2004 19:19]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [24/11/2004 08:52]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [24/11/2004 08:52]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [19/09/2003 12:54]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [21/09/2004 16:55]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [22/12/2004 17:23]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [22/12/2004 17:23]
"SoundMan"="SOUNDMAN.EXE" [05/11/2004 09:18 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [05/11/2004 09:17 C:\WINDOWS\alcwzrd.exe]
"Alcmtr"="ALCMTR.EXE" [05/11/2004 09:17 C:\WINDOWS\ALCMTR.EXE]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [15/10/2004 11:27]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [15/10/2004 11:31]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 11:50]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [28/03/2002 12:32]
"Intense Registry Service"="IntEdReg.exe" [10/10/2001 06:32 C:\WINDOWS\system32\intedreg.exe]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [26/09/2005 10:26]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [22/09/2005 18:29]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [11/01/2006 12:05]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [07/11/2006 14:49]
"@"="" []
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [08/12/2006 02:06]
"pdfFactory Dispatcher v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [05/03/2008 10:21]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 20:37]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [30/03/2008 21:50]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [03/08/2007 15:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [27/03/2007 15:22]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [01/02/2008 17:22]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [19/03/2008 20:57]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\1\ВѓВВ ВўВВВҐ ВВҐВГ\ВЏГ ВВЈГ В ВВГ\ВЂВўГўВВВ ВЈГ ГЈВВЄВ \
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [13/04/2004 17:03:10]

C:\Documents and Settings\All Users\ВѓВВ ВўВВВҐ ВВҐВГ\ВЏГ ВВЈГ В ВВГ\ВЂВўГўВВВ ВЈГ ГЈВВЄВ \
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [06/02/2003 19:06:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 15/10/2004 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 15/11/2007 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5c17f7-800c-11dc-8090-0011d86b60de}]
AutoRun\command- H:\batchfil.bat




-- Hosts -----------------------------------------------------------------------

127.0.0.1 .archivioadulti.com
127.0.0.1 .internet-explorer.name
127.0.0.1 .katasearch.com
127.0.0.1 .preferiti-windows.com
127.0.0.1 .qoogler.com
127.0.0.1 .tuttoavolonta.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com

8135 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-04-04 23:22:15 ------------





Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (0419) - see http://preview.tinyurl.com/mhhp6

CPU 0: Intel® Pentium® M processor 1.60GHz
Percentage of Memory in Use: 70%
Physical Memory (total/avail): 495.3 MiB / 144.93 MiB
Pagefile Memory (total/avail): 1154.81 MiB / 775.44 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.24 MiB

C: is Fixed (FAT32) - 21.25 GiB total, 4.26 GiB free.
D: is Fixed (NTFS) - 14.13 GiB total, 5.28 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (FAT32)

\\.\PHYSICALDRIVE0 - HTS424040M9AT00 - 37.26 GiB - 3 partitions
\PARTITION0 - Unknown - 1906.12 MiB
\PARTITION1 (bootable) - Unknown - 21.27 GiB - C:
\PARTITION2 - ГђГ ГГёГЁГ. Win95/98 c ГГ ГГёГЁГ. IRQ13 - 14.13 GiB - D:

\\.\PHYSICALDRIVE1 - PNY USB 2.0 FD USB Device - 980.53 MiB - 1 partition
\PARTITION0 (bootable) - Unknown - 983.98 MiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
FirewallDisableNotify is set.

FW: COMODO Firewall Pro v2.3.035 (COMODO)
AV: avast! antivirus 4.8.1169 [VPS 080404-0] v4.8.1169 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Disabled:Yahoo! Messenger"
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"="C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe:*:Enabled:LiveUpdt"
"C:\\WINDOWS\\System32\\LEXPPS.EXE"="C:\\WINDOWS\\System32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\1\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=OWL
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\1
LOGONSERVER=\\OWL
MIGO_DRIVE=H
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 13 Stepping 8, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0d08
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\1\LOCALS~1\Temp
TMP=C:\DOCUME~1\1\LOCALS~1\Temp
USERDOMAIN=OWL
USERNAME=1
USERPROFILE=C:\Documents and Settings\1
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

1 (admin)
LogMeInRemoteUser (new local, admin)
ГѓГГГІГј (guest)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNNMP.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ГГГЇГГ ГўГГҐГГЁГҐ ГГГї Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
ГГГЇГГ ГўГГҐГГЁГҐ ГГГї Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
ГГГЇГГ ГўГГҐГГЁГҐ ГГГї ГЇГГГЁГЈГГГўГ ГІГҐГГї Windows Media 11 - (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB873333 --> C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
ГЏГ ГЄГҐГІ ГЁГГЇГГ ГўГГҐГГЁГ ГГГї Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP - (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP - (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB901190) --> "C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB903235) --> "C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB928090) --> "C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB929969) --> "C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB931768) --> "C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB933566) --> "C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB937143) --> "C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB938127) --> "C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB939653) --> "C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї Windows XP (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї ГЇГГГЁГЈГГГўГ ГІГҐГГї Windows Media - (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї ГЇГГГЁГЈГГГўГ ГІГҐГГї Windows Media 10 - (KB911565) --> "C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї ГЇГГГЁГЈГГГўГ ГІГҐГГї Windows Media 10 - (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї ГЇГГГЁГЈГГГўГ ГІГҐГГї Windows Media 10 - (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї ГЇГГГЁГЈГГГўГ ГІГҐГГї Windows Media 11 - (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГЎГҐГГГЇГ ГГГГГІГЁ ГГГї ГЇГГГЁГЈГГГўГ ГІГҐГГї Windows Media 6.4 - (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
ГЋГЎГГГўГГҐГГЁГҐ ГГГї Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
ABBYY Lingvo 12 English Edition --> MsiExec.exe /I{A1200000-0001-0000-0000-074957833700}
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
ASUS Live Update --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\ASUS Live Update\Uninst.isu" -c"C:\Program Files\ASUS\ASUS Live Update\Uninst.dll"
ASUS Probe V2.11 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\ASUS\ASUS Probe\Uninst.isu"
ATK0100 ACPI UTILITY --> C:\WINDOWS\ATK0100\XPunin.exe
avast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Before You Know It 3.6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3636B361-8E1A-4735-B246-F4688435D035}\Setup.exe" -l0x9
Canon CanoScan Toolbox 4.9 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon ScanGear Starter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
COMODO Firewall Pro --> C:\Program Files\Comodo\Firewall\fwconfig.exe -uninstalln
Documents To Go --> MsiExec.exe /I{4E7E8E6A-15F1-4E26-9352-26AD235131E9}
EPSON Printer Software --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Galleon 3D Screensaver 1.0 --> "C:\Program Files\Galleon 3D Screensaver\unins000.exe"
Google Earth --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
HDAUDIO SoftV92 Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_10431966\HXFSETUP.EXE -U -IHDAUDIO\FUNC_02&VEN_14F1&DEV_2BFA&SUBSYS_10431966
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp deskjet 3820 series (ГГГГјГЄГ ГіГГ ГГЁГІГј) --> C:\Program Files\hp deskjet 3820 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB003 -vproduct=3820 -huninstall
HymnFinder --> C:\WINDOWS\st6unst.exe -n "C:\Program Files\HymnFinder\ST6UNST.LOG"
Intel® Graphics Media Accelerator Driver for Mobile --> RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
IS Scan 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0FF3A504-4705-11D2-B55D-00609733EA48}\setup.exe"
Lexmark Z600 Series --> C:\WINDOWS\system32\spool\drivers\w32x86\3\LXBCUN5C.EXE -dLexmark Z600 Series
LingvoSoft FlashCards English<->Latvian for Palm OS --> C:\PROGRA~1\LINGVO~1\LINGVO~1\UNWISE.EXE C:\PROGRA~1\LINGVO~1\LINGVO~1\INSTALL.LOG
LiveUpdate 3.0 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LogMeIn --> MsiExec.exe /I{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}
McAfee SecurityCenter --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /uninstall=1 /appid=msc /interact=1 /script_proactive=0 /start=c:\PROGRA~1\mcafee.com\agent\uninst\screm.ui::uninstall.htm
McAfee SpamKiller --> c:\PROGRA~1\mcafee.com\shared\mcappins.exe /v=3 /appid=MSK /uninstall=1 /interact=1 /script_proactive=0 /start="c:\PROGRA~1\mcafee.com\agent\uninst\mskremui.dll::uninstall.htm"
mCore --> MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDriver --> MsiExec.exe /I{28DA872A-0848-48CF-B749-19A198157A2A}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mEoU.msi --> MsiExec.exe /I{B502B428-3386-40A9-98DB-079AAB72E64F}
Merriam-Webster 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Merriam-Webster\setup.exe" -l0x9
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office - ГЇГГГґГҐГГГЁГГГ ГГјГГГ ГўГГЇГіГГЄ ГўГҐГГГЁГЁ 2003 --> MsiExec.exe /I{90110419-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003 --> MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Migo (remove only) --> C:\Documents and Settings\1\Application Data\Powerhouse\Migo\MigoUninstall.exe
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA --> MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML --> MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
Nero Suite --> C:\Program Files\Common Files\Ahead\Uninstall\Setup.exe /uninstall
Online Bible 10.10.09 --> C:\Program Files\Bible\OlbDel.Exe "Online Bible" "Online Bible" "C:\Documents and Settings\1\ГЊГГЁ ГГГЄГіГГҐГГІГ\Bible\" "C:\Documents and Settings\All Users\ГГГЄГіГГҐГГІГ\Online Bible\"
Palm Desktop --> MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
pdfFactory --> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst3.exe /uninstall
Personal Composer --> C:\PROGRA~1\PERSON~1\pcsetup.exe /uninstall
Power4 Gear --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" REMOVE
SkypeВ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster 4.0 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Synaptics Pointing Device Driver --> rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
USB-Ir Adapter --> MsiExec.exe /I{00F3D43F-B5A9-4C8D-B5A1-5FD2DE16CC21}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
WinFlash --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9
WinHTTrack Website Copier 3.40-2 --> "C:\Program Files\WinHTTrack\unins000.exe"
Yahoo! Messenger --> C:\PROGRA~1\YAHOO!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\YAHOO!\MESSEN~1\INSTALL.LOG


-- Application Event Log -------------------------------------------------------

Event Record #/Type21133 / Error
Event Submitted/Written: 04/04/2008 11:21:24 PM
Event ID/Source: 8 / crypt32
Event Description:
ГЋГёГЁГЎГЄГ ГЇГГГіГГҐГГЁГї Г ГўГІГГГ ГІГЁГГҐГГЄГГЈГ ГГЎГГГўГГҐГГЁГї ГЇГГГГҐГГГўГ ГІГҐГГјГГГЈГ ГГГГҐГГ ГГІГГГГГГҐГЈГ ГЄГГГГҐГўГГЈГ ГГЇГЁГГЄГ ГЁГ: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> Г ГЄГГГГ ГГёГЁГЎГЄГЁ: ГГЄГ ГГ ГГГГ ГГҐГГўГҐГ ГГҐ ГГГГҐГІ ГўГГЇГГГГЁГІГј ГІГГҐГЎГіГҐГГіГѕ ГГЇГҐГГ ГГЁГѕ.

Event Record #/Type21132 / Error
Event Submitted/Written: 04/04/2008 11:21:24 PM
Event ID/Source: 8 / crypt32
Event Description:
ГЋГёГЁГЎГЄГ ГЇГГГіГГҐГГЁГї Г ГўГІГГГ ГІГЁГГҐГГЄГГЈГ ГГЎГГГўГГҐГГЁГї ГЇГГГГҐГГГўГ ГІГҐГГјГГГЈГ ГГГГҐГГ ГГІГГГГГГҐГЈГ ГЄГГГГҐГўГГЈГ ГГЇГЁГГЄГ ГЁГ: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> Г ГЄГГГГ ГГёГЁГЎГЄГЁ: ГГГГўГГ ГІ ГЁГ ГГЇГҐГГ ГГЁГЁ ГЇГГГЁГГГёГҐГ ГЁГ-ГГ ГЇГГҐГўГГёГҐГГЁГї ГўГГҐГГҐГГЁ ГГГЁГГ ГГЁГї.

Event Record #/Type21128 / Error
Event Submitted/Written: 04/04/2008 10:04:44 PM
Event ID/Source: 0 / MskService
Event Description:
Unable to start server front end.
Socket Error # 10049
Cannot assign requested address.

Event Record #/Type21126 / Error
Event Submitted/Written: 04/04/2008 10:01:47 PM
Event ID/Source: 0 / MskService
Event Description:
Unable to start server front end.
Socket Error # 10049
Cannot assign requested address.

Event Record #/Type21103 / Error
Event Submitted/Written: 04/04/2008 04:14:46 PM
Event ID/Source: 0 / MskService
Event Description:
Unable to start server front end.
Socket Error # 10049
Cannot assign requested address.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type59776 / Warning
Event Submitted/Written: 04/04/2008 04:39:15 PM
Event ID/Source: 20 / Print
Event Description:
ГГГ ГГўГҐГ ГЇГГЁГГІГҐГГ LogMeIn Printer Driver ГГГї Windows NT x86 Version-3 ГГГЎГ ГўГГҐГ ГЁГГЁ ГГЎГГГўГГҐГ. ГГ ГГГ:- LMIprinter.dll, LMIprinterui.dll, LMIprinterdat.dll.

Event Record #/Type59754 / Error
Event Submitted/Written: 04/04/2008 04:12:12 PM
Event ID/Source: 10005 / DCOM
Event Description:
ГЋГёГЁГЎГЄГ DCOM "%%1053" ГЇГГЁ ГЇГГЇГГІГЄГҐ ГГ ГЇГіГГЄГ ГГГіГГЎГ MskService Г Г ГГЈГіГГҐГГІГ ГГЁ ""
ГГГї ГГ ГЇГіГГЄГ ГГҐГГўГҐГГ :
{5109B8D8-73AF-4C41-A70E-73707E1F908A}

Event Record #/Type59753 / Error
Event Submitted/Written: 04/04/2008 04:12:12 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
ГГЎГГ ГЇГГЁ ГГ ГЇГіГГЄГҐ ГГГіГГЎГ "McAfee SpamKiller Server" ГЁГ-ГГ ГГёГЁГЎГЄГЁ
%%1053

Event Record #/Type59752 / Error
Event Submitted/Written: 04/04/2008 04:12:12 PM
Event ID/Source: 7009 / Service Control Manager
Event Description:
ГГ ГГГ ГіГІ (30000 ГГ) ГГГЁГГ ГГЁГї ГГГї ГЇГГГЄГГѕГГҐГГЁГї ГГГіГГЎГ McAfee SpamKiller Server.

Event Record #/Type59733 / Error
Event Submitted/Written: 04/04/2008 04:10:55 PM
Event ID/Source: 7000 / Service Control Manager
Event Description:
ГГЎГГ ГЇГГЁ ГГ ГЇГіГГЄГҐ ГГГіГГЎГ "McAfee SpamKiller Server" ГЁГ-ГГ ГГёГЁГЎГЄГЁ
%%1053



-- End of Deckard's System Scanner: finished at 2008-04-04 23:22:15 ------------




-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 05, 2008 11:35:42 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 682912
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 86228
Number of viruses found: 3
Number of infected objects: 3
Number of suspicious objects: 66
Duration of the scan process: 01:16:48

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_1fc.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_a8.dat Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-04-05_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000001137.msg/ERR 99992.exe Infected: Trojan-Downloader.Win32.Nurech.s skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000001137.msg Embedded: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003487.eml/[From "Royal Bank of Scotland" <clientcare.ref913902509622.ib@rbs.co.uk>][Date Fri, 29 Jun 2007 18:33:14 -0700]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003487.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003488.eml/[From "The Royal Bank of Scotland" <customerservice.ref41674667508155.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003488.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003489.eml/[From "Royal Bank of Scotland" <clientdepmnt.reft898518393.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003489.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003493.eml/[From "Royal Bank of Scotland" <corporateclients.refHD3348273444LD.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000003493.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004359.eml/[From "The Royal Bank of Scotland" <clientcare.refHB994940528I.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004359.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004374.eml/[From "The Royal Bank of Scotland" <service.ref22624262923690.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004374.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004378.eml/[From "The Royal Bank of Scotland" <service.refn041952856219.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004378.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004336.eml/[From "The Royal Bank of Scotland" <cservice.refmt130360492q.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004336.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004351.eml/[From "The Royal Bank of Scotland" <clientservice.refWZ39437659TN.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004351.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004568.eml/[From "National Westminster Bank" <cservice.refJM53095767829QE.ib@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004568.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004433.eml/[From "Royal Bank of Scotland" <clientservice.refp69057680030zy.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004433.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004536.eml/[From "NatWest" <clientcare.refB85398474C.ib@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004536.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004539.eml/[From "NatWest Bank" <clientservice.refO195532464765.ib@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004539.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004525.eml/[From "Royal Bank of Scotland" <clientcare.refHN79313702J.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004525.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004529.eml/[From "The Royal Bank of Scotland" <cservice.ref790039512.ib@rbs.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004529.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004672.eml/[From "NatWest Bank" <clientcare.refk5931655ye.ib@natwest.co.uk>][Date Tue, 27 Nov 2007 18:13:41 +0100]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004672.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004687.eml/[From "NatWest Bank" <serviceteam.refue829205307106ck.ib@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004687.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004745.eml/[From "NatWest bank" <clientcare.refA931612311647.ib@natwest.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004745.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004724.eml/[From "HSBC Bank" <csteam.refvd1106036911.ib@hsbc.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004724.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004870.eml/[From "NatWest bank" <mail_serverI2368954.ocf@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000004870.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005053.eml/[From "NatWest" <mail.service43782860.ocf@natwest.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005053.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005099.eml/[From "NatWest bank plc" <mailservice15819656458.ocf@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005099.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005272.eml/[From "NatWest bank" <message_robotHX003889594HT.ocf@natwest.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005272.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005308.eml/[From "NatWest bank" <mailserverwk28477653579a.ocf@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005308.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005328.eml/[From "NatWest Bank" <generator.id7036903089NOF@natwest.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005328.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005509.eml/[From "NatWest Bank" <c_support.id417768-1357284646NOF@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005509.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005889.eml/[From "NatWest Bank" <customer_service.id3597-510647897NOF@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005889.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005916.eml/[From "NatWest Bank" <mailing.id1652-36006912NOF@natwest.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005916.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006055.eml/[From "NatWest Bank" <mailserver.id662-531573NOF@natwest.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006055.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006180.eml/[From "Halifax" <cservice.id28436883022HOF@halifax.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006180.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006284.eml/[From "Halifax" <automail.id67417-8843042HOF@halifax.co.uk>][Date Fri, 28 Mar 2008 17:55:23 +0500]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006284.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006252.eml/[From "HSBC" <mail_system.id831079-12952742bib@hsbc.com>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006252.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006253.eml/[From "Halifax bank" <auto_notify.id60835069-76552HOF@halifax.co.uk>]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000006253.eml Mail: suspicious - 1 skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped
C:\Documents and Settings\All Users\РРѕРєСѓРјРРЅСС\setup.exe Infected: Trojan-Proxy.Win32.Horst.te skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\1\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\1\Local Settings\Temp\~DF39CE.tmp Object is locked skipped
C:\Documents and Settings\1\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\1\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\1\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\1\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\1\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\1\NTUSER.DAT Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\System Volume Information\_restore{ABCC21BE-D616-4E00-8513-5AB84E902485}\RP650\change.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{ABCC21BE-D616-4E00-8513-5AB84E902485}\RP650\change.log Object is locked skipped

Scan process completed.


BC AdBot (Login to Remove)

 


m

#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:46 AM

Posted 17 April 2008 - 05:45 AM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:
I apologize for the delay getting to your log, the helpers here are very busy.

If you still need help, please post a fresh Hijackthis log, in this thread, so I can help you with your malware problems.
If you have resolved this issue please let us know.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 insomni

insomni
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 17 April 2008 - 01:27 PM

Thanks! :thumbsup: Your help is appreciated. Here's a new log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:57, on 17/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ATK0100\HControl.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ABBYY Lingvo 12\Lvagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Nnueee
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [Intense Registry Service] IntEdReg.exe /CHECK
O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" /STARTUP
O4 - HKLM\..\Run: [pdfFactory Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-809038056-2619393171-483710906-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU
O8 - Extra context menu item: &Экспорт в Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 12\Lingvo.exe/3000
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Ni?aai?iua iaoa?eaeu - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O12 - Plugin for .tif: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DD72AEB-0887-4C45-9088-68F83484842A}: NameServer = 192.168.2.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DD72AEB-0887-4C45-9088-68F83484842A}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ?o?iae niauoee (Eventlog) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Neo?aa COM caiene eiiiaeo-aeneia IMAPI (ImapiService) - Корпорация Майкрософт - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Корпорация Майкрософт - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Plug and Play (PlugPlay) - Корпорация Майкрософт - C:\WINDOWS\system32\services.exe
O23 - Service: Aeniao?a? naaina ni?aaee aey oaaeaiiiai ?aai?aai noiea (RDSessMgr) - Корпорация Майкрософт - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Nia?o-ea?ou (SCardSvr) - Корпорация Майкрософт - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: ?o?iaeu e iiiaauaiey i?iecaiaeoaeuiinoe (SysmonLog) - Корпорация Майкрософт - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Oaiaaia eiie?iaaiea oiia (VSS) - Корпорация Майкрософт - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Aaaioa? i?iecaiaeoaeuiinoe WMI (WmiApSrv) - Корпорация Майкрософт - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 12245 bytes

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:46 AM

Posted 17 April 2008 - 07:12 PM

Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZU



Reboot your computer.




Please download ComboFix and save it to your desktop.
Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet.

Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 insomni

insomni
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 18 April 2008 - 09:53 AM

Done. Here's the log (thanks again!):

ComboFix 08-04-17.1 - 1 2008-04-18 17:32:56.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.7.1049.18.146 [GMT 3:00]
Running from: C:\Documents and Settings\1\Рабочий стол\Anti-malware Tools\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-03-18 to 2008-04-18 )))))))))))))))))))))))))))))))
.

2008-04-18 15:42 . 2008-04-18 15:42 <DIR> d--hs---- C:\FOUND.000
2008-04-17 22:17 . 2008-04-17 22:17 <DIR> d--h----- C:\WINDOWS\system32\CanonMF Uninstaller Information
2008-04-17 22:17 . 2008-04-17 22:17 <DIR> d--h----- C:\CanonMF
2008-04-17 22:16 . 2007-04-18 17:14 69,632 --------- C:\WINDOWS\system32\CNAS0MMK.DLL
2008-04-14 13:37 . 2008-04-14 13:37 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-04-05 07:59 . 2008-04-05 07:59 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-05 07:59 . 2008-04-05 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-04 23:19 . 2008-04-04 23:19 <DIR> d-------- C:\Deckard
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-04 19:04 . 2008-04-04 19:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-04 19:03 . 2008-04-04 19:03 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-04 16:51 . 2008-04-04 16:51 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-04-04 16:51 . 2008-04-04 16:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-04 16:51 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\system32\MSINET.OCX
2008-04-04 16:42 . 2005-03-14 12:37 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\WINDOWS
2008-04-04 16:42 . 2005-03-14 12:41 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Symantec
2008-04-04 16:42 . 2005-03-14 12:36 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\InterTrust
2008-04-04 16:42 . 2005-03-14 12:48 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Application Data\Intel
2008-04-04 16:42 . 2005-03-14 12:22 <DIR> d--h----- C:\Documents and Settings\LogMeInRemoteUser\Шаблоны
2008-04-04 16:42 . 2005-03-14 12:22 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser\Рабочий стол
2008-04-04 16:42 . 2005-03-14 12:46 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Мои документы
2008-04-04 16:42 . 2005-03-14 12:22 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Главное меню
2008-04-04 16:42 . 2005-03-14 12:46 <DIR> dr------- C:\Documents and Settings\LogMeInRemoteUser\Избранное
2008-04-04 16:42 . 2008-04-04 16:42 <DIR> d-------- C:\Documents and Settings\LogMeInRemoteUser
2008-04-04 16:42 . 2008-04-18 17:32 1,024 --ah----- C:\Documents and Settings\LogMeInRemoteUser\ntuser.dat.LOG
2008-04-04 16:39 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-04-04 16:39 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-04-04 16:39 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-04-04 16:38 . 2008-04-04 16:38 <DIR> d-------- C:\Program Files\LogMeIn
2008-04-04 16:38 . 2007-11-15 18:46 87,352 --a------ C:\WINDOWS\system32\LMIinit.dll
2008-04-04 16:38 . 2008-04-04 16:38 1,024 --a------ C:\.rnd
2008-04-04 13:37 . 2008-04-04 13:40 888 --a------ C:\WINDOWS\wininit.ini
2008-04-03 22:19 . 2008-03-29 20:31 75,856 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-04-03 22:19 . 2008-03-29 20:35 20,560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-04-02 14:34 . 2008-04-02 14:34 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-02 14:34 . 2008-04-02 14:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 21:54 . 2008-03-30 21:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-30 21:54 . 2008-03-30 21:54 <DIR> d-------- C:\Documents and Settings\1\Application Data\Comodo
2008-03-30 21:51 . 2005-04-06 21:46 214 --a------ C:\boot.ini.comodofirewall
2008-03-30 21:50 . 2008-03-30 21:50 <DIR> d-------- C:\Program Files\Comodo
2008-03-30 21:28 . 2008-03-30 21:28 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-30 07:45 . 2008-03-30 07:45 <DIR> d-------- C:\Program Files\Alwil Software
2008-03-30 07:45 . 2008-03-29 20:45 1,146,232 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-30 07:45 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-30 07:45 . 2008-03-29 20:23 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-30 07:45 . 2008-03-29 20:35 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-30 07:45 . 2008-01-17 18:34 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-30 07:45 . 2008-03-29 20:27 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-30 07:45 . 2008-03-29 20:26 26,944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-30 07:45 . 2008-03-29 20:29 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-28 08:14 . 2008-03-28 08:14 <DIR> d-------- C:\Documents and Settings\1\Application Data\McAfee
2008-03-25 12:25 . 2008-03-25 12:25 <DIR> d-------- C:\Documents and Settings\1\Application Data\Uniblue
2008-03-25 07:37 . 2008-03-05 10:21 126,976 --------- C:\WINDOWS\system32\fppr332.dll
2008-03-19 20:57 . 2008-03-19 20:57 <DIR> d-------- C:\Documents and Settings\1\Application Data\skypePM
2008-03-19 20:57 . 2008-03-19 20:57 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-19 20:56 . 2008-03-19 20:56 <DIR> d-------- C:\Program Files\Skype
2008-03-19 20:56 . 2008-03-19 20:56 <DIR> d-------- C:\Program Files\Common Files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 07:19 331,776 ------w C:\WINDOWS\system32\fppmon3.dll
2008-03-03 11:09 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-03-01 15:31 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 09:00 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:59 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:38 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 15:22 4670968]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 17:22 21898024]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-19 20:57 171448]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2004-12-16 19:19 98304]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-11-24 08:52 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-11-24 08:52 126976]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 12:54 172032]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2004-09-21 16:55 81920]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-12-22 17:23 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-12-22 17:23 688218]
"SoundMan"="SOUNDMAN.EXE" [2004-11-05 09:18 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-11-05 09:17 2744832 C:\WINDOWS\alcwzrd.exe]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-15 11:27 385024]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-10-15 11:31 356352]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-28 12:32 188416]
"Intense Registry Service"="IntEdReg.exe" [2001-10-10 06:32 43008 C:\WINDOWS\system32\intedreg.exe]
"Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 12\Lvagent.exe" [2006-12-08 02:06 258048]
"pdfFactory Dispatcher v3"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2008-03-05 10:21 516096]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 20:37 79224]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2008-03-30 21:50 1115728]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 15:09 63048]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 14:49 1121280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-18 16:00 15360]

C:\Documents and Settings\1\ѓўҐ Ґо\ЏаЈал\ЂўвЈагЄ\
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2004-04-13 17:03:10 299008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-10-15 11:27 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\ASUS\\ASUS Live Update\\LiveUpdt.exe"=
"C:\\WINDOWS\\System32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 R592;R592;C:\WINDOWS\system32\DRIVERS\R592.sys [2004-10-15 03:29]
R0 risdpntk;risdpntk;C:\WINDOWS\system32\DRIVERS\risdpntk.sys [2004-10-15 03:29]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 20:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 20:35]
R2 BjsPort;Canon BJ Scanner Port Driver;C:\WINDOWS\system32\drivers\BjsPort.SYS [1999-09-27 10:47]
R2 DbgMsg;Debug Message;C:\WINDOWS\System32\Drivers\DbgMsg.sys [2004-07-21 10:38]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2000-03-29 14:17]
S3 MosIrUsb;MosIrUsb.sys;C:\WINDOWS\system32\DRIVERS\MosIrUsb.sys [2004-08-02 17:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a013fc4-fde2-11dc-8102-0011d86b60de}]
\Shell\AutoRun\command - H:\PortableRoboForm.exe
\Shell\RoboForm2Go\command - H:\PortableRoboForm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de5c17f7-800c-11dc-8090-0011d86b60de}]
\Shell\AutoRun\command - H:\batchfil.bat

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-18 17:34:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-18 17:35:23
ComboFix-quarantined-files.txt 2008-04-18 14:35:20

17 папок 4,273,700,864 байт свободно
22 папок 4,573,642,752 байт свободно
.
2008-04-17 08:36:00 --- E O F ---

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:46 AM

Posted 19 April 2008 - 07:36 AM

Your log looks pretty good to me. How is your computer behaving now? Any problems?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 insomni

insomni
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 21 April 2008 - 10:26 AM

No, it seems much better now! Thanks for all your help! :thumbsup: Case closed.

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:46 AM

Posted 22 April 2008 - 05:59 AM

Just a few last things and you should be good to go! :blink:


First, your log shows that you don't have the recovery console installed.
Check this link for more info on the recovery console and how to get it installed.

How to install and use the Windows XP Recovery Console



===================



Next, let's remove Combofix now that we're done with it and clean up a few other things.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

    • Posted Image
  • When shown the disclaimer, Select "2"
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.


==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbsup: :wacko:
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:46 AM

Posted 13 May 2008 - 09:20 AM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users