Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to boot, stuck at CLASSPNP.sys


  • This topic is locked This topic is locked
35 replies to this topic

#1 OscarP

OscarP

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 29 December 2008 - 01:48 PM

I have a laptop that was infested by lot of viruses. I can not boot it up. The hard drive is fine, I can boot using the UBCD4Win and I was able to scan the C drive. Still, I can not boot up. I can not use combofix because it tries to delete files from my bootabel USB stick. Where should I start? Here is my HijackThis log and the log from the Antivirus: PLEASE HELP!

HIJACKTHIS LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:23:29 PM, on 12/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.2180)
Boot mode: Normal

Running processes:
X:\minint\system32\csrss.exe
X:\minint\system32\services.exe
X:\minint\system32\lsass.exe
X:\minint\system32\svchost.exe
X:\minint\system32\svchost.exe
X:\Programs\Nu2Menu\nu2menu.exe
X:\programs\geoshell\GEOSHELL.EXE
X:\minint\System32\svchost.exe
X:\programs\rocketdock\RocketDock.exe
X:\Programs\Runscanner\RunScanner.exe
B:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com/search/de_srchlft.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
O2 - BHO: (no name) - {68395B01-A6E2-496A-957A-EAAF8AD4B5E2} - C:\WINDOWS\system32\qoMfdbbb.dll (file missing)
O2 - BHO: GrandBar IE Helper - {84ba8988-33e1-4c89-a150-bf428e8d3213} - C:\Program Files\GrandPack\GrandPack.dll
O2 - BHO: (no name) - {8626ca5d-9fc0-4a5c-aa8f-10434916391e} - C:\WINDOWS\system32\catsr.dll (file missing)
O2 - BHO: (no name) - {a72130bf-9520-41d4-8da0-5da263653cfc} - C:\WINDOWS\system32\jkkICsro.dll (file missing)
O2 - BHO: Rmn plugin - {abadc07c-9990-405a-aa24-2c209b50ae79} - svchstb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: {b0294254-a26d-9dca-06c4-ef29edb31aeb} - {bea13bde-92fe-4c60-acd9-d62a4524920b} - C:\WINDOWS\system32\byhsqc.dll
O2 - BHO: (no name) - {c4acafb1-c6aa-4e58-be1f-ac4f6e26a74e} - C:\WINDOWS\system32\bootvi.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKUS\SB_ON_C\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\SB_ON_C\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\SB_ON_C\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup (User '?')
O4 - HKUS\SB_ON_C\..\Run: [winhpdrv] "C:\Documents and Settings\SB\Application Data\Google\xtgoj6119471.exe" (User '?')
O4 - HKUS\SB_ON_C\..\Run: [GetModule31] C:\Program Files\GetModule\GetModule31.exe (User '?')
O4 - HKUS\SB_ON_C\..\Run: [GetPack26] "C:\Program Files\GetPack\GetPack26.exe" (User '?')
O4 - HKUS\SB_ON_C\..\Run: [Twain] C:\Documents and Settings\SB\Application Data\Twain\Twain.exe (User '?')
O4 - HKUS\SB_ON_C\..\Run: [SpeedRunner] C:\Documents and Settings\SB\Application Data\SpeedRunner\SpeedRunner.exe (User '?')
O4 - HKUS\SB_ON_C\..\Run: [SfKg6wIP] C:\Documents and Settings\SB\Application Data\Microsoft\Windows\icsnomp.exe (User '?')
O4 - HKUS\SB_ON_C\..\Run: [moqz] C:\PROGRA~1\COMMON~1\moqz\moqzm.exe (User '?')
O4 - HKUS\SB_ON_C\..\Run: [gadcom] "C:\Documents and Settings\SB\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A (User '?')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Filter hijack: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - AppInit_DLLs: karna.dat byhsqc.dll
O20 - Winlogon Notify: nnnnmdtt - nnnnMDtT.dll (file missing)
O21 - SSODL: bKrJdUaBrh - {98CDB245-3267-18EF-158E-C69A95FCDBF4} - C:\WINDOWS\system32\pl.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11215 bytes

ANTIVIRUS LOG EXECUTED BEFORE HIJACKTHIS:

Avira AntiVir Personal
Report file date: Monday, December 29, 2008 10:13

Scanning for 1026512 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MININT-JVC

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 3/18/2008 16:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2/7/2008 15:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 2/28/2008 15:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 2/21/2008 15:28:42
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 11:29:38
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 11/9/2008 16:56:28
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 11/9/2008 16:56:30
ANTIVIR3.VDF : 7.1.0.69 79872 Bytes 11/11/2008 13:45:44
Engineversion : 8.2.0.30
AEVDF.DLL : 8.1.0.6 102772 Bytes 10/15/2008 09:49:38
AESCRIPT.DLL : 8.1.1.14 332156 Bytes 11/11/2008 11:48:32
AESCN.DLL : 8.1.1.5 123251 Bytes 11/7/2008 16:35:16
AERDL.DLL : 8.1.1.3 438645 Bytes 11/5/2008 07:43:26
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 11:48:30
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 11/7/2008 16:35:14
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 11/7/2008 16:35:14
AEHELP.DLL : 8.1.1.3 119157 Bytes 11/7/2008 16:35:14
AEGEN.DLL : 8.1.1.0 319859 Bytes 11/7/2008 16:35:14
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/15/2008 09:49:36
AECORE.DLL : 8.1.4.1 172405 Bytes 11/7/2008 16:35:14
AEBB.DLL : 8.1.0.3 53618 Bytes 10/15/2008 09:49:34
AVWINLL.DLL : 1.0.0.7 14593 Bytes 1/24/2008 00:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 2/18/2008 17:37:52
AVREP.DLL : 8.0.0.2 98344 Bytes 11/11/2008 15:42:46
AVREG.DLL : 8.0.0.0 30977 Bytes 1/24/2008 00:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 15:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2/28/2008 15:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/23/2008 00:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 1/24/2008 00:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 19:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 3/10/2008 21:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 3/6/2008 19:02:12

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: b:\antivir\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: B:, C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Monday, December 29, 2008 10:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GEOSHELL.EXE' - '1' Module(s) have been scanned
Scan process 'nu2menu.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'B:\'
[INFO] No virus was found!
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '4' files ).


Starting the file scan:

Begin scan in 'B:\' <RAMDisk>
Begin scan in 'C:\'
C:\Documents and Settings\SB\Application Data\Sun\Java\Deployment\cache\6.0\22\626cced6-50a57179
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.B.2
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Application Data\Sun\Java\Deployment\cache\6.0\40\3cda1268-2f513cd2
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.B.2
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Application Data\Sun\Java\Deployment\cache\6.0\47\bd7ce2f-2eb96039
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains detection pattern of the exploits EXP/Java.Gimsh.B.2
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temp\.tt20D.tmp.vbs
[DETECTION] Contains detection pattern of the VBS script virus VBS/Agent.1002
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temp\asmfiles.cab
[0] Archive type: CAB (Microsoft)
--> asm.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temp\TDSS7b29.tmp
[DETECTION] Is the Trojan horse TR/Patched.CL
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temp\TDSSad7a.tmp
[DETECTION] Is the Trojan horse TR/Patched.CL
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temp\TDSSc373.tmp
[DETECTION] Is the Trojan horse TR/Patched.CL
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temp\TDSSd046.tmp
[DETECTION] Is the Trojan horse TR/Patched.CL
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\236Z3MPC\player[1].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49b9ab50.qua'!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\236Z3MPC\portal[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\W12B4TQ3\file[1].pdf
[0] Archive type: PDF Stream
--> Object
[DETECTION] Contains detection pattern of the Java script virus JS/Bofra.A.1
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\W12B4TQ3\myport[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\W12B4TQ3\pdf[1].pdf
[0] Archive type: PDF Stream
--> Object
[DETECTION] Contains detection pattern of the HTML script virus HTML/Rce.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\W72ICEN1\CAUNEZQT.htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\W9MNC1QJ\afr[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\YNSPUDSJ\index[5].htm
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '49bcabd5.qua'!
C:\Documents and Settings\SB\Local Settings\Temporary Internet Files\Content.IE5\YNSPUDSJ\Ms08053[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Shellcode.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\My Documents\FrostWire\Incomplete\Preview-T-3877627-jonas bothers-burning up .mp3
[DETECTION] Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\My Documents\FrostWire\Incomplete\T-3877627-jonas bothers-burning up .mp3
[DETECTION] Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\My Documents\FrostWire\Incomplete\T-3877629-to be with you david archuleta - greatest hits.mp3
[DETECTION] Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\My Documents\FrostWire\Saved\jonas bothers-burning up .mp3
[DETECTION] Contains detection pattern of the exploits EXP/ASF.GetCodec.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\My Documents\My Music\iTunes\04 Track 4.wma
[DETECTION] Is the Trojan horse TR/Wimad.A.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\SB\My Documents\My Music\iTunes\05 Track 5.wma
[DETECTION] Is the Trojan horse TR/Wimad.A.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001001.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0001017.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0002017.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0002035.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0002053.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0003053.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0003072.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0004072.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0005072.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0006072.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007072.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0007090.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0008090.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0008115.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0009115.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0010115.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0010134.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0011134.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0012134.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0013134.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0013150.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0014150.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0014166.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0015166.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0015188.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0016188.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0017188.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0018188.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0018205.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0018209.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0018228.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0019228.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0020228.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0021228.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0022228.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0022244.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0022260.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\A0024260.dll
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1\snapshot\MFEX-1.DAT
[DETECTION] Is the Trojan horse TR/Agent.16896
[NOTE] The file was deleted!
C:\WINDOWS\system32\pl.dll
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\TDSSavhbksuy.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/TDSS.adb Backdoor server programs
[NOTE] The file was deleted!
C:\WINDOWS\system32\TDSSrqxyvbeh.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/TDSS.JW Backdoor server programs
[NOTE] The file was deleted!
C:\WINDOWS\system32\TDSSxibmkltp.dll
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/TDSS.acs Backdoor server programs
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\3f2933b1.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\e5226b45.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\ihjhmdnd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\TDSSxvakxirp.sys
[DETECTION] Contains detection pattern of the rootkit RKIT/TDss.G.22
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN10.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN11.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN12.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN13.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN14.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN15.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN16.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN17.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN18.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN19.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN1A.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN1B.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN1C.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN1D.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN1E.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN1F.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN2.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN20.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN22.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN23.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN24.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN25.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN26.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN27.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN3.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN4.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN5.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN6.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN7.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN8.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BN9.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BNA.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BNB.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BNC.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BND.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BNE.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!
C:\WINDOWS\Temp\BNF.tmp
[DETECTION] Contains detection pattern of the dropper DR/Delphi.Gen
[NOTE] The file was deleted!


End of the scan: Monday, December 29, 2008 11:51
Used time: 1:38:15 min

The scan has been done completely.

11731 Scanning directories
670454 Files were scanned
104 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
105 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
670350 Files not concerned
4365 Archives were scanned
1 Warnings
107 Notes

Edited by OscarP, 29 December 2008 - 02:27 PM.


BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 05 January 2009 - 07:14 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 07 January 2009 - 11:54 AM

I am unable to install malwarebutes and rsit. I can not boot into my computer, not even on safe mode. I can boot from my UCD4WIN flashdrive. With it, I cas able to scan the computer with the scaner that comes with UCD4WIN. I get errors whenever I try to install software on the environment started by UCD4WIN. I was able to run GMER but I had to uncheck all the checkboxes in the rootkit tab otherwise it starts scaning the flash drive installation instead of the C drive of the computer. To star, I get this:

Disk \Device\Harddisk\DR0 sector 61: malicious code @ sector 0x6fc3dbf size 0x1ad
Disk \Device\Harddisk\DR0 sector 62: copy of MBR

Scaning the C drive with GMER show nothing at the end.

I used mbr -f but still, if I run GMER again, it shows the same thing.

Now, how do I know in which part is the boot process stoping. I can not boot into Safe Mode. If I try, I can see the sequence of drivers being loaded. It stops after showing that the CLASSPNP.sys is loaded. How do I know which driver is next?

Any ideas???

Thanks so much!

Edited by OscarP, 07 January 2009 - 03:18 PM.


#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 08 January 2009 - 12:12 AM

via UCD4WIN cd.. can you do System Restore?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 08 January 2009 - 06:28 PM

I am not able to do a system restore. I was able to do a Registry Restore but did not help.

At least I can see my hard drive information with UCD4WIN.

Any other ideas? Is there a way to find out where in the booting process is this getting stuck??

Thanks for your help!!

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 09 January 2009 - 09:38 AM

I'm not sure about that.. we really need to get that computer bootable first.. Can you run RSIT via the bootdisk and post the logs here?. I want to see how nasty the infection is..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 12 January 2009 - 11:00 AM

RSIT will not start. I am getting an error Line -1 incorrect number of parameters.

I tried DDS.scr and it will look on the UCD4WIN windows drive and not on the C drive.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 January 2009 - 11:45 AM

IMPORTANT! At this point I would advised you to backup all important data/pics/movies/games/documents inside that computer via the boot cd..

Then do this..

Please download OTViewIt to your desktop.
  • Close all windows and double click OTViewIt
  • Place a tick in the Scan all Users and Use Whitelist boxes
  • In the File Age drop down box select 60 days
  • Click Run Scan and let the program run uninterrupted
  • On completion it will produce two logs on the Desktop, post the OTViewIt.txt and Extras.txt logs in your next post.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 12 January 2009 - 06:09 PM

If I run it, it will scan only the X drive which is where my UCD4WIN loads its system. How can I scan the C drive?

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 12 January 2009 - 11:11 PM

Ok.. Lets do another scanner.. Wow.. Unbootable Windows is always a toughie..


Please download FileLister by bamajim and unzip it to your Desktop..
  • Double-click on FileLister.vbe and let it run. Wait until a log pop-on to your screen
  • Attach that log in your next reply.. You can find the log at C:\Files.txt or %Systemdrive%\Files.txt
Should that fails, do below...


Please download ISeeYouXP by ShadowPuterDude and save it to your Desktop..
  • Double-click ISeeYouXP.exe, It will be extracted to C:\ISeeYouXP folder; and a shortcut to ISeeYouXP.bat will be placed on the Desktop.
  • Double-click the ISeeYouXP.bat shortcut which is placed on your Desktop.
    • Vista Users: Right-click on ISeeYouXP.bat and select "Run as Administrator"
  • Please be patient as ISeeYouXP will take a few minutes to complete the scan..
  • After the scan finish, you will see a textfile ISeeYouXP.txt on your Desktop..
  • Please attach that textfile in your next reply..
Note: Vista users will need to turn off UAC function. Please visit here if you do not know how..

Edited by fenzodahl512, 12 January 2009 - 11:13 PM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 13 January 2009 - 06:27 PM

OK, File Lister did not work. Again, maybe because it tries to work against the minimun system launched by UCD4WIN.

ISEEYOUXP ran but I had to open a cmd window and set the path to include c:\windows and c:\windows\system32 as well as windir

Here are the contents of the ISeeYouXP.txt file. One tip, the laptop stopped working on December 24. THANKS!

************************************************************************************
ISeeYouXP v2.0 Beta 14

ISeeYouXP v1.3.0-v2.0 Beta 14 Copyright - ShadowPuterDude
ISeeYouXP v1.2.9 and earlier Copyright - PhilliePhan
------------------------------------------------------------------------------------
**** PLEASE NOTE THAT MOST (if not ALL) OF THE ITEMS BELOW ARE NOT BADDIES! ****
**** PLEASE CONSULT A KNOWLEDGEABLE PERSON BEFORE TAKING ANY ACTION. ****
************************************************************************************

Windows/Browser/Java Versions:





Scan done at 17:10:28.46, Tue 01/13/2009

------------------------------------------------------------------------------------

ISeeYouXP installation folder and files

"C:\ISeeYouXP\"
bootst~1.vbs May 28 2007 359 "bootstate.vbs"
change.log Jun 8 2008 5012 "change.log"
chodefix.bat Apr 18 2007 5387 "chodefix.bat"
fixchode.reg Apr 18 2007 528 "fixChode.reg"
fixexp~1.bat Feb 24 2007 487 "FixExplorerPolicies.bat"
getunk~1.bat Aug 12 2006 1478 "GetUnKeys.bat"
grep.exe Dec 24 2004 160768 "grep.exe"
hideit.bat Oct 17 2007 1072 "HideIT.bat"
ieinfo.vbs May 28 2007 514 "ieinfo.vbs"
iesecu~1.bat Oct 28 2007 72 "IESecurityZones.bat"
iesecu~1.vbs Nov 8 2007 2399 "IESecurityZones.vbs"
iseeyo~1.bat Jun 8 2008 211377 "ISeeYouXP.bat"
libico~1.dll Mar 16 2004 898048 "libiconv2.dll"
libintl3.dll Oct 9 2004 101888 "libintl3.dll"
locate.com Jan 14 2005 11254 "locate.com"
md5sum.exe Aug 5 2007 49152 "md5sum.exe"
msconf~1.bat Feb 24 2007 578 "MSConfigFix.bat"
osinfo.vbs May 28 2007 598 "osinfo.vbs"
pcbutts.txt Mar 25 2007 5167 "PCBUTTS.TXT"
pcre.dll Nov 14 2004 183313 "pcre.dll"
pv.exe Mar 3 2006 73728 "pv.exe"
regedi~1.bat Mar 30 2007 650 "RegEditFix.bat"
regfix.bat Apr 18 2007 145 "Regfix.bat"
servic~1.vbs May 28 2007 672 "servicesinfo.vbs"
showit.bat Oct 17 2007 1013 "ShowIT.bat"
swreg.exe Apr 5 2007 139776 "swreg.exe"
system~1.bat Feb 28 2007 369 "SystemRestoreFix.bat"
taskmg~1.bat Feb 24 2007 288 "TaskMgrFix.bat"

28 items found: 28 files, 0 directories.
Total of file sizes: 1,856,092 bytes 1.77 M
3 Dir(s) 24,141,103,104 bytes free

------------------------------------------------------------------------------------

System Environment Variables

ALLUSERSPROFILE=B:\UBCD4Win User Settings\Administrator
AppData=B:\UBCD4Win User Settings\Administrator\Application Data
AutoRun=1
CommonProgramFiles=X:\minint\system32
COMPUTERNAME=MININT-JVC
ComSpec=C:\WINDOWS\system32\cmd.exe
errcode=0
OS=Windows_NT
Path=C:\WINDOWS;C:\WINDOWS\system32;X:\minint;X:\minint\System32;X:\Bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.CPL
ProfilesDir=B:\UBCD4Win User Settings
ProgramFiles=X:\Programs
PROMPT=$P$G
ramdrv=B:
SystemDrive=X:
SystemRoot=X:\minint
TARGET_ROOT=C:\WINDOWS
temp=B:
tmp=B:
USERNAME=Administrator
UserProfile=B:\UBCD4Win User Settings\Administrator
windir=C:\WINDOWS

------------------------------------------------------------------------------------

Showing any Pocket Killbox backup files

No matches found.

------------------------------------------------------------------------------------

Displaying BOOT.INI:


------------------------------------------------------------------------------------

Displaying SYSTEM.INI:


------------------------------------------------------------------------------------

Displaying WIN.INI:


------------------------------------------------------------------------------------

Displaying Running Processes:

PROCESS PID PRIO PATH
csrss.exe 208 Normal X:\minint\system32\csrss.exe
services.exe 268 Normal X:\minint\system32\services.exe
lsass.exe 280 Normal X:\minint\system32\lsass.exe
svchost.exe 408 Normal X:\minint\system32\svchost.exe
svchost.exe 480 Normal X:\minint\system32\svchost.exe
nu2menu.exe 616 Normal X:\Programs\Nu2Menu\nu2menu.exe
GEOSHELL.EXE 664 Above Normal X:\programs\geoshell\GEOSHELL.EXE
svchost.exe 732 Normal X:\minint\System32\svchost.exe
RocketDock.exe 936 Normal X:\programs\rocketdock\RocketDock.exe
cmd.exe 1008 Normal X:\minint\system32\cmd.exe
ntvdm.exe 1176 Normal X:\minint\system32\ntvdm.exe
pv.exe 1364 Normal C:\ISEEYO~1\pv.exe

------------------------------------------------------------------------------------

Displaying Windows Services:


------------------------------------------------------------------------------------

Displaying LOG for Microsoft Windows Malicious Software Removal Tool:
*** Microsoft Windows MRT Log NOT Found! ****
----------------------------------------------------------------------------
Listing HKCU Explorer\Advanced//Hidden and SuperHidden Registry Keys
if Hidden = 0 then Hidden Files and Folders are not shown
if SuperHidden = 1 is the desired default value.
if ShowSuperHidden = 0 then System Files are not shown
if HideFileExt = 1 then File Extension are not shown
We want their values to be (from top to bottom) 1,1,1,0
----------------------------------------------------------------------------

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\advanced
Hidden REG_DWORD 1 (0x1)
ShowSuperHidden REG_DWORD 1 (0x1)
SuperHidden REG_DWORD 1 (0x1)
HideFileExt REG_DWORD 0 (0x0)

************************************************************************************

Examining Select Windows Registry Keys
------------------------------------------------------------------------------------

--------------------------------------------------------------------------
Items Found in ZoneMap\Domains:
--------------------------------------------------------------------------



Error: Key: software\microsoft\windows\currentversion\internet settings\zonemap\domains does not exist!


----------------------------------------------------------------------------
Current User ZoneMap ProtocolDefaults
----------------------------------------------------------------------------



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\internet settings\zonemap\protocoldefaults
<NO NAME> REG_SZ
@ivt REG_DWORD 1 (0x1)
file REG_DWORD 3 (0x3)
ftp REG_DWORD 3 (0x3)
http REG_DWORD 3 (0x3)
https REG_DWORD 3 (0x3)
shell REG_DWORD 0 (0x0)

----------------------------------------------------------------------------
Default URL Prefix Keys
----------------------------------------------------------------------------



Error: Key: software\microsoft\windows\currentversion\url does not exist!


--------------------------------------------------------------------------
Startup Items Disabled via MSCONFIG:
--------------------------------------------------------------------------


--------------------------------------------------------------------------
Select AutoRun Registry Keys:
--------------------------------------------------------------------------



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce


Error: Key: software\microsoft\windows\currentversion\run does not exist!



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce


HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex


HKEY_USERS\.default\software\microsoft\windows\currentversion\run


HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce


Error: Key: s-1-5-19\software\microsoft\windows\currentversion\run does not exist!


--------------------------------------------------------------------------
WinLogon Notify Registry Key:
--------------------------------------------------------------------------



HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
DLLName REG_SZ cscdll.dll
Logon REG_SZ WinlogonLogonEvent
Logoff REG_SZ WinlogonLogoffEvent
ScreenSaver REG_SZ WinlogonScreenSaverEvent
Startup REG_SZ WinlogonStartupEvent
Shutdown REG_SZ WinlogonShutdownEvent
StartShell REG_SZ WinlogonStartShellEvent
Impersonate REG_DWORD 0 (0x0)
Asynchronous REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy
Asynchronous REG_DWORD 1 (0x1)
DllName REG_EXPAND_SZ %SystemRoot%\System32\dimsntfy.dll
Startup REG_SZ WlDimsStartup
Shutdown REG_SZ WlDimsShutdown
Logon REG_SZ WlDimsLogon
Logoff REG_SZ WlDimsLogoff
StartShell REG_SZ WlDimsStartShell
Lock REG_SZ WlDimsLock
Unlock REG_SZ WlDimsUnlock

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
DLLName REG_SZ wlnotify.dll
Logon REG_SZ SCardStartCertProp
Logoff REG_SZ SCardStopCertProp
Lock REG_SZ SCardSuspendCertProp
Unlock REG_SZ SCardResumeCertProp
Enabled REG_DWORD 1 (0x1)
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
DLLName REG_SZ WlNotify.dll
Lock REG_SZ SensLockEvent
Logon REG_SZ SensLogonEvent
Logoff REG_SZ SensLogoffEvent
Safe REG_DWORD 1 (0x1)
MaxWait REG_DWORD 600 (0x258)
StartScreenSaver REG_SZ SensStartScreenSaverEvent
StopScreenSaver REG_SZ SensStopScreenSaverEvent
Startup REG_SZ SensStartupEvent
Shutdown REG_SZ SensShutdownEvent
StartShell REG_SZ SensStartShellEvent
PostShell REG_SZ SensPostShellEvent
Disconnect REG_SZ SensDisconnectEvent
Reconnect REG_SZ SensReconnectEvent
Unlock REG_SZ SensUnlockEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
DLLName REG_SZ wlnotify.dll
Logon REG_SZ RegisterTicketExpiredNotificationEvent
Logoff REG_SZ UnregisterTicketExpiredNotificationEvent
Impersonate REG_DWORD 1 (0x1)
Asynchronous REG_DWORD 1 (0x1)

--------------------------------------------------------------------------
Shared Task Scheduler Registry Items:
--------------------------------------------------------------------------



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler
{438755C2-A8BA-11D1-B96B-00A0C90312E1} REG_SZ Browseui preloader
{8C7461EF-2B13-11d2-BE35-3078302C2030} REG_SZ Component Categories cache daemon

--------------------------------------------------------------------------
Scheduled Tasks:
--------------------------------------------------------------------------

Volume in drive C has no label.
Volume Serial Number is 98CD-B244

Directory of C:\WINDOWS\tasks

12/07/2008 05:24 AM <DIR> .
12/07/2008 05:24 AM <DIR> ..
12/24/2008 11:13 PM 256 Check Updates for Windows Live Toolbar.job
08/04/2004 10:00 AM 65 desktop.ini
12/24/2008 04:10 PM 6 SA.DAT
12/25/2008 12:00 AM 366 Symantec NetDetect.job
12/25/2008 12:00 AM 288 wqotccaz.job
5 File(s) 981 bytes

Total Files Listed:
5 File(s) 981 bytes
2 Dir(s) 24,141,103,104 bytes free
A C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
HR C:\WINDOWS\tasks\desktop.ini
A H C:\WINDOWS\tasks\SA.DAT
A C:\WINDOWS\tasks\Symantec NetDetect.job
A C:\WINDOWS\tasks\wqotccaz.job

----------------------------------------------------------------------------
ShellExecuteHooks Registry Keys
----------------------------------------------------------------------------



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks
{AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

----------------------------------------------------------------------------
ShellServiceObjectDelayLoad Registry Keys
----------------------------------------------------------------------------



HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload
SysTray REG_SZ {35CEC8A3-2BE6-11D2-8773-92E220524153}
Network.ConnectionTray REG_SZ {7007ACCF-3202-11D1-AAD2-00805FC1270E}

----------------------------------------------------------------------------
ModuleUsage Registry Keys:
----------------------------------------------------------------------------



Error: Key: software\microsoft\windows\currentversion\moduleusage does not exist!


----------------------------------------------------------------------------
BHO Registry Keys:
----------------------------------------------------------------------------



Error: Key: software\microsoft\windows\currentversion\explorer\browser helper objects does not exist!


--------------------------------------------------------------------------
Select Policy Keys:
--------------------------------------------------------------------------



HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun REG_BINARY b5000000
NoClose REG_DWORD 0 (0x0)
NoActiveDesktop REG_DWORD 0 (0x0)
NoMovingBands REG_DWORD 0 (0x0)
NoFileAssociate REG_DWORD 0 (0x0)
NoFind REG_DWORD 0 (0x0)
NoInstrumentation REG_DWORD 1 (0x1)
NoRecentDocsHistory REG_DWORD 0 (0x0)
NoSaveSettings REG_DWORD 1 (0x1)
ClassicShell REG_DWORD 0 (0x0)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
NoRecentDocsMenu REG_DWORD 1 (0x1)
NoFileMenu REG_DWORD 0 (0x0)
NoFolderOptions REG_DWORD 0 (0x0)
NoHardwareTab REG_DWORD 0 (0x0)
NoSMHelp REG_DWORD 1 (0x1)
NoSMMyDocs REG_DWORD 1 (0x1)
NoPropertiesMyComputer REG_DWORD 0 (0x0)
NoShellSearchButton REG_DWORD 0 (0x0)
ForceClassicControlPanel REG_DWORD 1 (0x1)
NoThemesTab REG_DWORD 1 (0x1)


HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
NoDispAppearancePage REG_DWORD 1 (0x1)
NoColorChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)


Error: Key: software\microsoft\windows\currentversion\policies\system does not exist!



HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun REG_BINARY b5000000
NoClose REG_DWORD 0 (0x0)
NoActiveDesktop REG_DWORD 0 (0x0)
NoMovingBands REG_DWORD 0 (0x0)
NoFileAssociate REG_DWORD 0 (0x0)
NoFind REG_DWORD 0 (0x0)
NoInstrumentation REG_DWORD 1 (0x1)
NoRecentDocsHistory REG_DWORD 0 (0x0)
NoSaveSettings REG_DWORD 1 (0x1)
ClassicShell REG_DWORD 0 (0x0)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
NoRecentDocsMenu REG_DWORD 1 (0x1)
NoFileMenu REG_DWORD 0 (0x0)
NoFolderOptions REG_DWORD 0 (0x0)
NoHardwareTab REG_DWORD 0 (0x0)
NoSMHelp REG_DWORD 1 (0x1)
NoSMMyDocs REG_DWORD 1 (0x1)
NoPropertiesMyComputer REG_DWORD 0 (0x0)
NoShellSearchButton REG_DWORD 0 (0x0)
ForceClassicControlPanel REG_DWORD 1 (0x1)
NoThemesTab REG_DWORD 1 (0x1)


HKEY_USERS\.default\software\microsoft\windows\currentversion\policies

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Comdlg32

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\Explorer

HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\System


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer
NoDriveTypeAutoRun REG_BINARY b5000000
NoClose REG_DWORD 0 (0x0)
NoActiveDesktop REG_DWORD 0 (0x0)
NoMovingBands REG_DWORD 0 (0x0)
NoFileAssociate REG_DWORD 0 (0x0)
NoFind REG_DWORD 0 (0x0)
NoInstrumentation REG_DWORD 1 (0x1)
NoRecentDocsHistory REG_DWORD 0 (0x0)
NoSaveSettings REG_DWORD 1 (0x1)
ClassicShell REG_DWORD 0 (0x0)
NoActiveDesktopChanges REG_DWORD 0 (0x0)
NoRecentDocsMenu REG_DWORD 1 (0x1)
NoFileMenu REG_DWORD 0 (0x0)
NoFolderOptions REG_DWORD 0 (0x0)
NoHardwareTab REG_DWORD 0 (0x0)
NoSMHelp REG_DWORD 1 (0x1)
NoSMMyDocs REG_DWORD 1 (0x1)
NoPropertiesMyComputer REG_DWORD 0 (0x0)
NoShellSearchButton REG_DWORD 0 (0x0)
ForceClassicControlPanel REG_DWORD 1 (0x1)
NoThemesTab REG_DWORD 1 (0x1)


HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\system
NoDispAppearancePage REG_DWORD 1 (0x1)
NoColorChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)

************************************************************************************

Checking File System for suspicious Files

--------------------------------------------------------------------------
Items in the Root Directory:
--------------------------------------------------------------------------

Locating all files created in X:\

"X:\"
winbom.ini Dec 29 2008 167 "winbom.ini"
ntldr Apr 14 2008 260288 "ntldr"
ntdetect.com Apr 14 2008 47564 "ntdetect.com"
CMDC Dec 29 2008 "CMDC"
MININT Dec 29 2008 "minint"
kick.lst Nov 12 2008 352 "kick.lst"
menu.lst Dec 28 2008 1519 "menu.lst"
PROGRAMS Dec 29 2008 "PROGRAMS"
SYSLINUX Dec 29 2008 "syslinux"
DELETED Dec 29 2008 "Deleted"
SUPPORT Dec 29 2008 "support"
avscan~1.log Dec 29 2008 49524 "AVSCAN-20081229-101328-15E3CABB.LOG"
autorun.inf Nov 2 2004 46 "autorun.inf"
ldlinux.sys Dec 29 2008 13639 "ldlinux.sys"
rcldr Jul 24 2007 260272 "rcldr"
partit~1.txt Jan 7 2009 229 "partition.txt"
files.txt Jan 13 2009 0 "Files.txt"
ISEEYO~1 Jan 13 2009 "ISeeYouXP"

18 items found: 11 files (2 H/S), 7 directories.
Total of file sizes: 633,600 bytes 618.75 K

--------------------------------------------------------------------------
Locating all Backup files on X:
--------------------------------------------------------------------------

Locating all *.BAK* files

No matches found.

--------------------------------------------------------------------------
Locating all copies of Internet Explorer on X:
--------------------------------------------------------------------------

Locating all copies of Internet Explorer

"X:\minint\"
iexplore.exe Apr 14 2008 93184 "IEXPLORE.EXE"

1 item found: 1 file, 0 directories.
Total of file sizes: 93,184 bytes 91.00 K

--------------------------------------------------------------------------
Locating all copies of beep.sy_ on X:
--------------------------------------------------------------------------

Locating all copies of Internet Explorer

No matches found.

--------------------------------------------------------------------------
Locating all copies of beep.sys on X:
--------------------------------------------------------------------------

Locating all copies of Internet Explorer

"X:\minint\SYSTEM32\DRIVERS\"
beep.sys Apr 14 2008 4224 "BEEP.SYS"

1 item found: 1 file, 0 directories.
Total of file sizes: 4,224 bytes 4.13 K

--------------------------------------------------------------------------
Locating all copies of Windows Explorer on X:
--------------------------------------------------------------------------

Locating all copies of Windows Explorer

"X:\minint\"
explorer.exe Apr 14 2008 1033728 "EXPLORER.EXE"

1 item found: 1 file, 0 directories.
Total of file sizes: 1,033,728 bytes 1,009.50 K

--------------------------------------------------------------------------
Items in Document and Settings:
--------------------------------------------------------------------------

Listing contents of \Documents and Settings

"C:\Documents and Settings\"
ADMINI~1 Nov 24 2008 "Administrator"
ALLUSE~1 Aug 10 2004 "All Users"
DEFAUL~1 Aug 10 2004 "Default User"
LOCALS~1 Aug 10 2004 "LocalService"
NETWOR~1 Aug 10 2004 "NetworkService"
SB Aug 17 2005 "SB"

6 items found: 0 files, 6 directories (3 H/S).

--------------------------------------------------------------------------
Desktop Items:
--------------------------------------------------------------------------

Locating all files created in B:\UBCD4Win User Settings\Administrator\Desktop within the last 90 days.

No matches found.

Locating all files created in B:\UBCD4Win User Settings\Administrator\Desktop\ within the last 90 days.

No matches found.

--------------------------------------------------------------------------
Start Menu Items:
--------------------------------------------------------------------------

Locating all files created inB:\UBCD4Win User Settings\Administrator\Start Menu within the last 90 days.

"B:\UBCD4Win User Settings\Administrator\Start Menu\"
PROGRAMS Jan 13 2009 "Programs"

1 item found: 0 files, 1 directory.

Locating all files created in B:\UBCD4Win User Settings\Administrator\Start Menu\Programs\Startup within the last 90 days.

No matches found.

Locating all files created in B:\UBCD4Win User Settings\Administrator\Start Menu within the last 90 days.

"B:\UBCD4Win User Settings\Administrator\Start Menu\"
PROGRAMS Jan 13 2009 "Programs"

1 item found: 0 files, 1 directory.

Locating all files created in B:\UBCD4Win User Settings\Administrator\Start Menu\Programs\Startup\ within the last 90 days.

No matches found.

--------------------------------------------------------------------------
Application Data Items:
--------------------------------------------------------------------------

Locating all files created in B:\UBCD4Win User Settings\Administrator\Application Data\ within the last 90 days.

"B:\UBCD4Win User Settings\Administrator\Application Data\"
MICROS~1 Jan 13 2009 "Microsoft"
MOZILLA Jan 13 2009 "Mozilla"
OPERA Jan 13 2009 "Opera"

3 items found: 0 files, 3 directories.

Locating all files created in B:\UBCD4Win User Settings\Administrator\Local Settings\Application Data\ within the last 90 days.

"B:\UBCD4Win User Settings\Administrator\Local Settings\Application Data\"
gdipfo~1.dat Jan 13 2009 11840 "GDIPFONTCACHEV1.DAT"

1 item found: 1 file, 0 directories.
Total of file sizes: 11,840 bytes 11.56 K

Locating all files created in B:\UBCD4Win User Settings\Administrator\Application Data\ within the last 90 days.

"B:\UBCD4Win User Settings\Administrator\Application Data\"
MICROS~1 Jan 13 2009 "Microsoft"
MOZILLA Jan 13 2009 "Mozilla"
OPERA Jan 13 2009 "Opera"

3 items found: 0 files, 3 directories.

--------------------------------------------------------------------------
B:\UBCD4Win User Settings\Administrator\Local Settings\TEMP:
--------------------------------------------------------------------------

Locating all files created in B:\UBCD4Win User Settings\Administrator\Local Settings\TEMP within the last 90 days.

No matches found.

--------------------------------------------------------------------------
Items in Templates Folder:
--------------------------------------------------------------------------

Locating all files created in B:\UBCD4Win User Settings\Administrator\Templates

No matches found.

--------------------------------------------------------------------------
Items in Program Files:
--------------------------------------------------------------------------

Locating all files created in X:\Programs\ within the last 90 days.

"X:\PROGRAMS\"
7-ZIP Dec 29 2008 "7-zip"
A2FREE Dec 29 2008 "a2free"
A43 Dec 29 2008 "A43"
ADAWARE Dec 29 2008 "adaware"
AGENTR~1 Dec 29 2008 "AgentRansack"
ANTIVIR Dec 29 2008 "AntiVir"
APPLIC~1 Dec 29 2008 "Applications"
AUSLOG~1 Dec 29 2008 "AusLogics"
AUTOBA~1 Dec 29 2008 "Autobackup"
AVAST!~1 Dec 29 2008 "Avast!VirusCleaner"
BOOTBU~1 Dec 29 2008 "bootbuild"
BST5 Dec 29 2008 "bst5"
CCLEANER Dec 29 2008 "CCleaner"
CMOS Dec 29 2008 "cmos"
COOLMON Dec 29 2008 "Coolmon"
COPYWI~1 Dec 29 2008 "copywipew"
CPUBENCH Dec 29 2008 "cpubench"
CPUZ Dec 29 2008 "cpuz"
CROSSL~1 Dec 29 2008 "Crossloop"
CWSHRE~1 Dec 29 2008 "CWShredder"
DBXTRACT Dec 29 2008 "DBXtract"
DEEPBU~1 Dec 29 2008 "DeepBurner"
DEFRAG~1 Dec 29 2008 "Defraggler"
DIALAFIX Dec 29 2008 "dialafix"
DIRMS Dec 29 2008 "dirms"
DISKCH~1 Dec 29 2008 "DiskCheck"
DISKCH~2 Dec 29 2008 "DiskCheckup"
DISKIM~1 Dec 29 2008 "diskimage"
DISKINV Dec 29 2008 "DiskInv"
DISKWIPE Dec 29 2008 "DiskWipe"
DIXML Dec 29 2008 "dixml"
DOUBLE~1 Dec 29 2008 "DoubleDriver"
DPT Dec 29 2008 "dpt"
DRIVEE~1 Dec 29 2008 "DriveErase"
DRIVER~1 Dec 29 2008 "DriverWizard"
DVD-RAM Dec 29 2008 "DVD-RAM"
ERASER Dec 29 2008 "Eraser"
ERUNT Dec 29 2008 "Erunt"
EXPLOR~1 Dec 29 2008 "Explore2fs"
EXPRES~1 Dec 29 2008 "ExpressBurn"
EZPCFIX Dec 29 2008 "EZPCFix"
FILERE~1 Dec 29 2008 "FileRecovery"
FILEZI~1 Dec 29 2008 "filezilla"
FIREFOX Dec 29 2008 "Firefox"
FIXIDE Dec 29 2008 "fixide"
FIX_HDC Dec 29 2008 "fix_hdc"
FLOPPY~1 Dec 29 2008 "FloppyRepair"
FOXITR~1 Dec 29 2008 "FoxitReader"
FREECO~1 Dec 29 2008 "freeCommander"
FREEUN~1 Dec 29 2008 "FreeUndelete"
FTPSER~1 Dec 29 2008 "ftpserver3lite"
GAMES Dec 29 2008 "games"
GEOSHELL Dec 29 2008 "geoshell"
GPUZ Dec 29 2008 "gpuz"
H2TESTW Dec 29 2008 "H2testw"
HANDYR~1 Dec 29 2008 "HandyRecovery"
HDTUNE Dec 29 2008 "HDTune"
HIJACK~1 Dec 29 2008 "HijackThis"
IDSUITE Dec 29 2008 "IDSuite"
IMGBURN Dec 29 2008 "ImgBurn"
IMGMAKER Dec 29 2008 "ImgMaker"
INFOTOOL Dec 29 2008 "InfoTool"
IPSCAN Dec 29 2008 "IPScan"
IPSNIF~1 Dec 29 2008 "ipsniffer"
IRFANV~1 Dec 29 2008 "irfanview"
IZARC Dec 29 2008 "IZArc"
KEYFIN~1 Dec 29 2008 "Keyfinder"
KEYREA~1 Dec 29 2008 "KeyReader"
KILLBOX Dec 29 2008 "KillBox"
LANMON Dec 29 2008 "LanMon"
LISTOF~1 Dec 29 2008 "ListOfTools"
MBRFIX Dec 29 2008 "mbrfix"
MBRWIZ Dec 29 2008 "mbrwiz"
MEMTEST Dec 29 2008 "MemTest"
MYINFO Dec 29 2008 "myinfo"
NETSTU~1 Dec 29 2008 "netstumbler"
NICSPEED Dec 29 2008 "Nicspeed"
NOTEPA~1 Dec 29 2008 "notepad++"
NPOPUK Dec 29 2008 "npopuk"
NTPWEDIT Dec 29 2008 "ntpwedit"
NU2MENU Dec 29 2008 "nu2menu"
OPERA Dec 29 2008 "Opera"
PASSPRO Dec 29 2008 "PassPro"
PEINST Dec 29 2008 "peinst"
PRIME95 Dec 29 2008 "Prime95"
PUTTY Dec 29 2008 "putty"
QUICKB~1 Dec 29 2008 "QuickBench"
RAWCOPY Dec 29 2008 "Rawcopy"
RECUVA Dec 29 2008 "Recuva"
RECVMNGR Dec 29 2008 "RecvMngr"
REGBRWS Dec 29 2008 "RegBrws"
REGCLE~1 Dec 29 2008 "regcleaner"
REGRES~1 Dec 29 2008 "RegResWiz"
REGSHOT Dec 29 2008 "RegShot"
RESTOR~1 Dec 29 2008 "Restoration"
RLINUX Dec 29 2008 "rlinux"
ROCKET~1 Dec 29 2008 "rocketdock"
ROOTKI~1 Dec 29 2008 "rootkitty"
RUNSCA~1 Dec 29 2008 "RunScanner"
SALAPA~1 Dec 29 2008 "salapasswd"
SELFIM~1 Dec 29 2008 "selfimage"
SERVIC~1 Dec 29 2008 "ServicesPE"
SKNIFE Dec 29 2008 "SKnife"
SMALLCD Dec 29 2008 "smallcd"
SPACEM~1 Dec 29 2008 "SpaceMonger"
SPEEDFAN Dec 29 2008 "SpeedFan"
SPYBOT Dec 29 2008 "spybot"
STINGER Dec 29 2008 "stinger"
STRAIG~1 Dec 29 2008 "StraightMark"
SUPERAS Dec 29 2008 "superas"
SYSINFO Dec 29 2008 "SysInfo"
TESTDISK Dec 29 2008 "TestDisk"
TINYHE~1 Dec 29 2008 "tinyhexer"
TRUECR~1 Dec 29 2008 "TrueCrypt"
ULTRAVNC Dec 29 2008 "ultravnc"
UNCHK Dec 29 2008 "Unchk"
UNKNOWN Dec 29 2008 "Unknown"
UNSTOP~1 Dec 29 2008 "UnstopCopy"
VNCNEI~1 Dec 29 2008 "VncNeighborhood"
VNCSER~1 Dec 29 2008 "vncserver"
VNCVIE~1 Dec 29 2008 "vncviewer"
WINAUDIT Dec 29 2008 "WinAudit"
WINCPUID Dec 29 2008 "wincpuid"
WINDIR~1 Dec 29 2008 "windirstat"
WINDLG Dec 29 2008 "WinDLG"
WRA Dec 29 2008 "WRA"
WSOCKFIX Dec 29 2008 "wsockfix"
WUL Dec 29 2008 "wul"
XPLORER2 Dec 29 2008 "xplorer2"
XPSETU~1 Dec 29 2008 "XPSetupLauncher"
MALWAR~1 Dec 29 2008 "Malwarebytes' Anti-Malware"

131 items found: 0 files, 131 directories.

Locating all files created in X:\minint\system32\ within the last 90 days.

"X:\minint\SYSTEM32\"
CONFIG Dec 29 2008 "CONFIG"
DRIVERS Dec 29 2008 "DRIVERS"
LANG Dec 29 2008 "LANG"
oeminfo.ini Nov 11 2008 1088 "OEMINFO.INI"
prelogon.ini Nov 11 2008 299 "PRELOGON.INI"
preshell.exe Nov 11 2008 221184 "PRESHELL.EXE"
preshell.ini Nov 12 2008 8414 "PRESHELL.INI"
prfldrs.ini Dec 28 2008 1266 "PRFLDRS.INI"
RAS Dec 29 2008 "RAS"
SETUP Dec 29 2008 "SETUP"
setupreg.hiv Dec 28 2008 335872 "SETUPREG.HIV"
SPOOL Dec 29 2008 "SPOOL"
WBEM Dec 29 2008 "WBEM"
fntcache.dat Dec 29 2008 89496 "FNTCACHE.DAT"
_FOLDE~1 Dec 29 2008 "[folders]"
CATROOT Dec 29 2008 "CatRoot"
CATROOT2 Dec 29 2008 "CatRoot2"
cf28170.exe Dec 29 2008 389120 "CF28170.exe"
cf15156.exe Jan 7 2009 389120 "CF15156.exe"

19 items found: 9 files, 10 directories.
Total of file sizes: 1,435,859 bytes 1.37 M

Locating all files created in X:\minint\system32\Microsoft Shared\Web Folders within the last 90 days.

No matches found.

--------------------------------------------------------------------------
Items in the Windows Directory:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\ within the last 90 days.

"C:\WINDOWS\"
$N2CFA~1 Oct 19 2008 "$NtUninstallKB956390$"
$N34B6~1 Oct 19 2008 "$NtUninstallKB954211$"
$N3CF2~1 Oct 19 2008 "$NtUninstallKB956391$"
$N400F~1 Oct 19 2008 "$NtUninstallKB957095$"
$N44DE~1 Oct 19 2008 "$NtUninstallKB956841$"
$N54BE~1 Oct 19 2008 "$NtUninstallKB956803$"
$N5CDE~1 Oct 29 2008 "$NtUninstallKB958644$"
0.log Dec 24 2008 0 "0.log"
bootstat.dat Dec 28 2008 2048 "bootstat.dat"
comsetup.log Oct 29 2008 350301 "comsetup.log"
COOKIES Jan 7 2009 "Cookies"
faxsetup.log Oct 29 2008 1037712 "FaxSetup.log"
HISTORY Jan 7 2009 "History"
hpoins14.dat Dec 11 2008 140629 "hpoins14.dat"
ie4err~1.txt Dec 15 2008 1267 "IE4 Error Log.txt"
iis6.log Oct 29 2008 162354 "iis6.log"
imsins.bak Oct 19 2008 1393 "imsins.BAK"
imsins.log Oct 29 2008 1393 "imsins.log"
kb954211.log Oct 19 2008 16079 "KB954211.log"
kb956390.log Oct 19 2008 43832 "KB956390.log"
kb956391.log Oct 19 2008 15154 "KB956391.log"
kb956803.log Oct 19 2008 16741 "KB956803.log"
kb956841.log Oct 19 2008 17490 "KB956841.log"
kb957095.log Oct 19 2008 16965 "KB957095.log"
kb958644.log Oct 29 2008 10211 "KB958644.log"
L2SCHE~1 Dec 28 2008 "L2Schemas"
modeml~1.txt Dec 24 2008 4572 "ModemLog_Conexant D110 MDC V.9x Modem.txt"
MOQZ Dec 10 2008 "moqz"
msgsocm.log Oct 29 2008 51667 "msgsocm.log"
nerodi~1.ini Dec 20 2008 116 "NeroDigital.ini"
NETWOR~1 Dec 28 2008 "Network Diagnostic"
ntbtlog.txt Nov 25 2008 593664 "ntbtlog.txt"
ntdtcs~1.log Oct 29 2008 212076 "ntdtcsetup.log"
ocgen.log Oct 29 2008 501265 "ocgen.log"
ocmsn.log Oct 29 2008 56959 "ocmsn.log"
PIF Nov 25 2008 "PIF"
PREFETCH Jan 7 2009 "Prefetch"
RECENT Jan 7 2009 "Recent"
schedlgu.txt Dec 24 2008 32254 "SchedLgU.Txt"
setupapi.old Dec 24 2008 911084 "setupapi.old"
TEMP Jan 7 2009 "Temp"
TEMPOR~1 Jan 7 2009 "Temporary Internet Files"
tsoc.log Oct 29 2008 397768 "tsoc.log"
U0I Dec 8 2008 "U0I"
udic.com Nov 24 2008 18135 "udic.com"
updspapi.log Oct 29 2008 87102 "updspapi.log"
wiadebug.log Dec 24 2008 159 "wiadebug.log"
wiaservc.log Dec 24 2008 50 "wiaservc.log"
wiaser~1.log Dec 21 2008 40 "wiaserviv.log"
win.ini Dec 11 2008 712 "win.ini"
window~1.log Dec 24 2008 2075089 "WindowsUpdate.log"

51 items found: 33 files (1 H/S), 18 directories (9 H/S).
Total of file sizes: 6,776,281 bytes 6.46 M

--------------------------------------------------------------------------
C:\WINDOWS\Downloaded Program Files:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\Downloaded Program Files\ within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\PCHealth\HelpCtr\Binaries:
--------------------------------------------------------------------------

Locating all files in C:\WINDOWS\PCHealth\HelpCtr\Binaries

"C:\WINDOWS\pchealth\helpctr\binaries\"
brpinfo.dll Aug 4 2004 21504 "brpinfo.dll"
hcappres.dll Aug 4 2004 6656 "HCAppRes.dll"
helpctr.exe Aug 4 2004 768512 "HelpCtr.exe"
helphost.exe Aug 4 2004 99840 "HelpHost.exe"
helpsvc.exe Aug 4 2004 743936 "HelpSvc.exe"
hscsp_p3.cab Aug 4 2004 286777 "hscsp_p3.cab"
hscupd.exe Aug 4 2004 18944 "HscUpd.exe"
msconfig.exe Aug 4 2004 158208 "msconfig.exe"
msinfo.dll Aug 4 2004 376320 "msinfo.dll"
notiflag.exe Aug 4 2004 35328 "notiflag.exe"
pchdt_p3.cab Aug 4 2004 2334260 "pchdt_p3.cab"
pchshell.dll Aug 4 2004 102400 "pchshell.dll"
pchsvc.dll Aug 4 2004 38912 "pchsvc.dll"

13 items found: 13 files, 0 directories.
Total of file sizes: 4,991,597 bytes 4.76 M

--------------------------------------------------------------------------
C:\WINDOWS\system:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\system32:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32 within the last 90 days.

"C:\WINDOWS\system32\"
EN Dec 28 2008 "en"
fntcache.dat Oct 20 2008 357752 "FNTCACHE.DAT"
jupdat~3.log Oct 31 2008 6587 "jupdate-1.6.0_07-b06.log"
lvcoinst.log Oct 28 2008 14321 "lvcoinst.log"
perfc009.dat Nov 7 2008 73226 "perfc009.dat"
perfh009.dat Nov 7 2008 446438 "perfh009.dat"
perfst~1.ini Nov 7 2008 528784 "PerfStringBackup.INI"
SCRIPT~1 Dec 28 2008 "scripting"

8 items found: 6 files, 2 directories.
Total of file sizes: 1,427,108 bytes 1.36 M

--------------------------------------------------------------------------
C:\WINDOWS\system32\com:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32\com within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\system32\components:
--------------------------------------------------------------------------
Locating all files created in C:\WINDOWS\system32\components within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\system32\drivers:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32\drivers within the last 90 days.

"C:\WINDOWS\system32\drivers\"
AVG Nov 25 2008 "Avg"
avgldx86.sys Nov 25 2008 97928 "avgldx86.sys"
avgmfx86.sys Nov 25 2008 26824 "avgmfx86.sys"
avgtdix.sys Nov 25 2008 76040 "avgtdix.sys"
lvuvc.hs Nov 14 2008 0 "lvuvc.hs"
mbam.sys Oct 22 2008 15504 "mbam.sys"
mbamsw~1.sys Oct 22 2008 38496 "mbamswissarmy.sys"
winho86.sys Dec 24 2008 31616 "Winho86.sys"

8 items found: 7 files, 1 directory.
Total of file sizes: 286,408 bytes 279.70 K

--------------------------------------------------------------------------
C:\WINDOWS\system32\drivers\etc:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\system32\drivers\etc within the last 90 days.

No matches found.

--------------------------------------------------------------------------
C:\WINDOWS\TEMP:
--------------------------------------------------------------------------

Locating all files created in C:\WINDOWS\TEMP within the last 90 days.

No matches found.

************************************************************************************

Checking for .COM files to Delete. They will only print if deleted!

Locating .COM files in the C:\WINDOWS\System32 folder

"C:\WINDOWS\system32\"
chcp.com Apr 14 2008 7680 "chcp.com"
command.com Apr 14 2008 50620 "command.com"
diskcomp.com Apr 14 2008 9216 "diskcomp.com"
diskcopy.com Apr 14 2008 7168 "diskcopy.com"
edit.com Apr 14 2008 69886 "edit.com"
format.com Apr 14 2008 29696 "format.com"
graftabl.com Apr 14 2008 26112 "graftabl.com"
graphics.com Apr 14 2008 19694 "graphics.com"
kb16.com Apr 14 2008 14710 "kb16.com"
loadfix.com Apr 14 2008 1131 "loadfix.com"
locate.com Jan 14 2005 11254 "locate.com"
mode.com Apr 14 2008 19456 "mode.com"
more.com Apr 14 2008 16896 "more.com"
tree.com Apr 14 2008 12800 "tree.com"
win.com Apr 14 2008 18432 "win.com"

15 items found: 15 files, 0 directories.
Total of file sizes: 314,751 bytes 307.37 K

************************************************************************************

Miscellaneous Malware Detections:
------------------------------------------------------------------------------------


**** Delfin Media {31EE3286-D785-4E3F-95FC-51D00FDABC01} NOT FOUND by this tool! ****

**** SmitFraud {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****

**** SpywareStrike {C1A2FDA2-1A5B-2A8F-F3A2-B22DA1A3C41D} NOT FOUND by this tool! ****

**** SpywareStrike {C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C} NOT FOUND by this tool! ****

**** SpywareStrike {D81E2FC4-B0A2-11D3-21AC-07C04C21A18A} NOT FOUND by this tool! ****

**** SpyAxe {A1D9D3F0-8C2A-9A1D-A376-2CACFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72} NOT FOUND by this tool! ****

**** SpyAxe {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****

**** SpyFalcon {A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} NOT FOUND by this tool! ****

**** SpyFalcon {C9FA1DC9-1FB3-C2A8-2F1A-DC1A33E7AF9D} NOT FOUND by this tool! ****

**** SpyFalcon {CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E} NOT FOUND by this tool! ****

**** SpyFalcon {35a88e51-b53d-43e9-b8a7-75d4c31b4676} NOT FOUND by this tool! ****

**** SpyFalcon {64ba30a2-811a-4597-b0af-d551128be340} NOT FOUND by this tool! ****

**** SpyFalcon {89aef01d-d237-49c7-84dc-4e1904c1fd31} NOT FOUND by this tool! ****

**** SpyFalcon {e04408db-4812-4478-8d4d-e46edcffd3b6} NOT FOUND by this tool! ****

**** SpyFalcon {336ec37f-54bf-4f13-8237-03f64fa591e7} NOT FOUND by this tool! ****

**** SpyFalcon {5bc82bdb-bc03-4671-9a78-3ef2b68449de} NOT FOUND by this tool! ****

**** SpyFalcon {24c60b9b-26b5-4201-9f7a-fb9219356ae9} NOT FOUND by this tool! ****

**** SpyFalcon {a0c51615-738a-4542-801a-5af61614e182} NOT FOUND by this tool! ****

**** SpyFalcon {70fbd528-2d3c-4a00-9b8c-bbf441e534be} NOT FOUND by this tool! ****

**** SpyFalcon {a566f298-05a6-4b3d-b672-da7c27316430} NOT FOUND by this tool! ****

**** SpyFalcon {f5947202-e9cb-4a72-88e7-22f2cbd2b124} NOT FOUND by this tool! ****

**** SpyFalcon {5aaf6542-f4ba-4df4-873d-4902ecbe794c} NOT FOUND by this tool! ****

**** SpyFalcon {3e4155b8-5a4a-4e95-83b2-ab032da9acbc} NOT FOUND by this tool! ****

**** SpyFalcon {9952355f-fefb-4764-bcd7-a993d03dd7e2} NOT FOUND by this tool! ****

**** SpyFalcon {55059d4f-a1ac-4837-ae07-4859101f598d} NOT FOUND by this tool! ****

**** SpyFalcon {c3786a8d-6426-4c29-a23f-f36e47b31e0c} NOT FOUND by this tool! ****

**** SpyLocked {25b7d2fd-4f71-46d1-801a-7de323e4ec82} NOT FOUND by this tool! ****

**** SpyLocked {4233AC08-A2C4-4742-A0B4-83719613D62C} NOT FOUND by this tool! ****

**** SpyLocked {716002DB-288C-4BF0-80CD-A467E78D8B55} NOT FOUND by this tool! ****

**** SpyLocked {735E980D-45D2-4777-AF82-9923D3C8D3AE} NOT FOUND by this tool! ****

**** SpyLocked {B23DC537-3E13-44C7-BF67-D8405EB377F7} NOT FOUND by this tool! ****

**** SpyLocked {B292EC9F-A074-4115-8342-1F459702D8D2} NOT FOUND by this tool! ****

**** SpyLocked {CECA6F2B-247B-4ECE-9B7A-D0135C8036FC} NOT FOUND by this tool! ****

**** SpyLocked {DA3B49F6-8C54-4429-A275-21A86DCCA413} NOT FOUND by this tool! ****

**** SpyLocked {EDE8BED5-92CF-4482-8F51-A01CD9B3EA37} NOT FOUND by this tool! ****

**** SpyLocked {FA4FBF53-C766-4622-8011-A87A805EEBF0} NOT FOUND by this tool! ****

**** SpywareLocked {0E4E5110-A772-4C4A-A7DC-137FE10ABD6E} NOT FOUND by this tool! ****

**** SpywareLocked {07A582E8-BAE3-457D-9D29-2048DE45A369} NOT FOUND by this tool! ****

**** SpywareLocked {3BAA1AD8-EE49-4772-BF0B-F55083E0F7AA} NOT FOUND by this tool! ****

**** SpywareLocked {9D6FAC42-A7BE-4702-87EF-75D8DC14249E} NOT FOUND by this tool! ****

**** SpywareLocked {ABEF791F-947E-4CDF-83C3-E72A240AFB67} NOT FOUND by this tool! ****

**** SpywareLocked {BD0FC212-0A36-4232-83CC-2063FB9282E0} NOT FOUND by this tool! ****

**** SpywareLocked {B0DED443-5E68-4001-A81B-0A0001621AB8} NOT FOUND by this tool! ****

**** SpywareLocked {F38B1B2B-4976-46DD-9FE5-60FDE72F0B4D} NOT FOUND by this tool! ****

**** SpywareQuake {0c7416f0-dd23-420f-97f5-aae352ea2bf1} NOT FOUND by this tool! ****

**** SpywareQuake {E2CA7CD1-1AD9-F1C4-3D2A-DC1A33E7AF9D} NOT FOUND by this tool! ****

**** SpywareQuake {AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E} NOT FOUND by this tool! ****

**** SpywareQuake {CD5E2AC9-25CE-A1C5-D1E2-DC6B28A6ED5A} NOT FOUND by this tool! ****

**** SpywareQuake {EA26CE12-DE64-A1C5-9A4F-FC1A64E6AC2E} NOT FOUND by this tool! ****

**** SpywareQuake {e5b1e382-817e-4b74-8a96-ec78751e6acf} NOT FOUND by this tool! ****

**** SpywareQuake {a0aa3e4b-31cb-4ea2-9049-22b7f5b65edb} NOT FOUND by this tool! ****

**** SpywareQuake {cbb430e6-5b1b-474a-9d7e-160d4fe74bea} NOT FOUND by this tool! ****

**** SpywareQuake {62eb0924-19d2-4226-b4b9-8ad1f70904c1} NOT FOUND by this tool! ****

**** SpywareQuake {6c69e319-0d03-47da-997a-36586cbc53b3} NOT FOUND by this tool! ****

**** SpywareQuake {aea3d2df-2b2c-4d7b-81a0-d975c6dc088e} NOT FOUND by this tool! ****

**** SpywareSheriff {1C3B31AE-FD16-D2CE-43FF-DC4CD5C1BC5E} NOT FOUND by this tool! ****

**** VirusBurster {9d635a36-6b3c-4146-8625-f3aaf507bbf8} NOT FOUND by this tool! ****

**** TrustCleaner {24E27EA9-FCF3-444F-BD80-20543BA5D946} NOT FOUND by this tool! ****

**** Troj/Small-ER {4F141CBA-1457-6CCA-03A7-7AA21B61EA0F} NOT FOUND by this tool! ****

**** Troj/Spabot-E {429F4BB8-7BF7-4152-8011-3C6F9EB7E892} NOT FOUND by this tool! ****

**** Troj/Dloader-OF {203B1C4D9-BC71-8916-38AD-9DEA5D213614} NOT FOUND by this tool! ****

**** Troj/Crafted-A {0BC9BC01-54D4-4CCE-2B7D-955164314CD4} NOT FOUND by this tool! ****

**** Troj/Agent-FG {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} NOT FOUND by this tool! ****

**** TX 4 BrowserAd adware {8e99f990-b75a-4568-b3c8-24cbc8cbbfc1} NOT FOUND by this tool! ****

**** Trojan-Proxy.Win32.Small {87A3E824-A726-4CF4-8A66-6314B11BDA0C} NOT FOUND by this tool! ****

**** Trojan-Downloader.Win32.Delf.ks {786C369D-409A-456f-A13C-971EADA850C6} NOT FOUND by this tool! ****

**** W32/Almanahe.a Worm NOT FOUND by this tool! ****

**** msctl32.dll SpamBot NOT FOUND by this tool! ****

**** KeyLogger NOT FOUND by this tool! ****

--------------------------------------------------------------------------
CHECKING FOR BOT-TYPE WORMS:
--------------------------------------------------------------------------

**** W32/Sdbot Worm NOT FOUND by this tool! ****

--------------------------------------------------------------------------
CHECKING FOR KNOWN ROOTKIT STEALTHING AGENTS:
--------------------------------------------------------------------------

**** i386p.* Stealthing Agent NOT FOUND by this tool! ****

**** ErrorSafe erssdd.* Stealthing Agent NOT FOUND by this tool! ****

**** VUNDO DP.* Stealthing Agent NOT FOUND by this tool! ****

**** Troj/NTRootK-BP main.* Stealthing Agent NOT FOUND by this tool! ****

**** W32/Almanahe.sys RioDrvrs.* Stealthing Agent NOT FOUND by this tool! ****

**** W32/Almanahe.sys DKIS6.* Stealthing Agent NOT FOUND by this tool! ****

--------------------------------------------------------------------------
CHECKING FOR VISIBLE ROOTKIT-TYPE REGISTRY KEYS:
--------------------------------------------------------------------------

**** Rustock.B trojan, PE386 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, huy32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, lzx32 rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, msguard rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, xpdt.sy_ rootkit NOT FOUND by this tool! ****

**** Rustock.B trojan, xpdt.sys rootkit NOT FOUND by this tool! ****

**** CmdService adware NOT FOUND by this tool! ****

**** Network_Monitor adware NOT FOUND by this tool! ****

**** Trojan.Peacomm NOT FOUND by this tool! ****

**** Trojan.Peacomm windev NOT FOUND by this tool! ****

**** AVPE Haxdoor NOT FOUND by this tool! ****

**** MEMLOW Haxdoor NOT FOUND by this tool! ****

**** VDMT Haxdoor NOT FOUND by this tool! ****

**** YCSVGA Haxdoor NOT FOUND by this tool! ****

**** PPTP Haxdoor NOT FOUND by this tool! ****

**** DVB Haxdoor NOT FOUND by this tool! ****

**** YVBB Haxdoor NOT FOUND by this tool! ****

**** YVPP Haxdoor NOT FOUND by this tool! ****

**** NKGFS Haxdoor NOT FOUND by this tool! ****

**** XMSK Haxdoor NOT FOUND by this tool! ****

**** AVPX Haxdoor NOT FOUND by this tool! ****

**** MMXF Haxdoor NOT FOUND by this tool! ****

**** DP1112 Vundo Rootkit NOT FOUND by this tool! ****

**** SYSBUS32 Rootkit Driver NOT FOUND by this tool! ****

**** I386P Rootkit Driver NOT FOUND by this tool! ****

**** ERSSDD Rootkit NOT FOUND by this tool! ****

**** GencTurK RootKit NOT FOUND by this tool! ****

**** Troj/NTRootK-BP RootKit NOT FOUND by this tool! ****

**** W32/Almanahe.sys NOT FOUND by this tool! ****

************************************************************************************

Dumping HKLM Uninstall Programs list

DisplayName REG_SZ FreeUndelete


#####################################################################################################


-- All DONE! :thumbsup:

~ ShadowPuterDude ~

Edited by OscarP, 13 January 2009 - 06:40 PM.


#12 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 13 January 2009 - 08:04 PM

I looked at the report from IseeYouXP and noticed the file winho86.sys. This file was created the day the laptop stop booting. I renamed the file to winho86.sys.virus and rebooted the laptop and I am now IN!!!!!

I am running Malwarebytes on it right now.

Any other tool that I should run, please let me know, but I am in!!!!!

Thanks

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:26 PM

Posted 14 January 2009 - 01:18 AM

Awesome!!... You have to teach me how to use that boot CD.. I try download it but it doesn't work!! :) :thumbsup:

Ok.. Since you have successfully log in, please do below..

Find that Winho86.sys and upload it for me please.. Err.. pm me the file.. Don't attach it here..


Then, lets do this...

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.


Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 15 January 2009 - 03:25 PM

RSIT log.txt

Logfile of random's system information tool 1.05 (written by random/random)
Run by SB at 2009-01-15 09:15:29
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 22 GB (42%) free of 53 GB
Total RAM: 503 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:15:55 AM, on 1/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wpabaln.exe
C:\Documents and Settings\SB\Desktop\RSIT.exe
C:\Program Files\trend micro\SB.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {8626ca5d-9fc0-4a5c-aa8f-10434916391e} - C:\WINDOWS\system32\catsr.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ReminderApp] C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [EasyLinkAdvisor] "C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" /startup
O4 - HKCU\..\Run: [winhpdrv] "C:\Documents and Settings\SB\Application Data\Google\xtgoj6119471.exe"
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\SB\Application Data\Twain\Twain.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\SB\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [moqz] C:\PROGRA~1\COMMON~1\moqz\moqzm.exe
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\SB\Application Data\gadcom\gadcom.exe" 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?6a0dc656cab24c6bab1103a7e5bcb9e7
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?6a0dc656cab24c6bab1103a7e5bcb9e7
O9 - Extra button: (no name) - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08b0e5c0-4fcb-11cf-aaa5-00401c608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: CabBuilder - http://ak.imgag.com/imgag/kiw/toolbar/down...llerControl.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O20 - AppInit_DLLs: karna.dat byhsqc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11948 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8626ca5d-9fc0-4a5c-aa8f-10434916391e}]
C:\WINDOWS\system32\catsr.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-01-19 2403392]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-15 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-15 126976]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"MMTray"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe [2005-03-15 135168]
"RealTray"=C:\Program Files\Real\RealPlayer\RealPlay.exe [2005-08-08 26112]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-10-06 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-01-02 155648]
"mmtask"=C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe [2005-03-15 53248]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-12-09 225280]
"LogitechCameraAssistant"=C:\Program Files\Logitech\Video\CameraAssistant.exe [2005-12-07 489472]
"LogitechVideo[inspector]"=C:\Program Files\Logitech\Video\InstallHelper.exe [2005-12-07 73728]
"LogitechCameraService(E)"=C:\WINDOWS\system32\ElkCtrl.exe [2004-11-01 262144]
"Adobe Photo Downloader"=C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"ReminderApp"=C:\Program Files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe [2006-11-02 156160]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-10-08 111928]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=~C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-18 68856]
"EasyLinkAdvisor"=C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe [2007-03-15 454784]
"winhpdrv"=C:\Documents and Settings\SB\Application Data\Google\xtgoj6119471.exe [2008-12-03 121856]
"Twain"=C:\Documents and Settings\SB\Application Data\Twain\Twain.exe []
"SpeedRunner"=C:\Documents and Settings\SB\Application Data\SpeedRunner\SpeedRunner.exe []
"moqz"=C:\PROGRA~1\COMMON~1\moqz\moqzm.exe []
"gadcom"=C:\Documents and Settings\SB\Application Data\gadcom\gadcom.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
dlbcserv.lnk - C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Picture Package Menu.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat byhsqc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-15 348160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\winsy06.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\winsy06.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a68b282e-c721-11dd-83cb-00038a000015}]
shell\autorun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beb5c2d9-ba79-11dd-83b2-e4906204520c}]
shell\AutoRun\command - E:\Programs\nu2menu\nu2menu.exe


======File associations======

.scr - open - "C:\WINDOWS\system32\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 3 months======

2009-01-15 09:15:29 ----D---- C:\Program Files\trend micro
2009-01-13 19:49:53 ----SHD---- C:\RECYCLER
2009-01-13 19:35:02 ----D---- C:\WINDOWS\temp
2009-01-13 19:34:56 ----A---- C:\ComboFix.txt
2009-01-13 19:17:49 ----A---- C:\WINDOWS\zip.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\VFIND.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\SWSC.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\SWREG.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\sed.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\NIRCMD.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\grep.exe
2009-01-13 19:17:49 ----A---- C:\WINDOWS\fdsv.exe
2009-01-13 19:17:46 ----D---- C:\WINDOWS\ERDNT
2009-01-13 19:17:46 ----D---- C:\Qoobox
2009-01-13 19:17:45 ----D---- C:\ComboFix
2009-01-13 10:48:45 ----A---- C:\WINDOWS\system32\locate.com
2009-01-13 10:42:04 ----D---- C:\ISeeYouXP
2009-01-13 10:41:26 ----A---- C:\ISeeYouXP.exe
2009-01-13 10:39:59 ----A---- C:\Files.txt
2009-01-12 03:52:20 ----D---- C:\rsit
2009-01-07 05:03:37 ----D---- C:\WINDOWS\Prefetch
2009-01-07 05:03:37 ----D---- C:\WINDOWS\Cookies
2009-01-07 05:03:12 ----D---- C:\WINDOWS\Temporary Internet Files
2009-01-07 05:03:12 ----D---- C:\WINDOWS\Recent
2009-01-07 05:03:12 ----D---- C:\WINDOWS\History
2008-12-28 10:16:24 ----D---- C:\%ProgramFiles%
2008-12-27 18:31:54 ----D---- C:\WINDOWS\system32\scripting
2008-12-27 18:31:54 ----D---- C:\WINDOWS\system32\en
2008-12-27 18:31:54 ----D---- C:\WINDOWS\Network Diagnostic
2008-12-27 18:31:54 ----D---- C:\WINDOWS\L2Schemas
2008-12-26 07:32:56 ----A---- C:\PE-Files.txt
2008-12-26 07:32:22 ----A---- C:\Win-Files.txt
2008-12-10 19:19:41 ----D---- C:\Documents and Settings\SB\Application Data\U3
2008-12-10 16:19:54 ----D---- C:\Program Files\Common Files\moqz
2008-12-10 16:19:46 ----D---- C:\WINDOWS\moqz
2008-12-08 01:29:42 ----SHD---- C:\WINDOWS\U0I
2008-12-07 23:40:56 ----D---- C:\Documents and Settings\SB\Application Data\Twain
2008-11-25 08:47:51 ----HD---- C:\WINDOWS\PIF
2008-11-24 19:54:09 ----D---- C:\Documents and Settings\SB\Application Data\Malwarebytes
2008-11-24 19:53:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-11-24 19:53:56 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-11-24 19:43:50 ----D---- C:\Program Files\Common Files\Download Manager
2008-11-24 17:37:54 ----D---- C:\Documents and Settings\SB\Application Data\AVGTOOLBAR
2008-11-24 16:41:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-11-24 15:58:22 ----A---- C:\WINDOWS\udic.com
2008-11-24 15:58:22 ----A---- C:\Documents and Settings\SB\Application Data\vakequsewi.dll
2008-11-24 15:58:22 ----A---- C:\Documents and Settings\All Users\Application Data\ijufijihuq.vbs
2008-11-15 11:00:07 ----D---- C:\Program Files\SweetIM
2008-11-15 11:00:05 ----D---- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-11-14 20:38:45 ----A---- C:\Documents and Settings\All Users\Application Data\dyguxonu.com
2008-10-30 21:14:34 ----D---- C:\Documents and Settings\SB\Application Data\FrostWire
2008-10-30 21:14:00 ----D---- C:\Program Files\FrostWire
2008-10-30 21:13:58 ----D---- C:\Program Files\AskSBar
2008-10-30 20:49:22 ----A---- C:\WINDOWS\system32\javaws.exe
2008-10-30 20:49:22 ----A---- C:\WINDOWS\system32\javaw.exe
2008-10-30 20:49:22 ----A---- C:\WINDOWS\system32\java.exe
2008-10-29 19:30:43 ----D---- C:\Program Files\AVG
2008-10-29 19:30:41 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2008-10-29 07:08:31 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-19 12:42:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-10-19 12:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-10-19 12:41:46 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-10-19 12:37:02 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-10-19 12:36:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-10-19 12:32:48 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$

======List of files/folders modified in the last 3 months======

2009-01-15 09:15:29 ----RD---- C:\Program Files
2009-01-15 09:08:28 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2009-01-13 20:02:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-13 19:49:54 ----D---- C:\WINDOWS\system32\drivers
2009-01-13 19:40:55 ----D---- C:\WINDOWS\system32
2009-01-13 19:40:55 ----D---- C:\WINDOWS
2009-01-13 19:32:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-13 19:29:18 ----A---- C:\WINDOWS\system.ini
2009-01-13 19:26:33 ----D---- C:\WINDOWS\system32\config
2009-01-13 19:21:49 ----D---- C:\Program Files\Common Files
2009-01-13 19:21:48 ----D---- C:\WINDOWS\AppPatch
2009-01-13 19:21:09 ----SD---- C:\WINDOWS\Tasks
2009-01-13 17:57:18 ----D---- C:\WINDOWS\system32\CatRoot
2009-01-13 17:48:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-08 11:01:03 ----D---- C:\WINDOWS\system32\Restore
2009-01-07 05:17:11 ----D---- C:\WINDOWS\repair
2008-12-27 18:42:31 ----RASH---- C:\boot.ini
2008-12-27 18:39:57 ----D---- C:\WINDOWS\system
2008-12-27 18:39:56 ----HD---- C:\WINDOWS\inf
2008-12-27 18:39:56 ----D---- C:\WINDOWS\system32\Setup
2008-12-27 18:39:52 ----D---- C:\WINDOWS\Help
2008-12-27 18:39:46 ----D---- C:\WINDOWS\system32\usmt
2008-12-27 18:39:31 ----D---- C:\WINDOWS\ime
2008-12-27 18:39:29 ----RSD---- C:\WINDOWS\Fonts
2008-12-27 18:39:29 ----D---- C:\WINDOWS\Media
2008-12-27 18:39:24 ----D---- C:\WINDOWS\system32\wbem
2008-12-27 18:39:14 ----RD---- C:\WINDOWS\Web
2008-12-27 18:39:10 ----D---- C:\WINDOWS\PeerNet
2008-12-27 18:38:52 ----D---- C:\WINDOWS\system32\npp
2008-12-27 18:38:42 ----D---- C:\WINDOWS\msagent
2008-12-27 18:34:39 ----D---- C:\WINDOWS\twain_32
2008-12-27 18:33:44 ----D---- C:\WINDOWS\system32\icsxml
2008-12-27 18:33:10 ----D---- C:\WINDOWS\system32\ias
2008-12-27 18:33:05 ----D---- C:\WINDOWS\system32\1033
2008-12-27 18:31:54 ----D---- C:\WINDOWS\WinSxS
2008-12-27 18:31:54 ----D---- C:\WINDOWS\Driver Cache
2008-12-27 18:31:52 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-27 18:31:52 ----D---- C:\WINDOWS\system32\oobe
2008-12-20 09:01:10 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-12 05:59:15 ----SHD---- C:\System Volume Information
2008-12-11 15:29:14 ----HD---- C:\Config.Msi
2008-12-11 09:52:35 ----D---- C:\Documents and Settings\SB\Application Data\AdobeUM
2008-12-11 09:52:31 ----SHD---- C:\WINDOWS\Installer
2008-12-11 09:50:16 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-10 19:24:26 ----D---- C:\Documents and Settings\SB\Application Data\Jasc Software Inc
2008-12-10 18:57:23 ----A---- C:\WINDOWS\win.ini
2008-12-08 17:28:27 ----D---- C:\WINDOWS\Registration
2008-12-08 05:58:45 ----D---- C:\Program Files\MSN Messenger
2008-12-03 18:27:42 ----D---- C:\Documents and Settings\SB\Application Data\Google
2008-11-25 09:03:39 ----D---- C:\i386
2008-11-24 16:42:30 ----D---- C:\Documents and Settings
2008-11-21 20:33:00 ----D---- C:\WINDOWS\Minidump
2008-10-30 21:14:21 ----D---- C:\Program Files\LimeWire
2008-10-30 20:49:21 ----D---- C:\Program Files\Java
2008-10-29 07:07:40 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-21 13:01:02 ----D---- C:\Program Files\Microsoft Silverlight
2008-10-19 12:42:22 ----A---- C:\WINDOWS\imsins.BAK
2008-10-19 12:33:06 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2005-08-08 8552]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 elagopro;GoProto Protocol Driver for LELA; C:\WINDOWS\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\WINDOWS\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 prt1xw2k;SEM 11 Mbps Wireless Card NDIS Interface; C:\WINDOWS\system32\drivers\prt1xw2k.sys [2003-05-15 13056]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-15 804317]
R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SWLD23;Netopia 802.11b WLAN Cardbus Card; C:\WINDOWS\system32\DRIVERS\swld23.sys [2003-11-04 68224]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 3f2933b1;3f2933b1; C:\WINDOWS\System32\drivers\3f2933b1.sys []
S1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys []
S1 e5226b45;e5226b45; C:\WINDOWS\System32\drivers\e5226b45.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-12-05 14080]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-07 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-07 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-07 21568]
S3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []
S3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []
S3 lvpopflt;Logitech POP Suppression Filter; C:\WINDOWS\system32\DRIVERS\lvpopflt.sys [2005-12-05 2010240]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-12-05 39424]
S3 LVUVC;Logitech QuickCam Fusion(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-12-05 1103488]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20041123.015\symidsco.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-03 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2004-08-03 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2004-08-03 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2004-08-03 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2004-08-03 41088]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2004-08-03 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe [2004-04-07 1135728]
R2 hpqddsvc;HP CUE DeviceDiscovery Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2004-03-04 311296]
R2 LVPrcSrv;Logitech Process Monitor; c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe [2005-12-09 81920]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-10-09 323584]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-01-18 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-04-15 138168]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#15 OscarP

OscarP
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 15 January 2009 - 03:27 PM

RSIT info.txt

info.txt logfile of random's system information tool 1.05 2009-01-15 09:16:01

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
32 Bit HP CIO Components Installer-->MsiExec.exe /I{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Ask Toolbar-->rundll32 C:\PROGRA~1\AskSBar\bar\1.bin\AskSBar.dll,O
AutoCAD Civil 3D 2008-->C:\Program Files\AutoCAD Civil 3D 2008\Setup\Setup.exe /P {5783F2D7-6000-0409-0002-0060B0CE6BBA} /M C3D
Autodesk Design Review 2008-->MsiExec.exe /I{FACF203E-0F4D-489A-B80C-D185253C8FCB}
Autodesk Student Community Download Tool-->"C:\Program Files\Autodesk Student Community Download Tool\unins000.exe"
Autodesk Vault 2008-->C:\Program Files\Autodesk\Vault 2008\Setup\setup.exe /p {E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097} /M VAULT
Autodesk Vault 2008-->MsiExec.exe /X{E55B00B0-9DBF-4EE1-AC1D-5DEBE12BD097}
Broadcom Management Programs 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Photo Printer 720 Logger-->C:\Program Files\Dell Photo Printer 720\dlbcunst.exe
Dell Photo Printer 720-->C:\WINDOWS\system32\spool\drivers\w32x86\3\DLBCUN5C.EXE -dDell Photo Printer 720
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Drivers Install For Linksys Easylink Advisor-->MsiExec.exe /I{A1960A82-DB70-474D-A86B-FA74466103C6}
DWG TrueView 2007-->MsiExec.exe /I{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
Form Fill (Windows Live Toolbar)-->MsiExec.exe /X{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}
FrostWire 4.17.0-->C:\Program Files\FrostWire\Uninstall.exe
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
Greeting Card Factory Photo Card Maker-->MsiExec.exe /I{9C627F78-DBB9-4293-AA89-E83119C39CE9}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Customer Participation Program 9.0-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Deskjet All-In-One Software 9.0-->C:\Program Files\HP\Digital Imaging\{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}\setup\hpzscr01.exe -datfile hposcr14.dat
HP Imaging Device Functions 9.0-->C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Essential 2.01-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Smart Web Printing-->MsiExec.exe /X{415CDA53-9100-476F-A7B2-476691E117C7}
HP Solution Center 9.0-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}
HPSSupply-->MsiExec.exe /X{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}
Intel® Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iPod for Windows 2005-10-12-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{D9F4A9F8-92C5-4289-9D04-F0F8F02D580A} /l1033
iTunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{13616DE2-9795-4910-8C93-80D45AF09658} /l1033
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Photo Album-->MsiExec.exe /I{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}
Jasc Paint Shop Pro 8 Dell Edition-->MsiExec.exe /I{81A34902-9D0B-4920-A25C-4CDC5D14B328}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys EasyLink Advisor 1.6 (0044)-->rundll32 C:\PROGRA~1\LINKSY~1\AUInst.dll,ExUninstall
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C191BE7C-8542-4A61-973A-714EF76C5995}\setup.exe" -l0x9
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Baseline Security Analyzer 1.2-->MsiExec.exe /I{5FA4690C-1975-4F94-9A64-274F29BD9221}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server Compact 3.5 Design Tools ENU-->MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}
Microsoft SQL Server Compact 3.5 ENU-->MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}
Microsoft Visual Basic 2008 Express Edition - ENU-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exe
Microsoft Visual Basic 2008 Express Edition - ENU-->MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework-->MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32-->MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
My Way Search Assistant-->rundll32 C:\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll,O
Need2Find Bar-->rundll32 C:\PROGRA~1\NEED2F~1\bar\1.bin\Nd2fnBar.dll,O
Netopia Wireless LAN-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{896CA2D2-0178-48A8-BCFA-459AC54B4B40}\setup.exe" -l0x9
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OneCare Advisor (Windows Live Toolbar)-->MsiExec.exe /X{53B2CFE9-A508-4457-B2CA-5D253536BFB7}
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Popup Blocker (Windows Live Toolbar)-->MsiExec.exe /X{66A7A386-6F35-41A7-A731-101F0C0153C8}
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{0B69DA57-BC7D-461D-B7D6-2AA9F08869CD} /l1033
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
RINGS Security Analyzer-->MsiExec.exe /I{CF9CF8FA-784D-4802-A1B0-D675EA505F46}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B}
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
SweetIM for Messenger 2.6-->MsiExec.exe /X{5549C19D-46FE-4975-AD54-5B37E87FF6E2}
SweetIM Toolbar for Internet Explorer 3.3-->MsiExec.exe /X{266C7330-C0F4-49E5-8F20-A56F9F822875}
Tabbed Browsing (Windows Live Toolbar)-->MsiExec.exe /X{47FBF7F9-FBD3-43EF-823B-7684D56C1962}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Outlook Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar Feed Detector (Windows Live Toolbar)-->MsiExec.exe /X{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}
Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar-->MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}

======Security center information======

AV: AVG Anti-Virus (disabled) (outdated)

System event log

Computer Name: D6705481
Event Code: 4201
Message: The system detected that network adapter Netopia...Cardbus Card - Packet Scheduler Miniport was connected to the network,
and has initiated normal operation over the network adapter.

Record Number: 59769
Source Name: Tcpip
Time Written: 20081221151617.000000-360
Event Type: information
User:

Computer Name: D6705481
Event Code: 14103
Message: QoS [Adapter {B9B2DF37-9EEE-496A-8F5A-F8E4EF9001FB}]:
The netcard driver failed the query for OID_GEN_LINK_SPEED.

Record Number: 59768
Source Name: PSched
Time Written: 20081221151617.000000-360
Event Type: error
User:

Computer Name: D6705481
Event Code: 8033
Message: The browser has forced an election on network \Device\NetBT_Tcpip_{35A2C6A5-CB93-4B13-9B79-6BAD6BD71701} because a master browser was stopped.

Record Number: 59767
Source Name: BROWSER
Time Written: 20081221151615.000000-360
Event Type: information
User:

Computer Name: D6705481
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.

Record Number: 59766
Source Name: Service Control Manager
Time Written: 20081221151557.000000-360
Event Type: information
User:

Computer Name: D6705481
Event Code: 1007
Message: Your computer has automatically configured the IP address for the Network
Card with network address 00123FE162EC. The IP address being used is 169.254.39.110.

Record Number: 59765
Source Name: Dhcp
Time Written: 20081221151409.000000-360
Event Type: warning
User:

Application event log

Computer Name: D6705481
Event Code: 10005
Message: Product: Sophos Anti-Virus -- Error 3004.Sophos Anti-Virus cannot be installed. Some registry keys do not have the correct permissions. Contact your support personnel.

Record Number: 47345
Source Name: MsiInstaller
Time Written: 20081108200619.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: D6705481
Event Code: 11729
Message: Product: Sophos AutoUpdate -- Configuration failed.

Record Number: 47344
Source Name: MsiInstaller
Time Written: 20081108193638.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: D6705481
Event Code: 11729
Message: Product: Sophos Anti-Virus -- Configuration failed.

Record Number: 47343
Source Name: MsiInstaller
Time Written: 20081108193623.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: D6705481
Event Code: 10005
Message: Product: Sophos Anti-Virus -- Error 3004.Sophos Anti-Virus cannot be installed. Some registry keys do not have the correct permissions. Contact your support personnel.

Record Number: 47342
Source Name: MsiInstaller
Time Written: 20081108193621.000000-360
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: D6705481
Event Code: 11729
Message: Product: Sophos AutoUpdate -- Configuration failed.

Record Number: 47341
Source Name: MsiInstaller
Time Written: 20081108190625.000000-360
Event Type: information
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Autodesk\DWG TrueView
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users