BullGuard
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
Blue screen of death
   
BullGuard Antivirus Forum > Virus Removal > Removal Help > Blue screen of death  
Forum Quick Jump
 
New Topic Post reply to : Blue screen of death Printable version of : Blue screen of death
32 posts in this thread.
Viewing Page :
 1  2 
[ << Previous Thread | Next Thread >> ]

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 6/22/2009 11:47 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
I ran all the cleaners (malwarebytes, cc cleaner, hijack this) but they didn't find anything. I thought I might have a virus yesterday so I ran the same cleaners yesterday, and then today I had the "blue screen of death," a blue screen citing hardware problems. What can I do? Do I just need a new hard drive?? Thanks.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 6/24/2009 4:34 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Hello beeshu,

I hope you did not just run all the specialty tools we suggest in these repair requests, as some are only for certain situations, and might cause damage in others. Let's check what all is there now.


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/7/2009 4:22 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Hi Jintan

thanks, i think this may have caused some system damage as right now I am getting the blue screen of death within 5 min of windows starting up.
is there any way of preventing this from happening?

Brian
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/7/2009 4:36 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Better had you not waited to come back to this thread Brian. The BSOD occurring at that time suggests software conflicts of some sort. Just "BSOD" is not enough to do much, as far as evaluating the situation. What does the blue screen say - what specific codes (such as 0x00000010) does it display when these crashes occur. If you boot into Safe Mode ( at startup tap the F8 key, then select Safe Mode from the menu), do the crashes occur then?

Also navigate (right click My Computer, left click Explore) to the following folder:

c:\windows\minidump

And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan AT malwarecrypt.com (Replace the "AT" with an @) as an attachment. Please place "Submitted Files - beeshu/bg/dmp" as the email Subject.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/7/2009 4:37 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Oh, forgot. Please still follow the first steps, and run and post those RSIT logs.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/8/2009 7:52 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
yes sorry was away.
it freezes/crashes before I am able to run safe mode. I did get it into safe mode through the option of directory services restore mode , but it still crashes after a few minutes during safe mode.
normally when it crashes, it automatically restarts, the only time it doesnt is when i try to run safe mode. the hexadecimel that displays is

Technical Information:
***STOP 0X0000007B (0XF8C62524, 0XC0000034, 0x00000000, 0x00000000)

having problem sending it from the computer that has the virus, eveyrtime i open up a browser it crashes, so i transferred it to my external and uploaded from my laptop. sent over, cant current run the rsit program yet
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/8/2009 6:17 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
I see that the dump files are available in my email. I will check them as soon as time permits, and post back here after that review.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/20/2009 7:16 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Hi Jintan,

checking to see if you had a chance to check the files i sent. let me know if this is fixable or if the harddrive may need a reformat.

thanks for your help!
Brian
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/21/2009 4:14 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Darn, I had downloaded the dump files at a different location and then got sidetracked. I just downloaded and checked them. Right off it would have been helpful to have gotten the RSIT log info.

Even by checking one dump file it indicates your Broadcom Lan device driver, bcm4sbxp.sys caused a crash while a malware process, lich.exe, was running. And although the debugger read does not show it, checking the raw strings from the dump file shows this unknown:

\Device\win32ufg
\DosDevices\win32ufg


To get a shot at getting that system stable so we can then effect some malware repairs, we would need to check and disable malware drivers, but before Windows loads. This is done using something called the recovery Console - not for any recovery, but just to access info. It requires the use of an XP CD, so post back if you have that, or can borrow one to run a few steps.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/24/2009 7:12 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Thanks Jintan i do have the windows xp cd on me
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/24/2009 2:45 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Good, see if you can do these steps. They seem involved at first glance but it is really only a few small steps.


listsvc
dir c:\windows\system32\drivers


Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text (inside the box above) into the open text box, then save this to your C:\Windows folder as "servcheck.bat"

It should then be C:\Windows\servcheck.bat (important)


Then start the problem computer, and load the XP CD into the CD-ROM drive and restart the system (or if you are quick you can do it as it loads). On reboot watch for and agree to any prompts to boot from the CD. If the system only reboots to Windows stop and post back here and we will discuss steps to make changes in the BIOS.

After the installation software inspects the system and loads all necessary device drivers you will see the "Welcome To Setup" screen, with the following menu:

This portion of the Setup program prepares Microsoft Windows XP to run on your computer:

   To setup Windows XP now, press ENTER.

   To repair a Windows XP installation using Recovery Console, press R.

   To quit Setup without installing Windows XP, press F3.


Press "R" to start the Recovery Console setup. After you start the Windows Recovery Console, you receive the following message:

Microsoft Windows(R) Recovery Console

The Recovery Console provides system repair and recovery functionality.
Type EXIT to quit the Recovery Console and restart the computer.

1: C:\WINDOWS

Which Windows Installation would you like to log on to
(To cancel, press ENTER)?


After you enter the number for the appropriate Windows installation (usually #1), Windows will then prompt you to enter the Administrator account password if one was created (if one was not created then just press Enter).

At the prompt type the following, pressing Enter after each:

batch servcheck.bat c:\windows\servicelook.txt

exit


When you hit Enter after typing exit your computer will reboot. Do Not press any key until the system has completely rebooted, then after the reboot be sure to remove your XP CD from the CD-ROM drive.

Then locate and post back here the contents of c:\windows\servicelook.txt please.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/26/2009 6:12 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
i understand the second section when rebooting from the CD and the recovery console part however i think i can't continue without the first part.

i'm not sure on the first part with the notepad. when i type this in
listsvc
dir c:\windows\system32\drivers

this doesn't open up any notepad file for me to save.
also am i doing this on another computer or the one with the virus?
i tried doing this with the one on the virus and it keeps opening up a advanced virus remover program.

i got as far as hitting enter when prommpted the administrator password, but after that i'm assuming i can't continue because i didn't complete the first part.
i typed the batch servcheck.bat c:\windowservicelook.txt, but system cannot find the file or directory specifed
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/27/2009 2:21 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
You are just trying to create a batch file, that you will then use while in the Recovery Console.

1 - Open Notepad. Click Start - Run, type notepad and press Enter.

2 - Copy, then paste the following hilighted text into that open Notepad box:

listsvc
dir c:\windows\system32\drivers


3 - Then save that as "servcheck.bat" and be sure a copy of that is placed in your C:\Windows folder.

Now you should have this, and be ready to do the Recovery Console steps:

c:\Windows\servcheck.bat


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/28/2009 7:12 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
got it! here's the servicelook content file, thanks for your patience!

6to4 Auto
Microsoft Automatic Update
Aavmker4 System
avast! Asynchronous Virus Monitor
aawservice Auto
Lavasoft Ad-Aware Service
Abiosdsk Disabled

abp480n5 Disabled
abp480n5
ACPI Boot
Microsoft ACPI Driver
ACPIEC Disabled

Adobe LM Service Manual
Adobe LM Service
adpu160m Disabled
adpu160m
aec Manual
Microsoft Kernel Acoustic Echo Canceller
AFD System
AFD
agp440 Disabled
Intel AGP Bus Filter
agpCPQ Disabled
Compaq AGP Bus Filter
Aha154x Disabled
Aha154x
aic78u2 Disabled
aic78u2
aic78xx Disabled
aic78xx
Alerter Disabled
Alerter
ALG Manual
Application Layer Gateway Service
AliIde Disabled
AliIde
alim1541 Disabled
ALI AGP Bus Filter
amdagp Disabled
AMD AGP Bus Filter Driver
amsint Disabled
amsint
APPDRV System
APPDRV
Apple Mobile Device Auto
Apple Mobile Device
AppMgmt Manual
Application Management
Arp1394 Manual
1394 ARP Client Protocol
asc Disabled
asc
asc3350p Disabled
asc3350p
asc3550 Disabled
asc3550
aspnet_state Manual
ASP.NET State Service
aswFsBlk Auto
aswFsBlk
aswMon2 Auto
avast! Standard Shield Support
aswRdr Manual
aswRdr
aswSP System
avast! Self Protection
aswTdi System
avast! Network Shield Support
aswUpdSv Auto
avast! iAVS4 Control Service
AsyncMac Manual
RAS Asynchronous Media Driver
atapi Boot
Standard IDE/ESDI Hard Disk Controller
Atdisk Disabled

Atmarpc Manual
ATM ARP Client Protocol
AudioSrv Auto
Windows Audio
audstub Manual
Audio Stub Driver
avast! Antivirus Auto
avast! Antivirus
avast! Mail Scanner Manual
avast! Mail Scanner
avast! Web Scanner Manual
avast! Web Scanner
BCM43XX Manual
Dell Wireless WLAN Card Driver
bcm4sbxp Manual
Broadcom 440x 10/100 Integrated Controller XP Driver
Beep System

BITS Manual
Background Intelligent Transfer Service
Bonjour Service Auto
Bonjour Service
Browser Auto
Computer Browser
BVRPMPR5 Manual
BVRPMPR5 NDIS Protocol Driver
catchme Manual

cbidf Disabled
cbidf
cbidf2k Disabled

CCALib8 Auto
Canon Camera Access Library 8
CCDECODE Manual
Closed Caption Decoder
cd20xrnt Disabled
cd20xrnt
Cdaudio System

Cdfs Disabled

Cdrom System
CD-ROM Driver
Changer System

CiSvc Manual
Indexing Service
ClipSrv Disabled
ClipBook
CmBatt Manual
Microsoft ACPI Control Method Battery Driver
CmdIde Disabled
CmdIde
Compbatt Boot
Microsoft Composite Battery Driver
COMSysApp Manual
COM+ System Application
Cpqarray Disabled
Cpqarray
CryptSvc Auto
Cryptographic Services
dac2w2k Disabled
dac2w2k
dac960nt Disabled
dac960nt
DcomLaunch Auto
DCOM Server Process Launcher
Dhcp Auto
DHCP Client
Disk Boot
Disk Driver
dmadmin Manual
Logical Disk Manager Administrative Service
dmboot Disabled

dmio Boot
Logical Disk Manager Driver
dmload Disabled

dmserver Manual
Logical Disk Manager
DMusic Manual
Microsoft Kernel DLS Syntheiszer
Dnscache Auto
DNS Client
Dot3svc Manual
Wired AutoConfig
dpti2o Disabled
dpti2o
drmkaud Manual
Microsoft Kernel DRM Audio Descrambler
drvmcdb Boot

drvnddm Auto

DSBrokerService Manual
DSBrokerService
DSproct Manual
DSproct
dsunidrv Auto
DellSupport UniDriver
E100B Manual
Intel(R) PRO Adapter Driver
EapHost Manual
Extensible Authentication Protocol Service
ehRecvr Auto
Media Center Receiver Service
ehSched Auto
Media Center Scheduler Service
ERSvc Auto
Error Reporting Service
Eventlog Auto
Event Log
EventSystem Manual
COM+ Event System
Fastfat Disabled

FastUserSwitchingCompatibility Manual
Fast User Switching Compatibility
Fax Auto
Fax
Fdc Manual
Floppy Disk Controller Driver
Fips System

fips32cup Auto
fips32cup
Flpydisk Manual
Floppy Disk Driver
FltMgr Boot
FltMgr
Fs_Rec System

Ftdisk Boot
Volume Manager Driver
GEARAspiWDM Manual
GEAR ASPI Filter Driver
Gpc Manual
Generic Packet Classifier
gusvc Auto
Google Software Updater
HDAudBus Manual
Microsoft UAA Bus Driver for High Definition Audio
helpsvc Auto
Help and Support
HidServ Disabled
Human Interface Device Access
HidUsb Manual
Microsoft HID Class Driver
hkmsvc Manual
Health Key and Certificate Management Service
hpn Disabled
hpn
HSFHWAZL Manual

HSF_DPV Manual

HTTP Manual
HTTP
HTTPFilter Manual
HTTP SSL
i2omgmt System

i2omp Disabled
i2omp
i8042prt System
i8042 Keyboard and PS/2 Mouse Port Driver
ialm Manual

Ias Auto
Ias
IDriverT Manual
InstallDriver Table Manager
Imapi System
CD-Burning Filter Driver
ImapiService Manual
IMAPI CD-Burning COM Service
ini910u Disabled
ini910u
IntelIde Disabled
IntelIde
intelppm System
Intel Processor Driver
Ip6Fw Manual
IPv6 Windows Firewall Driver
IpFilterDriver Manual
IP Traffic Filter Driver
IpInIp Manual
IP in IP Tunnel Driver
IpNat Manual
IP Network Address Translator
iPod Service Manual
iPod Service
IPSec System
IPSEC driver
IRENUM Manual
IR Enumerator Service
isapnp Boot
PnP ISA/EISA Bus Driver
JavaQuickStarterService Auto
Java Quick Starter
Kbdclass System
Keyboard Class Driver
kmixer Manual
Microsoft Kernel Wave Audio Mixer
KSecDD Boot

lanmanserver Auto
Server
lanmanworkstation Auto
Workstation
lbrtfdc System

LHidFilt Manual
Logitech SetPoint KMDF HID Filter Driver
lich Auto
lich
LmHosts Auto
TCP/IP NetBIOS Helper
LMouFilt Manual
Logitech SetPoint KMDF Mouse Filter Driver
LUsbFilt Manual
Logitech SetPoint KMDF USB Filter
LVUSBSta Manual
Logitech USB Monitor Filter
McrdSvc Auto
Media Center Extender Service
mdmxsdk Auto

Messenger Disabled
Messenger
MHN Manual
MHN
MHNDRV Manual
MHN driver
mnmdd System

mnmsrvc Manual
NetMeeting Remote Desktop Sharing
Modem Manual

Mouclass System
Mouse Class Driver
mouhid Manual
Mouse HID Driver
MountMgr Boot
Mount Point Manager
mraid35x Disabled
mraid35x
MRxDAV Manual
WebDav Client Redirector
MRxSmb System
MRXSMB
MSDTC Manual
Distributed Transaction Coordinator
Msfs System

MSIServer Manual
Windows Installer
MSKSSRV Manual
Microsoft Streaming Service Proxy
MSPCLOCK Manual
Microsoft Streaming Clock Proxy
MSPQM Manual
Microsoft Streaming Quality Manager Proxy
mssmbios Manual
Microsoft System Management BIOS Driver
MSTEE Manual
Microsoft Streaming Tee/Sink-to-Sink Converter
Mup Boot
Mup
NABTSFEC Manual
NABTS/FEC VBI Codec
napagent Manual
Network Access Protection Agent
NDIS Boot
NDIS System Driver
NdisIP Manual
Microsoft TV/Video Connection
NdisTapi Manual
Remote Access NDIS TAPI Driver
Ndisuio Manual
NDIS Usermode I/O Protocol
NdisWan Manual
Remote Access NDIS WAN Driver
NDProxy Manual
NDIS Proxy
NetBIOS System
NetBIOS Interface
NetBT System
NetBios over Tcpip
NetDDE Disabled
Network DDE
NetDDEdsdm Disabled
Network DDE DSDM
Netlogon Manual
Net Logon
Netman Manual
Network Connections
NIC1394 Manual
1394 Net Driver
NICCONFIGSVC Auto
NICCONFIGSVC
Nla Manual
Network Location Awareness (NLA)
Npfs System

Ntfs Disabled

NtLmSsp Manual
NT LM Security Support Provider
NtmsSvc Disabled
Removable Storage
Null System

nv Manual

NwlnkFlt Manual
IPX Traffic Filter Driver
NwlnkFwd Manual
IPX Traffic Forwarder Driver
ohci1394 Boot
OHCI Compliant IEEE 1394 Host Controller
omci System
OMCI WDM Device Driver
Parport Manual
Parallel port driver
PartMgr Boot
Partition Manager
ParVdm Disabled

PCI Boot
PCI Bus Driver
PCIDump System

PCIIde Boot

Pcmcia Disabled

pcmstub Manual
pcmstub
PDCOMP Manual

PDFRAME Manual

PDRELI Manual

PDRFRAME Manual

pepifilter Manual
Volume Adapter
perc2 Disabled
perc2
perc2hib Disabled
perc2hib
PID_08A0 Manual
QuickCam IM(PID_08A0)
PlugPlay Auto
Plug and Play
PolicyAgent Auto
IPSEC Services
PptpMiniport Manual
WAN Miniport (PPTP)
ProtectedStorage Auto
Protected Storage
PSched Manual
QoS Packet Scheduler
Ptilink Manual
Direct Parallel Link Driver
PxHelp20 Boot
PxHelp20
ql1080 Disabled
ql1080
Ql10wnt Disabled
Ql10wnt
ql12160 Disabled
ql12160
ql1240 Disabled
ql1240
ql1280 Disabled
ql1280
RasAcd System
Remote Access Auto Connection Driver
RasAuto Manual
Remote Access Auto Connection Manager
Rasl2tp Manual
WAN Miniport (L2TP)
RasMan Manual
Remote Access Connection Manager
RasPppoe Manual
Remote Access PPPOE Driver
Raspti Manual
Direct Parallel
Rdbss System
Rdbss
RDPCDD System

rdpdr Manual
Terminal Server Device Redirector Driver
RDPWD Manual

RDSessMgr Manual
Remote Desktop Help Session Manager
redbook System
Digital CD Audio Playback Filter Driver
RemoteAccess Disabled
Routing and Remote Access
RemoteRegistry Auto
Remote Registry
rimmptsk Manual

rimsptsk Manual

rismxdp Manual
Ricoh xD-Picture Card Driver
RpcLocator Manual
Remote Procedure Call (RPC) Locator
RpcSs Auto
Remote Procedure Call (RPC)
RSVP Manual
QoS RSVP
SamSs Auto
Security Accounts Manager
SCardSvr Manual
Smart Card
Schedule Auto

sdbus Manual

Secdrv Manual
Secdrv
seclogon Auto
Secondary Logon
SENS Auto
System Event Notification
serenum Manual
Serenum Filter Driver
Serial System
Serial port driver
sffdisk Manual
SFF Storage Class Driver
sffp_sd Manual
SFF Storage Protocol Driver for SDBus
Sfloppy System

SharedAccess Disabled
Windows Firewall/Internet Connection Sharing (ICS)
ShellHWDetection Auto
Shell Hardware Detection
Simbad Disabled

sisagp Disabled
SIS AGP Bus Filter
SLIP Manual
BDA Slip De-Framer
Sparrow Disabled
Sparrow
splitter Manual
Microsoft Kernel Audio Splitter
Spooler Auto
Print Spooler
sr Boot
System Restore Filter Driver
srservice Auto
System Restore Service
Srv Manual
Srv
sscdbhk5 System

SSDPSRV Auto
SSDP Discovery Service
ssrtln System

STHDA Manual
SigmaTel High Definition Audio CODEC
stisvc Auto
Windows Image Acquisition (WIA)
streamip Manual
BDA IPSink
swenum Manual
Software Bus Driver
swmidi Manual
Microsoft Kernel GS Wavetable Synthesizer
SwPrv Manual
MS Software Shadow Copy Provider
symc810 Disabled
symc810
symc8xx Disabled
symc8xx
sym_hi Disabled
sym_hi
sym_u3 Disabled
sym_u3
SynTP Manual
Synaptics TouchPad Driver
sysaudio Manual
Microsoft Kernel System Audio Device
SysmonLog Manual
Performance Logs and Alerts
TapiSrv Manual
Telephony
Tcpip System
TCP/IP Protocol Driver
TDPIPE Manual

TDTCP Manual

TermDD System
Terminal Device Driver
TermService Manual
Terminal Services
tfsnboio Auto

tfsncofs Auto

tfsndrct Auto

tfsndres Auto

tfsnifs Auto

tfsnopio Auto

tfsnpool Auto

tfsnudf Auto

tfsnudfa Auto

Themes Auto
Themes
TlntSvr Disabled
Telnet
TosIde Disabled
TosIde
TrkWks Auto
Distributed Link Tracking Client
UACd.sys System

Udfs Disabled

ultra Disabled
ultra
Update Manual
Microcode Update Driver
upnphost Manual
Universal Plug and Play Device Host
UPS Manual
Uninterruptible Power Supply
USBAAPL Manual
Apple Mobile USB Driver
usbaudio Manual
USB Audio Driver (WDM)
usbccgp Manual
Microsoft USB Generic Parent Driver
usbehci Manual
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
usbhub Manual
USB2 Enabled Hub
usbprint Manual
Microsoft USB PRINTER Class
usbscan Manual
USB Scanner Driver
USBSTOR Manual
USB Mass Storage Driver
usbuhci Manual
Microsoft USB Universal Host Controller Miniport Driver
usnjsvc Manual
Messenger Sharing Folders USN Journal Reader service
VgaSave System
VGA Display Controller.
viaagp Disabled
VIA AGP Bus Filter
ViaIde Disabled
ViaIde
Viewpoint Manager Service Auto
Viewpoint Manager Service
VolSnap Boot

VSS Manual
Volume Shadow Copy
w32time Auto
Windows Time
Wanarp Manual
Remote Access IP ARP Driver
wanatw Manual
WAN Miniport (ATW)
Wdf01000 Manual
Wdf01000
WDICA Manual

wdmaud Manual
Microsoft WINMM WDM Audio Compatibility Driver
WebClient Auto
WebClient
winachsf Manual

winmgmt Auto
Windows Management Instrumentation
Winsock Manual

wltrysvc Auto
Dell Wireless WLAN Tray Service
WmdmPmSN Manual
Portable Media Serial Number Service
Wmi Manual
Windows Management Instrumentation Driver Extensions
WmiApSrv Manual
WMI Performance Adapter
WMPNetworkSvc Manual
Windows Media Player Network Sharing Service
WS2IFSL System

wscsvc Disabled
Security Center
WSTCODEC Manual
World Standard Teletext Codec
wuauserv Auto
Automatic Updates
WudfPf Manual
Windows Driver Foundation - User-mode Driver Framework Platform Driver
WudfRd Manual
Windows Driver Foundation - User-mode Driver Framework Reflector
WudfSvc Manual
Windows Driver Foundation - User-mode Driver Framework
WZCSVC Auto
Wireless Zero Configuration
xmlprov Manual
Network Provisioning Service
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/28/2009 2:51 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Very good. And that shows the malware rootkit driver, a remote registry service that should always be disabled, a very questionable Internet Authentication Service (Ias) that only servers would use, and this:

6to4 Auto
Microsoft Automatic Update

Two correct terms, but not when together like that.

Return to the Recovery Console prompt, and at the prompt type the following, pressing Enter after each:

disable UACd.sys

disable RemoteRegistry

disable ias

disable 6to4

exit


When you hit Enter after typing exit your computer will reboot. Do Not press any key until the system has completely rebooted, then after the reboot be sure to remove your XP CD from the CD-ROM drive.

----------------

If by chance you have Internet connectivity problems after you can re-enable that Ias service by doing the following, though at this time I sense it is malware related:

Go to Start - Run, type cmd (and OK). Copy/paste each of the following at the prompt, Enter after each:

sc start ias
exit


----------------

After the reboot download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan.

Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/29/2009 2:50 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
I disabled those 4 items and restarted. The internet connected, however after getting to the forum to dl combofix the blue screen appeared again.

i will try again.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/29/2009 4:45 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Also try Safe Mode (at startup tap the F8 key about once per half-second and select that from the menu).


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 7/29/2009 5:20 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
ah it's a mess, can't run safe mode, cause it goes straight to blue screen
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 7/29/2009 7:22 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Think I missed one in that list of drivers. Return to the Recovery Console prompt, and type this command:

disable lich

And exit to reboot the system. Then try running ComboFix again. You may have to download it elsewhere, rename it then transfer it to this computer. Sending it as an email attachment is preferred, as it minimizes any transfer of infection off the problem computer, but do you best with what you have there.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 8/2/2009 6:58 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
awesome! no blue screen of death after i disable lich. here's the combofix log



ComboFix 09-08-01.06 - Laura Kim 08/02/2009 11:21.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.126 [GMT -4:00]
Running from: E:\456out.com.exe
AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\chfyosn.exe
c:\docume~1\LAURAK~1\LOCALS~1\Temp\csrss.exe
c:\docume~1\LAURAK~1\LOCALS~1\Temp\n05wzkqhzw.exe
c:\docume~1\LAURAK~1\LOCALS~1\Temp\winlogon.exe
c:\documents and settings\Laura Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Laura Kim\Application Data\wiaserva.log
c:\documents and settings\Laura Kim\Application Data\wiaservg.log
c:\documents and settings\Laura Kim\Desktop\Advanced Virus Remover.lnk
c:\documents and settings\Laura Kim\Laura Kim.exe
c:\documents and settings\Laura Kim\Local Settings\Temp\n05wzkqhzw.exe
c:\documents and settings\Laura Kim\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\Laura Kim\Start Menu\Programs\Startup\fmnupd32.exe
c:\documents and settings\Laura Kim\Start Menu\Programs\Startup\zqosys32.exe
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
C:\giyghshu.exe
C:\mupwjiav.exe
C:\oxyyxwn.exe
C:\p2hhr.bat
c:\program files\AdvancedVirusRemover
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\Manson
c:\program files\Manson\liser.dll
c:\program files\Manson\liser.exe
c:\program files\sys
c:\program files\sys\sys.dll
c:\program files\sys\sys.sys
c:\windows\010112010146118114.dat
c:\windows\010112010146120114.dat
c:\windows\0101120101464849.dat
c:\windows\934fdfg34fgjf23
c:\windows\dll
c:\windows\dll\rundll32.exe
c:\windows\Install.txt
c:\windows\Installer\9bc6e.msi
c:\windows\kb913800.exe
c:\windows\ld11.exe
c:\windows\pp10.exe
c:\windows\sysguard.exe
c:\windows\system32\3361
c:\windows\system32\3361\mlog
c:\windows\system32\3361\services.exe
c:\windows\system32\6to4ex.dll
c:\windows\system32\certstore.dat
c:\windows\system32\comsa32.sys
c:\windows\system32\cooecp.tlb
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\fips32cup.sys
c:\windows\system32\EffOUENn.ini
c:\windows\system32\EffOUENn.ini2
c:\windows\system32\gsf83iujid.dll
c:\windows\system32\Iasv32.dll
c:\windows\system32\iehelper.dll
c:\windows\system32\Install.txt
c:\windows\system32\ksevshff.ini
c:\windows\system32\logcde.dll
c:\windows\system32\mqracxer.ini
c:\windows\system32\msckflp.exe
c:\windows\system32\msdhzqys.exe
c:\windows\system32\mskpfpsq.exe
c:\windows\system32\mslltxrn.exe
c:\windows\system32\mslwo.exe
c:\windows\system32\msncache.dll
c:\windows\system32\msqksief.exe
c:\windows\system32\msresnv.exe
c:\windows\system32\msrplnzd.exe
c:\windows\system32\mssdpz.exe
c:\windows\system32\mssjx.exe
c:\windows\system32\msucaiz.exe
c:\windows\system32\msuenv.exe
c:\windows\system32\msuhwn.exe
c:\windows\system32\msupoiy.exe
c:\windows\system32\msusl.exe
c:\windows\system32\mswfsyu.exe
c:\windows\system32\mswgwbv.exe
c:\windows\system32\mszkdzx.exe
c:\windows\system32\mszpuiwh.exe
c:\windows\system32\pcmstub.sys
c:\windows\system32\tpsaxyd.exe
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wiawow32.sys
c:\windows\system32\windef.dll
c:\windows\system32\windef.Log
c:\windows\system32\winpaged.ocx
c:\windows\system32\winsrc.dll.tmp
c:\windows\system32\winupdate.exe
C:\wyhgm.exe

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\system volume information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP872\A0068765.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_FIPS32CUP
-------\Legacy_IAS
-------\Legacy_PCMSTUB
-------\Legacy_UACD.SYS
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_6to4
-------\Service_fips32cup
-------\Service_Ias
-------\Service_pcmstub
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 15:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-08-02 15:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-07-28 03:51 . 2009-07-28 03:51 40 ----a-w- c:\windows\servcheck.bat
2009-07-26 14:57 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\dllcache\drmkaud.sys
2009-07-08 04:34 . 2009-07-08 04:34 544545 ----a-w- c:\windows\Minidump.zip
2009-07-07 00:18 . 2009-07-07 00:18 210 ----a-w- c:\windows\567788.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 15:16 . 2009-01-19 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-07 01:42 . 2009-07-29 02:18 1952 ----a-w- c:\windows\system32\drivers\arp1394.sys
2009-07-01 00:04 . 2006-05-15 17:25 90112 ----a-w- c:\windows\DUMPad66.tmp
2009-06-30 02:19 . 2009-07-29 02:18 1952 ----a-w- c:\windows\system32\drivers\wanatw4.sys
2009-06-29 21:15 . 2009-07-29 02:18 1952 ----a-w- c:\windows\system32\drivers\bcm4sbxp.sys
2009-06-29 21:15 . 2009-06-29 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\17113754
2009-06-29 21:15 . 2009-06-29 21:15 716874 ----a-w- c:\documents and settings\All Users\Application Data\17113754\17113754.exe
2009-06-29 21:15 . 2009-06-29 21:15 86016 ----a-w- c:\windows\system32\lich.exe
2009-06-29 21:13 . 2009-06-29 21:13 40960 ----a-w- C:\poykfa.exe
2008-08-20 03:39 . 2008-08-20 03:39 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe
2007-12-06 01:09 . 2007-12-06 01:09 15180000 ----a-w- c:\program files\gimp-2.4.2-i686-setup.exe
2007-10-16 02:05 . 2007-10-16 02:05 12132128 ----a-w- c:\program files\Install_AIMupdate.exe
2007-05-27 14:10 . 2007-05-27 14:10 151913 ----a-w- c:\program files\Z100 DJ Mix.zip
2007-05-27 14:05 . 2007-05-27 14:05 530496 ----a-w- c:\program files\yahoo_installer.exe
2006-10-09 20:50 . 2006-10-09 20:50 15926792 ----a-w- c:\program files\DivXInstaller.exe
2006-09-24 14:31 . 2006-09-24 14:31 904 ----a-w- c:\program files\Yahoo! Widget Engine.lnk
2006-06-04 19:33 . 2006-06-04 19:33 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe
2006-06-02 19:13 . 2006-06-02 19:12 2840440 ----a-w- c:\program files\LimeWireWin-full.exe
2006-05-30 22:01 . 2006-05-30 22:01 258420 ----a-w- c:\program files\Install_AIM.exe
2006-05-30 21:19 . 2006-05-30 21:16 37311488 ----a-w- c:\program files\iTunesSetup.exe
2009-06-13 12:16 . 2008-08-20 03:40 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2006-06-25 19:06 . 2006-05-31 20:05 88 --sh--r- c:\windows\system32\1F2C32DA64.sys
2006-08-20 00:05 . 2006-06-17 21:31 56 --sh--r- c:\windows\system32\64DA322C1F.sys
2006-08-20 00:06 . 2006-05-31 20:05 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"HostManager"="c:\program files\Common Files\AOL\1149026895\ee\AOLSoftware.exe" [2006-05-10 50760]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149026895\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1149026895\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\wuauclt.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Widget Engine\\YahooWidgetEngine.exe"=
"c:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"=
"c:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"=
"c:\\WINDOWS\\system32\\WLTRYSVC.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4814:UDP"= 4814:UDP:Windows Media Format SDK (firefox.exe)
"4815:UDP"= 4815:UDP:Windows Media Format SDK (firefox.exe)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/21/2009 1:07 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/21/2009 1:07 PM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2007 1:40 PM 24652]
S4 lich;lich;c:\windows\system32\lich.exe [6/29/2009 5:15 PM 86016]
.
Contents of the 'Scheduled Tasks' folder

2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-08-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-01 17:01]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe
HKLM-Run-Advanced Virus Remover - c:\program files\AdvancedVirusRemover\PAVRM.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nytimes.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Laura Kim\Application Data\Mozilla\Firefox\Profiles\aqoh9e98.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/
FF - plugin: c:\documents and settings\Laura Kim\Application Data\Mozilla\Firefox\Profiles\aqoh9e98.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 11:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(796)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2009-08-02 11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 15:43

Pre-Run: 15,324,332,032 bytes free
Post-Run: 17,380,048,896 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8
299 --- E O F --- 2008-12-18 19:10
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/2/2009 11:25 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Hats off to the ComboFix author sUBs. ComboFix did a real nice job os removal in that sweep. Let's now remove one bad driver and check after.


Go to Start > Run and type

cmd

and OK. At the prompt type (or copy\paste) the below commands and hit "Enter" after each line

sc delete lich

Type Exit to close.

---------------------

If you don't already have it (no need to reinstall if you do) download Malwarebytes' Anti-Malware from Here or Here.

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

--------------

Then run a RSIT scan now (download here if you didn't do it before).

Click on the RSIT.exe to start the scan.

If necessary allow it to locate or download a copy of HijackThis as needed.

Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt.

RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt).

You can break logs into parts and use separate posts here when replying and posting the log files, if needed.

-------------

Post back the RSIT logs and the Malwarebytes log please.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 8/3/2009 3:52 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
yes, combofix is awesome!

here's the rsit log, there's 2 logs, will post the malware in the next post

Logfile of random's system information tool 1.06 (written by random/random)
Run by Laura Kim at 2009-08-02 20:44:19
Microsoft Windows XP Professional Service Pack 3
System drive C: has 17 GB (33%) free of 51 GB
Total RAM: 502 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:44:38 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\AOL\1149026895\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Laura Kim\Desktop\RSIT.exe
C:\Program Files\trend micro\Laura Kim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149026895\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 8588 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920]
"HostManager"=C:\Program Files\Common Files\AOL\1149026895\ee\AOLSoftware.exe [2006-05-09 50760]
"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-22 136600]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752]
"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-19 68856]
"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]
"DellTransferAgent"=C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c46b438]
C:\WINDOWS\system32\ffhsvesk.dll,b []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM7f7587a4]
C:\WINDOWS\system32\vxlctldn.dll,s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\AOL\1149026895\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1149026895\ee\aolsoftware.exe:*:Enabled:AOL Services"
"C:\Program Files\Common Files\AOL\1149026895\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1149026895\ee\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt"
"C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe:*:Enabled:YahooWidgetEngine"
"C:\Program Files\McAfee.com\VSO\oasclnt.exe"="C:\Program Files\McAfee.com\VSO\oasclnt.exe:*:Enabled:OasClnt"
"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:DVDLauncher"
"C:\Program Files\McAfee.com\VSO\mcvsshld.exe"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe:*:Enabled:mcvsshld"
"C:\WINDOWS\system32\WLTRYSVC.EXE"="C:\WINDOWS\system32\WLTRYSVC.EXE:*:Enabled:WLTRYSVC"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-02 20:44:19 ----D---- C:\rsit
2009-08-02 20:44:19 ----D---- C:\Program Files\trend micro
2009-08-02 20:26:17 ----SHD---- C:\RECYCLER
2009-08-02 11:43:36 ----A---- C:\ComboFix.txt
2009-08-02 11:32:20 ----A---- C:\WINDOWS\system32\proquota.exe
2009-08-02 11:18:16 ----A---- C:\WINDOWS\zip.exe
2009-08-02 11:18:16 ----A---- C:\WINDOWS\SWREG.exe
2009-08-02 11:18:16 ----A---- C:\WINDOWS\sed.exe
2009-08-02 11:18:16 ----A---- C:\WINDOWS\PEV.exe
2009-08-02 11:18:16 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-02 11:18:16 ----A---- C:\WINDOWS\grep.exe
2009-08-02 11:18:15 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-02 11:18:15 ----A---- C:\WINDOWS\SWSC.exe
2009-07-27 23:51:30 ----A---- C:\WINDOWS\servcheck.bat
2009-07-27 20:03:47 ----A---- C:\WINDOWS\servicelook.txt

======List of files/folders modified in the last 1 months======

2009-08-02 20:44:19 ----D---- C:\Program Files
2009-08-02 20:42:06 ----D---- C:\Program Files\Mozilla Firefox
2009-08-02 20:39:38 ----D---- C:\WINDOWS\Temp
2009-08-02 20:39:32 ----SD---- C:\WINDOWS\Tasks
2009-08-02 20:39:28 ----D---- C:\WINDOWS\Registration
2009-08-02 20:39:26 ----D---- C:\WINDOWS
2009-08-02 20:38:00 ----D---- C:\WINDOWS\system32\drivers
2009-08-02 20:37:40 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-02 20:37:11 ----D---- C:\WINDOWS\system32
2009-08-02 20:29:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-02 12:05:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-02 11:43:39 ----D---- C:\Qoobox
2009-08-02 11:41:25 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-08-02 11:36:06 ----A---- C:\WINDOWS\system.ini
2009-08-02 11:33:11 ----D---- C:\WINDOWS\system32\config
2009-08-02 11:32:36 ----D---- C:\WINDOWS\ERDNT
2009-08-02 11:31:04 ----D---- C:\WINDOWS\system32\wbem
2009-08-02 11:30:57 ----SHD---- C:\WINDOWS\Installer
2009-08-02 11:28:07 ----D---- C:\WINDOWS\AppPatch
2009-08-02 11:27:54 ----D---- C:\Program Files\Common Files
2009-08-02 11:18:09 ----SD---- C:\ComboFix
2009-08-02 11:16:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-08-02 11:15:38 ----SHD---- C:\WINDOWS\CSC
2009-07-08 00:45:26 ----D---- C:\WINDOWS\Minidump
2009-07-08 00:33:29 ----D---- C:\WINDOWS\Prefetch
2009-07-06 20:54:11 ----D---- C:\WINDOWS\pss
2009-07-06 20:54:06 ----RASH---- C:\boot.ini
2009-07-06 20:54:06 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883]
R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843]
R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123]
R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239]
R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586]
R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227]
R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363]
R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714]
R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-07-06 1952]
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS []
S3 catchme;catchme; \??\C:\456out.com\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008]
S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136]
S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280]
S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-17 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-06 380928]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


2nd log for rsit

info.txt logfile of random's system information tool 1.06 2009-08-02 20:44:41

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
AIM 6-->C:\Program Files\AIM6\uninst.exe
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}\Setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5}
Canon Camera Access Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033
Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F}
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D}
Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7}
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D}
Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything
Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398}
Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC}
Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4}
Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}
CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe"
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864}
ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG
ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6}
ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}
ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A}
ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A}
ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765}
ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}
ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091}
ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34}
ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589}
essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll"
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hp deskjet 3600 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 3600 series
Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F}
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}
KhalSetup-->MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1}
Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_4575a97\Setup.exe /APR-REMOVE
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL
Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9
Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Manual CanoScan LiDE 500F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\setup.exe" -l0x9
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mirar-->mshta.exe http://remove.getmirar.com/
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove
netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}
OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}
Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe"
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B}
SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237}
skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210}
SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370}
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe
Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F}
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widget Engine-->C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe
Yahoo! Widget Engine-->MsiExec.exe /X{35917680-C0DA-4618-B878-54B74694A2FB}

======Security center information======

AV: avast! antivirus 4.8.1335 [VPS 090422-0] (disabled) (outdated)

======System event log======

Computer Name: LAURA
Event Code: 7901
Message: The At22.job command failed to start due to the following error:
%%2147942402

Record Number: 9160
Source Name: Schedule
Time Written: 20090611210000.000000-240
Event Type: error
User:

Computer Name: LAURA
Event Code: 7901
Message: The At45.job command failed to start due to the following error:
%%2147942402

Record Number: 9159
Source Name: Schedule
Time Written: 20090611200000.000000-240
Event Type: error
User:

Computer Name: LAURA
Event Code: 7901
Message: The At21.job command failed to start due to the following error:
%%2147942402

Record Number: 9158
Source Name: Schedule
Time Written: 20090611200000.000000-240
Event Type: error
User:

Computer Name: LAURA
Event Code: 7901
Message: The At44.job command failed to start due to the following error:
%%2147942402

Record Number: 9157
Source Name: Schedule
Time Written: 20090611190000.000000-240
Event Type: error
User:

Computer Name: LAURA
Event Code: 7901
Message: The At20.job command failed to start due to the following error:
%%2147942402

Record Number: 9156
Source Name: Schedule
Time Written: 20090611190000.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: LAURA
Event Code: 1517
Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 25
Source Name: Userenv
Time Written: 20080615212833.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LAURA
Event Code: 1002
Message: Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 20
Source Name: Application Hang
Time Written: 20080612223735.000000-240
Event Type: error
User:

Computer Name: LAURA
Event Code: 1517
Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 15
Source Name: Userenv
Time Written: 20080610232409.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LAURA
Event Code: 1517
Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 10
Source Name: Userenv
Time Written: 20080609231211.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: LAURA
Event Code: 1517
Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 5
Source Name: Userenv
Time Written: 20080608230602.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0e08
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 8/3/2009 3:53 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

8/2/2009 8:37:11 PM
mbam-log-2009-08-02 (20-37-11).txt

Scan type: Quick Scan
Objects scanned: 94303
Time elapsed: 5 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 14
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\lich.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\bcm4sbxp.sys (Spyware.Passwords) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\wanatw4.sys (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\567788.bat (Worm.KoobFace) -> Quarantined and deleted successfully.
Back to Top
 

Jintan
Senior Member




Date Joined Dec 2006
Total Posts : 1428
 
   Posted 8/3/2009 5:46 AM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
Malwarebytes picked out another malware package as well, so cleaning up nicely there. Just a note of caution about ComboFix though. If not run for the right reasons, and at the right time in the right situation, the changes it makes can instead cause issues on systems. So it truly is only to be used when suggested in a forum help situaiton like we have here.


Go to Start - Run, type firewall.cpl (and Enter). Click the Exceptions tab. If the following item(s) is present on that list uncheck them, and OK to close the Windows Firewall display.

Mozilla Firefox
wuauclt
WLTRYSVC


Browsers, Windows update and the wireless file should not need Firewall exceptions (suggests malware misuse instead). If after a few days you get no issues these need Firewall access restored you can return to the Firewall display and just click each and select Delete.

-------------------

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c46b438]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM7f7587a4]

Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer2.reg"

Be sure to include the "" quotes in the name.

Then right click fixer2.reg, select Merge, and allow it to merge the new information with the Registry.

----------------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.


Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives.

Back to Top
 

beeshu
Junior Member


Date Joined Oct 2007
Total Posts : 53
 
   Posted 8/4/2009 2:56 PM (GMT +3)    Quote: Blue screen of deathAlert an admin about: Blue screen of death
awesome, thanks!

log for eset online scanner

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.5889
# api_version=3.0.2
# EOSSerial=ecd1da795be73e468d73d390ae58cb6e
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-04 06:13:11
# local_time=2009-08-04 02:13:11 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=769 41 100 100 89592198593750
# scanned=86934
# found=65
# cleaned=65
# scan_time=4918
C:\poykfa.exe a variant of Win32/Kryptik.ZU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\All Users\Application Data\17113754\17113754.exe a variant of Win32/Kryptik.WZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Laura Kim\Shared\Aaliyah - Rock The Boat (Saturn 9 Remix).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Laura Kim\Shared\Elvis Costello & The Imposters - Nothing clings like Ivy.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Laura Kim\Shared\kanye west - love lockdown .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Laura Kim\Shared\The Kills - Midnight boom 2008.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Laura Kim\Shared\The Ting Tings - We Started Nothing.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Laura Kim\Shared\white horse taylor swift.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\chfyosn.exe.vir Win32/TrojanDownloader.Small.OJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\giyghshu.exe.vir Win32/VB.OHF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\mupwjiav.exe.vir a variant of Win32/Rustock.NJB trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\oxyyxwn.exe.vir Win32/TrojanDownloader.Small.NTQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\wyhgm.exe.vir Win32/Small.NEK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Laura Kim\Laura Kim.exe.vir a variant of Win32/Wigon.KT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Laura Kim\Start Menu\Programs\Startup\fmnupd32.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Laura Kim\Start Menu\Programs\Startup\zqosys32.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\DOCUME~1\LAURAK~1\LOCALS~1\Temp\n05wzkqhzw.exe.vir Win32/TrojanDownloader.Small.NTQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir Win32/Adware.AdvancedVirusRemover application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\Manson\liser.exe.vir a variant of Win32/PSW.WOW.NLB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\sys\sys.dll.vir Win32/Tinxy.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Program Files\sys\sys.sys.vir Win32/Tinxy.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\ld11.exe.vir a variant of Win32/Kryptik.WZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\pp10.exe.vir Win32/TrojanDownloader.Agent.PHT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\sysguard.exe.vir Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\DLL\RUNDLL32.exe.vir probably a variant of Win32/TrojanClicker.Delf.NHN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4ex.dll.vir a variant of Win32/Routmo.E trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\cooecp.tlb.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\EffOUENn.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\EffOUENn.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\gsf83iujid.dll.vir Win32/TrojanDownloader.Small.NTQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ksevshff.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\logcde.dll.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mqracxer.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msckflp.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msdhzqys.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mskpfpsq.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mslltxrn.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mslwo.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msqksief.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msresnv.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msrplnzd.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mssdpz.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mssjx.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msucaiz.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msuenv.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msuhwn.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msupoiy.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\msusl.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mswfsyu.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mswgwbv.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mszkdzx.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\mszpuiwh.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\pcmstub.sys.vir Win32/Agent.PTB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir a variant of Win32/Adware.Coolezweb.AS application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir a variant of Win32/TrojanClicker.VB.NIL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\windef.dll.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\windef.Log.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\winpaged.ocx.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir a variant of Win32/Kryptik.ZU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\3361\services.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fips32cup.sys.vir Win32/TrojanDownloader.Wigon.BS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pss\fmnupd32.exeStartup Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\pss\zqosys32.exeStartup Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
Back to Top
 
New Topic Post reply to : Blue screen of death Printable version of : Blue screen of death
32 posts in this thread.
Viewing Page :
 1  2 
 
Forum Information
Currently it is Tuesday, September 30, 2014 8:52 PM (GMT +3)
There are a total of 60,627 posts in 13,326 threads.
In the last 3 days there were 0 new threads and 1 reply posts. View Active Threads
Who's Online
This forum has 36440 registered members. Please welcome our newest member, tedlevin14.
2 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Syswow64 (13)9/30/2014 1:41:48 PM (yoko90)