Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I think it might be vundo. Pop-ups + more..


  • This topic is locked This topic is locked
21 replies to this topic

#1 saucepan

saucepan

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 16 April 2009 - 02:55 PM

Hello, this isn't the first time I have been on here begging for help. Last time I think the problem was Vundo aswell. Basically, same symptons as I had before.. Constant pop-ups and "security alerts" in Internet Explorer (obviously fake). I ran a quick scan using MBAM and found a few infected files with the name "Trojan.Vundo...etc." Anyway, I'm not very good with computers and I would probably do more harm than good if I had a go at removing this, so I was hoping you guys could help out again. You lot did a brilliant job last time and everything has been running smooth for months.. however it seems to be back again. :step4:

Another thing which is concerning me is that I am using Avira, however everytime I boot my PC up, the AntiVirus Guard is always stopped. This hasn't always been the case. It used to work perfectly fine, until some random morning when it decided it would shut itself off everytime i load up. I can't recall changing any settings to it, so this got me thinking maybe something is disabling it. :) Anyway, I don't know... here are the logs.

Any help would be greatly appreciated. :thumbup2:

============================




DDS (Ver_09-03-16.01) - NTFSx86
Run by Matt at 20:43:22.32 on 16/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1535.1055 [GMT 1:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\servises.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Matt\Application Data\pidle\pidle.exe
C:\DOCUME~1\Matt\LOCALS~1\Temp\2776990660.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.facebook.com/reqs.php#/profile.php?id=516487254&ref=profile
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: {b057811d-cffe-4624-9219-09d9ce24cf77} - c:\windows\system32\kozotifa.dll
BHO: {D7BF4552-94F1-42BD-F434-3604812C856D} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsgCenterExe] "c:\program files\common files\real\update_ob\RealOneMessageCenter.exe" -osboot
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe" -autorun
uRun: [prunnet] "c:\windows\system32\prunnet.exe"
uRun: [pidle] "c:\documents and settings\matt\application data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
uRun: [Diagnostic Manager] c:\docume~1\matt\locals~1\temp\2776990660.exe
uRun: [servises] c:\windows\system32\servises.exe
mRun: [LXCYCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCYtime.dll,_RunDLLEntry@16
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRun: [prunnet] "c:\windows\system32\prunnet.exe"
mRun: [servises] c:\windows\system32\servises.exe
mRun: [havajomose] Rundll32.exe "c:\windows\system32\wepakezu.dll",s
dRun: [<NO NAME>] c:\windows\temp\oqekxqog.exe
dRun: [Windows Resurections] c:\windows\temp\oqekxqog.exe
dRun: [Diagnostic Manager] c:\windows\temp\1089614206.exe
uExplorerRun: [servises] c:\windows\system32\servises.exe
mExplorerRun: [servises] c:\windows\system32\servises.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
dPolicies-explorer: NoFolderOptions = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - hxxp://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183563549625
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
AppInit_DLLs: , ,c:\windows\system32\naruhoku.dll
LSA: Notification Packages = scecli c:\windows\system32\naruhoku.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-14 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-14 68865]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-29 210216]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-7-5 1174152]
R3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-14 151297]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-14 52032]
S3 Camdrv30;Philips ToUcam XS;c:\windows\system32\drivers\camdrv30.sys [2007-7-5 171264]
S3 lxcy_device;lxcy_device;c:\windows\system32\lxcycoms.exe -service --> c:\windows\system32\lxcycoms.exe -service [?]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\drivers\s125mdfl.sys [2007-4-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\drivers\s125mdm.sys [2007-4-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s125mgmt.sys [2007-4-24 100488]
S3 w200bus;Sony Ericsson W200 driver (WDM);c:\windows\system32\drivers\w200bus.sys [2008-6-14 61504]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;c:\windows\system32\drivers\w200obex.sys [2008-6-14 86368]

=============== Created Last 30 ================

2009-04-16 20:12 155 a------- c:\windows\system32\SelfDel.bat
2009-04-16 20:12 84,045 a------- c:\windows\system32\ftp_non_crp.exe
2009-04-16 20:04 25,088 a------- c:\windows\system32\servises.exe
2009-04-16 20:04 4 a------- c:\windows\system32\_id.dat
2009-04-16 19:58 46 a------- c:\windows\system32\p2hhr.bat
2009-04-16 19:57 23,040 a------- c:\windows\system32\ak1.exe
2009-04-16 19:57 <DIR> --d----- c:\docume~1\matt\applic~1\pidle
2009-04-16 19:42 59,801 a------- c:\windows\system32\prunnet.exe
2009-04-13 17:41 54,156 a---h--- c:\windows\QTFont.qfn
2009-04-13 17:41 1,409 a------- c:\windows\QTFont.for
2009-04-07 11:15 <DIR> --d----- c:\program files\Rockstar Games
2009-04-07 10:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-04-07 10:57 <DIR> --d----- c:\docume~1\matt\applic~1\DAEMON Tools Pro
2009-04-02 20:03 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-04-02 20:03 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-04-02 20:03 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-04-02 20:03 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-04-02 20:03 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-04-02 20:03 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-04-02 20:03 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-03-27 00:23 <DIR> --d----- c:\docume~1\matt\applic~1\MilkShape 3D 1.x.x
2009-03-24 23:32 <DIR> --d----- c:\docume~1\matt\applic~1\NoNameScript
2009-03-23 19:24 <DIR> --d----- c:\windows\Logs
2009-03-22 21:20 5,632 a------- c:\windows\system32\ptpusb.dll
2009-03-22 21:20 159,232 a------- c:\windows\system32\ptpusd.dll
2009-03-19 12:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\HMRC
2009-03-19 01:06 380 a------- c:\windows\5743System.bat

==================== Find3M ====================

2009-04-16 19:47 87,552 -------- c:\windows\system32\muhemive.dll
2009-03-06 15:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:09 78,336 a------- c:\windows\system32\ieencode.dll
2009-02-09 16:18 202,040 a------- c:\windows\system32\PnkBstrB.exe
2009-02-09 11:20 723,456 a------- c:\windows\system32\lsasrv.dll
2009-02-09 11:20 399,360 a------- c:\windows\system32\rpcss.dll
2009-02-09 11:20 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 11:20 616,960 a------- c:\windows\system32\advapi32.dll
2009-02-09 11:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-06 18:24 2,180,480 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 18:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 17:54 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 17:49 2,057,728 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 21:08 55,808 a------- c:\windows\system32\secur32.dll
2008-12-23 17:17 22,328 a------- c:\docume~1\matt\applic~1\PnkBstrK.sys

============= FINISH: 20:44:08.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 27 April 2009 - 10:25 AM

I know I'm not supposed to bump a topic, however it has been 11 days and I can't help but think this one has been over-looked.

Also things have gotten a lot worse. My computer is in a right mess and I now have that antivirusproxp thing, or whatever it is called which you describe on your homepage. I have run MBAM several times but it isn't picking it up or removing it. My Avira completely stopped working and It would not let me re-install it so I decided to get rid of it and install another free anti virs. However I am having major problems staying connected to the internet long enough to be able to download any of them so my computer is unprotected at the moment which is why i refuse to go on it anymore unless I am following the advice given to me from here because I don't want to make it even worse.

I am using another computer right now to view this thread for advice and what to do.

I am not sure whether the HJT log i posted 11 days ago is still of any use to you so if you require a fresh one can you let me know and I will try getting on the other computer and producing one for you.

Please help. :thumbup2:

EDIT: Just wanted to add I know you are probably extremely busy and I appreciate that, just thought I should update you on the situation as alot seems to have changed and just want to say sorry if I sounded a bit pushy.

Edited by saucepan, 27 April 2009 - 10:42 AM.


#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 28 April 2009 - 01:51 AM

Hello, my name is fenzodahl512 and welcome to Bleeping Computer.. Please do the following....



Please download The Comedian.exe to your desktop
  • Double click the program to run it. It will only take around several minutes to run.
  • It will do a series of tasks and tell you when each one is finished.
  • You will be prompted to press any key after each step
  • When it is done it will close and exit itself automatically.
  • You can delete The_Comedian.exe once it is finished



NEXT


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




NEXT


Please download RSIT by random/random and save it to your Desktop.
  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt and info.txt in your next reply.



NEXT


Please download GMER and unzip it to your Desktop. <<mirror>>
If you see "random" name, just leave it.. If you see "GMER", please rename GMER into GAMERS
  • Open the renamed program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results into a Notepad >> save it and attach in this thread.
IMPORTANT: Do NOT run any program while you are doing these scans as it may interfere with the output results



Post me these logs in your next reply.. Post each log in separate post..

1. Malwarebytes'
2. RSIT log.txt
3. RSIT info.txt
4. Attach GMER result..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 29 April 2009 - 07:32 AM

Malwarebytes' Anti-Malware 1.31
Database version: 1456
Windows 5.1.2600 Service Pack 2

29/04/2009 13:10:08
mbam-log-2009-04-29 (13-10-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 119310
Time elapsed: 26 minute(s), 41 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 11
Folders Infected: 1
Files Infected: 25

Memory Processes Infected:
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\__c009F1FE.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009f1fe (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\icf (Rootkit.ADS) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Framework Windows (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fb6bd.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twext.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Delete on reboot.

Files Infected:
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\10KOQKST\ahurebocmi[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\10KOQKST\bqwkgherb[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\10KOQKST\djspmz[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\34UVK9JX\hnwtu[1].htm (Trojan.TinyDownloader705) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twain_32\local.ds (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\twain_32\user.ds (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\ntdll64.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\twext.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\__c009F1FE.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c002591C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svchost.exe:ext.exe (Rootkit.ADS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ahtn.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\frmwrk32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_A00FB6BD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\_A00FE394B.exe (Trojan.Agent) -> Quarantined and deleted successfully.


(End of MBAM log, start of RSIT log.)



Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt at 2009-04-29 13:18:33
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 36 GB (48%) free of 76 GB
Total RAM: 1535 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:19:13, on 29/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\dhcp\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\sopidkc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tdctxte.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\TEMP\rtv_winupd.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Matt\LOCALS~1\Temp\1558568690.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\TEMP\VRTF.tmp
C:\Documents and Settings\Matt\Start Menu\Programs\Startup\msnmsgr.exe
\?\globalroot\C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Matt\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Matt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/reqs.php#/profile....amp;ref=profile
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twext.exe,
O2 - BHO: Google Toolbar Helper - {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {b2ba40a2-74f0-42bd-f434-12345a2c8953} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [22223] c:\wcfgayg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Radio-TV adverts] C:\WINDOWS\TEMP\rtv_winupd.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKLM\..\Run: [autochk] rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16
O4 - HKCU\..\Run: [Diagnostic Manager] C:\DOCUME~1\Matt\LOCALS~1\Temp\1558568690.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Documents and Settings\Matt\Start Menu\Programs\Startup\msnmsgr.exe" /background
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Matt\reader_s.exe
O4 - HKCU\..\Run: [autochk] rundll32.exe C:\DOCUME~1\NETWOR~1\protect.dll,_IWMPEvents@16
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\usjikcfsd6.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\usjikcfsd6.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\1093099940.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [svc] c:\program Files\ThunMail\testabd.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Matt\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Documents and Settings\Matt\Start Menu\Programs\Startup\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [A00FB6BD.exe] C:\WINDOWS\TEMP\_A00FB6BD.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Startup: msnmsgr.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} - http://gamedownload.ijjimax.com/gamedownlo...Plugin11USA.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1183563549625
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\yonolafo.dll c:\progra~1\ThunMail\testabd.dll
O20 - Winlogon Notify: __c009f1fe - C:\WINDOWS\system32\__c009F1FE.dat
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Dhcp server (dhcpsrv) - Unknown owner - C:\WINDOWS\dhcp\svchost.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF (icf) - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcy_device - - C:\WINDOWS\system32\lxcycoms.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: tdctxte Service (tdctxte) - Unknown owner - C:\WINDOWS\system32\tdctxte.exe

--
End of file - 10932 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa58ed58-01dd-4d91-8333-cf10577473f7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-28 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2ba40a2-74f0-42bd-f434-12345a2c8953}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c84d72fe-e17d-4195-bb24-76c02e2e7c4e}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-28 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Toolbar - C:\Program Files\Lexmark Toolbar\toolband.dll [2006-01-25 184320]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-04-28 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"22223"=c:\wcfgayg.exe []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-04-19 36352]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-10 405504]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Radio-TV adverts"=C:\WINDOWS\TEMP\rtv_winupd.exe [2009-04-29 35840]
"Framework Windows"=frmwrk32.exe []
"autochk"=C:\WINDOWS\system32\autochk.dll [2009-04-29 24064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Diagnostic Manager"=C:\DOCUME~1\Matt\LOCALS~1\Temp\1558568690.exe [2009-04-26 180042]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 35840]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-08-04 68856]
"msnmsgr"=C:\Documents and Settings\Matt\Start Menu\Programs\Startup\msnmsgr.exe [2007-01-19 5674352]
"reader_s"=C:\Documents and Settings\Matt\reader_s.exe []
"autochk"=C:\DOCUME~1\NETWOR~1\protect.dll [2009-04-29 24064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
C:\WINDOWS\ALCXMNTR.EXE [2004-09-07 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_Run]
C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]
C:\Program Files\Lexmark 3400 Series\ezprint.exe [2006-02-07 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2006-02-02 311296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-01-15 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxcymon.exe]
C:\Program Files\Lexmark 3400 Series\lxcymon.exe [2006-01-25 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-01-10 405504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2009-02-11 1410296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [2007-02-02 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sally^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]
C:\PROGRA~1\OPENOF~1.2\program\QUICKS~1.EXE [2007-02-02 413696]

C:\Documents and Settings\Matt\Start Menu\Programs\Startup
ChkDisk.dll
ChkDisk.lnk - C:\WINDOWS\system32\rundll32.exe
msnmsgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\yonolafo.dll c:\progra~1\ThunMail\testabd.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c009f1fe]
C:\WINDOWS\system32\__c009F1FE.dat [2009-04-28 27648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\yonolafo.dll
mim325.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1
"DisableTaskMgr"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoFolderOptions"=1
"NoSetActiveDesktop"=1
"NoActiveDesktopChanges"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=
"NoSetActiveDesktop"=
"NoActiveDesktopChanges"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™"
"C:\Program Files\Steam\steamapps\saundario\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\saundario\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\steamapps\saundario\tools\mIRC\mirc.exe"="C:\Program Files\Steam\steamapps\saundario\tools\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\steamapps\saundario\Half-Life\hl.exe"="C:\Program Files\Steam\steamapps\saundario\Half-Life\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe"="C:\Program Files\Call of Duty Game of the Year Edition\CoDUOMP.exe:*:Enabled:CoDUOMP"
"C:\Program Files\EA GAMES\MOHAA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault™"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare"
"C:\Program Files\Steam\steamapps\saundario\counter-strike source\hl2.exe"="C:\Program Files\Steam\steamapps\saundario\counter-strike source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Steam\steamapps\saundario\tools\HLSW\hlsw.exe"="C:\Program Files\Steam\steamapps\saundario\tools\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\HLSW\hlsw.exe"="C:\Program Files\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Steam\steamapps\saundario\tools\Ventrilo.exe"="C:\Program Files\Steam\steamapps\saundario\tools\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\saundario\condition zero\hl.exe"="C:\Program Files\Steam\steamapps\saundario\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Steam\steamapps\saundario\tools\mirc.exe"="C:\Program Files\Steam\steamapps\saundario\tools\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Steam\steamapps\zvan0kas\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\zvan0kas\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\wcfgayg.exe"="C:\wcfgayg.exe:*:Disabled:wcfgayg"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:IEXPLORE"
"C:\Documents and Settings\Matt\Start Menu\Programs\Startup\msnmsgr.exe"="C:\Documents and Settings\Matt\Start Menu\Programs\Startup\msnmsgr.exe:*:Enabled:Messenger"
"C:\WINDOWS\system32\3361\svchost.exe"="C:\WINDOWS\system32\3361\svchost.exe:*:Enabled:SVCHOST.EXE"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - D:\EmployerCDROM.exe


======List of files/folders created in the last 3 months======

2009-04-29 13:18:34 ----D---- C:\Program Files\trend micro
2009-04-29 13:18:33 ----D---- C:\rsit
2009-04-29 13:10:25 ----A---- C:\vhojjqp.txt
2009-04-29 12:09:54 ----D---- C:\Program Files\ERUNT
2009-04-29 11:54:49 ----A---- C:\WINDOWS\system32\loader49.exe
2009-04-29 11:35:34 ----A---- C:\WINDOWS\system32\tpsaxyd.exe
2009-04-29 11:35:19 ----A---- C:\WINDOWS\system32\lmppcsetup.exe
2009-04-28 21:24:50 ----A---- C:\WINDOWS\system32\13.tmp
2009-04-28 21:24:49 ----A---- C:\WINDOWS\system32\12.tmp
2009-04-28 21:24:40 ----A---- C:\WINDOWS\system32\winglsetup.exe
2009-04-28 16:31:50 ----ASH---- C:\WINDOWS\system32\autochk.dll
2009-04-27 19:24:46 ----A---- C:\cuhel.exe
2009-04-27 17:20:03 ----A---- C:\WINDOWS\system32\11.tmp
2009-04-27 17:19:52 ----A---- C:\WINDOWS\system32\10.tmp
2009-04-27 12:29:17 ----A---- C:\WINDOWS\ntbtlog.txt
2009-04-27 12:24:50 ----A---- C:\WINDOWS\system32\loader266.exe
2009-04-26 14:14:56 ----A---- C:\WINDOWS\system32\ftp_non_crp.exe
2009-04-26 12:06:36 ----D---- C:\Program Files\LanqiEngine
2009-04-21 01:55:32 ----A---- C:\WINDOWS\system32\suiku.txt
2009-04-20 23:24:01 ----A---- C:\WINDOWS\system32\w.exe
2009-04-20 23:23:39 ----D---- C:\WINDOWS\system32\3361
2009-04-20 23:23:14 ----A---- C:\WINDOWS\system32\hsf9ikmifj934g.dll
2009-04-20 23:23:13 ----A---- C:\WINDOWS\system32\xz.exe
2009-04-20 21:48:46 ----A---- C:\WINDOWS\system32\sf87wuijndoio43j.dll
2009-04-20 21:10:28 ----A---- C:\WINDOWS\fpqdzqd.txt
2009-04-20 12:34:18 ----A---- C:\WINDOWS\fuzt.txt
2009-04-19 10:49:24 ----A---- C:\WINDOWS\system32\AdvOcr.dll
2009-04-19 10:49:19 ----A---- C:\WINDOWS\system32\TRSOCR.dll
2009-04-19 10:49:17 ----A---- C:\WINDOWS\system32\TRSOCR.ini
2009-04-18 00:54:24 ----A---- C:\WINDOWS\system32\bversion.dll
2009-04-18 00:52:51 ----A---- C:\WINDOWS\system32\IPHACTION.dll
2009-04-17 23:21:55 ----A---- C:\WINDOWS\system32\IpSvchostF.dll
2009-04-17 23:21:11 ----A---- C:\WINDOWS\system32\tcpd.exe
2009-04-17 23:21:11 ----A---- C:\WINDOWS\system32\kernel32_check.dll
2009-04-17 23:21:11 ----A---- C:\WINDOWS\system32\AUTMGR.EXE
2009-04-17 23:21:10 ----A---- C:\WINDOWS\system32\tcpcon.dll
2009-04-17 23:21:10 ----A---- C:\WINDOWS\system32\riphy.dll
2009-04-17 23:21:10 ----A---- C:\WINDOWS\system32\Packer.dll
2009-04-17 23:21:10 ----A---- C:\WINDOWS\system32\iphy.dll
2009-04-17 23:21:10 ----A---- C:\WINDOWS\system32\fhpatch.dll
2009-04-17 23:21:03 ----A---- C:\WINDOWS\system32\A5.tmp
2009-04-17 23:20:39 ----D---- C:\WINDOWS\dhcp
2009-04-17 23:20:33 ----A---- C:\WINDOWS\system32\A3.tmp
2009-04-17 23:20:31 ----A---- C:\WINDOWS\system32\A2.tmp
2009-04-17 23:20:18 ----RSHD---- C:\Program Files\ThunMail
2009-04-17 23:19:53 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-04-17 23:19:09 ----A---- C:\WINDOWS\instsp2.exe
2009-04-17 20:09:01 ----D---- C:\Documents and Settings\Matt\Application Data\Twain
2009-04-17 11:20:03 ----SH---- C:\WINDOWS\system32\odupibiz.ini
2009-04-16 20:12:47 ----A---- C:\WINDOWS\system32\SelfDel.bat
2009-04-16 19:57:42 ----A---- C:\WINDOWS\system32\ak1.exe
2009-04-16 19:57:39 ----D---- C:\Documents and Settings\Matt\Application Data\pidle
2009-04-15 21:18:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 21:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 21:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 21:15:47 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 21:15:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 21:15:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-04-07 11:15:34 ----D---- C:\Program Files\Rockstar Games
2009-04-07 10:57:06 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2009-04-07 10:57:04 ----D---- C:\Documents and Settings\Matt\Application Data\DAEMON Tools Pro
2009-04-02 20:03:43 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2009-04-02 20:03:43 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2009-04-02 20:03:43 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2009-04-02 20:03:42 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2009-04-02 20:03:42 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2009-04-02 20:03:38 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2009-04-02 20:03:33 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2009-03-27 00:23:44 ----D---- C:\Documents and Settings\Matt\Application Data\MilkShape 3D 1.x.x
2009-03-24 23:32:16 ----D---- C:\Documents and Settings\Matt\Application Data\NoNameScript
2009-03-23 19:26:27 ----A---- C:\WINDOWS\system32\d3dx10_40.dll
2009-03-23 19:26:27 ----A---- C:\WINDOWS\system32\D3DCompiler_40.dll
2009-03-23 19:26:26 ----A---- C:\WINDOWS\system32\D3DX9_40.dll
2009-03-23 19:26:25 ----A---- C:\WINDOWS\system32\XAudio2_3.dll
2009-03-23 19:26:25 ----A---- C:\WINDOWS\system32\XAPOFX1_2.dll
2009-03-23 19:26:25 ----A---- C:\WINDOWS\system32\xactengine3_3.dll
2009-03-23 19:26:24 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2009-03-23 19:26:24 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2009-03-23 19:26:24 ----A---- C:\WINDOWS\system32\X3DAudio1_5.dll
2009-03-23 19:26:23 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2009-03-23 19:26:22 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-03-23 19:26:22 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2009-03-23 19:26:22 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2009-03-23 19:26:21 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2009-03-23 19:26:20 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2009-03-23 19:26:20 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2009-03-23 19:26:19 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2009-03-23 19:26:19 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2009-03-23 19:26:19 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2009-03-23 19:26:18 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2009-03-23 19:26:17 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2009-03-23 19:26:17 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2009-03-23 19:26:16 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2009-03-23 19:26:15 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2009-03-23 19:26:15 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2009-03-23 19:26:15 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2009-03-23 19:26:14 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2009-03-23 19:26:13 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2009-03-23 19:26:13 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2009-03-23 19:26:12 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-03-23 19:26:12 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-03-23 19:26:06 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-03-23 19:26:06 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-03-23 19:26:01 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-03-23 19:24:15 ----D---- C:\WINDOWS\Logs
2009-03-22 21:20:04 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-03-22 21:20:03 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-03-19 12:54:36 ----D---- C:\Documents and Settings\All Users\Application Data\HMRC
2009-03-19 01:06:59 ----A---- C:\WINDOWS\5743System.bat
2009-03-13 21:17:24 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-13 21:17:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-02-28 09:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-18 13:37:27 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-02-18 13:37:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-14 08:58:09 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 21:13:02 ----D---- C:\Program Files\Steam
2009-02-04 12:07:55 ----D---- C:\Documents and Settings\Matt\Application Data\Publish Providers
2009-02-04 12:07:25 ----D---- C:\Documents and Settings\Matt\Application Data\Sony
2009-02-04 11:41:57 ----D---- C:\Documents and Settings\Matt\Application Data\uTorrent

======List of files/folders modified in the last 3 months======

2009-04-29 13:18:34 ----RD---- C:\Program Files
2009-04-29 13:18:02 ----D---- C:\WINDOWS\Temp
2009-04-29 13:18:02 ----D---- C:\WINDOWS\system32
2009-04-29 13:10:25 ----D---- C:\WINDOWS\system32\drivers
2009-04-29 12:10:47 ----D---- C:\WINDOWS\Prefetch
2009-04-29 12:10:28 ----D---- C:\WINDOWS\ERDNT
2009-04-29 11:36:52 ----D---- C:\WINDOWS
2009-04-28 21:30:53 ----SHD---- C:\WINDOWS\Installer
2009-04-27 19:27:05 ----A---- C:\WINDOWS\system32\svchost.exe
2009-04-27 11:49:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-20 23:23:54 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-04-20 22:36:45 ----D---- C:\WINDOWS\Debug
2009-04-20 22:29:11 ----SHD---- C:\Config.Msi
2009-04-20 22:29:10 ----D---- C:\WINDOWS\WinSxS
2009-04-20 22:21:59 ----D---- C:\Program Files\Common Files
2009-04-20 12:17:01 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-20 09:49:06 ----ASH---- C:\WINDOWS\system32\rezakaju.exe
2009-04-19 10:40:41 ----ASH---- C:\WINDOWS\system32\rigebevu.exe
2009-04-18 13:51:31 ----ASH---- C:\WINDOWS\system32\juvilisi.exe
2009-04-17 23:21:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-04-17 23:19:09 ----ASH---- C:\WINDOWS\system32\sizomupu.dll
2009-04-17 23:19:08 ----ASH---- C:\WINDOWS\system32\kuwotevi.exe
2009-04-17 11:20:16 ----ASH---- C:\WINDOWS\system32\fiyobubi.dll
2009-04-17 11:19:46 ----ASH---- C:\WINDOWS\system32\jisaleyu.dll
2009-04-16 20:35:56 ----D---- C:\Documents and Settings\Matt\Application Data\mIRC
2009-04-16 19:47:43 ----N---- C:\WINDOWS\system32\muhemive.dll
2009-04-16 11:46:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 22:17:12 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 22:17:12 ----D---- C:\WINDOWS\AppPatch
2009-04-15 21:18:08 ----HD---- C:\WINDOWS\inf
2009-04-15 21:17:46 ----D---- C:\WINDOWS\system32\en-US
2009-04-15 21:17:45 ----D---- C:\Program Files\Internet Explorer
2009-04-15 21:15:54 ----HD---- C:\WINDOWS\$hf_mig$
2009-04-07 11:15:34 ----HD---- C:\Program Files\InstallShield Installation Information
2009-04-03 16:23:21 ----D---- C:\Documents and Settings\Matt\Application Data\FileZilla
2009-04-02 23:57:17 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-02 20:03:44 ----D---- C:\WINDOWS\system32\DirectX
2009-04-02 20:03:23 ----HD---- C:\WINDOWS\msdownld.tmp
2009-03-30 00:21:54 ----A---- C:\WINDOWS\WORDPAD.INI
2009-03-22 21:20:23 ----D---- C:\Program Files\Abbyy FineReader 6.0 Sprint
2009-03-19 12:56:48 ----SHD---- C:\RECYCLER
2009-03-19 12:41:28 ----D---- C:\Program Files\HMRC
2009-03-18 23:46:57 ----D---- C:\WINDOWS\system32\svcdll
2009-03-18 11:47:04 ----D---- C:\Program Files\McAfee
2009-03-06 15:44:35 ----A---- C:\WINDOWS\system32\pdh.dll
2009-03-05 12:54:29 ----D---- C:\Program Files\Uniblue
2009-03-04 21:22:22 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-03-04 21:22:22 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-04 20:57:15 ----D---- C:\Documents and Settings\All Users\Application Data\Sony
2009-03-04 20:46:10 ----RSD---- C:\WINDOWS\assembly
2009-03-03 01:18:25 ----A---- C:\WINDOWS\system32\wininet.dll
2009-02-23 19:59:57 ----D---- C:\Documents and Settings\Matt\Application Data\HLSW
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\url.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\occache.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\mstime.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\msrating.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-02-20 19:09:38 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-02-20 19:09:37 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-02-20 19:09:37 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-02-20 19:09:37 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-02-20 19:09:37 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-02-20 19:09:37 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-02-20 19:09:37 ----A---- C:\WINDOWS\system32\iernonce.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\ieaksie.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\ieakeng.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\icardie.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\extmgr.dll
2009-02-20 19:09:36 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-02-20 19:09:35 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-02-20 19:09:35 ----A---- C:\WINDOWS\system32\advpack.dll
2009-02-20 11:20:49 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-02-20 11:20:49 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2009-02-20 06:14:12 ----A---- C:\WINDOWS\system32\ieakui.dll
2009-02-13 00:57:56 ----D---- C:\Documents and Settings\Matt\Application Data\BPFTP
2009-02-09 16:18:42 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-02-09 11:20:34 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-02-09 11:20:34 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-02-09 11:20:33 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-02-09 11:20:33 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-02-06 18:24:35 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-02-06 18:14:03 ----A---- C:\WINDOWS\system32\services.exe
2009-02-06 17:54:36 ----A---- C:\WINDOWS\system32\sc.exe
2009-02-06 17:49:02 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-02-04 13:17:01 ----D---- C:\Documents and Settings\Matt\Application Data\LimeWire
2009-02-04 12:46:10 ----D---- C:\Documents and Settings\Matt\Application Data\Mozilla
2009-02-03 21:08:52 ----A---- C:\WINDOWS\system32\secur32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 gebaf3a;gebaf3a; C:\WINDOWS\System32\drivers\gebaf3a.sys [2009-04-20 17376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 nli472d;nli472d; C:\WINDOWS\System32\drivers\nli472d.sys [2009-04-20 17376]
R1 pmk711e;pmk711e; C:\WINDOWS\System32\drivers\pmk711e.sys [2009-04-19 17376]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2003-04-09 11043]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2003-11-13 1042816]
R3 HSFHWBS2;HSFHWBS2; C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys [2003-11-13 210304]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-12-14 85120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2003-11-13 679808]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
S1 ectbe10;ectbe10; C:\WINDOWS\System32\drivers\ectbe10.sys []
S1 oljef85;oljef85; C:\WINDOWS\System32\drivers\oljef85.sys []
S1 pmk874e;pmk874e; C:\WINDOWS\System32\drivers\pmk874e.sys []
S1 sqne8f9;sqne8f9; C:\WINDOWS\System32\drivers\sqne8f9.sys [2009-04-20 17376]
S1 troc347;troc347; C:\WINDOWS\System32\drivers\troc347.sys []
S3 at1394;at1394; \??\C:\WINDOWS\system32\at1394.sys []
S3 aujasnkj;aujasnkj; \??\C:\DOCUME~1\Matt\LOCALS~1\Temp\aujasnkj.sys []
S3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 Camdrv30;Philips ToUcam XS; C:\WINDOWS\System32\Drivers\camdrv30.sys [2001-08-17 171264]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mbamswissarmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 vitra;vitra; C:\WINDOWS\System32\drivers\vitra.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-01-15 131072]
R2 dhcpsrv;Dhcp server; C:\WINDOWS\dhcp\svchost.exe [2009-04-26 256512]
R2 ias;Ias; C:\WINDOWS\System32\svchost.exe [2009-04-27 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-27 152984]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 184388]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-23 66872]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-02-09 202040]
R2 sopidkc;sopidkc Service; C:\WINDOWS\system32\sopidkc.exe [2004-08-04 194560]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-07-05 1174152]
R2 tdctxte;tdctxte Service; C:\WINDOWS\system32\tdctxte.exe [2004-08-04 195072]
S2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe []
S2 icf;ICF; C:\WINDOWS\system32\svchost.exe [2009-04-27 14336]
S2 msncache;msncache; C:\WINDOWS\system32\svchost.exe [2009-04-27 14336]
S3 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 57344]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 182768]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 884736]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-01-15 504104]
S3 lxcy_device;lxcy_device; C:\WINDOWS\system32\lxcycoms.exe [2006-02-20 516096]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR []
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 86592]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2009-04-27 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 286720]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 143360]

-----------------EOF-----------------

Edited by saucepan, 29 April 2009 - 07:37 AM.


#5 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 29 April 2009 - 07:34 AM

info.txt logfile of random's system information tool 1.06 2009-04-29 13:19:16

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
Apple Mobile Device Support-->MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Call of Duty - United Offensive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A662E280-64A8-4CF5-8407-13D0808602B3}
Call of Duty Game of the Year Edition-->C:\PROGRA~1\CALLOF~1\Uninstall\Unwise.exe /u C:\PROGRA~1\CALLOF~1\Uninstall\Install.log
Call of Duty® 4 - Modern Warfare™-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Fraps-->"C:\Program Files\Steam\steamapps\saundario\tools\uninstall.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
Half-Life Compile Tool Package-->C:\SIERRA\Half-Life Editing\uninstall_HL-Compiled.exe
Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HLSW v1.3.1-->"C:\Program Files\HLSW\unins000.exe"
HMRC Employer CD-ROM 2009-->C:\Documents and Settings\Sally\Desktop\uninstall.exe
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Product Detection-->MsiExec.exe /I{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}
iTunes-->MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Lexmark 3400 Series-->C:\Program Files\Lexmark 3400 Series\Install\x86\Uninst.exe
Lexmark Fax Solutions-->C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
Lexmark Toolbar-->regsvr32.exe /s /u "C:\Program Files\Lexmark Toolbar\toolband.dll"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
mIRC-->C:\Program Files\Steam\steamapps\saundario\tools\uninstall.exe _?=C:\Program Files\Steam\steamapps\saundario\tools
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenOffice.org 2.2-->MsiExec.exe /I{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}
QuickTime-->MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec KB-DocID:2003093015493306-->MsiExec.exe /I{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}
Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
X-ray Anti-Cheat-->C:\Program Files\Steam\steamapps\saundario\tools\X-ray Anti-Cheat\uninstaller.exe
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

127.0.0.1 jL.chura.pl

======System event log======

Computer Name: OWNER-BFBF44013
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 13758
Source Name: Service Control Manager
Time Written: 20090418153434.000000+060
Event Type: error
User:

Computer Name: OWNER-BFBF44013
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 13757
Source Name: Service Control Manager
Time Written: 20090418153429.000000+060
Event Type: error
User:

Computer Name: OWNER-BFBF44013
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 13756
Source Name: Service Control Manager
Time Written: 20090418153319.000000+060
Event Type: error
User:

Computer Name: OWNER-BFBF44013
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 13755
Source Name: Service Control Manager
Time Written: 20090418153314.000000+060
Event Type: error
User:

Computer Name: OWNER-BFBF44013
Event Code: 7028
Message: The wuauserv Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.

Record Number: 13754
Source Name: Service Control Manager
Time Written: 20090418153203.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: OWNER-BFBF44013
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 52
Source Name: usnjsvc
Time Written: 20090109095928.000000+000
Event Type:
User:

Computer Name: OWNER-BFBF44013
Event Code: 1000
Message: Faulting application gta_sa.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 42
Source Name: Application Error
Time Written: 20090108153126.000000+000
Event Type: error
User:

Computer Name: OWNER-BFBF44013
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 18
Source Name: usnjsvc
Time Written: 20090108111551.000000+000
Event Type:
User:

Computer Name: OWNER-BFBF44013
Event Code: 12001
Message: The Messenger Sharing USN Journal Reader service started successfully.

Record Number: 11
Source Name: usnjsvc
Time Written: 20090107165847.000000+000
Event Type:
User:

Computer Name: OWNER-BFBF44013
Event Code: 1000
Message: Faulting application gta_sa.exe, version 0.0.0.0, faulting module , version 0.0.0.0, fault address 0x00000000.

Record Number: 9
Source Name: Application Error
Time Written: 20090107134739.000000+000
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"sourcesdk"=c:\program files\steam\steamapps\saundario\sourcesdk
"VProject"=c:\program files\steam\steamapps\saundario\counter-strike source\cstrike
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

#6 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 29 April 2009 - 07:57 AM

Heres the final log. For some reason when i posted the MBAM and RSIT log file they merged topics. I added a line in bold where the MBAM file ends and where the RSIT log begins.

Also, I was wondering if you could help me with getting my permissions back to access the task manager as that has somehow been disabled even though I have admin rights. My windows firewall is also being turned off everytime i load up.

Anyway, thanks for your help so far! :thumbup2:

Attached Files



#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 29 April 2009 - 12:10 PM

Wow..This computer is a mess.. :thumbup2:

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 29 April 2009 - 02:36 PM

When trying to run ComboFix I get an error roughly like this...


"ALERT! It is not safe to continue..

The contents of the combofix package has been compromised.

Please download a fresh copy from:

bleeping computer.com/combofix/howtousecombofix

Note: you may be infected with a file patching virus (virut)"



I just typed that out and thats basically what it says everytime i try to run combofix, and i did download a fresh copy from the link suggested but was presented with the same message.

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 29 April 2009 - 02:58 PM

that is not good.. Lets verify it...

Please show hidden files and folders
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:
    • C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
If VirScan.org server is too busy, please submit the file to VirusTotal instead.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 30 April 2009 - 05:52 AM

Following the guide on how to show hidden files and folder I click my start menu and dont see an explore option. :/ Which is wierd because I used to know how to show the hidden files and folders but I can't for the life of me find out how it is done at the moment!

I know this sounds ridiculous and probably frustrating to you but I really can't seem to find this. :/ I'll keep at it though and probably give myself a slap on the face when I do eventually find it and realise how easy it was!

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 April 2009 - 06:30 AM

???

You don't have to show hidden files/folders actually.. Have you scan those files? What are the results?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 30 April 2009 - 08:30 AM

Right, been trying for ages now to do these scans. Here are the results.

However! the services.exe file, I ran it loads of times but it would NEVER produce the results for me no matter how long I left the page to develop. Also, the svchost.exe got to a "Step 3" where it would say "Checking Virus" but it would just freeze up and nothing furthur would happen. I also tried scanning it a few times. It has taken me this long because every now and then I keep losing internet connection or my internet explorer just shuts itself off like it does when you end the iexplore.exe task in task manager.

I also noticed the Scanned time result... they are not todays date, don't know whether that means anything. I will keep trying to scan the other two files and get a result but in the meantime I will post these up while I do so incase they are of any help to you. (I included all the info that was being shown on the results for the services.exe so you can see what i was presented with)

Also, I cannot even get on to the virustotal website. I get "Oops, this link appears to be broken" every single time.


VirSCAN.org Scanned Report :
Scanned time : 2009/04/10 13:22:25 (BST)
Scanner results: All Scanners reported not find malware!
File Name : csrss.exe
File Size : 6144 byte
File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit
MD5 : f12b178b1678d778cfd3ff1fc38c71fb
SHA1 : d9aa29288951e94773caa1054237d29734e79f34
Online report : http://virscan.org/report/bb88828fd5dbe520...61ca9d5a06.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090409194450 2009-04-09 16.91 -
AhnLab V3 2009.04.10.03 2009.04.10 2009-04-10 2.11 -
AntiVir 7.9.0.138 7.1.3.40 2009-04-09 1.98 -
Antiy 2.0.18 20090410.2288865 2009-04-10 0.12 -
Authentium 5.1.1 200904092036 2009-04-09 1.64 -
AVAST! 3.0.1 090409-0 2009-04-09 0.00 -
AVG 7.5.52.442 270.11.51/2052 2009-04-10 2.02 -
BitDefender 7.81008.2845951 7.24711 2009-04-10 2.65 -
CA (VET) 9.0.0.143 31.6.6448 2009-04-10 35.76 -
ClamAV 0.95 9219 2009-04-09 0.01 -
Comodo 3.8 1109 2009-04-10 2.06 -
CP Secure 1.1.0.715 2009.04.10 2009-04-10 8.14 -
Dr.Web 4.44.0.9170 2009.04.10 2009-04-10 4.36 -
F-Prot 4.4.4.56 20090409 2009-04-09 1.81 -
F-Secure 5.51.6100 2009.04.10.02 2009-04-10 0.07 -
Fortinet 2.81-3.117 10.267 2009-04-10 1.12 -
GData 19.4513/19.294 20090410 2009-04-10 18.80 -
ViRobot 20090409 2009.04.09 2009-04-09 2.23 -
Ikarus T3.1.01.49 2009.04.10.72556 2009-04-10 2.94 -
JiangMin 11.0.706 2009.04.10 2009-04-10 4.54 -
Kaspersky 5.5.10 2009.04.10 2009-04-10 0.17 -
KingSoft 2009.2.5.15 2009.4.10.18 2009-04-10 11.55 -
McAfee 5.3.00 5579 2009-04-09 4.42 -
Microsoft 1.4502 2009.04.10 2009-04-10 27.47 -
mks_vir 2.01 2009.04.10 2009-04-10 4.25 -
Norman 6.00.06 6.00.00 2009-04-03 10.02 -
Panda 9.05.01 2009.04.09 2009-04-09 13.84 -
Trend Micro 8.700-1004 5.958.04 2009-04-09 0.03 -
Quick Heal 10.00 2009.04.10 2009-04-10 1.77 -
Rising 20.0 21.23.40.00 2009-04-03 0.58 -
Sophos 2.85.0 4.40 2009-04-10 2.13 -
Sunbelt 5084 5084 2009-04-09 4.89 -
Symantec 1.3.0.24 20090409.004 2009-04-09 0.55 -
nProtect 20090410.02 3447271 2009-04-10 16.01 -
The Hacker 6.3.4.0 v00305 2009-04-09 3.93 -
VBA32 3.12.10.2 20090410.0506 2009-04-10 1.96 -
VirusBuster 4.5.11.10 10.102.40/1228619 2009-04-09 1.51 -






VirSCAN.org Scanned Report :
Scanned time : 2009/04/24 14:05:20 (BST)
Scanner results: All Scanners reported not find malware!
File Name : winlogon.exe
File Size : 502272 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 01c3346c241652f43aed8e2149881bfe
SHA1 : a5396141cab8b22d9d88b28a814089537dce366a
Online report : http://virscan.org/report/daa3c7679f040390...94a4c98283.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090424020229 2009-04-24 11.06 -
AhnLab V3 2009.04.24.02 2009.04.24 2009-04-24 6.18 -
AntiVir 7.9.0.155 7.1.3.104 2009-04-24 2.03 -
Antiy 2.0.18 20090423.2316706 2009-04-23 0.12 -
Arcavir 2009 200904240931 2009-04-24 0.10 -
Authentium 5.1.1 200904231938 2009-04-23 3.40 -
AVAST! 3.0.1 090423-0 2009-04-23 0.03 -
AVG 7.5.52.442 270.12.4/2078 2009-04-24 2.29 -
BitDefender 7.81008.2850138 7.24982 2009-04-24 2.76 -
CA (VET) 9.0.0.143 31.6.6473 2009-04-24 35.31 -
ClamAV 0.95 9282 2009-04-24 0.09 -
Comodo 3.8 1130 2009-04-23 4.55 -
CP Secure 1.1.0.715 2009.04.24 2009-04-24 8.75 -
Dr.Web 4.44.0.9170 2009.04.24 2009-04-24 4.45 -
F-Prot 4.4.4.56 20090423 2009-04-23 3.15 -
F-Secure 5.51.6100 2009.04.24.04 2009-04-24 0.10 -
Fortinet 2.81-3.117 10.315 2009-04-24 0.75 -
GData 19.4833/19.308 20090424 2009-04-24 8.30 -
ViRobot 20090424 2009.04.24 2009-04-24 1.95 -
Ikarus T3.1.01.49 2009.04.24.72625 2009-04-24 2.81 -
JiangMin 11.0.706 2009.04.24 2009-04-24 11.64 -
Kaspersky 5.5.10 2009.04.24 2009-04-24 0.07 -
KingSoft 2009.2.5.15 2009.4.24.18 2009-04-24 6.14 -
McAfee 5.3.00 5594 2009-04-23 2.82 -
Microsoft 1.4602 2009.04.24 2009-04-24 20.85 -
mks_vir 2.01 2009.04.24 2009-04-24 2.77 -
Norman 6.00.06 6.00.00 2009-04-24 10.01 -
Panda 9.05.01 2009.04.23 2009-04-23 18.83 -
Trend Micro 8.700-1004 5.984.01 2009-04-23 0.03 -
Quick Heal 10.00 2009.04.23 2009-04-23 5.46 -
Rising 20.0 21.26.43.00 2009-04-24 2.45 -
Sophos 2.85.0 4.40 2009-04-24 2.28 -
Sunbelt 5110 5110 2009-04-23 16.05 -
Symantec 1.3.0.24 20090423.004 2009-04-23 5.00 -
nProtect 20090424.03 3494918 2009-04-24 40.19 -
The Hacker 6.3.4.0 v00313 2009-04-23 2.62 -
VBA32 3.12.10.3 20090423.1331 2009-04-23 2.14 -
VirusBuster 4.5.11.10 10.105.4/1295687 2009-04-23 1.72 -







VirSCAN.org Scanned Report :
Scanned time : 1970/01/01 01:00:00 (BST)
Scanner results: All Scanners reported not find malware!
File Name :
File Size : byte
File Type :
MD5 :
SHA1 :
Online report : http://virscan.org/report/.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result







VirSCAN.org Scanned Report :
Scanned time : 2009/04/29 19:23:21 (BST)
Scanner results: All Scanners reported not find malware!
File Name : lsass.exe
File Size : 13312 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 84885f9b82f4d55c6146ebf6065d75d2
SHA1 : 6473b34c05bc63eb0d66cad83355e6938cbe97e9
Online report : http://virscan.org/report/84885f9b82f4d55c...f6065d75d2.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090429220511 2009-04-29 3.53 -
AhnLab V3 2009.04.30.00 2009.04.30 2009-04-30 1.80 -
AntiVir 7.9.0.156 7.1.3.131 2009-04-29 2.08 -
Antiy 2.0.18 20090429.2323178 2009-04-29 0.12 -
Arcavir 2009 200904291332 2009-04-29 0.04 -
Authentium 5.1.1 200904291050 2009-04-29 1.13 -
AVAST! 3.0.1 090428-0 2009-04-28 0.00 -
AVG 7.5.52.442 270.12.8/2086 2009-04-29 2.08 -
BitDefender 7.81008.2850681 7.25081 2009-04-29 2.69 -
CA (VET) 9.0.0.143 31.6.6480 2009-04-29 3.52 -
ClamAV 0.95 9304 2009-04-29 0.01 -
Comodo 3.8 1141 2009-04-29 0.66 -
CP Secure 1.1.0.715 2009.04.30 2009-04-30 8.76 -
Dr.Web 4.44.0.9170 2009.04.29 2009-04-29 4.48 -
F-Prot 4.4.4.56 20090429 2009-04-29 1.15 -
F-Secure 5.51.6100 2009.04.29.06 2009-04-29 0.06 -
Fortinet 2.81-3.117 10.334 2009-04-29 0.44 -
GData 19.4937/19.313 20090429 2009-04-29 6.81 -
ViRobot 20090429 2009.04.29 2009-04-29 1.02 -
Ikarus T3.1.01.49 2009.04.29.72648 2009-04-29 2.77 -
JiangMin 11.0.706 2009.04.29 2009-04-29 7.24 -
Kaspersky 5.5.10 2009.04.29 2009-04-29 0.05 -
KingSoft 2009.2.5.15 2009.4.29.22 2009-04-29 0.49 -
McAfee 5.3.00 5600 2009-04-29 2.80 -
Microsoft 1.4602 2009.04.29 2009-04-29 9.81 -
mks_vir 2.01 2009.04.29 2009-04-29 2.81 -
Norman 6.00.06 6.00.00 2009-04-28 10.01 -
Panda 9.05.01 2009.04.28 2009-04-28 4.61 -
Trend Micro 8.700-1004 5.996.06 2009-04-29 0.03 -
Quick Heal 10.00 2009.04.29 2009-04-29 2.17 -
Rising 20.0 21.27.22.00 2009-04-29 0.74 -
Sophos 2.85.0 4.40 2009-04-30 2.33 -
Sunbelt 5112 5112 2009-04-27 2.73 -
Symantec 1.3.0.24 20090429.003 2009-04-29 0.05 -
nProtect 20090430.01 3509144 2009-04-30 24.71 -
The Hacker 6.3.4.1 v00317 2009-04-29 0.78 -
VBA32 3.12.10.3 20090428.1642 2009-04-28 1.82 -
VirusBuster 4.5.11.10 10.105.10/1314676 2009-04-29 1.63 -

Edited by saucepan, 30 April 2009 - 08:35 AM.


#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 April 2009 - 09:43 AM

Ok.. try rename ComboFix to KFC and run it.. Tell me if ComboFix (or KFC) still refuse to run

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 saucepan

saucepan
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 30 April 2009 - 09:51 AM

Same error message under both names still.

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:52 AM

Posted 30 April 2009 - 10:15 AM

Let see something..

Please download The Avenger by Swandog46 and unzip it to your Desktop <<mirror>>

Please open The Avenger. Make sure both "Scan for rootkit" and "Disable any rootkits found" boxes are checked.

Hit the Execute button and choose "Yes" at all prompt.

Your computer will be restart. Let it restart on itself. Post the log here in your next reply. You can find the log at C:\avenger.txt


Then do below...


Please download Dr.Web CureIt to the Desktop:
  • Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, just let it cure whatever it finds...
    • Now, go to Settings >> Change Settings
    • Go to Actions tab >> under Objects section, change the settings to below
      • Infected objects - Cure
        Incurable objects - Report
        Suspicious objects - Report
    • Don't change any other settings
  • Start the scan again. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

Edited by fenzodahl512, 30 April 2009 - 10:17 AM.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users