Blue screen of death

Posted 6/22/2009 8:47 PM
#74612
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
I ran all the cleaners (malwarebytes, cc cleaner, hijack this) but they didn't find anything. I thought I might have a virus yesterday so I ran the same cleaners yesterday, and then today I had the "blue screen of death," a blue screen citing hardware problems. What can I do? Do I just need a new hard drive?? Thanks.
Posted 6/24/2009 1:34 AM
#74663
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Hello beeshu, <br/> <br/>I hope you did not just run all the specialty tools we suggest in these repair requests, as some are only for certain situations, and might cause damage in others. Let's check what all is there now. <br/> <br/> <br/>To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. <br/> <br/> <br/> Download RSIT (random's system information tool) from here to your desktop, then click on the RSIT.exe to start the scan. <br/> <br/>If necessary allow it to locate or download a copy of HijackThis as needed. <br/> <br/>Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. <br/> <br/>RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). <br/> <br/>You can break logs into parts and use separate posts here when replying and posting the log files, if needed.
Posted 7/7/2009 1:22 AM
#74936
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
Hi Jintan <br/> <br/>thanks, i think this may have caused some system damage as right now I am getting the blue screen of death within 5 min of windows starting up. <br/>is there any way of preventing this from happening? <br/> <br/>Brian
Posted 7/7/2009 1:36 AM
#74937
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Better had you not waited to come back to this thread Brian. The BSOD occurring at that time suggests software conflicts of some sort. Just "BSOD" is not enough to do much, as far as evaluating the situation. What does the blue screen say - what specific codes (such as 0x00000010) does it display when these crashes occur. If you boot into Safe Mode ( at startup tap the F8 key, then select Safe Mode from the menu), do the crashes occur then? <br/> <br/>Also navigate (right click My Computer, left click Explore) to the following folder: <br/> <br/>c:\windows\minidump <br/> <br/>And if one is there, locate in it any recent minidump(date-somenumber).dmp files created, where "date-somenumber" matches dates of any recent crashes there. If they exist, then just zip a copy of it, and send it to jintan AT malwarecrypt.com (Replace the "AT" with an @) as an attachment. Please place "Submitted Files - beeshu/bg/dmp" as the email Subject.
Posted 7/7/2009 1:37 AM
#74938
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Oh, forgot. Please still follow the first steps, and run and post those RSIT logs.
Posted 7/8/2009 4:52 AM
#74956
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
yes sorry was away. <br/>it freezes/crashes before I am able to run safe mode. I did get it into safe mode through the option of directory services restore mode , but it still crashes after a few minutes during safe mode. <br/>normally when it crashes, it automatically restarts, the only time it doesnt is when i try to run safe mode. the hexadecimel that displays is <br/> <br/>Technical Information: <br/>***STOP 0X0000007B (0XF8C62524, 0XC0000034, 0x00000000, 0x00000000) <br/> <br/>having problem sending it from the computer that has the virus, eveyrtime i open up a browser it crashes, so i transferred it to my external and uploaded from my laptop. sent over, cant current run the rsit program yet
Posted 7/8/2009 3:17 PM
#74966
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
I see that the dump files are available in my email. I will check them as soon as time permits, and post back here after that review.
Posted 7/20/2009 4:16 PM
#75292
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
Hi Jintan, <br/> <br/>checking to see if you had a chance to check the files i sent. let me know if this is fixable or if the harddrive may need a reformat. <br/> <br/>thanks for your help! <br/>Brian
Posted 7/21/2009 1:14 AM
#75301
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Darn, I had downloaded the dump files at a different location and then got sidetracked. I just downloaded and checked them. Right off it would have been helpful to have gotten the RSIT log info. <br/> <br/>Even by checking one dump file it indicates your Broadcom Lan device driver, bcm4sbxp.sys caused a crash while a malware process, lich.exe, was running. And although the debugger read does not show it, checking the raw strings from the dump file shows this unknown: <br/> <br/>\Device\win32ufg <br/>\DosDevices\win32ufg <br/> <br/> <br/>To get a shot at getting that system stable so we can then effect some malware repairs, we would need to check and disable malware drivers, but before Windows loads. This is done using something called the recovery Console - not for any recovery, but just to access info. It requires the use of an XP CD, so post back if you have that, or can borrow one to run a few steps.
Posted 7/24/2009 4:12 AM
#75370
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
Thanks Jintan i do have the windows xp cd on me
Posted 7/24/2009 11:45 AM
#75380
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Good, see if you can do these steps. They seem involved at first glance but it is really only a few small steps. <br/> <br/> <br/>[code]listsvc <br/>dir c:\windows\system32\drivers[/code] <br/> <br/>Open Notepad (Start - Run, type notepad and press Enter). <br/> <br/>Copy/paste the above text (inside the box above) into the open text box, then save this to your C:\Windows folder as "servcheck.bat" <br/> <br/>It should then be C:\Windows\servcheck.bat (important) <br/> <br/> <br/>Then start the problem computer, and load the XP CD into the CD-ROM drive and restart the system (or if you are quick you can do it as it loads). On reboot watch for and agree to any prompts to boot from the CD. If the system only reboots to Windows stop and post back here and we will discuss steps to make changes in the BIOS. <br/> <br/>After the installation software inspects the system and loads all necessary device drivers you will see the "Welcome To Setup" screen, with the following menu: <br/> <br/>[code]This portion of the Setup program prepares Microsoft Windows XP to run on your computer: <br/> <br/> To setup Windows XP now, press ENTER. <br/> <br/> To repair a Windows XP installation using Recovery Console, press R. <br/> <br/> To quit Setup without installing Windows XP, press F3.[/code] <br/> <br/>Press "R" to start the Recovery Console setup. After you start the Windows Recovery Console, you receive the following message: <br/> <br/>[code]Microsoft Windows(R) Recovery Console <br/> <br/>The Recovery Console provides system repair and recovery functionality. <br/>Type EXIT to quit the Recovery Console and restart the computer. <br/> <br/>1: C:\WINDOWS <br/> <br/>Which Windows Installation would you like to log on to <br/>(To cancel, press ENTER)?[/code] <br/> <br/>After you enter the number for the appropriate Windows installation (usually #1), Windows will then prompt you to enter the Administrator account password if one was created (if one was not created then just press Enter). <br/> <br/>At the prompt type the following, pressing Enter after each: <br/> <br/>batch servcheck.bat c:\windows\servicelook.txt <br/> <br/>exit <br/> <br/>When you hit Enter after typing exit your computer will reboot. Do Not press any key until the system has completely rebooted, then after the reboot be sure to remove your XP CD from the CD-ROM drive. <br/> <br/>Then locate and post back here the contents of c:\windows\servicelook.txt please.
Posted 7/26/2009 3:12 PM
#75421
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
i understand the second section when rebooting from the CD and the recovery console part however i think i can't continue without the first part. <br/> <br/>i'm not sure on the first part with the notepad. when i type this in <br/>listsvc <br/>dir c:\windows\system32\drivers <br/> <br/>this doesn't open up any notepad file for me to save. <br/>also am i doing this on another computer or the one with the virus? <br/>i tried doing this with the one on the virus and it keeps opening up a advanced virus remover program. <br/> <br/>i got as far as hitting enter when prommpted the administrator password, but after that i'm assuming i can't continue because i didn't complete the first part. <br/>i typed the batch servcheck.bat c:\windowservicelook.txt, but system cannot find the file or directory specifed
Posted 7/26/2009 11:21 PM
#75430
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
You are just trying to create a batch file, that you will then use while in the Recovery Console. <br/> <br/>1 - Open Notepad. Click Start - Run, type notepad and press Enter. <br/> <br/>2 - Copy, then paste the following hilighted text into that open Notepad box: <br/> <br/>listsvc <br/>dir c:\windows\system32\drivers <br/> <br/>3 - Then save that as "servcheck.bat" and be sure a copy of that is placed in your C:\Windows folder. <br/> <br/>Now you should have this, and be ready to do the Recovery Console steps: <br/> <br/>c:\Windows\servcheck.bat
Posted 7/28/2009 4:12 AM
#75464
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
got it! here's the servicelook content file, thanks for your patience! <br/> <br/>6to4 Auto <br/> Microsoft Automatic Update <br/>Aavmker4 System <br/> avast! Asynchronous Virus Monitor <br/>aawservice Auto <br/> Lavasoft Ad-Aware Service <br/>Abiosdsk Disabled <br/> <br/>abp480n5 Disabled <br/> abp480n5 <br/>ACPI Boot <br/> Microsoft ACPI Driver <br/>ACPIEC Disabled <br/> <br/>Adobe LM Service Manual <br/> Adobe LM Service <br/>adpu160m Disabled <br/> adpu160m <br/>aec Manual <br/> Microsoft Kernel Acoustic Echo Canceller <br/>AFD System <br/> AFD <br/>agp440 Disabled <br/> Intel AGP Bus Filter <br/>agpCPQ Disabled <br/> Compaq AGP Bus Filter <br/>Aha154x Disabled <br/> Aha154x <br/>aic78u2 Disabled <br/> aic78u2 <br/>aic78xx Disabled <br/> aic78xx <br/>Alerter Disabled <br/> Alerter <br/>ALG Manual <br/> Application Layer Gateway Service <br/>AliIde Disabled <br/> AliIde <br/>alim1541 Disabled <br/> ALI AGP Bus Filter <br/>amdagp Disabled <br/> AMD AGP Bus Filter Driver <br/>amsint Disabled <br/> amsint <br/>APPDRV System <br/> APPDRV <br/>Apple Mobile Device Auto <br/> Apple Mobile Device <br/>AppMgmt Manual <br/> Application Management <br/>Arp1394 Manual <br/> 1394 ARP Client Protocol <br/>asc Disabled <br/> asc <br/>asc3350p Disabled <br/> asc3350p <br/>asc3550 Disabled <br/> asc3550 <br/>aspnet_state Manual <br/> ASP.NET State Service <br/>aswFsBlk Auto <br/> aswFsBlk <br/>aswMon2 Auto <br/> avast! Standard Shield Support <br/>aswRdr Manual <br/> aswRdr <br/>aswSP System <br/> avast! Self Protection <br/>aswTdi System <br/> avast! Network Shield Support <br/>aswUpdSv Auto <br/> avast! iAVS4 Control Service <br/>AsyncMac Manual <br/> RAS Asynchronous Media Driver <br/>atapi Boot <br/> Standard IDE/ESDI Hard Disk Controller <br/>Atdisk Disabled <br/> <br/>Atmarpc Manual <br/> ATM ARP Client Protocol <br/>AudioSrv Auto <br/> Windows Audio <br/>audstub Manual <br/> Audio Stub Driver <br/>avast! Antivirus Auto <br/> avast! Antivirus <br/>avast! Mail Scanner Manual <br/> avast! Mail Scanner <br/>avast! Web Scanner Manual <br/> avast! Web Scanner <br/>BCM43XX Manual <br/> Dell Wireless WLAN Card Driver <br/>bcm4sbxp Manual <br/> Broadcom 440x 10/100 Integrated Controller XP Driver <br/>Beep System <br/> <br/>BITS Manual <br/> Background Intelligent Transfer Service <br/>Bonjour Service Auto <br/> Bonjour Service <br/>Browser Auto <br/> Computer Browser <br/>BVRPMPR5 Manual <br/> BVRPMPR5 NDIS Protocol Driver <br/>catchme Manual <br/> <br/>cbidf Disabled <br/> cbidf <br/>cbidf2k Disabled <br/> <br/>CCALib8 Auto <br/> Canon Camera Access Library 8 <br/>CCDECODE Manual <br/> Closed Caption Decoder <br/>cd20xrnt Disabled <br/> cd20xrnt <br/>Cdaudio System <br/> <br/>Cdfs Disabled <br/> <br/>Cdrom System <br/> CD-ROM Driver <br/>Changer System <br/> <br/>CiSvc Manual <br/> Indexing Service <br/>ClipSrv Disabled <br/> ClipBook <br/>CmBatt Manual <br/> Microsoft ACPI Control Method Battery Driver <br/>CmdIde Disabled <br/> CmdIde <br/>Compbatt Boot <br/> Microsoft Composite Battery Driver <br/>COMSysApp Manual <br/> COM+ System Application <br/>Cpqarray Disabled <br/> Cpqarray <br/>CryptSvc Auto <br/> Cryptographic Services <br/>dac2w2k Disabled <br/> dac2w2k <br/>dac960nt Disabled <br/> dac960nt <br/>DcomLaunch Auto <br/> DCOM Server Process Launcher <br/>Dhcp Auto <br/> DHCP Client <br/>Disk Boot <br/> Disk Driver <br/>dmadmin Manual <br/> Logical Disk Manager Administrative Service <br/>dmboot Disabled <br/> <br/>dmio Boot <br/> Logical Disk Manager Driver <br/>dmload Disabled <br/> <br/>dmserver Manual <br/> Logical Disk Manager <br/>DMusic Manual <br/> Microsoft Kernel DLS Syntheiszer <br/>Dnscache Auto <br/> DNS Client <br/>Dot3svc Manual <br/> Wired AutoConfig <br/>dpti2o Disabled <br/> dpti2o <br/>drmkaud Manual <br/> Microsoft Kernel DRM Audio Descrambler <br/>drvmcdb Boot <br/> <br/>drvnddm Auto <br/> <br/>DSBrokerService Manual <br/> DSBrokerService <br/>DSproct Manual <br/> DSproct <br/>dsunidrv Auto <br/> DellSupport UniDriver <br/>E100B Manual <br/> Intel(R) PRO Adapter Driver <br/>EapHost Manual <br/> Extensible Authentication Protocol Service <br/>ehRecvr Auto <br/> Media Center Receiver Service <br/>ehSched Auto <br/> Media Center Scheduler Service <br/>ERSvc Auto <br/> Error Reporting Service <br/>Eventlog Auto <br/> Event Log <br/>EventSystem Manual <br/> COM+ Event System <br/>Fastfat Disabled <br/> <br/>FastUserSwitchingCompatibility Manual <br/> Fast User Switching Compatibility <br/>Fax Auto <br/> Fax <br/>Fdc Manual <br/> Floppy Disk Controller Driver <br/>Fips System <br/> <br/>fips32cup Auto <br/> fips32cup <br/>Flpydisk Manual <br/> Floppy Disk Driver <br/>FltMgr Boot <br/> FltMgr <br/>Fs_Rec System <br/> <br/>Ftdisk Boot <br/> Volume Manager Driver <br/>GEARAspiWDM Manual <br/> GEAR ASPI Filter Driver <br/>Gpc Manual <br/> Generic Packet Classifier <br/>gusvc Auto <br/> Google Software Updater <br/>HDAudBus Manual <br/> Microsoft UAA Bus Driver for High Definition Audio <br/>helpsvc Auto <br/> Help and Support <br/>HidServ Disabled <br/> Human Interface Device Access <br/>HidUsb Manual <br/> Microsoft HID Class Driver <br/>hkmsvc Manual <br/> Health Key and Certificate Management Service <br/>hpn Disabled <br/> hpn <br/>HSFHWAZL Manual <br/> <br/>HSF_DPV Manual <br/> <br/>HTTP Manual <br/> HTTP <br/>HTTPFilter Manual <br/> HTTP SSL <br/>i2omgmt System <br/> <br/>i2omp Disabled <br/> i2omp <br/>i8042prt System <br/> i8042 Keyboard and PS/2 Mouse Port Driver <br/>ialm Manual <br/> <br/>Ias Auto <br/> Ias <br/>IDriverT Manual <br/> InstallDriver Table Manager <br/>Imapi System <br/> CD-Burning Filter Driver <br/>ImapiService Manual <br/> IMAPI CD-Burning COM Service <br/>ini910u Disabled <br/> ini910u <br/>IntelIde Disabled <br/> IntelIde <br/>intelppm System <br/> Intel Processor Driver <br/>Ip6Fw Manual <br/> IPv6 Windows Firewall Driver <br/>IpFilterDriver Manual <br/> IP Traffic Filter Driver <br/>IpInIp Manual <br/> IP in IP Tunnel Driver <br/>IpNat Manual <br/> IP Network Address Translator <br/>iPod Service Manual <br/> iPod Service <br/>IPSec System <br/> IPSEC driver <br/>IRENUM Manual <br/> IR Enumerator Service <br/>isapnp Boot <br/> PnP ISA/EISA Bus Driver <br/>JavaQuickStarterService Auto <br/> Java Quick Starter <br/>Kbdclass System <br/> Keyboard Class Driver <br/>kmixer Manual <br/> Microsoft Kernel Wave Audio Mixer <br/>KSecDD Boot <br/> <br/>lanmanserver Auto <br/> Server <br/>lanmanworkstation Auto <br/> Workstation <br/>lbrtfdc System <br/> <br/>LHidFilt Manual <br/> Logitech SetPoint KMDF HID Filter Driver <br/>lich Auto <br/> lich <br/>LmHosts Auto <br/> TCP/IP NetBIOS Helper <br/>LMouFilt Manual <br/> Logitech SetPoint KMDF Mouse Filter Driver <br/>LUsbFilt Manual <br/> Logitech SetPoint KMDF USB Filter <br/>LVUSBSta Manual <br/> Logitech USB Monitor Filter <br/>McrdSvc Auto <br/> Media Center Extender Service <br/>mdmxsdk Auto <br/> <br/>Messenger Disabled <br/> Messenger <br/>MHN Manual <br/> MHN <br/>MHNDRV Manual <br/> MHN driver <br/>mnmdd System <br/> <br/>mnmsrvc Manual <br/> NetMeeting Remote Desktop Sharing <br/>Modem Manual <br/> <br/>Mouclass System <br/> Mouse Class Driver <br/>mouhid Manual <br/> Mouse HID Driver <br/>MountMgr Boot <br/> Mount Point Manager <br/>mraid35x Disabled <br/> mraid35x <br/>MRxDAV Manual <br/> WebDav Client Redirector <br/>MRxSmb System <br/> MRXSMB <br/>MSDTC Manual <br/> Distributed Transaction Coordinator <br/>Msfs System <br/> <br/>MSIServer Manual <br/> Windows Installer <br/>MSKSSRV Manual <br/> Microsoft Streaming Service Proxy <br/>MSPCLOCK Manual <br/> Microsoft Streaming Clock Proxy <br/>MSPQM Manual <br/> Microsoft Streaming Quality Manager Proxy <br/>mssmbios Manual <br/> Microsoft System Management BIOS Driver <br/>MSTEE Manual <br/> Microsoft Streaming Tee/Sink-to-Sink Converter <br/>Mup Boot <br/> Mup <br/>NABTSFEC Manual <br/> NABTS/FEC VBI Codec <br/>napagent Manual <br/> Network Access Protection Agent <br/>NDIS Boot <br/> NDIS System Driver <br/>NdisIP Manual <br/> Microsoft TV/Video Connection <br/>NdisTapi Manual <br/> Remote Access NDIS TAPI Driver <br/>Ndisuio Manual <br/> NDIS Usermode I/O Protocol <br/>NdisWan Manual <br/> Remote Access NDIS WAN Driver <br/>NDProxy Manual <br/> NDIS Proxy <br/>NetBIOS System <br/> NetBIOS Interface <br/>NetBT System <br/> NetBios over Tcpip <br/>NetDDE Disabled <br/> Network DDE <br/>NetDDEdsdm Disabled <br/> Network DDE DSDM <br/>Netlogon Manual <br/> Net Logon <br/>Netman Manual <br/> Network Connections <br/>NIC1394 Manual <br/> 1394 Net Driver <br/>NICCONFIGSVC Auto <br/> NICCONFIGSVC <br/>Nla Manual <br/> Network Location Awareness (NLA) <br/>Npfs System <br/> <br/>Ntfs Disabled <br/> <br/>NtLmSsp Manual <br/> NT LM Security Support Provider <br/>NtmsSvc Disabled <br/> Removable Storage <br/>Null System <br/> <br/>nv Manual <br/> <br/>NwlnkFlt Manual <br/> IPX Traffic Filter Driver <br/>NwlnkFwd Manual <br/> IPX Traffic Forwarder Driver <br/>ohci1394 Boot <br/> OHCI Compliant IEEE 1394 Host Controller <br/>omci System <br/> OMCI WDM Device Driver <br/>Parport Manual <br/> Parallel port driver <br/>PartMgr Boot <br/> Partition Manager <br/>ParVdm Disabled <br/> <br/>PCI Boot <br/> PCI Bus Driver <br/>PCIDump System <br/> <br/>PCIIde Boot <br/> <br/>Pcmcia Disabled <br/> <br/>pcmstub Manual <br/> pcmstub <br/>PDCOMP Manual <br/> <br/>PDFRAME Manual <br/> <br/>PDRELI Manual <br/> <br/>PDRFRAME Manual <br/> <br/>pepifilter Manual <br/> Volume Adapter <br/>perc2 Disabled <br/> perc2 <br/>perc2hib Disabled <br/> perc2hib <br/>PID_08A0 Manual <br/> QuickCam IM(PID_08A0) <br/>PlugPlay Auto <br/> Plug and Play <br/>PolicyAgent Auto <br/> IPSEC Services <br/>PptpMiniport Manual <br/> WAN Miniport (PPTP) <br/>ProtectedStorage Auto <br/> Protected Storage <br/>PSched Manual <br/> QoS Packet Scheduler <br/>Ptilink Manual <br/> Direct Parallel Link Driver <br/>PxHelp20 Boot <br/> PxHelp20 <br/>ql1080 Disabled <br/> ql1080 <br/>Ql10wnt Disabled <br/> Ql10wnt <br/>ql12160 Disabled <br/> ql12160 <br/>ql1240 Disabled <br/> ql1240 <br/>ql1280 Disabled <br/> ql1280 <br/>RasAcd System <br/> Remote Access Auto Connection Driver <br/>RasAuto Manual <br/> Remote Access Auto Connection Manager <br/>Rasl2tp Manual <br/> WAN Miniport (L2TP) <br/>RasMan Manual <br/> Remote Access Connection Manager <br/>RasPppoe Manual <br/> Remote Access PPPOE Driver <br/>Raspti Manual <br/> Direct Parallel <br/>Rdbss System <br/> Rdbss <br/>RDPCDD System <br/> <br/>rdpdr Manual <br/> Terminal Server Device Redirector Driver <br/>RDPWD Manual <br/> <br/>RDSessMgr Manual <br/> Remote Desktop Help Session Manager <br/>redbook System <br/> Digital CD Audio Playback Filter Driver <br/>RemoteAccess Disabled <br/> Routing and Remote Access <br/>RemoteRegistry Auto <br/> Remote Registry <br/>rimmptsk Manual <br/> <br/>rimsptsk Manual <br/> <br/>rismxdp Manual <br/> Ricoh xD-Picture Card Driver <br/>RpcLocator Manual <br/> Remote Procedure Call (RPC) Locator <br/>RpcSs Auto <br/> Remote Procedure Call (RPC) <br/>RSVP Manual <br/> QoS RSVP <br/>SamSs Auto <br/> Security Accounts Manager <br/>SCardSvr Manual <br/> Smart Card <br/>Schedule Auto <br/> <br/>sdbus Manual <br/> <br/>Secdrv Manual <br/> Secdrv <br/>seclogon Auto <br/> Secondary Logon <br/>SENS Auto <br/> System Event Notification <br/>serenum Manual <br/> Serenum Filter Driver <br/>Serial System <br/> Serial port driver <br/>sffdisk Manual <br/> SFF Storage Class Driver <br/>sffp_sd Manual <br/> SFF Storage Protocol Driver for SDBus <br/>Sfloppy System <br/> <br/>SharedAccess Disabled <br/> Windows Firewall/Internet Connection Sharing (ICS) <br/>ShellHWDetection Auto <br/> Shell Hardware Detection <br/>Simbad Disabled <br/> <br/>sisagp Disabled <br/> SIS AGP Bus Filter <br/>SLIP Manual <br/> BDA Slip De-Framer <br/>Sparrow Disabled <br/> Sparrow <br/>splitter Manual <br/> Microsoft Kernel Audio Splitter <br/>Spooler Auto <br/> Print Spooler <br/>sr Boot <br/> System Restore Filter Driver <br/>srservice Auto <br/> System Restore Service <br/>Srv Manual <br/> Srv <br/>sscdbhk5 System <br/> <br/>SSDPSRV Auto <br/> SSDP Discovery Service <br/>ssrtln System <br/> <br/>STHDA Manual <br/> SigmaTel High Definition Audio CODEC <br/>stisvc Auto <br/> Windows Image Acquisition (WIA) <br/>streamip Manual <br/> BDA IPSink <br/>swenum Manual <br/> Software Bus Driver <br/>swmidi Manual <br/> Microsoft Kernel GS Wavetable Synthesizer <br/>SwPrv Manual <br/> MS Software Shadow Copy Provider <br/>symc810 Disabled <br/> symc810 <br/>symc8xx Disabled <br/> symc8xx <br/>sym_hi Disabled <br/> sym_hi <br/>sym_u3 Disabled <br/> sym_u3 <br/>SynTP Manual <br/> Synaptics TouchPad Driver <br/>sysaudio Manual <br/> Microsoft Kernel System Audio Device <br/>SysmonLog Manual <br/> Performance Logs and Alerts <br/>TapiSrv Manual <br/> Telephony <br/>Tcpip System <br/> TCP/IP Protocol Driver <br/>TDPIPE Manual <br/> <br/>TDTCP Manual <br/> <br/>TermDD System <br/> Terminal Device Driver <br/>TermService Manual <br/> Terminal Services <br/>tfsnboio Auto <br/> <br/>tfsncofs Auto <br/> <br/>tfsndrct Auto <br/> <br/>tfsndres Auto <br/> <br/>tfsnifs Auto <br/> <br/>tfsnopio Auto <br/> <br/>tfsnpool Auto <br/> <br/>tfsnudf Auto <br/> <br/>tfsnudfa Auto <br/> <br/>Themes Auto <br/> Themes <br/>TlntSvr Disabled <br/> Telnet <br/>TosIde Disabled <br/> TosIde <br/>TrkWks Auto <br/> Distributed Link Tracking Client <br/>UACd.sys System <br/> <br/>Udfs Disabled <br/> <br/>ultra Disabled <br/> ultra <br/>Update Manual <br/> Microcode Update Driver <br/>upnphost Manual <br/> Universal Plug and Play Device Host <br/>UPS Manual <br/> Uninterruptible Power Supply <br/>USBAAPL Manual <br/> Apple Mobile USB Driver <br/>usbaudio Manual <br/> USB Audio Driver (WDM) <br/>usbccgp Manual <br/> Microsoft USB Generic Parent Driver <br/>usbehci Manual <br/> Microsoft USB 2.0 Enhanced Host Controller Miniport Driver <br/>usbhub Manual <br/> USB2 Enabled Hub <br/>usbprint Manual <br/> Microsoft USB PRINTER Class <br/>usbscan Manual <br/> USB Scanner Driver <br/>USBSTOR Manual <br/> USB Mass Storage Driver <br/>usbuhci Manual <br/> Microsoft USB Universal Host Controller Miniport Driver <br/>usnjsvc Manual <br/> Messenger Sharing Folders USN Journal Reader service <br/>VgaSave System <br/> VGA Display Controller. <br/>viaagp Disabled <br/> VIA AGP Bus Filter <br/>ViaIde Disabled <br/> ViaIde <br/>Viewpoint Manager Service Auto <br/> Viewpoint Manager Service <br/>VolSnap Boot <br/> <br/>VSS Manual <br/> Volume Shadow Copy <br/>w32time Auto <br/> Windows Time <br/>Wanarp Manual <br/> Remote Access IP ARP Driver <br/>wanatw Manual <br/> WAN Miniport (ATW) <br/>Wdf01000 Manual <br/> Wdf01000 <br/>WDICA Manual <br/> <br/>wdmaud Manual <br/> Microsoft WINMM WDM Audio Compatibility Driver <br/>WebClient Auto <br/> WebClient <br/>winachsf Manual <br/> <br/>winmgmt Auto <br/> Windows Management Instrumentation <br/>Winsock Manual <br/> <br/>wltrysvc Auto <br/> Dell Wireless WLAN Tray Service <br/>WmdmPmSN Manual <br/> Portable Media Serial Number Service <br/>Wmi Manual <br/> Windows Management Instrumentation Driver Extensions <br/>WmiApSrv Manual <br/> WMI Performance Adapter <br/>WMPNetworkSvc Manual <br/> Windows Media Player Network Sharing Service <br/>WS2IFSL System <br/> <br/>wscsvc Disabled <br/> Security Center <br/>WSTCODEC Manual <br/> World Standard Teletext Codec <br/>wuauserv Auto <br/> Automatic Updates <br/>WudfPf Manual <br/> Windows Driver Foundation - User-mode Driver Framework Platform Driver <br/>WudfRd Manual <br/> Windows Driver Foundation - User-mode Driver Framework Reflector <br/>WudfSvc Manual <br/> Windows Driver Foundation - User-mode Driver Framework <br/>WZCSVC Auto <br/> Wireless Zero Configuration <br/>xmlprov Manual <br/> Network Provisioning Service
Posted 7/28/2009 11:51 AM
#75472
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Very good. And that shows the malware rootkit driver, a remote registry service that should always be disabled, a very questionable Internet Authentication Service (Ias) that only servers would use, and this: <br/> <br/>6to4 Auto <br/>Microsoft Automatic Update <br/> <br/>Two correct terms, but not when together like that. <br/> <br/>Return to the Recovery Console prompt, and at the prompt type the following, pressing Enter after each: <br/> <br/>disable UACd.sys <br/> <br/>disable RemoteRegistry <br/> <br/>disable ias <br/> <br/>disable 6to4 <br/> <br/>exit <br/> <br/>When you hit Enter after typing exit your computer will reboot. Do Not press any key until the system has completely rebooted, then after the reboot be sure to remove your XP CD from the CD-ROM drive. <br/> <br/>---------------- <br/> <br/>If by chance you have Internet connectivity problems after you can re-enable that Ias service by doing the following, though at this time I sense it is malware related: <br/> <br/>Go to Start - Run, type cmd (and OK). Copy/paste each of the following at the prompt, Enter after each: <br/> <br/>sc start ias <br/>exit <br/> <br/>---------------- <br/> <br/>After the reboot download ComboFix.exe from here to your desktop, but I would like you to rename the file as you download it (do not download it directly without renaming it - use right click "Save Target/Link As" ). For this, rename the downloading file to 456out.com, then click the renamed 456out.com to run that scan. <br/> <br/>Be sure to install the Recovery Console if you are asked to do so. When the scan completes, a text window with your log will open. Please copy and paste that log back here. <br/> <br/>A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. <br/> <br/>Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Posted 7/28/2009 11:50 PM
#75508
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
I disabled those 4 items and restarted. The internet connected, however after getting to the forum to dl combofix the blue screen appeared again. <br/> <br/>i will try again.
Posted 7/29/2009 1:45 AM
#75513
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Also try Safe Mode (at startup tap the F8 key about once per half-second and select that from the menu).
Posted 7/29/2009 2:20 AM
#75514
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
ah it's a mess, can't run safe mode, cause it goes straight to blue screen
Posted 7/29/2009 4:22 PM
#75540
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Think I missed one in that list of drivers. Return to the Recovery Console prompt, and type this command: <br/> <br/>disable lich <br/> <br/>And exit to reboot the system. Then try running ComboFix again. You may have to download it elsewhere, rename it then transfer it to this computer. Sending it as an email attachment is preferred, as it minimizes any transfer of infection off the problem computer, but do you best with what you have there.
Posted 8/2/2009 3:58 PM
#75637
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
awesome! no blue screen of death after i disable lich. here's the combofix log <br/> <br/> <br/> <br/>ComboFix 09-08-01.06 - Laura Kim 08/02/2009 11:21.1.2 - NTFSx86 <br/>Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.502.126 [GMT -4:00] <br/>Running from: E:\456out.com.exe <br/>AV: avast! antivirus 4.8.1335 [VPS 090422-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} <br/> * Created a new restore point <br/> <br/>WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>C:\chfyosn.exe <br/>c:\docume~1\LAURAK~1\LOCALS~1\Temp\csrss.exe <br/>c:\docume~1\LAURAK~1\LOCALS~1\Temp\n05wzkqhzw.exe <br/>c:\docume~1\LAURAK~1\LOCALS~1\Temp\winlogon.exe <br/>c:\documents and settings\Laura Kim\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk <br/>c:\documents and settings\Laura Kim\Application Data\wiaserva.log <br/>c:\documents and settings\Laura Kim\Application Data\wiaservg.log <br/>c:\documents and settings\Laura Kim\Desktop\Advanced Virus Remover.lnk <br/>c:\documents and settings\Laura Kim\Laura Kim.exe <br/>c:\documents and settings\Laura Kim\Local Settings\Temp\n05wzkqhzw.exe <br/>c:\documents and settings\Laura Kim\Start Menu\Advanced Virus Remover.lnk <br/>c:\documents and settings\Laura Kim\Start Menu\Programs\Startup\fmnupd32.exe <br/>c:\documents and settings\Laura Kim\Start Menu\Programs\Startup\zqosys32.exe <br/>c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd <br/>C:\giyghshu.exe <br/>C:\mupwjiav.exe <br/>C:\oxyyxwn.exe <br/>C:\p2hhr.bat <br/>c:\program files\AdvancedVirusRemover <br/>c:\program files\AdvancedVirusRemover\PAVRM.exe <br/>c:\program files\Manson <br/>c:\program files\Manson\liser.dll <br/>c:\program files\Manson\liser.exe <br/>c:\program files\sys <br/>c:\program files\sys\sys.dll <br/>c:\program files\sys\sys.sys <br/>c:\windows\010112010146118114.dat <br/>c:\windows\010112010146120114.dat <br/>c:\windows\0101120101464849.dat <br/>c:\windows\934fdfg34fgjf23 <br/>c:\windows\dll <br/>c:\windows\dll\rundll32.exe <br/>c:\windows\Install.txt <br/>c:\windows\Installer\9bc6e.msi <br/>c:\windows\kb913800.exe <br/>c:\windows\ld11.exe <br/>c:\windows\pp10.exe <br/>c:\windows\sysguard.exe <br/>c:\windows\system32\3361 <br/>c:\windows\system32\3361\mlog <br/>c:\windows\system32\3361\services.exe <br/>c:\windows\system32\6to4ex.dll <br/>c:\windows\system32\certstore.dat <br/>c:\windows\system32\comsa32.sys <br/>c:\windows\system32\cooecp.tlb <br/>c:\windows\system32\critical_warning.html <br/>c:\windows\system32\drivers\fips32cup.sys <br/>c:\windows\system32\EffOUENn.ini <br/>c:\windows\system32\EffOUENn.ini2 <br/>c:\windows\system32\gsf83iujid.dll <br/>c:\windows\system32\Iasv32.dll <br/>c:\windows\system32\iehelper.dll <br/>c:\windows\system32\Install.txt <br/>c:\windows\system32\ksevshff.ini <br/>c:\windows\system32\logcde.dll <br/>c:\windows\system32\mqracxer.ini <br/>c:\windows\system32\msckflp.exe <br/>c:\windows\system32\msdhzqys.exe <br/>c:\windows\system32\mskpfpsq.exe <br/>c:\windows\system32\mslltxrn.exe <br/>c:\windows\system32\mslwo.exe <br/>c:\windows\system32\msncache.dll <br/>c:\windows\system32\msqksief.exe <br/>c:\windows\system32\msresnv.exe <br/>c:\windows\system32\msrplnzd.exe <br/>c:\windows\system32\mssdpz.exe <br/>c:\windows\system32\mssjx.exe <br/>c:\windows\system32\msucaiz.exe <br/>c:\windows\system32\msuenv.exe <br/>c:\windows\system32\msuhwn.exe <br/>c:\windows\system32\msupoiy.exe <br/>c:\windows\system32\msusl.exe <br/>c:\windows\system32\mswfsyu.exe <br/>c:\windows\system32\mswgwbv.exe <br/>c:\windows\system32\mszkdzx.exe <br/>c:\windows\system32\mszpuiwh.exe <br/>c:\windows\system32\pcmstub.sys <br/>c:\windows\system32\tpsaxyd.exe <br/>c:\windows\system32\wbem\proquota.exe <br/>c:\windows\system32\wiawow32.sys <br/>c:\windows\system32\windef.dll <br/>c:\windows\system32\windef.Log <br/>c:\windows\system32\winpaged.ocx <br/>c:\windows\system32\winsrc.dll.tmp <br/>c:\windows\system32\winupdate.exe <br/>C:\wyhgm.exe <br/> <br/>c:\windows\system32\proquota.exe was missing <br/>Restored copy from - c:\system volume information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP872\A0068765.exe <br/> <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/> <br/>-------\Legacy_6TO4 <br/>-------\Legacy_FIPS32CUP <br/>-------\Legacy_IAS <br/>-------\Legacy_PCMSTUB <br/>-------\Legacy_UACD.SYS <br/>-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} <br/>-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} <br/>-------\Service_6to4 <br/>-------\Service_fips32cup <br/>-------\Service_Ias <br/>-------\Service_pcmstub <br/>-------\Service_UACd.sys <br/> <br/> <br/>((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 ))))))))))))))))))))))))))))))) <br/>. <br/> <br/>2009-08-02 15:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe <br/>2009-08-02 15:32 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe <br/>2009-07-28 03:51 . 2009-07-28 03:51 40 ----a-w- c:\windows\servcheck.bat <br/>2009-07-26 14:57 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\dllcache\drmkaud.sys <br/>2009-07-08 04:34 . 2009-07-08 04:34 544545 ----a-w- c:\windows\Minidump.zip <br/>2009-07-07 00:18 . 2009-07-07 00:18 210 ----a-w- c:\windows\567788.bat <br/> <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2009-08-02 15:16 . 2009-01-19 19:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater <br/>2009-07-07 01:42 . 2009-07-29 02:18 1952 ----a-w- c:\windows\system32\drivers\arp1394.sys <br/>2009-07-01 00:04 . 2006-05-15 17:25 90112 ----a-w- c:\windows\DUMPad66.tmp <br/>2009-06-30 02:19 . 2009-07-29 02:18 1952 ----a-w- c:\windows\system32\drivers\wanatw4.sys <br/>2009-06-29 21:15 . 2009-07-29 02:18 1952 ----a-w- c:\windows\system32\drivers\bcm4sbxp.sys <br/>2009-06-29 21:15 . 2009-06-29 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\17113754 <br/>2009-06-29 21:15 . 2009-06-29 21:15 716874 ----a-w- c:\documents and settings\All Users\Application Data\17113754\17113754.exe <br/>2009-06-29 21:15 . 2009-06-29 21:15 86016 ----a-w- c:\windows\system32\lich.exe <br/>2009-06-29 21:13 . 2009-06-29 21:13 40960 ----a-w- C:\poykfa.exe <br/>2008-08-20 03:39 . 2008-08-20 03:39 7499056 ----a-w- c:\program files\Firefox Setup 3.0.1.exe <br/>2007-12-06 01:09 . 2007-12-06 01:09 15180000 ----a-w- c:\program files\gimp-2.4.2-i686-setup.exe <br/>2007-10-16 02:05 . 2007-10-16 02:05 12132128 ----a-w- c:\program files\Install_AIMupdate.exe <br/>2007-05-27 14:10 . 2007-05-27 14:10 151913 ----a-w- c:\program files\Z100 DJ Mix.zip <br/>2007-05-27 14:05 . 2007-05-27 14:05 530496 ----a-w- c:\program files\yahoo_installer.exe <br/>2006-10-09 20:50 . 2006-10-09 20:50 15926792 ----a-w- c:\program files\DivXInstaller.exe <br/>2006-09-24 14:31 . 2006-09-24 14:31 904 ----a-w- c:\program files\Yahoo! Widget Engine.lnk <br/>2006-06-04 19:33 . 2006-06-04 19:33 643711 ----a-w- c:\program files\XviD-1.1.0-30122005.exe <br/>2006-06-02 19:13 . 2006-06-02 19:12 2840440 ----a-w- c:\program files\LimeWireWin-full.exe <br/>2006-05-30 22:01 . 2006-05-30 22:01 258420 ----a-w- c:\program files\Install_AIM.exe <br/>2006-05-30 21:19 . 2006-05-30 21:16 37311488 ----a-w- c:\program files\iTunesSetup.exe <br/>2009-06-13 12:16 . 2008-08-20 03:40 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll <br/>2006-06-25 19:06 . 2006-05-31 20:05 88 --sh--r- c:\windows\system32\1F2C32DA64.sys <br/>2006-08-20 00:05 . 2006-06-17 21:31 56 --sh--r- c:\windows\system32\64DA322C1F.sys <br/>2006-08-20 00:06 . 2006-05-31 20:05 6060 --sha-w- c:\windows\system32\KGyGaAvL.sys <br/>. <br/> <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/> <br/>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-19 68856] <br/>"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] <br/>"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] <br/>"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608] <br/>"DellTransferAgent"="c:\documents and settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" [2007-11-13 135168] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] <br/>"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304] <br/>"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824] <br/>"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784] <br/>"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584] <br/>"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947] <br/>"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152] <br/>"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] <br/>"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] <br/>"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] <br/>"HostManager"="c:\program files\Common Files\AOL\1149026895\ee\AOLSoftware.exe" [2006-05-10 50760] <br/>"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520] <br/>"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 136600] <br/>"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184] <br/>"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752] <br/>"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088] <br/>"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] <br/>"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936] <br/>"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] <br/>"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] <br/>"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] <br/>"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792] <br/>"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-16 397312] <br/>"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2007-04-11 56080] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] <br/>@="Service" <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] <br/>@="" <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] <br/>"%windir%\\system32\\sessmgr.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\1149026895\\ee\\aolsoftware.exe"= <br/>"c:\\Program Files\\Common Files\\AOL\\1149026895\\ee\\aim6.exe"= <br/>"c:\\Program Files\\Messenger\\msmsgs.exe"= <br/>"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= <br/>"c:\\Program Files\\MSN Messenger\\livecall.exe"= <br/>"c:\\Program Files\\AIM6\\aim6.exe"= <br/>"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= <br/>"c:\\Program Files\\Mozilla Firefox\\firefox.exe"= <br/>"%windir%\\Network Diagnostic\\xpnetdiag.exe"= <br/>"c:\\Program Files\\Bonjour\\mDNSResponder.exe"= <br/>"c:\\Program Files\\iTunes\\iTunes.exe"= <br/>"c:\\WINDOWS\\system32\\wuauclt.exe"= <br/>"c:\\Program Files\\Yahoo!\\Yahoo! Widget Engine\\YahooWidgetEngine.exe"= <br/>"c:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"= <br/>"c:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe"= <br/>"c:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"= <br/>"c:\\WINDOWS\\system32\\WLTRYSVC.EXE"= <br/> <br/>[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] <br/>"4814:UDP"= 4814:UDP:Windows Media Format SDK (firefox.exe) <br/>"4815:UDP"= 4815:UDP:Windows Media Format SDK (firefox.exe) <br/> <br/>R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2/21/2009 1:07 PM 114768] <br/>R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/21/2009 1:07 PM 20560] <br/>R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2007 1:40 PM 24652] <br/>S4 lich;lich;c:\windows\system32\lich.exe [6/29/2009 5:15 PM 86016] <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/> <br/>2009-05-21 c:\windows\Tasks\AppleSoftwareUpdate.job <br/>- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] <br/> <br/>2009-08-02 c:\windows\Tasks\Google Software Updater.job <br/>- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-01 17:01] <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/> <br/>HKCU-Run-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe <br/>HKCU-Run-LowRiskFileTypes - c:\windows\sysguard.exe <br/>HKLM-Run-Advanced Virus Remover - c:\program files\AdvancedVirusRemover\PAVRM.exe <br/> <br/> <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uStart Page = hxxp://www.nytimes.com/ <br/>uSearch Page = hxxp://www.google.com <br/>uSearch Bar = hxxp://www.google.com/ie <br/>mStart Page = hxxp://www.dell.com <br/>uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/ <br/>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s <br/>IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 <br/>FF - ProfilePath - c:\documents and settings\Laura Kim\Application Data\Mozilla\Firefox\Profiles\aqoh9e98.default\ <br/>FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= <br/>FF - prefs.js: browser.search.selectedEngine - Google <br/>FF - prefs.js: browser.startup.homepage - hxxp://www.nytimes.com/ <br/>FF - plugin: c:\documents and settings\Laura Kim\Application Data\Mozilla\Firefox\Profiles\aqoh9e98.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll <br/>FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll <br/>FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll <br/>FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll <br/> <br/>---- FIREFOX POLICIES ---- <br/>FF - user.js: yahoo.homepage.dontask - true. <br/> <br/>************************************************************************** <br/> <br/>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net <br/>Rootkit scan 2009-08-02 11:35 <br/>Windows 5.1.2600 Service Pack 3 NTFS <br/> <br/>scanning hidden processes ... <br/> <br/>scanning hidden autostart entries ... <br/> <br/>scanning hidden files ... <br/> <br/>scan completed successfully <br/>hidden files: 0 <br/> <br/>************************************************************************** <br/>. <br/>--------------------- DLLs Loaded Under Running Processes --------------------- <br/> <br/>- - - - - - - > 'winlogon.exe'(688) <br/>c:\windows\System32\BCMLogon.dll <br/> <br/>- - - - - - - > 'explorer.exe'(796) <br/>c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll <br/>c:\windows\system32\WPDShServiceObj.dll <br/>c:\windows\system32\PortableDeviceTypes.dll <br/>c:\windows\system32\PortableDeviceApi.dll <br/>. <br/>------------------------ Other Running Processes ------------------------ <br/>. <br/>c:\windows\system32\WLTRYSVC.EXE <br/>c:\windows\system32\BCMWLTRY.EXE <br/>c:\program files\Lavasoft\Ad-Aware\aawservice.exe <br/>c:\program files\Alwil Software\Avast4\aswUpdSv.exe <br/>c:\windows\system32\igfxsrvc.exe <br/>c:\program files\Logitech\Video\FxSvr2.exe <br/>c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>c:\program files\Bonjour\mDNSResponder.exe <br/>c:\windows\ehome\ehrecvr.exe <br/>c:\windows\ehome\ehSched.exe <br/>c:\program files\Java\jre6\bin\jqs.exe <br/>c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe <br/>c:\windows\ehome\mcrdsvc.exe <br/>c:\program files\Canon\CAL\CALMAIN.exe <br/>c:\program files\iPod\bin\iPodService.exe <br/>c:\windows\system32\dllhost.exe <br/>c:\windows\system32\wscntfy.exe <br/>c:\windows\ehome\ehmsas.exe <br/>c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>. <br/>************************************************************************** <br/>. <br/>Completion time: 2009-08-02 11:43 - machine was rebooted <br/>ComboFix-quarantined-files.txt 2009-08-02 15:43 <br/> <br/>Pre-Run: 15,324,332,032 bytes free <br/>Post-Run: 17,380,048,896 bytes free <br/> <br/>WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe <br/> <br/>Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 <br/>299 --- E O F --- 2008-12-18 19:10
Posted 8/2/2009 8:25 PM
#75643
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Hats off to the ComboFix author sUBs. ComboFix did a real nice job os removal in that sweep. Let's now remove one bad driver and check after. <br/> <br/> <br/>Go to Start > Run and type <br/> <br/>cmd <br/> <br/>and OK. At the prompt type (or copy\paste) the below commands and hit "Enter" after each line <br/> <br/>sc delete lich <br/> <br/>Type Exit to close. <br/> <br/>--------------------- <br/> <br/>If you don't already have it (no need to reinstall if you do) download Malwarebytes' Anti-Malware from Here or Here. <br/> <br/>Double Click mbam-setup.exe to install the application. <br/> <br/> * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. <br/> * If an update is found, it will download and install the latest version. <br/> * Once the program has loaded, select "Perform quick scan", then click Scan. <br/> * The scan may take some time to finish,so please be patient. <br/> * When the scan is complete, click OK, then Show Results to view the results. <br/> * Make sure that everything is checked, and click Remove Selected. <br/> * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. <br/> * The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes. <br/> * Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then. <br/> <br/>-------------- <br/> <br/>Then run a RSIT scan now (download here if you didn't do it before). <br/> <br/>Click on the RSIT.exe to start the scan. <br/> <br/>If necessary allow it to locate or download a copy of HijackThis as needed. <br/> <br/>Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. <br/> <br/>RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). <br/> <br/>You can break logs into parts and use separate posts here when replying and posting the log files, if needed. <br/> <br/>------------- <br/> <br/>Post back the RSIT logs and the Malwarebytes log please.
Posted 8/3/2009 12:52 AM
#75647
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
yes, combofix is awesome! <br/> <br/>here's the rsit log, there's 2 logs, will post the malware in the next post <br/> <br/>Logfile of random's system information tool 1.06 (written by random/random) <br/>Run by Laura Kim at 2009-08-02 20:44:19 <br/>Microsoft Windows XP Professional Service Pack 3 <br/>System drive C: has 17 GB (33%) free of 51 GB <br/>Total RAM: 502 MB (29% free) <br/> <br/>Logfile of Trend Micro HijackThis v2.0.2 <br/>Scan saved at 8:44:38 PM, on 8/2/2009 <br/>Platform: Windows XP SP3 (WinNT 5.01.2600) <br/>MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) <br/>Boot mode: Normal <br/> <br/>Running processes: <br/>C:\WINDOWS\System32\smss.exe <br/>C:\WINDOWS\system32\winlogon.exe <br/>C:\WINDOWS\system32\services.exe <br/>C:\WINDOWS\system32\lsass.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\System32\WLTRYSVC.EXE <br/>C:\WINDOWS\System32\bcmwltry.exe <br/>C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe <br/>C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>C:\WINDOWS\Explorer.EXE <br/>C:\WINDOWS\ehome\ehtray.exe <br/>C:\WINDOWS\system32\hkcmd.exe <br/>C:\WINDOWS\system32\igfxpers.exe <br/>C:\WINDOWS\system32\WLTRAY.exe <br/>C:\WINDOWS\stsystra.exe <br/>C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe <br/>C:\WINDOWS\system32\dla\tfswctrl.exe <br/>C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe <br/>C:\Program Files\Common Files\AOL\1149026895\ee\AOLSoftware.exe <br/>C:\Program Files\Java\jre6\bin\jusched.exe <br/>C:\WINDOWS\system32\igfxsrvc.exe <br/>C:\WINDOWS\system32\LVCOMSX.EXE <br/>C:\Program Files\Logitech\Video\LogiTray.exe <br/>C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe <br/>C:\Program Files\QuickTime\QTTask.exe <br/>C:\Program Files\iTunes\iTunesHelper.exe <br/>C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>C:\Program Files\DellSupport\DSAgnt.exe <br/>C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe <br/>C:\Program Files\Logitech\Video\FxSvr2.exe <br/>C:\WINDOWS\system32\spoolsv.exe <br/>C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>C:\Program Files\Bonjour\mDNSResponder.exe <br/>C:\WINDOWS\eHome\ehRecvr.exe <br/>C:\WINDOWS\eHome\ehSched.exe <br/>C:\Program Files\Java\jre6\bin\jqs.exe <br/>C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe <br/>C:\WINDOWS\system32\svchost.exe <br/>C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>C:\Program Files\Canon\CAL\CALMAIN.exe <br/>C:\Program Files\iPod\bin\iPodService.exe <br/>C:\WINDOWS\system32\dllhost.exe <br/>C:\WINDOWS\eHome\ehmsas.exe <br/>C:\WINDOWS\system32\wscntfy.exe <br/>C:\WINDOWS\System32\svchost.exe <br/>C:\WINDOWS\system32\wuauclt.exe <br/>C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe <br/>C:\Program Files\Mozilla Firefox\firefox.exe <br/>C:\Documents and Settings\Laura Kim\Desktop\RSIT.exe <br/>C:\Program Files\trend micro\Laura Kim.exe <br/> <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nytimes.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com <br/>R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/ <br/>O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll <br/>O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe <br/>O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe <br/>O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe <br/>O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe <br/>O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe <br/>O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe <br/>O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe <br/>O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" <br/>O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe <br/>O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup <br/>O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start <br/>O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1149026895\ee\AOLSoftware.exe <br/>O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe <br/>O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" <br/>O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE <br/>O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe <br/>O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe <br/>O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE <br/>O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" <br/>O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe <br/>O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe <br/>O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall <br/>O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe <br/>O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup <br/>O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 <br/>O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot <br/>O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe" <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 <br/>O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll <br/>O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe <br/>O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe <br/>O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll <br/>O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab <br/>O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe <br/>O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe <br/>O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe <br/>O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe <br/>O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe <br/>O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe <br/>O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe <br/>O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe <br/>O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe <br/>O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE <br/> <br/>-- <br/>End of file - 8588 bytes <br/> <br/>======Scheduled tasks folder====== <br/> <br/>C:\WINDOWS\tasks\AppleSoftwareUpdate.job <br/>C:\WINDOWS\tasks\Google Software Updater.job <br/> <br/>======Registry dump====== <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] <br/>{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar4.dll [2007-01-20 2403392] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584] <br/>"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-12-13 98304] <br/>"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-12-13 77824] <br/>"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-12-13 118784] <br/>"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2005-12-19 1347584] <br/>"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2005-11-16 397312] <br/>"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-11-29 761947] <br/>"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-12-09 49152] <br/>"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-06 127035] <br/>"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-06-10 249856] <br/>"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-06-10 81920] <br/>"HostManager"=C:\Program Files\Common Files\AOL\1149026895\ee\AOLSoftware.exe [2006-05-09 50760] <br/>"IPHSend"=C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe [2006-02-17 124520] <br/>"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-22 136600] <br/>"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184] <br/>"LogitechVideoRepair"=C:\Program Files\Logitech\Video\ISStart.exe [2005-06-08 458752] <br/>"LogitechVideoTray"=C:\Program Files\Logitech\Video\LogiTray.exe [2005-06-08 217088] <br/>"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-04-11 56080] <br/>"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152] <br/>"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936] <br/>"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] <br/>"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] <br/>"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] <br/>"MSKDetectorExe"=C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-08-12 1121792] <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <br/>"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-05-19 68856] <br/>"DellSupport"=C:\Program Files\DellSupport\DSAgnt.exe [2007-03-15 460784] <br/>"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472] <br/>"LogitechSoftwareUpdate"=C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608] <br/>"DellTransferAgent"=C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe [2007-11-13 135168] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c46b438] <br/>C:\WINDOWS\system32\ffhsvesk.dll,b [] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM7f7587a4] <br/>C:\WINDOWS\system32\vxlctldn.dll,s [] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold] <br/>C:\Program Files\NetWaiting\netWaiting.exe [2003-09-10 20480] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] <br/>C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] <br/> <br/>[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl] <br/> [] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] <br/>C:\WINDOWS\system32\igfxdev.dll [2005-12-13 139264] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <br/>C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <br/>WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] <br/>"dontdisplaylastusername"=0 <br/>"legalnoticecaption"= <br/>"legalnoticetext"= <br/>"shutdownwithoutlogon"=1 <br/>"undockwithoutlogon"=1 <br/>"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles <br/>"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme <br/> <br/>[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"NoDriveTypeAutoRun"=323 <br/>"NoDriveAutoRun"=67108863 <br/>"NoDrives"=0 <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] <br/>"NoDriveAutoRun"= <br/>"NoDriveTypeAutoRun"= <br/>"NoDrives"= <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader" <br/>"C:\Program Files\Common Files\AOL\1149026895\ee\aolsoftware.exe"="C:\Program Files\Common Files\AOL\1149026895\ee\aolsoftware.exe:*:Enabled:AOL Services" <br/>"C:\Program Files\Common Files\AOL\1149026895\ee\aim6.exe"="C:\Program Files\Common Files\AOL\1149026895\ee\aim6.exe:*:Enabled:AIM" <br/>"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" <br/>"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" <br/>"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" <br/>"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM" <br/>"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare" <br/>"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/>"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" <br/>"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" <br/>"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt" <br/>"C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe"="C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe:*:Enabled:YahooWidgetEngine" <br/>"C:\Program Files\McAfee.com\VSO\oasclnt.exe"="C:\Program Files\McAfee.com\VSO\oasclnt.exe:*:Enabled:OasClnt" <br/>"C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe:*:Enabled:DVDLauncher" <br/>"C:\Program Files\McAfee.com\VSO\mcvsshld.exe"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe:*:Enabled:mcvsshld" <br/>"C:\WINDOWS\system32\WLTRYSVC.EXE"="C:\WINDOWS\system32\WLTRYSVC.EXE:*:Enabled:WLTRYSVC" <br/> <br/>[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] <br/>"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL" <br/>"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL" <br/>"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL" <br/>"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1" <br/>"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" <br/>"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" <br/> <br/>======List of files/folders created in the last 1 months====== <br/> <br/>2009-08-02 20:44:19 ----D---- C:\rsit <br/>2009-08-02 20:44:19 ----D---- C:\Program Files\trend micro <br/>2009-08-02 20:26:17 ----SHD---- C:\RECYCLER <br/>2009-08-02 11:43:36 ----A---- C:\ComboFix.txt <br/>2009-08-02 11:32:20 ----A---- C:\WINDOWS\system32\proquota.exe <br/>2009-08-02 11:18:16 ----A---- C:\WINDOWS\zip.exe <br/>2009-08-02 11:18:16 ----A---- C:\WINDOWS\SWREG.exe <br/>2009-08-02 11:18:16 ----A---- C:\WINDOWS\sed.exe <br/>2009-08-02 11:18:16 ----A---- C:\WINDOWS\PEV.exe <br/>2009-08-02 11:18:16 ----A---- C:\WINDOWS\NIRCMD.exe <br/>2009-08-02 11:18:16 ----A---- C:\WINDOWS\grep.exe <br/>2009-08-02 11:18:15 ----A---- C:\WINDOWS\SWXCACLS.exe <br/>2009-08-02 11:18:15 ----A---- C:\WINDOWS\SWSC.exe <br/>2009-07-27 23:51:30 ----A---- C:\WINDOWS\servcheck.bat <br/>2009-07-27 20:03:47 ----A---- C:\WINDOWS\servicelook.txt <br/> <br/>======List of files/folders modified in the last 1 months====== <br/> <br/>2009-08-02 20:44:19 ----D---- C:\Program Files <br/>2009-08-02 20:42:06 ----D---- C:\Program Files\Mozilla Firefox <br/>2009-08-02 20:39:38 ----D---- C:\WINDOWS\Temp <br/>2009-08-02 20:39:32 ----SD---- C:\WINDOWS\Tasks <br/>2009-08-02 20:39:28 ----D---- C:\WINDOWS\Registration <br/>2009-08-02 20:39:26 ----D---- C:\WINDOWS <br/>2009-08-02 20:38:00 ----D---- C:\WINDOWS\system32\drivers <br/>2009-08-02 20:37:40 ----A---- C:\WINDOWS\SchedLgU.Txt <br/>2009-08-02 20:37:11 ----D---- C:\WINDOWS\system32 <br/>2009-08-02 20:29:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware <br/>2009-08-02 12:05:22 ----D---- C:\WINDOWS\system32\CatRoot2 <br/>2009-08-02 11:43:39 ----D---- C:\Qoobox <br/>2009-08-02 11:41:25 ----RSHD---- C:\WINDOWS\system32\dllcache <br/>2009-08-02 11:36:06 ----A---- C:\WINDOWS\system.ini <br/>2009-08-02 11:33:11 ----D---- C:\WINDOWS\system32\config <br/>2009-08-02 11:32:36 ----D---- C:\WINDOWS\ERDNT <br/>2009-08-02 11:31:04 ----D---- C:\WINDOWS\system32\wbem <br/>2009-08-02 11:30:57 ----SHD---- C:\WINDOWS\Installer <br/>2009-08-02 11:28:07 ----D---- C:\WINDOWS\AppPatch <br/>2009-08-02 11:27:54 ----D---- C:\Program Files\Common Files <br/>2009-08-02 11:18:09 ----SD---- C:\ComboFix <br/>2009-08-02 11:16:35 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater <br/>2009-08-02 11:15:38 ----SHD---- C:\WINDOWS\CSC <br/>2009-07-08 00:45:26 ----D---- C:\WINDOWS\Minidump <br/>2009-07-08 00:33:29 ----D---- C:\WINDOWS\Prefetch <br/>2009-07-06 20:54:11 ----D---- C:\WINDOWS\pss <br/>2009-07-06 20:54:06 ----RASH---- C:\boot.ini <br/>2009-07-06 20:54:06 ----A---- C:\WINDOWS\win.ini <br/> <br/>======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] <br/>R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128] <br/>R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] <br/>R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] <br/>R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] <br/>R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153] <br/>R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-14 5627] <br/>R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-14 23545] <br/>R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] <br/>R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] <br/>R2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-23 40480] <br/>R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376] <br/>R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059] <br/>R2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-06 25883] <br/>R2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-06 34843] <br/>R2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-06 4123] <br/>R2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-06 2239] <br/>R2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-06 86586] <br/>R2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-06 15227] <br/>R2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-06 6363] <br/>R2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-06 98714] <br/>R2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-06 100603] <br/>R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320] <br/>R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] <br/>R3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys [] <br/>R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464] <br/>R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] <br/>R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-12-13 1364574] <br/>R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] <br/>R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-10-14 28544] <br/>R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-10-14 51328] <br/>R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-10-14 307968] <br/>R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] <br/>R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2005-11-16 1047816] <br/>R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-11-29 191936] <br/>R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] <br/>R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] <br/>R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] <br/>S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-07-06 1952] <br/>S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] <br/>S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\D:\INSTAL~E\Core\BVRPMPR5.SYS [] <br/>S3 catchme;catchme; \??\C:\456out.com\catchme.sys [] <br/>S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] <br/>S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760] <br/>S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] <br/>S3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-07-21 1035008] <br/>S3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-07-21 201600] <br/>S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-04-11 34832] <br/>S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2007-04-11 36112] <br/>S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-04-11 28688] <br/>S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016] <br/>S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] <br/>S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] <br/>S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] <br/>S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] <br/>S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] <br/>S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] <br/>S3 pepifilter;Volume Adapter; C:\WINDOWS\system32\DRIVERS\lv302af.sys [2005-05-27 7136] <br/>S3 PID_08A0;QuickCam IM(PID_08A0); C:\WINDOWS\system32\DRIVERS\LV302AV.SYS [2005-05-27 913280] <br/>S3 sffdisk;SFF Storage Class Driver; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-13 11904] <br/>S3 sffp_sd;SFF Storage Protocol Driver for SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-13 11008] <br/>S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] <br/>S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] <br/>S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] <br/>S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] <br/>S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] <br/>S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] <br/>S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] <br/>S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] <br/>S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000] <br/>S3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-07-21 717952] <br/>S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] <br/>S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] <br/>S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] <br/>S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] <br/>S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] <br/>S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] <br/>S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] <br/>S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952] <br/>S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504] <br/>S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] <br/>S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] <br/> <br/>======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== <br/> <br/>R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-17 611664] <br/>R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] <br/>R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] <br/>R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] <br/>R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2005-06-02 86606] <br/>R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568] <br/>R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912] <br/>R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-22 152984] <br/>R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] <br/>R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-12-06 380928] <br/>R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652] <br/>R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-12-19 18944] <br/>R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] <br/>S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] <br/>S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776] <br/>S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280] <br/>S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-09-04 72704] <br/>S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768] <br/>S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] <br/>S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] <br/>S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-07 76848] <br/>S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] <br/>S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] <br/>S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136] <br/>S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] <br/>S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] <br/> <br/>-----------------EOF----------------- <br/> <br/> <br/>2nd log for rsit <br/> <br/>info.txt logfile of random's system information tool 1.06 2009-08-02 20:44:41 <br/> <br/>======Uninstall list====== <br/> <br/>-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 <br/>-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER <br/>-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205} <br/>-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6} <br/>-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382} <br/>-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629} <br/>-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf <br/>Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} <br/>Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe <br/>Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002} <br/>AIM 6-->C:\Program Files\AIM6\uninst.exe <br/>AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe <br/>Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} <br/>Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} <br/>ArcSoft PhotoStudio 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2261C4B-4D9B-4149-8472-31B7A2FEAB91}\Setup.exe" -l0x9 <br/>avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup <br/>Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} <br/>Broadcom Management Programs-->MsiExec.exe /I{26E1BFB0-E87E-4696-9F89-B467F01F81E5} <br/>Canon Camera Access Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{901F8ED7-13E8-43EF-B738-2FE89B0588EB} /l1033 <br/>Canon Camera Support Core Library-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A1D0D14A-B776-4907-BC00-5149F2298086} /l1033 <br/>Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{A2EB8F2E-6D9B-4F8B-96EB-F976D33F416F} <br/>Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{50E25180-3BDC-4B6D-80A2-3F1F0C9CF39D} <br/>Canon Camera Window DSLR 5 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0A146245-DB79-4197-BF5D-FE1A699A2CC7} <br/>Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{6C3A75A6-9A90-44A3-A703-82AC1EA6A85D} <br/>Canon CanoScan Toolbox 4.9-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}\setup.exe" -l0x9 anything <br/>Canon MovieEdit Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{4DBBF091-FACD-422C-B43C-786335BD5398} <br/>Canon PhotoRecord-->MsiExec.exe /X{BBBC2B89-E193-4348-A83C-C8DD8210A4AC} <br/>Canon RAW Image Task for ZoomBrowser EX-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BAA43DA2-B6C5-46EC-B163-0E8EEAF975A4} <br/>Canon ScanGear Starter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{18A5DFF2-8A95-49F3-873F-743CB5549F3D}\SETUP.EXE" -l0x9 anything <br/>Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6} <br/>Canon ZoomBrowser EX (E)-->MsiExec.exe /X{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2} <br/>CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" <br/>CCScore-->MsiExec.exe /I{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992} <br/>CDDRV_Installer-->MsiExec.exe /I{8CC990CD-87C8-475C-AC32-8A7984E2FCFA} <br/>Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -Idel1028k.inf <br/>Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s <br/>Dell Game Console-->"C:\Program Files\WildTangent\Apps\Dell Game Console\Uninstall.exe" <br/>Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card" <br/>DellSupport-->MsiExec.exe /X{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D} <br/>Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33} <br/>Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel <br/>DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC <br/>DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER <br/>DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER <br/>DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER <br/>DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN <br/>Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C} <br/>EducateU-->MsiExec.exe /I{A683A2C0-821C-486F-858C-FA634DB5E864} <br/>ESPNMotion-->C:\PROGRA~1\ESPNMO~1\UNWISE.EXE /u C:\PROGRA~1\ESPNMO~1\INSTALL.LOG <br/>ESSBrwr-->MsiExec.exe /I{643EAE81-920C-4931-9F0B-4B343B225CA6} <br/>ESSCDBK-->MsiExec.exe /I{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD} <br/>ESScore-->MsiExec.exe /I{42938595-0D83-404D-9F73-F8177FDD531A} <br/>ESSgui-->MsiExec.exe /I{91517631-A9F3-4B7C-B482-43E0068FD55A} <br/>ESSini-->MsiExec.exe /I{8E92D746-CD9F-4B90-9668-42B74C14F765} <br/>ESSPCD-->MsiExec.exe /I{14D4ED84-6A9A-45A0-96F6-1753768C3CB5} <br/>ESSPDock-->MsiExec.exe /I{FCDB1C92-03C6-4C76-8625-371224256091} <br/>ESSSONIC-->MsiExec.exe /I{073F22CE-9A5B-4A40-A604-C7270AC6BF34} <br/>ESSTOOLS-->MsiExec.exe /I{8A502E38-29C9-49FA-BCFA-D727CA062589} <br/>essvatgt-->MsiExec.exe /I{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F} <br/>Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE} <br/>GemMaster Mystic-->"C:\Program Files\GemMaster\uninstallgemmaster.exe" <br/>Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3} <br/>Google Toolbar for Firefox-->MsiExec.exe /X{2CCBABCB-6427-4A55-B091-49864623C43F} <br/>Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar4.dll" <br/>Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall <br/>High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe <br/>HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall <br/>Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" <br/>Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe" <br/>Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" <br/>Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" <br/>hp deskjet 3600 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 3600 series <br/>Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 <br/>Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 <br/>Internet Service Offers Launcher-->MsiExec.exe /X{E42BD75A-FC23-4E3F-9F91-2658334C644F} <br/>iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} <br/>J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} <br/>J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} <br/>J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030} <br/>J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} <br/>J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080} <br/>Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030} <br/>Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} <br/>Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} <br/>Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} <br/>Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} <br/>Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} <br/>Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010} <br/>kgcbase-->MsiExec.exe /I{F22C222C-3CE2-4A4B-A83F-AF4681371ABE} <br/>KhalSetup-->MsiExec.exe /I{C89C8D86-4423-4A58-AA40-DD259ACE07C1} <br/>Kodak EasyShare software-->C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_4575a97\Setup.exe /APR-REMOVE <br/>Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe <br/>Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x9 UNINSTALL <br/>Logitech QuickCam Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x9 <br/>Logitech SetPoint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly <br/>Logitech® Camera Driver-->"C:\Program Files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT <br/>Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" <br/>Manual CanoScan LiDE 500F-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9C54C44-BB5A-4B03-8907-C01A9790195A}\setup.exe" -l0x9 <br/>MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} <br/>Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp" <br/>Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} <br/>Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} <br/>Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" <br/>Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe" <br/>Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} <br/>Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7} <br/>Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B} <br/>Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" <br/>Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} <br/>Mirar-->mshta.exe http://remove.getmirar.com/ <br/>MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658} <br/>Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel <br/>Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe <br/>MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} <br/>MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} <br/>MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} <br/>Musicmatch for Windows Media Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E93E5EF6-D361-481E-849D-F16EF5C78EBC}\setup.exe" -l0x9 remove <br/>netbrdg-->MsiExec.exe /I{4537EA4B-F603-4181-89FB-2953FC695AB1} <br/>NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel <br/>NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9} <br/>OfotoXMI-->MsiExec.exe /I{B162D0A6-9A1D-4B7C-91A5-88FB48113C45} <br/>OmniPage SE 2.0-->MsiExec.exe /I{79D5997E-BF79-48BB-8B41-9BE59C15C2D7} <br/>Otto-->"C:\Program Files\EnglishOtto\uninstallotto.exe" <br/>PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" <br/>PowerDVD 5.7-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall <br/>QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 APPDRVNT4 <br/>QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} <br/>RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0 <br/>Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} <br/>Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" <br/>Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" <br/>Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" <br/>Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" <br/>Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" <br/>Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" <br/>SFR-->MsiExec.exe /I{DB02F716-6275-42E9-B8D2-83BA2BF5100B} <br/>SHASTA-->MsiExec.exe /I{605A4E39-613C-4A12-B56F-DEFBE6757237} <br/>skin0001-->MsiExec.exe /I{5316DFC9-CE99-4458-9AB3-E8726EDE0210} <br/>SKINXSDK-->MsiExec.exe /I{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F} <br/>Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6} <br/>Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} <br/>Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382} <br/>Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629} <br/>Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205} <br/>Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} <br/>staticcr-->MsiExec.exe /I{8943CE61-53BD-475E-90E1-A580869E98A2} <br/>Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall <br/>tooltips-->MsiExec.exe /I{E79987F0-0E34-42CC-B8FF-6C860AEEB26A} <br/>Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe" <br/>Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" <br/>Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" <br/>Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" <br/>Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe <br/>Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k <br/>Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u <br/>VPRINTOL-->MsiExec.exe /I{999D43F4-9709-4887-9B1A-83EBB15A8370} <br/>WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4" <br/>WildTangent Web Driver-->C:\Program Files\WildTangent\Apps\CDA\CDAUninstall.exe <br/>Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F} <br/>Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll <br/>Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" <br/>Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe <br/>Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89} <br/>Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall <br/>Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" <br/>Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} <br/>Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe" <br/>Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe" <br/>Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" <br/>WIRELESS-->MsiExec.exe /I{F9593CFB-D836-49BC-BFF1-0E669A411D9F} <br/>WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48} <br/>XviD 1.1 final uninstall-->"C:\Program Files\XviD\unins000.exe" <br/>Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL <br/>Yahoo! Widget Engine-->C:\Program Files\Yahoo!\Yahoo! Widget Engine\uninstall.exe <br/>Yahoo! Widget Engine-->MsiExec.exe /X{35917680-C0DA-4618-B878-54B74694A2FB} <br/> <br/>======Security center information====== <br/> <br/>AV: avast! antivirus 4.8.1335 [VPS 090422-0] (disabled) (outdated) <br/> <br/>======System event log====== <br/> <br/>Computer Name: LAURA <br/>Event Code: 7901 <br/>Message: The At22.job command failed to start due to the following error: <br/>%%2147942402 <br/> <br/>Record Number: 9160 <br/>Source Name: Schedule <br/>Time Written: 20090611210000.000000-240 <br/>Event Type: error <br/>User: <br/> <br/>Computer Name: LAURA <br/>Event Code: 7901 <br/>Message: The At45.job command failed to start due to the following error: <br/>%%2147942402 <br/> <br/>Record Number: 9159 <br/>Source Name: Schedule <br/>Time Written: 20090611200000.000000-240 <br/>Event Type: error <br/>User: <br/> <br/>Computer Name: LAURA <br/>Event Code: 7901 <br/>Message: The At21.job command failed to start due to the following error: <br/>%%2147942402 <br/> <br/>Record Number: 9158 <br/>Source Name: Schedule <br/>Time Written: 20090611200000.000000-240 <br/>Event Type: error <br/>User: <br/> <br/>Computer Name: LAURA <br/>Event Code: 7901 <br/>Message: The At44.job command failed to start due to the following error: <br/>%%2147942402 <br/> <br/>Record Number: 9157 <br/>Source Name: Schedule <br/>Time Written: 20090611190000.000000-240 <br/>Event Type: error <br/>User: <br/> <br/>Computer Name: LAURA <br/>Event Code: 7901 <br/>Message: The At20.job command failed to start due to the following error: <br/>%%2147942402 <br/> <br/>Record Number: 9156 <br/>Source Name: Schedule <br/>Time Written: 20090611190000.000000-240 <br/>Event Type: error <br/>User: <br/> <br/>=====Application event log===== <br/> <br/>Computer Name: LAURA <br/>Event Code: 1517 <br/>Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. <br/> <br/> <br/>This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. <br/> <br/>Record Number: 25 <br/>Source Name: Userenv <br/>Time Written: 20080615212833.000000-240 <br/>Event Type: warning <br/>User: NT AUTHORITY\SYSTEM <br/> <br/>Computer Name: LAURA <br/>Event Code: 1002 <br/>Message: Hanging application firefox.exe, version 1.8.20080.40413, hang module hungapp, version 0.0.0.0, hang address 0x00000000. <br/> <br/>Record Number: 20 <br/>Source Name: Application Hang <br/>Time Written: 20080612223735.000000-240 <br/>Event Type: error <br/>User: <br/> <br/>Computer Name: LAURA <br/>Event Code: 1517 <br/>Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. <br/> <br/> <br/>This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. <br/> <br/>Record Number: 15 <br/>Source Name: Userenv <br/>Time Written: 20080610232409.000000-240 <br/>Event Type: warning <br/>User: NT AUTHORITY\SYSTEM <br/> <br/>Computer Name: LAURA <br/>Event Code: 1517 <br/>Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. <br/> <br/> <br/>This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. <br/> <br/>Record Number: 10 <br/>Source Name: Userenv <br/>Time Written: 20080609231211.000000-240 <br/>Event Type: warning <br/>User: NT AUTHORITY\SYSTEM <br/> <br/>Computer Name: LAURA <br/>Event Code: 1517 <br/>Message: Windows saved user LAURA\Laura Kim registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. <br/> <br/> <br/>This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. <br/> <br/>Record Number: 5 <br/>Source Name: Userenv <br/>Time Written: 20080608230602.000000-240 <br/>Event Type: warning <br/>User: NT AUTHORITY\SYSTEM <br/> <br/>======Environment variables====== <br/> <br/>"ComSpec"=%SystemRoot%\system32\cmd.exe <br/>"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem <br/>"windir"=%SystemRoot% <br/>"FP_NO_HOST_CHECK"=NO <br/>"OS"=Windows_NT <br/>"PROCESSOR_ARCHITECTURE"=x86 <br/>"PROCESSOR_LEVEL"=6 <br/>"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel <br/>"PROCESSOR_REVISION"=0e08 <br/>"NUMBER_OF_PROCESSORS"=2 <br/>"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH <br/>"TEMP"=%SystemRoot%\TEMP <br/>"TMP"=%SystemRoot%\TEMP <br/>"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\ <br/>"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip <br/>"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip <br/> <br/>-----------------EOF-----------------
Posted 8/3/2009 12:53 AM
#75648
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
Malwarebytes' Anti-Malware 1.39 <br/>Database version: 2421 <br/>Windows 5.1.2600 Service Pack 3 <br/> <br/>8/2/2009 8:37:11 PM <br/>mbam-log-2009-08-02 (20-37-11).txt <br/> <br/>Scan type: Quick Scan <br/>Objects scanned: 94303 <br/>Time elapsed: 5 minute(s), 17 second(s) <br/> <br/>Memory Processes Infected: 0 <br/>Memory Modules Infected: 0 <br/>Registry Keys Infected: 14 <br/>Registry Values Infected: 0 <br/>Registry Data Items Infected: 0 <br/>Folders Infected: 0 <br/>Files Infected: 4 <br/> <br/>Memory Processes Infected: <br/>(No malicious items detected) <br/> <br/>Memory Modules Infected: <br/>(No malicious items detected) <br/> <br/>Registry Keys Infected: <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\lich (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bcm4sbxp (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wanatw (Spyware.Passwords) -> Quarantined and deleted successfully. <br/> <br/>Registry Values Infected: <br/>(No malicious items detected) <br/> <br/>Registry Data Items Infected: <br/>(No malicious items detected) <br/> <br/>Folders Infected: <br/>(No malicious items detected) <br/> <br/>Files Infected: <br/>c:\WINDOWS\system32\lich.exe (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>c:\WINDOWS\system32\drivers\bcm4sbxp.sys (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>c:\WINDOWS\system32\drivers\wanatw4.sys (Spyware.Passwords) -> Quarantined and deleted successfully. <br/>C:\WINDOWS\567788.bat (Worm.KoobFace) -> Quarantined and deleted successfully.
Posted 8/3/2009 2:46 AM
#75649
User avatar

Jintan Advanced member

Date Joined Nov 2016
Total Posts: 1049
Malwarebytes picked out another malware package as well, so cleaning up nicely there. Just a note of caution about ComboFix though. If not run for the right reasons, and at the right time in the right situation, the changes it makes can instead cause issues on systems. So it truly is only to be used when suggested in a forum help situaiton like we have here. <br/> <br/> <br/>Go to Start - Run, type firewall.cpl (and Enter). Click the Exceptions tab. If the following item(s) is present on that list uncheck them, and OK to close the Windows Firewall display. <br/> <br/>Mozilla Firefox <br/>wuauclt <br/>WLTRYSVC <br/> <br/>Browsers, Windows update and the wireless file should not need Firewall exceptions (suggests malware misuse instead). If after a few days you get no issues these need Firewall access restored you can return to the Firewall display and just click each and select Delete. <br/> <br/>------------------- <br/> <br/>[code]REGEDIT4 <br/> <br/>[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\7c46b438] <br/> <br/>[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM7f7587a4][/code] <br/>Open Notepad (Start - Run, type Notepad then press OK), and copy the text inside the box above and paste it into the open Notepad textbox. <br/> <br/>Save this to your desktop as "fixer2.reg" <br/> <br/>Be sure to include the "" quotes in the name. <br/> <br/>Then right click fixer2.reg, select Merge, and allow it to merge the new information with the Registry. <br/> <br/>---------------- <br/> <br/>Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes: <br/> <br/>Remove found threats <br/>Scan unwanted applications <br/> <br/>Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please. <br/> <br/> <br/>If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.
Posted 8/4/2009 11:56 AM
#75687
User avatar

beeshu Advanced member

Date Joined Nov 2016
Total Posts: 54
awesome, thanks! <br/> <br/>log for eset online scanner <br/> <br/>ESETSmartInstaller@High as CAB hook log: <br/>OnlineScanner.ocx - registred OK <br/># version=6 <br/># iexplore.exe=6.00.2900.5512 (xpsp.080413-2105) <br/># OnlineScanner.ocx=1.0.0.5889 <br/># api_version=3.0.2 <br/># EOSSerial=ecd1da795be73e468d73d390ae58cb6e <br/># end=finished <br/># remove_checked=true <br/># archives_checked=true <br/># unwanted_checked=true <br/># unsafe_checked=false <br/># antistealth_checked=true <br/># utc_time=2009-08-04 06:13:11 <br/># local_time=2009-08-04 02:13:11 (-0500, Eastern Daylight Time) <br/># country="United States" <br/># lang=1033 <br/># osver=5.1.2600 NT Service Pack 3 <br/># compatibility_mode=769 41 100 100 89592198593750 <br/># scanned=86934 <br/># found=65 <br/># cleaned=65 <br/># scan_time=4918 <br/>C:\poykfa.exe a variant of Win32/Kryptik.ZU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Documents and Settings\All Users\Application Data\17113754\17113754.exe a variant of Win32/Kryptik.WZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Documents and Settings\Laura Kim\Shared\Aaliyah - Rock The Boat (Saturn 9 Remix).wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C <br/>C:\Documents and Settings\Laura Kim\Shared\Elvis Costello & The Imposters - Nothing clings like Ivy.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Documents and Settings\Laura Kim\Shared\kanye west - love lockdown .mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C <br/>C:\Documents and Settings\Laura Kim\Shared\The Kills - Midnight boom 2008.wma a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C <br/>C:\Documents and Settings\Laura Kim\Shared\The Ting Tings - We Started Nothing.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C <br/>C:\Documents and Settings\Laura Kim\Shared\white horse taylor swift.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\chfyosn.exe.vir Win32/TrojanDownloader.Small.OJR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\giyghshu.exe.vir Win32/VB.OHF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\mupwjiav.exe.vir a variant of Win32/Rustock.NJB trojan (deleted - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\oxyyxwn.exe.vir Win32/TrojanDownloader.Small.NTQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\wyhgm.exe.vir Win32/Small.NEK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\Documents and Settings\Laura Kim\Laura Kim.exe.vir a variant of Win32/Wigon.KT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\Documents and Settings\Laura Kim\Start Menu\Programs\Startup\fmnupd32.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\Documents and Settings\Laura Kim\Start Menu\Programs\Startup\zqosys32.exe.vir Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\DOCUME~1\LAURAK~1\LOCALS~1\Temp\n05wzkqhzw.exe.vir Win32/TrojanDownloader.Small.NTQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\Program Files\AdvancedVirusRemover\PAVRM.exe.vir Win32/Adware.AdvancedVirusRemover application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\Program Files\Manson\liser.exe.vir a variant of Win32/PSW.WOW.NLB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\Program Files\sys\sys.dll.vir Win32/Tinxy.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\Program Files\sys\sys.sys.vir Win32/Tinxy.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\ld11.exe.vir a variant of Win32/Kryptik.WZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\pp10.exe.vir Win32/TrojanDownloader.Agent.PHT trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\sysguard.exe.vir Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\DLL\RUNDLL32.exe.vir probably a variant of Win32/TrojanClicker.Delf.NHN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\6to4ex.dll.vir a variant of Win32/Routmo.E trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\cooecp.tlb.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\critical_warning.html.vir Win32/TrojanDownloader.FakeAlert.ADG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\EffOUENn.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\EffOUENn.ini2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\gsf83iujid.dll.vir Win32/TrojanDownloader.Small.NTQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\ksevshff.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\logcde.dll.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mqracxer.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msckflp.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msdhzqys.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mskpfpsq.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mslltxrn.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mslwo.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msqksief.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msresnv.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msrplnzd.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mssdpz.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mssjx.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msucaiz.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msuenv.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msuhwn.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msupoiy.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\msusl.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mswfsyu.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mswgwbv.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mszkdzx.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\mszpuiwh.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\pcmstub.sys.vir Win32/Agent.PTB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\tpsaxyd.exe.vir a variant of Win32/Adware.Coolezweb.AS application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\wiawow32.sys.vir a variant of Win32/TrojanClicker.VB.NIL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\windef.dll.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\windef.Log.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\winpaged.ocx.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\winupdate.exe.vir a variant of Win32/Kryptik.ZU trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\3361\services.exe.vir Win32/TrojanClicker.VB.NIM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fips32cup.sys.vir Win32/TrojanDownloader.Wigon.BS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\Qoobox\Quarantine\C\WINDOWS\system32\wbem\proquota.exe.vir probably a variant of Win32/Inject trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\WINDOWS\pss\fmnupd32.exeStartup Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C <br/>C:\WINDOWS\pss\zqosys32.exeStartup Win32/TrojanDownloader.Bredolab.AA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Wednesday, December 7, 2016, 9:21 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 37,967 registered members. Please welcome our newest member, ConcepcionJAbbate.
There are currently no users on-line.