Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware defender 2009 and fake win security centre


  • This topic is locked This topic is locked
13 replies to this topic

#1 davepuzzled

davepuzzled

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 06 April 2009 - 03:46 AM

Hi there seem to have been infected with Malware defender 2009 and fake windows security centre. Tried using Malwarebytes' Anti-Malware to wipe full scan and quick scan. It seems to find infected files and clear them but more appear and they still keep popping up. the programs pop up about every five minutes and ask me to perform a scan.

Here's the log any help would be extremely grateful.

Dave


DDS (Ver_09-03-16.01) - NTFSx86
Run by David Crook at 15:28:28.06 on 05/04/2009
Internet Explorer: 6.0.2900.2180

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://g.msn.co.uk/0SEENGB/SAOS01
mDefault_Page_URL = hxxp://www.iqon.ie
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: PopKill Class: {3c060ea2-e6a9-4e49-a530-d4657b8c449a} - c:\program files\ntl\ntl netguard\pkR.dll
BHO: ZKBho Class: {56071e0d-c61b-11d3-b41c-00e02927a304} - c:\program files\ntl\ntl netguard\FBHR.dll
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dll
BHO: {C1626E66-C26B-C628-E1DF-CDACCFA26EE1} - No File
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\01.02.5000.1021\en-gb\msntb.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [ntl Netguard] "c:\program files\ntl\ntl netguard\RPS.exe"
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [malwaredef] c:\program files\malware defender 2009\malwaredef.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.15\amvconverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.15\mediamanager\grab.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Trusted Zone: diy.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - hxxp://www.photounity.com/ecommerce/scripts/Uploader_ImageUploader4.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: HardwareDrivers - {DB9A17AC-44AC-441C-8465-98970760C117} - c:\documents and settings\all users\application data\microsoft\media index\drivers\hdddriver.dll
SSODL: DriversLoad - {E4A02A4C-6413-4259-9335-7D37DE6AEA3F} - c:\documents and settings\all users\application data\microsoft\media index\drivers\drxgxesdbv.dll
SEH: {DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D} - No File

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-03-25 22:56 381,440 a------- c:\windows\system32\wcenter.exe
2009-03-25 22:51 38,352 a------- c:\windows\reged.exe
2009-03-25 22:51 18,941 a------- c:\windows\vmreg.dll
2009-03-25 22:50 51,197 a------- c:\windows\spoolsystem.exe
2009-03-25 22:50 47,872 a------- c:\windows\syscert.exe
2009-03-25 22:50 33,149 a------- c:\windows\sysexplorer.exe
2009-03-25 22:50 28,320 a------- c:\windows\sys.com
2009-03-25 22:50 <DIR> --d----- c:\program files\Malware Defender 2009
2009-03-25 15:35 <DIR> --d----- c:\docume~1\davidc~1\applic~1\Malwarebytes
2009-03-25 15:35 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-25 15:35 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 15:35 <DIR> -cd----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-25 15:35 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 12:10 <DIR> --d----- c:\docume~1\davidc~1\applic~1\Internet Tablet Video Converter
2009-03-08 12:10 <DIR> --d----- c:\program files\common files\Nokia
2009-03-08 12:08 <DIR> --d----- c:\program files\Nokia

==================== Find3M ====================

2009-02-17 13:05 2,764 a------- c:\docume~1\davidc~1\applic~1\wklnhst.dat
2009-02-09 11:19 1,846,272 -------- c:\windows\system32\win32k.sys
2007-07-15 14:01 87,608 a------- c:\docume~1\davidc~1\applic~1\inst.exe
2007-07-15 14:01 47,360 a------- c:\docume~1\davidc~1\applic~1\pcouffin.sys

============= FINISH: 15:30:30.34 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 17 April 2009 - 07:20 AM

Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 davepuzzled

davepuzzled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 21 April 2009 - 02:53 AM

Thanks for this fenzodahl512

Here's the MBAM stuff:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

20/04/2009 21:45:22
mbam-log-2009-04-20 (21-45-22).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 139726
Time elapsed: 52 minute(s), 17 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 4
Files Infected: 13

Memory Processes Infected:
C:\WINDOWS\system32\wcenter.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\drxgxesdbv.dll (Rogue.MalwareDefender2009) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{e4a02a4c-6413-4259-9335-7d37de6aea3f} (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\driversload (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\HardwareDrivers (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\David Crook\Start Menu\Programs\Malware Defender 2009 (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009 (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\quarantine (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers (Rogue.MalwareDefender2009) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\wcenter.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\malwaredef.exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\uninstall.exe (Rogue.MalwareDefender) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A33B3162-50A8-4D26-BAEF-1DFDE1159AD4}\RP349\A0060715.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Crook\Start Menu\Programs\Malware Defender 2009\Malware Defender 2009.lnk (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\David Crook\Start Menu\Programs\Malware Defender 2009\Uninstall.lnk (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\conf.cfg (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\mbase.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\quarantine.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\queue.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Program Files\Malware Defender 2009\vbase.vdb (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\c.cgm (Rogue.MalwareDefender2009) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Index\Drivers\drxgxesdbv.dll (Rogue.MalwareDefender2009) -> Delete on reboot.



Now the RSIT log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by David Crook at 2009-04-20 21:51:16
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 17 GB (24%) free of 72 GB
Total RAM: 191 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C060EA2-E6A9-4E49-A530-D4657B8C449A}]
PopKill Class - C:\Program Files\ntl\ntl Netguard\pkR.dll [2005-07-05 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56071E0D-C61B-11D3-B41C-00E02927A304}]
ZKBho Class - C:\Program Files\ntl\ntl Netguard\FBHR.dll [2005-07-05 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
MSNToolBandBHO - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll [2006-01-17 282624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1626E66-C26B-C628-E1DF-CDACCFA26EE1}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll [2006-01-17 282624]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-06-07 399352]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Recguard"=C:\WINDOWS\SMINST\RECGUARD.EXE [2002-09-13 212992]
"ntl Netguard"=C:\Program Files\ntl\ntl Netguard\RPS.exe [2005-07-05 229376]
"LXCFCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-03-28 413696]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-04-06 401040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-09-13 139264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BJCFD]
C:\Program Files\BroadJump\Client Foundation\CFD.exe [2003-01-27 376912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2005-12-21 278528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LXCFCATS]
rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ntl\BROADB~1\SMARTB~1\MotiveSB.exe [2003-12-30 380928]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Registry Cleaner Scheduler]
C:\Program Files\CleanMyPC\Registry Cleaner\RCHelper.exe [2008-03-02 913664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-03 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
SiSPower.dll,ModeAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-08-18 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2007-01-31 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\workflow]
D:\installs\workflow.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2005-09-24 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
C:\Program Files\FinePixViewerS\QuickDCF2.exe [2007-01-30 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
C:\Program Files\SMART Board Software\SMARTBoardTools.exe [2006-05-10 3248128]

C:\Documents and Settings\David Crook\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{DC7596CB-D6CC-DCA3-DE52-DEEA63F6C61D}"= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=157

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPStream"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Documents and Settings\David Crook\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\David Crook\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Disabled:Internet Explorer"
"C:\Program Files\PPMate\PPMate\ppmate.exe"="C:\Program Files\PPMate\PPMate\ppmate.exe:*:Enabled:PPMate"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

======List of files/folders created in the last 3 months======

2009-04-20 21:51:22 ----D---- C:\Program Files\trend micro
2009-04-20 21:51:16 ----DC---- C:\rsit
2009-04-20 19:32:40 ----D---- C:\WINDOWS\ERDNT
2009-04-20 19:32:03 ----D---- C:\Program Files\ERUNT
2009-03-25 15:35:47 ----D---- C:\Documents and Settings\David Crook\Application Data\Malwarebytes
2009-03-25 15:35:21 ----DC---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-25 15:35:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-11 17:17:07 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 17:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 17:15:51 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-08 12:10:32 ----D---- C:\Documents and Settings\David Crook\Application Data\Mozilla
2009-03-08 12:10:32 ----D---- C:\Documents and Settings\David Crook\Application Data\Internet Tablet Video Converter
2009-03-08 12:10:01 ----D---- C:\Program Files\Common Files\Nokia
2009-03-08 12:08:29 ----D---- C:\Program Files\Nokia
2009-02-27 04:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-26 21:45:19 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2009-02-26 21:45:18 ----D---- C:\Program Files\DVDVideoSoft
2009-02-13 09:30:37 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-07 13:47:18 ----DC---- C:\Documents and Settings\All Users\Application Data\Flood Light Games
2009-02-07 13:47:18 ----D---- C:\Documents and Settings\David Crook\Application Data\Flood Light Games
2009-02-07 13:44:51 ----D---- C:\WINDOWS\Dr Lynch Grave Secrets
2009-02-07 13:44:51 ----D---- C:\Program Files\Dr Lynch Grave Secrets
2009-02-07 13:44:38 ----A---- C:\WINDOWS\Dr Lynch Grave Secrets Setup Log.txt
2009-02-07 13:43:53 ----D---- C:\WINDOWS\The Hidden Object Show
2009-02-07 13:43:53 ----D---- C:\Program Files\The Hidden Object Show
2009-02-07 13:43:19 ----A---- C:\WINDOWS\The Hidden Object Show Setup Log.txt
2009-02-06 21:47:31 ----D---- C:\Documents and Settings\David Crook\Application Data\ImTOO Software Studio
2009-02-06 21:19:59 ----D---- C:\Program Files\ImTOO
2009-01-31 12:42:08 ----D---- C:\Program Files\VirtualViews
2009-01-29 00:00:36 ----D---- C:\Program Files\Radialpoint

======List of files/folders modified in the last 3 months======

2009-04-20 21:51:22 ----RD---- C:\Program Files
2009-04-20 21:48:44 ----D---- C:\WINDOWS\Temp
2009-04-20 21:47:48 ----D---- C:\WINDOWS
2009-04-20 21:47:38 ----D---- C:\WINDOWS\system32\drivers
2009-04-20 21:46:55 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 21:46:06 ----D---- C:\WINDOWS\Prefetch
2009-04-20 21:45:21 ----D---- C:\WINDOWS\system32
2009-04-20 20:04:33 ----HD---- C:\WINDOWS\inf
2009-04-20 19:56:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-20 19:48:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-20 19:47:17 ----SHD---- C:\WINDOWS\Installer
2009-04-20 19:46:43 ----D---- C:\Program Files\Common Files\Command Software
2009-04-20 19:43:30 ----D---- C:\Program Files\Common Files\PestPatrol
2009-04-05 15:22:26 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-05 15:21:14 ----D---- C:\Program Files\Lx_cats
2009-03-25 22:44:34 ----SDC---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-25 15:33:58 ----D---- C:\Documents and Settings\David Crook\Application Data\uTorrent
2009-03-25 15:16:17 ----D---- C:\Program Files\MSECACHE
2009-03-11 17:17:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 17:16:57 ----A---- C:\WINDOWS\imsins.BAK
2009-03-08 22:55:21 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-08 12:10:01 ----D---- C:\Program Files\Common Files
2009-03-08 12:08:50 ----RSD---- C:\WINDOWS\Fonts
2009-03-08 12:08:27 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-03-08 12:08:26 ----D---- C:\WINDOWS\WinSxS
2009-02-18 21:47:20 ----D---- C:\Program Files\SopCast
2009-02-17 12:55:17 ----D---- C:\WINDOWS\Help
2009-02-06 21:01:08 ----D---- C:\Program Files\uTorrent
2009-01-27 22:37:58 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 SiSkp;SiSkp; C:\WINDOWS\system32\DRIVERS\srvkp.sys [2005-07-13 11904]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R2 CSS DVP;CSS DVP; C:\WINDOWS\system32\DRIVERS\css-dvp.sys [2007-04-27 840352]
R2 FreeTdi;Radialpoint Filter; C:\WINDOWS\System32\Drivers\FreeTdi.sys [2005-05-12 47488]
R2 STEC3;STEC3; \??\C:\WINDOWS\system32\STEC3.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-20 3644800]
R3 Freedom;Freedom Miniport; C:\WINDOWS\system32\DRIVERS\FREEDOM.SYS [2005-03-17 33408]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 LaCieUSBFilter;Silver USB Filter (USB BUS Filter Driver); C:\WINDOWS\system32\DRIVERS\LaCieUSBFilter.sys [2005-10-19 15872]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys [2005-05-11 237616]
R3 SiS315;SiS315; C:\WINDOWS\system32\DRIVERS\sisgrp.sys [2005-07-13 257024]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-04 32768]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\system32\DRIVERS\SLDRV\slntamr.sys [2005-05-11 698848]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys [2005-05-11 13248]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-04 17024]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2004-08-03 31744]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 LaCieFWFilter;Silver 1394 Filter (1394 BUS Filter Driver); C:\WINDOWS\system32\DRIVERS\LaCieFWFilter.sys [2005-10-18 14848]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys [2005-05-11 1464848]
S3 Nokia USB Generic;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2006-10-10 9216]
S3 Nokia USB Modem;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2006-10-10 12800]
S3 Nokia USB Phone Parent;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2006-10-10 138240]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-05-14 47360]
S3 SlNtHal;SlNtHal; C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys [2005-05-11 101328]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Port II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 dvpapi;DvpApi; C:\Program Files\Common Files\Command Software\dvpapi.exe [2007-04-27 177688]
R2 FWS;Radialpoint Service; C:\Program Files\ntl\ntl Netguard\fws.exe [2005-07-05 274432]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
R2 NMSAccess;NMSAccess; C:\WINDOWS\system32\NMSAccess.exe [2007-01-11 65536]
R2 SLService;SmartLinkService; C:\WINDOWS\system32\slmdmsr.exe [2005-05-11 61440]
R2 SMART Board Service;SMART Board Service; C:\Program Files\SMART Board Software\SMARTBoardService.exe [2006-05-15 958464]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-21 323584]
S3 lxcf_device;lxcf_device; C:\WINDOWS\system32\lxcfcoms.exe [2005-07-25 491520]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-09-12 724992]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2006-11-06 210432]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-02 306432]

-----------------EOF-----------------

And the RSIT info.txt:

info.txt logfile of random's system information tool 1.06 2009-04-20 21:51:35

======Uninstall list======

-->C:\PROGRA~1\ntl\BROADB~1\Uninstall.exe ntl
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
ABC Amber LIT Converter-->C:\PROGRA~1\ABCAMB~1\UNWISE.EXE C:\PROGRA~1\ABCAMB~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.5-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
AS-Patch-Reset-->MsiExec.exe /I{53BEA20C-4566-401D-8C02-EDEC5678218B}
AVIConverter CHN-EN Package-->C:\Program Files\AVIConverter\uninst.exe
BerryTunes-->MsiExec.exe /I{ED171EC2-B8DB-456E-B4FE-D35B977D384F}
broadband medic-->C:\WINDOWS\Motive\ntl\MCCUninst.exe
BroadJump Client Foundation-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\BroadJump\Client Foundation\Uninst.isu" -c"C:\Program Files\BroadJump\Client Foundation\RmvBJCFD.dll" -b"CFD" -h"CFD" -a
Cheetah DVD Burner-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}\Setup.exe"
ChildGuard-->RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{480D674F-7285-41AE-93C0-1BB62B151AD3}\setup.exe"
CleanMyPC - Registry Cleaner-->"C:\Program Files\CleanMyPC\Registry Cleaner\unins000.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
CSI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D7B631E-52DB-4A33-88EF-4FA0195EDDB1}\setup.exe" -l0x9 -removeonly
CSI-Dark Motives-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DEE4C35-1C60-413E-9630-77A0222D5C45}\setup.exe" -l0x9 -removeonly
Dr Lynch Grave Secrets-->"C:\WINDOWS\Dr Lynch Grave Secrets\uninstall.exe" "/U:C:\Program Files\Dr Lynch Grave Secrets\Uninstall\uninstall.xml"
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Express Burn Uninstall-->C:\Program Files\NCH Swift Sound\ExpressBurn\uninst.exe
File Splitter v1.0-->"C:\Program Files\filesplitter\unins000.exe"
Forgotten Riddles - The Mayan Princess-->"C:\WINDOWS\Forgotten Riddles - The Mayan Princess\uninstall.exe" "/U:C:\Program Files\Forgotten Riddles - The Mayan Princess\Uninstall\uninstall.xml"
Free Video to iPod Converter version 3.1-->"C:\Program Files\DVDVideoSoft\Free Video to iPod Converter\unins000.exe"
FUJIFILM FinePixViewer S Ver.2.1-->C:\Program Files\InstallShield Installation Information\{88B32652-CAE0-4909-A463-5840D2689D93}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
ImTOO MPEG Encoder Platinum-->C:\Program Files\ImTOO\MPEG Encoder Platinum\Uninstall.exe
Internet Tablet Video Converter 0.32-->"C:\Program Files\Nokia\Internet Tablet Video Converter\uninst\unins000.exe"
iPod for Windows 2005-01-11-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{3476E8FA-00F1-48AF-8771-236C84FC7CB8} /l1033
iTunes-->c:\PROGRA~1\COMMON~1\INSTAL~1\driver\11\INTEL3~1\IDriver.exe /M{501BADCD-F8F7-44CB-AC3F-6ED25C1A28B5} /l1033
LaCie Device Updater-->C:\PROGRA~1\LACIET~1\DEVICE~1\bin\CUSTOM~1.EXE
Lexmark 730 Series-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxcfUNST.EXE -NOLICENSE
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft Windows XP Video Decoder Checkup Utility-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\DECCHECK.inf,Uninstall
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSN Toolbar-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\mtbs.exe c
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 7 Ultra Edition-->MsiExec.exe /I{8C30E1DC-D83E-4A90-AD02-1A275FC71033}
Nokia Dicas Codecs-->MsiExec.exe /I{AB74DA3E-753C-47A7-A99E-D3AB8947AC89}
ntl Netguard Security-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\8\INTEL3~1\IDriver.exe /M{AA78B670-C664-432A-817D-B1C7879777A2}
PC Connectivity Solution-->MsiExec.exe /I{AB2347E4-153B-4194-AA3B-97C0A662B369}
PC Doc Pro-->"C:\Program Files\PC Doc Pro\unins000.exe"
PhotoBox 3.2.5-->"C:\Program Files\PhotoBox\uninstall.exe"
Power2Go 4.0-->RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
PowerDVD-->RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerStarter-->RunDll32 c:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
PPMateŐŻ¬ÁµÁ ” 1.7.3.33-->C:\Program Files\PPMate\PPMate\uninst.exe
PPStream-->"C:\Program Files\PPStream\unins000.exe"
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB883939)-->"C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB903235)-->"C:\WINDOWS\$NtUninstallKB903235$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931768)-->"C:\WINDOWS\$NtUninstallKB931768$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937143)-->"C:\WINDOWS\$NtUninstallKB937143$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB942615)-->"C:\WINDOWS\$NtUninstallKB942615$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944533)-->"C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SMART Board Software (English United Kingdom Language Pack)-->MsiExec.exe /X{4D918BF6-9C9A-4FF4-A188-54DAD933C286}
SMART Essentials for Educators-->MsiExec.exe /X{C9710CCD-2A90-4545-B4B9-1E525FBB9195}
Smart Link 56K Voice Modem-->C:\WINDOWS\Modio\SLAMR2KV\Setup.exe /Remove
SopCast 1.1.2-->C:\Program Files\SopCast\uninst.exe
Surround Mp4 Tool 3.0.4-->"C:\Program Files\MP4TOOL\uninstall.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
TVAnts 1.0-->C:\PROGRA~1\TVAnts\UNWISE.EXE C:\PROGRA~1\TVAnts\INSTALL.LOG
TVUPlayer 2.3.2.52-->C:\Program Files\TVUPlayer\uninst.exe
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB929338)-->"C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB942840)-->"C:\WINDOWS\$NtUninstallKB942840$\spuninst\spuninst.exe"
Update for Windows XP (KB946627)-->"C:\WINDOWS\$NtUninstallKB946627$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual MP3 Splitter & Joiner 5.9-->"C:\Program Files\Visual MP3 Splitter & Joiner\unins000.exe"
Vodafone 804SS USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_6B630EE2E66584353C6CD8683D447072872F34D8\pccswpddriver.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Installer Clean Up-->MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873333-->C:\WINDOWS\$NtUninstallKB873333$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890047-->C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Hotfix - KB893066-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip 12.0-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Security center information======

AV: ntl Netguard Anti-virus
FW: ntl Netguard Firewall

======System event log======

Computer Name: DAVENLUCIE
Event Code: 7000
Message: The lxcf_device service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 32962
Source Name: Service Control Manager
Time Written: 20090111180846.000000+000
Event Type: error
User:

Computer Name: DAVENLUCIE
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the lxcf_device service to connect.

Record Number: 32961
Source Name: Service Control Manager
Time Written: 20090111180846.000000+000
Event Type: error
User:

Computer Name: DAVENLUCIE
Event Code: 10005
Message: DCOM got error "%1053" attempting to start the service lxcf_device with arguments ""
in order to run the server:
{323CE21C-A448-40AA-BA74-7FCF1E44106F}

Record Number: 32960
Source Name: DCOM
Time Written: 20090111180840.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: DAVENLUCIE
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Record Number: 32945
Source Name: Service Control Manager
Time Written: 20090111160725.000000+000
Event Type: error
User:

Computer Name: DAVENLUCIE
Event Code: 7000
Message: The lxcf_device service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


Record Number: 32941
Source Name: Service Control Manager
Time Written: 20090110190728.000000+000
Event Type: error
User:

=====Application event log=====

Computer Name: DAVENLUCIE
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shdocvw.dll, version 6.0.2900.3268, fault address 0x00018d62.

Record Number: 4638
Source Name: Application Error
Time Written: 20080406135118.000000+060
Event Type: error
User:

Computer Name: DAVENLUCIE
Event Code: 1517
Message: Windows saved user DAVENLUCIE\David Crook registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4629
Source Name: Userenv
Time Written: 20080405004953.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVENLUCIE
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module shdocvw.dll, version 6.0.2900.3268, fault address 0x00018d62.

Record Number: 4622
Source Name: Application Error
Time Written: 20080404134235.000000+060
Event Type: error
User:

Computer Name: DAVENLUCIE
Event Code: 1517
Message: Windows saved user DAVENLUCIE\David Crook registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4612
Source Name: Userenv
Time Written: 20080403184338.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: DAVENLUCIE
Event Code: 1517
Message: Windows saved user DAVENLUCIE\David Crook registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4606
Source Name: Userenv
Time Written: 20080330131240.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0409
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

#4 davepuzzled

davepuzzled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 21 April 2009 - 02:58 AM

I had a problem with GMER result. I kept on running the program. First time GMER crashed so I started again. Second my PC crashed and rebooted and then told the it had recovered from a serious error. I tried again and had the same result. These were in the error report:

error signature

BCCode : c2 BCP1 : 00000040 BCP2 : 00000000 BCP3 : 80000000
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1

error report contents

The following files will be included in this report

C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\WER71f3.dir00\Mini042009-02.dmp
C:\DOCUME~1\DAVIDC~1\LOCALS~1\Temp\WER71f3.dir00\sysdata.xml

Don't know if you know what happened.

After running the malwarebytes program I'm now not getting Malware defender 2009 and winsecurity centre popping up every two minutes.

Dave

#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 21 April 2009 - 04:00 AM

Erm.. I wonder why is that..

Ok, lets do this step..

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 davepuzzled

davepuzzled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 22 April 2009 - 03:31 AM

Hello again fenzodahl512

Done the last two checks. Here's the the Combo fix log:

ComboFix 09-04-21.A1 - David Crook 21/04/2009 19:58.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.191.41 [GMT 1:00]
Running from: c:\documents and settings\David Crook\Desktop\ComboFix.exe
AV: ntl Netguard Anti-virus *On-access scanning disabled* (Updated)
FW: ntl Netguard Firewall *disabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\David Crook\Application Data\inst.exe
c:\documents and settings\David Crook\Desktop\Programs\_desktop.ini
c:\documents and settings\David Crook\My Documents\My Music\MP4\AVI-TOOL\Desktop_.ini
c:\program files\Internet Explorer\rksldk.bak
c:\windows\system32\dbxDgrevCheck.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-20 18:32 . 2009-04-20 18:34 -------- d-----w c:\program files\ERUNT
2009-03-25 14:35 . 2009-03-25 14:35 -------- d-----w c:\documents and settings\David Crook\Application Data\Malwarebytes
2009-03-25 14:35 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 14:35 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 14:35 . 2009-03-25 14:35 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-25 14:35 . 2009-04-20 19:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 22:10 . 2006-08-29 22:33 150428 -c--a-w C:\lxcf.log
2009-04-20 20:51 . 2009-04-20 20:51 -------- d-----w c:\program files\trend micro
2009-04-20 18:46 . 2006-09-10 17:15 -------- d-----w c:\program files\Common Files\Command Software
2009-04-20 18:43 . 2006-09-10 17:15 -------- d-----w c:\program files\Common Files\PestPatrol
2009-04-05 14:21 . 2006-12-26 19:22 -------- d-----w c:\program files\Lx_cats
2009-03-25 14:33 . 2006-09-21 21:07 -------- d-----w c:\documents and settings\David Crook\Application Data\uTorrent
2009-03-25 14:16 . 2008-11-15 10:33 -------- d-----w c:\program files\MSECACHE
2009-03-22 14:19 . 2006-09-09 22:06 36936 ----a-w c:\documents and settings\Lucie Ward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 18:11 . 2006-08-29 22:19 36936 ----a-w c:\documents and settings\David Crook\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 11:13 . 2009-03-08 11:10 -------- d-----w c:\documents and settings\David Crook\Application Data\Internet Tablet Video Converter
2009-03-08 11:10 . 2009-03-08 11:10 -------- d-----w c:\program files\Common Files\Nokia
2009-03-08 11:08 . 2009-03-08 11:08 -------- d-----w c:\program files\Nokia
2009-03-06 14:44 . 2006-02-03 12:42 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-26 20:45 . 2009-02-26 20:45 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-26 20:45 . 2009-02-26 20:45 -------- d-----w c:\program files\DVDVideoSoft
2009-02-20 08:30 . 2006-02-03 19:42 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2006-02-03 12:42 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 12:05 . 2006-08-29 22:17 2764 ----a-w c:\documents and settings\David Crook\Application Data\wklnhst.dat
2009-02-09 10:20 . 2006-02-03 19:42 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2006-02-03 19:42 723456 ------w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2006-02-03 12:42 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2006-02-03 12:41 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2006-02-03 19:42 1846272 ------w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2006-02-03 19:42 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2006-02-03 12:42 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2006-02-03 12:42 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-04 12:59 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2006-02-03 12:42 55808 ----a-w c:\windows\system32\secur32.dll
2007-07-15 13:01 . 2007-05-14 18:34 47360 ----a-w c:\documents and settings\David Crook\Application Data\pcouffin.sys
2006-10-15 17:32 . 2006-10-15 17:32 0 ----a-w c:\documents and settings\Lucie Ward\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ntl Netguard"="c:\program files\ntl\ntl Netguard\RPS.exe" [2005-07-05 229376]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\David Crook\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=

R3 LaCieFWFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\DRIVERS\LaCieFWFilter.sys [2005-10-18 14848]
S2 FWS;Radialpoint Service;c:\program files\ntl\ntl Netguard\fws.exe [2005-07-05 274432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S3 LaCieUSBFilter;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\DRIVERS\LaCieUSBFilter.sys [2005-10-19 15872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2009-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
Trusted Zone: diy.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 20:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1952964411-966332324-2750159416-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D647E29-F89E-7D56-6021-4DD457521398}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaffbacaffahdfabgm"=hex:6b,61,69,69,6f,68,6b,64,67,66,66,6b,6d,6e,66,6a,65,68,
6b,63,61,70,00,00
"halfhnhjpcmeplkp"=hex:6b,61,69,69,6f,68,6b,64,67,66,66,6b,6d,6e,66,6a,65,68,
6b,63,61,70,00,00
.
Completion time: 2009-04-21 20:07
ComboFix-quarantined-files.txt 2009-04-21 19:07

Pre-Run: 17,984,638,976 bytes free
Post-Run: 18,112,819,200 bytes free

154 --- E O F --- 2009-04-20 22:10



And here's the hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:38, on 21/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\NMSAccess.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\Program Files\SMART Board Software\SMARTBoardService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: PopKill Class - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: ZKBho Class - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ntl Netguard] "C:\Program Files\ntl\ntl Netguard\RPS.exe"
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.iqon.ie
O15 - Trusted Zone: www.diy.com
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photounity.com/ecommerce/script...geUploader4.cab
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccess - Unknown owner - C:\WINDOWS\system32\NMSAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe
O23 - Service: SMART Board Service - SMART Technologies Inc. - C:\Program Files\SMART Board Software\SMARTBoardService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 4938 bytes


Many thanks again.

Dave

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 22 April 2009 - 05:35 AM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

RegLockDel::
[HKEY_USERS\S-1-5-21-1952964411-966332324-2750159416-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D647E29-F89E-7D56-6021-4DD457521398}*]

SkipFix::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 davepuzzled

davepuzzled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 23 April 2009 - 05:02 AM

Sorry there was a problem again fenzodahl512.

I dragged that txt document with the info you gave on to Combofix. I left it scanning (It says around ten minutes but easily doubled if badly infected) but by the time I went to bed it was still going so I left it over night but it hadn't moved.

Dave

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 23 April 2009 - 05:23 AM

exit ComboFix, reboot your computer >> run ComboFix again (just double-click it) >> post the log here :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 davepuzzled

davepuzzled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 24 April 2009 - 04:06 AM

Here's thee latest Combo fix log. Thanks for looking.

Dave


ComboFix 09-04-21.A1 - David Crook 23/04/2009 21:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.191.53 [GMT 1:00]
Running from: c:\documents and settings\David Crook\Desktop\ComboFix.exe
AV: ntl Netguard Anti-virus *On-access scanning disabled* (Updated)
FW: ntl Netguard Firewall *disabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-23 to 2009-04-23 )))))))))))))))))))))))))))))))
.

2009-04-20 18:32 . 2009-04-20 18:34 -------- d-----w c:\program files\ERUNT
2009-03-25 14:35 . 2009-03-25 14:35 -------- d-----w c:\documents and settings\David Crook\Application Data\Malwarebytes
2009-03-25 14:35 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-25 14:35 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-25 14:35 . 2009-03-25 14:35 -------- dc----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-25 14:35 . 2009-04-20 19:46 -------- d-----w c:\program files\Malwarebytes' Anti-Malware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 07:07 . 2006-08-29 22:33 151298 -c--a-w C:\lxcf.log
2009-04-21 19:51 . 2009-04-20 20:51 -------- d-----w c:\program files\trend micro
2009-04-20 18:46 . 2006-09-10 17:15 -------- d-----w c:\program files\Common Files\Command Software
2009-04-20 18:43 . 2006-09-10 17:15 -------- d-----w c:\program files\Common Files\PestPatrol
2009-04-05 14:21 . 2006-12-26 19:22 -------- d-----w c:\program files\Lx_cats
2009-03-25 14:33 . 2006-09-21 21:07 -------- d-----w c:\documents and settings\David Crook\Application Data\uTorrent
2009-03-25 14:16 . 2008-11-15 10:33 -------- d-----w c:\program files\MSECACHE
2009-03-22 14:19 . 2006-09-09 22:06 36936 ----a-w c:\documents and settings\Lucie Ward\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 18:11 . 2006-08-29 22:19 36936 ----a-w c:\documents and settings\David Crook\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 11:13 . 2009-03-08 11:10 -------- d-----w c:\documents and settings\David Crook\Application Data\Internet Tablet Video Converter
2009-03-08 11:10 . 2009-03-08 11:10 -------- d-----w c:\program files\Common Files\Nokia
2009-03-08 11:08 . 2009-03-08 11:08 -------- d-----w c:\program files\Nokia
2009-03-06 14:44 . 2006-02-03 12:42 283648 ----a-w c:\windows\system32\pdh.dll
2009-02-26 20:45 . 2009-02-26 20:45 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-02-26 20:45 . 2009-02-26 20:45 -------- d-----w c:\program files\DVDVideoSoft
2009-02-20 08:30 . 2006-02-03 19:42 659456 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:30 . 2006-02-03 12:42 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-17 12:05 . 2006-08-29 22:17 2764 ----a-w c:\documents and settings\David Crook\Application Data\wklnhst.dat
2009-02-09 10:20 . 2006-02-03 19:42 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2006-02-03 19:42 723456 ------w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2006-02-03 12:42 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2006-02-03 12:41 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2006-02-03 19:42 1846272 ------w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2006-02-03 19:42 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2006-02-03 12:42 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2006-02-03 12:42 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-04 12:59 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2006-02-03 12:42 55808 ----a-w c:\windows\system32\secur32.dll
2007-07-15 13:01 . 2007-05-14 18:34 47360 ----a-w c:\documents and settings\David Crook\Application Data\pcouffin.sys
2006-10-15 17:32 . 2006-10-15 17:32 0 ----a-w c:\documents and settings\Lucie Ward\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-21_19.03.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-23 20:14 . 2009-04-23 20:14 12288 c:\windows\ERDNT\AutoBackup\23-04-2009\Users\00000002\UsrClass.dat
+ 2009-04-22 17:49 . 2009-04-22 17:49 12288 c:\windows\ERDNT\AutoBackup\22-04-2009\Users\00000002\UsrClass.dat
+ 2009-04-23 20:14 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\23-04-2009\ERDNT.EXE
+ 2009-04-22 17:49 . 2005-10-20 11:02 163328 c:\windows\ERDNT\AutoBackup\22-04-2009\ERDNT.EXE
+ 2009-04-23 20:14 . 2009-04-23 20:14 6057984 c:\windows\ERDNT\AutoBackup\23-04-2009\Users\00000001\NTUSER.DAT
+ 2009-04-22 17:49 . 2009-04-22 17:49 6045696 c:\windows\ERDNT\AutoBackup\22-04-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"ntl Netguard"="c:\program files\ntl\ntl Netguard\RPS.exe" [2005-07-05 229376]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\David Crook\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher S.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Exif Launcher S.lnk
backup=c:\windows\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=

R3 LaCieFWFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\DRIVERS\LaCieFWFilter.sys [2005-10-18 14848]
S2 FWS;Radialpoint Service;c:\program files\ntl\ntl Netguard\fws.exe [2005-07-05 274432]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-06 179856]
S3 LaCieUSBFilter;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\DRIVERS\LaCieUSBFilter.sys [2005-10-19 15872]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-06 15504]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-01-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 13:31]

2009-01-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
Trusted Zone: diy.com\www
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 21:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1952964411-966332324-2750159416-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{3D647E29-F89E-7D56-6021-4DD457521398}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaffbacaffahdfabgm"=hex:6b,61,69,69,6f,68,6b,64,67,66,66,6b,6d,6e,66,6a,65,68,
6b,63,61,70,00,00
"halfhnhjpcmeplkp"=hex:6b,61,69,69,6f,68,6b,64,67,66,66,6b,6d,6e,66,6a,65,68,
6b,63,61,70,00,00
.
Completion time: 2009-04-23 21:24
ComboFix-quarantined-files.txt 2009-04-23 20:24
ComboFix2.txt 2009-04-21 19:07

Pre-Run: 17,956,278,272 bytes free
Post-Run: 17,950,711,808 bytes free

152 --- E O F --- 2009-04-20 22:10

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 24 April 2009 - 04:53 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 davepuzzled

davepuzzled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 24 April 2009 - 04:18 PM

Hi fenzodahl512

Did scan but managed to mess it up. It had found four threats and looked like it might have deleted them. Run again anyway to be sure and it then found no threats - Great news (I hope). Here's the log it gave me.

Computer does seem fine now no malware popping up and no winsecurity centre.

Dave

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4034 (20090424)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=bf4d76ebb7c893419616466ecae9191c
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-04-24 09:16:45
# local_time=2009-04-24 10:16:45 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=5.1.2600 NT Service Pack 2
# scanned=208955
# found=0
# scan_time=4249

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 24 April 2009 - 08:17 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware



Read these links about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm



Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 davepuzzled

davepuzzled
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:47 AM

Posted 25 April 2009 - 07:19 AM

All looks good. No popups, no virus's detected and does seem to run a bit faster.

Thanks for all your help.

dave




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users