Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can not remove Addware & SpyWare,Virtumande

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 1st, 2008, 12:03 pm

Can not load Norton Anti virus to computer. On my add or remove menu it list a " Addware & SpyWare" program.
When I click to remove it takes me to a singles site.
I have xp pro.
Posted is the current HiJack Log.





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:46 AM, on 10/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\385cb67dda0ffd4dea8c0d990dc65796\update\update.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82B747D3-FBB6-4E56-A328-B8D93EF45A3A}: Domain = F26376.sbjr.com
O23 - Service: Automatic LiveUpdate Scheduler (automatic liveupdate scheduler) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (liveupdate) - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6041 bytes
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am
Advertisement
Register to Remove

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 3rd, 2008, 1:43 pm

Hi schef, Welcome to the forums!Image

My name is Ken, on these forums I am known as ktreffin. I will be helping you with your current problem. I know that you need your computer working as quickly as possible, and I will work hard to help see that it happens.

HiJackThis logs do take some time to review and research. I would appreciate it if while you are waiting, you could please do the following for me:

Please make an Uninstall List using HiJackThis.


To access the Uninstall Manager you would do the following:
    1. Start HijackThis
    2. Click on the Config button
    3. Click on the Misc Tools button
    4. Click on the Open Uninstall Manager button.
    5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here in a reply.

As we work together to resolve your problem, please read these instructions carefully. You may wish to print them off or copy them to Notepad.

Lastly, please keep these points in mind:
  • If you have questions, please DON'T hesitate to ask!
  • The instructions I give are specific to your current problem and should not be used on other systems.
  • Please post your replies only to this topic, and please DO NOT start a new thread.
  • Since there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

I am reviewing your log now, and will be back with you shortly. Thank you for your patience.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 4th, 2008, 1:07 am

Ken
On the list, "Adware & Spy
ware" is the one that when I click to remove it takes me to a singles page with explorer. It also, I think prevents my Norton Anti virus from installing. It states it can not config. Thanks fo helping.
Mike









2Wire Wireless Client Manager V3.02
Absolute Poker
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player Plugin
Adobe Reader 7.0.8
AdWare & SpyWare
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
Ahead NeroVision Express
AIM Toolbar
AOL Instant Messenger
AOpen Multimedia Utilities
AOpen NVIDIA Windows 2000/XP Display Drivers
ArcSoft PhotoStudio 5
AT&T Yahoo! Applications
Backpack Driver
Backpack SpeedyCD
Civilization III v1.29f
Commando
Crystalys Media Internet Assistant
DataPilot Pix 'n Tunes
Desert Dollar
DivX
DivX Content Uploader
DivX Player
DivX Web Player
Frogger v1.0
GSIM
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HyperLoad
IsoBuster 2.3
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment Standard Edition v1.3.1_04
Macromedia Flash Player 8
Macromedia Shockwave Player
Medieval Total War
Microsoft FrontPage 2002
Microsoft Interactive Training
Microsoft Office XP Media Content
Microsoft Office XP Professional
Mob Rule
Mozilla Firefox (2.0.0.17)
Nero - Burning Rom
Oozic Player
PartyPoker
PokerRoom.com (remove only)
QuickTime
RealPlayer
Realtek AC'97 Audio
RM Converter 3.28
SBC Yahoo! DSL Activation
SBC Yahoo! DSL Home Networking Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Seven Seas 1.01
Shareaza version 2.2.1.0
Shockwave
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
Snood for Windows version 3.01-W
Sound Blaster Audigy
Sound Blaster Audigy Web 2K/XP
SoundFont Showcase
SuperNZB v3.2.0
Ultimate.Browser En hancer
UltimateBet
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
USB-IrDA Adapter
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
WeatherBug
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows SR 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB891781
WinZip
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 4th, 2008, 4:18 pm

Hi Schef,

Before we get started, we need to address the P2P software that is installed on your system:

Use of P2P (Person to Person) file sharing programs

We have noticed that most people seeking help from us are coming with infections contracted from the use of P2P programs.

Because of this, we felt we needed to change our policy on the use of P2P file sharing programs.
  • If your helper detects the presence of such programs on your computer he/she will ask you to remove them. We will withdraw our help should you not agree to their removal.
  • If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we will refuse our help.

We do not ask you to do this without reason.

P2P programs form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

This article from InfoWorld illustrates perfectly the dangers of a poorly configured P2P program.
http://www.infoworld.com/article/07/09/06/Seattle-man-arrested-for-p-to-p-ID-theft_1.html

Many of the programs come bundled with other unwanted programs, but even the ones free of any bundled software are not safe to use.

When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

We see no purpose in cleaning your machine if you use P2P programs, as it is pretty much certain that if you continue to use them then you will get infected again.


You have the following P-2-P program(s) installed
Shareaza version 2.2.1.0

This is how you uninstall it/them:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    Shareaza version 2.2.1.0

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Once you have removed the above program, please post a new HijackThis log, and we will continue.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 4th, 2008, 5:18 pm

Ken

I think this takes care of the programs you wanted removed. Thanks


2Wire Wireless Client Manager V3.02
Absolute Poker
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player Plugin
Adobe Reader 7.0.8
AdWare & SpyWare
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
Ahead NeroVision Express
AIM Toolbar
AOL Instant Messenger
AOpen Multimedia Utilities
AOpen NVIDIA Windows 2000/XP Display Drivers
ArcSoft PhotoStudio 5
AT&T Yahoo! Applications
Backpack Driver
Backpack SpeedyCD
Civilization III v1.29f
Commando
Crystalys Media Internet Assistant
DataPilot Pix 'n Tunes
Desert Dollar
DivX
DivX Content Uploader
DivX Player
DivX Web Player
Frogger v1.0
GSIM
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HyperLoad
IsoBuster 2.3
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment Standard Edition v1.3.1_04
Macromedia Flash Player 8
Macromedia Shockwave Player
Medieval Total War
Microsoft FrontPage 2002
Microsoft Interactive Training
Microsoft Office XP Media Content
Microsoft Office XP Professional
Mob Rule
Mozilla Firefox (2.0.0.17)
Nero - Burning Rom
Oozic Player
PartyPoker
PokerRoom.com (remove only)
QuickTime
RealPlayer
Realtek AC'97 Audio
RM Converter 3.28
SBC Yahoo! DSL Activation
SBC Yahoo! DSL Home Networking Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Seven Seas 1.01
Shockwave
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
Snood for Windows version 3.01-W
Sound Blaster Audigy
Sound Blaster Audigy Web 2K/XP
SoundFont Showcase
SuperNZB v3.2.0
Ultimate.Browser En hancer
UltimateBet
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
USB-IrDA Adapter
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
WeatherBug
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows SR 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB891781
WinZip
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 4th, 2008, 6:17 pm

Hi schef,

Great, thanks! Now we can get started.....I see that you have Norton installed, however as you stated, it doesn't appear to be running. Lets do a little cleaning and see if we can take care of that.

Before we begin, I need to stress some important points to you.
  • Some of the instructions I will provide may get quite long. I highly recommend that you print a copy of them off or copy them into Notepad.
  • If at any time you have questions, please DON'T hesitate to ask!
  • Please keep in mind that the instructions I give are specific to your current problem and should not be used on other systems.
  • Also, please remember that there may be multiple issues with your system, please continue to follow this thread until I have given you an "All Clean!"

Ready? Lets go....

I see that Viewpoint is installed. Viewpoint, Viewpoint Manager, Viewpoint Media Player are Viewpoint components which are installed as a side effect of installing other software, most notably AOL and AOL Instant Messenger (AIM). Viewpoint Manager is responsible for managing and updating Viewpoint Media Player’s components. You can disable this using the Viewpoint Manager Control Panel found in the Windows Control Panel menu. By selecting Disable auto-updating for the Viewpoint Manager -- the player will no longer attempt to check for updates. Anything that is installed without your consent is suspect. Read what Viewpoint says and make your own decision.
To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint. Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player. The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information. CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.

Viewpoint Manager is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". This may change, read Viewpoint to Plunge Into Adware.
I recommend that you remove the Viewpoint products; however, decide for yourself. To uninstall the the Viewpoint components :
  1. Click Start, point to Settings, and then click Control Panel.
  2. In Control Panel, double-click Add or Remove Programs.
  3. In Add or Remove Programs, highlight Viewpoint Manager (Remove Only), Viewpoint Media Player, Viewpoint Toolbar (Remove Only), click Remove.

    How to prevent it from being recreated every time you run the AOL software:
    • Open AOL
    • Go to Help on the toolbar
    • Select About AOL
    • Hit Ctrl D and a secret panel can be accessed which will allow you to disable all desktop and IM features associated with Viewpoint.

*==============================================*

Step #1: Remove programs using Add / Remove Programs

Please remove the following programs from your computer by completeing the following steps:
  • Please click Start > Control Panel > Add / Remove Programs
  • Please remove the following programs:
      Ultimate.Browser En hancer
  • Do not panic if some programs listed are not present.
  • Once you have completed removing the above programs, you may exit the Control Panel

I know that you think that "AdWare & SpyWare" is causing some of the problems, which I agree with, however I need to get a little more information about it, before I can attack. By doing the steps below, I will be able to get what I need to remove it.

*==============================================*

Step #2: Remove malware lines using Hijack This

Please start HiJackThis as you did to generate a log, but this time click on "Do A System Scan Only".
Place a checkmark in the boxes to the left of the following entries by clicking on them:

O2 - BHO: (no name) - SOFTWARE - (no file)
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{82B747D3-FBB6-4E56-A328-B8D93EF45A3A}: Domain = F26376.sbjr.com <== SEE NOTE BELOW

NOTE:
If you are familiar with the Domain "F26376.sbjr.com" then you may leave this entry alone (meaning do not fix it), If you are not familiar with this Domain, I would suggest you fix this.

CLOSE ALL OPEN WINDOWS AND BROWSERS - EXCEPT HIJACKTHIS and click on "Fix Checked".

Once complete, please exit HiJackThis.

*===============================================*

Step #3: Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

*===============================================*

Step #4: Download and Run Random's System Information Tool (RSIT)

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

*===============================================*

Step #5: Things to put in your next reply

Please post the following in your next reply:
  • Contents of the Malwarebytes' Anti-Malware Log
  • Contents of both RSIT logs (log.txt and info.txt)

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 5th, 2008, 1:54 pm

Ken

I was not able to the aol removal,aim had no secret panel to be found by me?
Hope I got everything copied correctly.




Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

10/5/2008 12:43:06 PM
mbam-log-2008-10-05 (12-43-06).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 163315
Time elapsed: 10 hour(s), 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE1F4156-F816-4ABE-A1DC-F3231125BB59}\RP5\A0002008.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\UNINSTALL.INF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Logfile of random's system information tool 1.02 (written by random/random)
Run by Robert at 2008-10-05 12:47:42
Microsoft Windows XP Professional Service Pack 2
System drive C: has 4 GB (5%) free of 76 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:48 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Robert\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Robert.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_6.cab
O23 - Service: Automatic LiveUpdate Scheduler (automatic liveupdate scheduler) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (liveupdate) - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5616 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AB5C3A3B9183B003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll [2007-12-12 222448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{40D41A8B-D79B-43d7-99A7-9EE0F344C385} - AIM Search - C:\Program Files\AIM Toolbar\AIMBar.dll [2004-10-22 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"=C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [2006-07-21 129536]
"2wSysTray"=C:\Program Files\2Wire\2PortalMon.exe [2003-10-10 393216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2004-09-09 1597440]
"Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2006-11-30 4662776]
"AIM"=C:\Program Files\AIM95\aim.exe [2004-09-01 66672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM95\aim.exe [2004-09-01 66672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe [2003-01-31 1228800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe [2003-07-14 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2003-05-19 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe [2005-04-13 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-05-07 180269]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
C:\Program Files\AWS\WeatherBug\Weather.exe [2004-09-09 1597440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE [2006-11-30 4662776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [2005-09-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
C:\PROGRA~1\SBCSEL~1\bin\matcli.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2
"MDM"=2
"C-DillaSrv"=2

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-19 702768]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\pnpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
""=
"SpecifyDefaultButtons"=1
"Btn_Search"=2
"NoBandCustomize"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\AIM95\aim.exe"="C:\Program Files\AIM95\aim.exe:*:Disabled:AOL Instant Messenger"
"C:\Program Files\BitTornado\btdownloadgui.exe"="C:\Program Files\BitTornado\btdownloadgui.exe:*:Disabled:btdownloadgui"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Disabled:Windows Messenger"
"C:\Program Files\Yahoo!\Messenger\yserver.exe"="C:\Program Files\Yahoo!\Messenger\yserver.exe:*:Disabled:Yahoo! FT Server"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
shell\autorun\command - G:\podcastready.exe


======List of files/folders created in the last 1 months======

2008-10-04 21:14:29 ----D---- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-04 21:14:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 21:14:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-02 03:00:17 ----D---- C:\WINDOWS\LastGood
2008-10-01 10:37:58 ----D---- C:\WINDOWS\Prefetch
2008-10-01 10:05:51 ----D---- C:\WINDOWS\system32\en-us
2008-10-01 10:05:50 ----D---- C:\WINDOWS\system32\scripting
2008-10-01 10:05:49 ----D---- C:\WINDOWS\system32\en
2008-10-01 10:05:49 ----D---- C:\WINDOWS\l2schemas
2008-10-01 10:05:49 ----D---- C:\Program Files\msn
2008-10-01 10:00:02 ----D---- C:\WINDOWS\network diagnostic
2008-10-01 09:54:54 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2008-10-01 09:54:54 ----A---- C:\WINDOWS\system32\qmgr.dll
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\cmd.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\cacls.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\autoconv.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\autochk.exe
2008-10-01 09:53:59 ----A---- C:\WINDOWS\system32\advapi32.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\nwprovau.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntvdm.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntprint.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntlsapi.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ntdll.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\nslookup.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\msv1_0.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\msgsvc.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\mgmtapi.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\lsasrv.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\locator.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\localspl.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\lmhsvc.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\kernel32.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\imagehlp.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\ftp.exe
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\format.com
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\dhcpcsvc.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\csrsrv.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\comdlg32.dll
2008-10-01 09:53:58 ----A---- C:\WINDOWS\system32\comctl32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\services.exe
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\schannel.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\scardsvr.exe
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\savedump.exe
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\samsrv.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\samlib.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rshx32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rastapi.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasman.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasdlg.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasauto.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\rasapi32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\printui.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\perfctrs.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\olecnv32.dll
2008-10-01 09:53:57 ----A---- C:\WINDOWS\system32\oleaut32.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\wkssvc.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\win32spl.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\userinit.exe
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\untfs.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\ulib.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\tcpmonui.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\syssetup.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\srvsvc.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\smss.exe
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\setupapi.dll
2008-10-01 09:53:56 ----A---- C:\WINDOWS\system32\sessmgr.exe
2008-10-01 09:53:53 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2008-10-01 09:53:53 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2008-09-27 06:37:25 ----SHD---- C:\RECYCLER
2008-09-26 07:05:17 ----D---- C:\rsit
2008-09-20 00:12:10 ----D---- C:\WINDOWS\system32\NtmsData
2008-09-20 00:06:12 ----D---- C:\WINDOWS\temp
2008-09-20 00:06:10 ----A---- C:\ComboFix.txt
2008-09-19 14:21:06 ----D---- C:\WINDOWS\erdnt
2008-09-19 14:20:41 ----AD---- C:\QooBox
2008-09-19 14:20:35 ----A---- C:\WINDOWS\zip.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\VFind.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\swreg.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\sed.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\Nircmd.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\grep.exe
2008-09-19 14:20:35 ----A---- C:\WINDOWS\fdsv.exe
2008-09-19 14:20:34 ----A---- C:\WINDOWS\swxcacls.exe
2008-09-19 14:20:34 ----A---- C:\WINDOWS\SWSC.exe
2008-09-19 14:20:26 ----D---- C:\ComboFix
2008-09-19 11:44:07 ----SHD---- C:\found.000
2008-09-19 09:37:58 ----SHD---- C:\Config.Msi
2008-09-19 08:15:30 ----D---- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13:56 ----D---- C:\WINDOWS\Motive
2008-09-19 08:13:53 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-17 20:34:06 ----A---- C:\WINDOWS\system32\SETF4A.tmp
2008-09-17 20:34:06 ----A---- C:\WINDOWS\system32\SETE1.tmp
2008-09-17 20:34:06 ----A---- C:\WINDOWS\system32\SETE0.tmp
2008-09-17 20:34:05 ----A---- C:\WINDOWS\system32\SETE7.tmp
2008-09-17 20:34:05 ----A---- C:\WINDOWS\system32\SETE5.tmp
2008-09-17 20:34:05 ----A---- C:\WINDOWS\system32\SETE3.tmp
2008-09-17 20:34:04 ----A---- C:\WINDOWS\system32\SETF2.tmp
2008-09-17 20:34:04 ----A---- C:\WINDOWS\system32\SETEF.tmp
2008-09-17 20:34:04 ----A---- C:\WINDOWS\system32\SETEE.tmp
2008-09-17 20:33:59 ----A---- C:\WINDOWS\system32\SETFF.tmp
2008-09-17 20:33:59 ----A---- C:\WINDOWS\system32\SETFE.tmp
2008-09-17 20:33:59 ----A---- C:\WINDOWS\system32\SETFD.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET104.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET103.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET102.tmp
2008-09-17 20:33:58 ----A---- C:\WINDOWS\system32\SET101.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET109.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET108.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET107.tmp
2008-09-17 20:33:57 ----A---- C:\WINDOWS\system32\SET105.tmp
2008-09-17 20:33:56 ----A---- C:\WINDOWS\system32\SETF52.tmp
2008-09-17 20:33:56 ----A---- C:\WINDOWS\system32\SET10D.tmp
2008-09-17 20:33:56 ----A---- C:\WINDOWS\system32\SET10A.tmp
2008-09-17 20:33:55 ----A---- C:\WINDOWS\system32\SET116.tmp
2008-09-17 20:33:55 ----A---- C:\WINDOWS\system32\SET115.tmp
2008-09-17 20:33:55 ----A---- C:\WINDOWS\system32\SET114.tmp
2008-09-17 20:33:53 ----A---- C:\WINDOWS\system32\SET11B.tmp
2008-09-17 20:33:53 ----A---- C:\WINDOWS\system32\SET119.tmp
2008-09-17 20:33:52 ----A---- C:\WINDOWS\system32\SET123.tmp
2008-09-17 20:33:52 ----A---- C:\WINDOWS\system32\SET11C.tmp
2008-09-17 20:33:51 ----A---- C:\WINDOWS\system32\SET127.tmp
2008-09-17 20:33:51 ----A---- C:\WINDOWS\system32\SET126.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET12F.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET12A.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET129.tmp
2008-09-17 20:33:50 ----A---- C:\WINDOWS\system32\SET128.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET133.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET132.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET131.tmp
2008-09-17 20:33:48 ----A---- C:\WINDOWS\system32\SET130.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET143.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET13F.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET13E.tmp
2008-09-17 20:33:46 ----A---- C:\WINDOWS\system32\SET139.tmp
2008-09-17 20:33:45 ----A---- C:\WINDOWS\system32\SET147.tmp
2008-09-17 20:33:45 ----A---- C:\WINDOWS\system32\SET146.tmp
2008-09-17 20:33:42 ----A---- C:\WINDOWS\system32\SET14F.tmp
2008-09-17 20:33:42 ----A---- C:\WINDOWS\system32\SET14E.tmp
2008-09-17 20:33:41 ----A---- C:\WINDOWS\system32\SET151.tmp
2008-09-17 20:33:40 ----A---- C:\WINDOWS\system32\SET162.tmp
2008-09-17 20:33:40 ----A---- C:\WINDOWS\system32\SET15F.tmp
2008-09-17 20:33:40 ----A---- C:\WINDOWS\system32\SET15E.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET167.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET166.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET165.tmp
2008-09-17 20:33:39 ----A---- C:\WINDOWS\system32\SET164.tmp
2008-09-17 20:33:38 ----A---- C:\WINDOWS\system32\SET169.tmp
2008-09-17 20:33:38 ----A---- C:\WINDOWS\system32\SET168.tmp
2008-09-17 20:33:36 ----A---- C:\WINDOWS\system32\SET16D.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET182.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET180.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET17E.tmp
2008-09-17 20:33:34 ----A---- C:\WINDOWS\system32\SET179.tmp
2008-09-17 20:33:33 ----A---- C:\WINDOWS\system32\SET184.tmp
2008-09-17 20:33:33 ----A---- C:\WINDOWS\system32\SET183.tmp
2008-09-17 20:33:32 ----A---- C:\WINDOWS\system32\SET188.tmp
2008-09-17 20:33:32 ----A---- C:\WINDOWS\system32\SET187.tmp
2008-09-17 20:33:32 ----A---- C:\WINDOWS\system32\SET185.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET192.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET191.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET190.tmp
2008-09-17 20:33:31 ----A---- C:\WINDOWS\system32\SET18D.tmp
2008-09-17 20:33:30 ----A---- C:\WINDOWS\system32\SET19A.tmp
2008-09-17 20:33:30 ----A---- C:\WINDOWS\system32\SET199.tmp
2008-09-17 20:33:30 ----A---- C:\WINDOWS\system32\SET198.tmp
2008-09-17 20:33:29 ----A---- C:\WINDOWS\system32\SET1A2.tmp
2008-09-17 20:33:28 ----A---- C:\WINDOWS\system32\SET1AA.tmp
2008-09-17 20:33:28 ----A---- C:\WINDOWS\system32\SET1A9.tmp
2008-09-17 20:33:28 ----A---- C:\WINDOWS\system32\SET1A8.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1B3.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1B2.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1AD.tmp
2008-09-17 20:33:27 ----A---- C:\WINDOWS\system32\SET1AB.tmp
2008-09-17 20:33:26 ----A---- C:\WINDOWS\system32\SET1C1.tmp
2008-09-17 20:33:26 ----A---- C:\WINDOWS\system32\SET1BF.tmp
2008-09-17 20:33:25 ----A---- C:\WINDOWS\system32\SET1C5.tmp
2008-09-17 20:33:25 ----A---- C:\WINDOWS\system32\SET1C4.tmp
2008-09-17 20:33:25 ----A---- C:\WINDOWS\system32\SET1C3.tmp
2008-09-17 20:33:23 ----A---- C:\WINDOWS\system32\SET1D3.tmp
2008-09-17 20:33:23 ----A---- C:\WINDOWS\system32\SET1D2.tmp
2008-09-17 20:33:23 ----A---- C:\WINDOWS\system32\SET1D0.tmp
2008-09-17 20:33:22 ----A---- C:\WINDOWS\system32\SET1D8.tmp
2008-09-17 20:33:22 ----A---- C:\WINDOWS\system32\SET1D6.tmp
2008-09-17 20:33:21 ----A---- C:\WINDOWS\system32\SET1DC.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1FC.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1FB.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1FA.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1F7.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1F6.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1EF.tmp
2008-09-17 20:33:17 ----A---- C:\WINDOWS\system32\SET1EE.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET206.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET205.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET204.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET202.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET201.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET200.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET1FE.tmp
2008-09-17 20:33:16 ----A---- C:\WINDOWS\system32\SET1FD.tmp
2008-09-17 20:33:12 ----A---- C:\WINDOWS\system32\SET213.tmp
2008-09-17 20:33:12 ----A---- C:\WINDOWS\system32\SET211.tmp
2008-09-17 20:33:12 ----A---- C:\WINDOWS\system32\SET20C.tmp
2008-09-17 20:33:10 ----A---- C:\WINDOWS\system32\SET21C.tmp
2008-09-17 20:33:10 ----A---- C:\WINDOWS\system32\SET218.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET226.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET225.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET222.tmp
2008-09-17 20:33:09 ----A---- C:\WINDOWS\system32\SET221.tmp
2008-09-17 20:33:08 ----A---- C:\WINDOWS\system32\SET22D.tmp
2008-09-17 20:33:08 ----A---- C:\WINDOWS\system32\SET22C.tmp
2008-09-17 20:33:08 ----A---- C:\WINDOWS\system32\SET229.tmp
2008-09-17 20:33:07 ----A---- C:\WINDOWS\system32\SET235.tmp
2008-09-17 20:33:07 ----A---- C:\WINDOWS\system32\SET234.tmp
2008-09-17 20:33:06 ----A---- C:\WINDOWS\system32\SET238.tmp
2008-09-17 20:33:05 ----N---- C:\WINDOWS\system32\SET23E.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET243.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET242.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET23F.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET23D.tmp
2008-09-17 20:33:05 ----A---- C:\WINDOWS\system32\SET23C.tmp
2008-09-17 20:33:03 ----A---- C:\WINDOWS\system32\SET24B.tmp
2008-09-17 20:33:02 ----A---- C:\WINDOWS\system32\SET24F.tmp
2008-09-17 20:33:02 ----A---- C:\WINDOWS\system32\SET24E.tmp
2008-09-17 20:33:02 ----A---- C:\WINDOWS\system32\SET24C.tmp
2008-09-17 20:33:00 ----A---- C:\WINDOWS\system32\SET252.tmp
2008-09-17 20:32:59 ----A---- C:\WINDOWS\system32\SET254.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET25D.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET25B.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET259.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET258.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET257.tmp
2008-09-17 20:32:58 ----A---- C:\WINDOWS\system32\SET256.tmp
2008-09-17 20:32:57 ----A---- C:\WINDOWS\system32\SET261.tmp
2008-09-17 20:32:55 ----A---- C:\WINDOWS\system32\SET264.tmp
2008-09-17 20:32:54 ----A---- C:\WINDOWS\system32\SET26E.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET277.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET276.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET274.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET272.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET271.tmp
2008-09-17 20:32:53 ----A---- C:\WINDOWS\system32\SET270.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET53F.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET539.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET27E.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET27D.tmp
2008-09-17 20:32:52 ----A---- C:\WINDOWS\system32\SET27B.tmp
2008-09-17 20:32:49 ----A---- C:\WINDOWS\system32\SET290.tmp
2008-09-17 20:32:49 ----A---- C:\WINDOWS\system32\SET285.tmp
2008-09-17 20:32:48 ----A---- C:\WINDOWS\system32\SET294.tmp
2008-09-17 20:32:48 ----A---- C:\WINDOWS\system32\SET293.tmp
2008-09-17 20:32:46 ----A---- C:\WINDOWS\system32\SET298.tmp
2008-09-17 20:32:45 ----A---- C:\WINDOWS\system32\SET2A9.tmp
2008-09-17 20:32:45 ----A---- C:\WINDOWS\system32\SET2A7.tmp
2008-09-17 20:32:45 ----A---- C:\WINDOWS\system32\SET2A0.tmp
2008-09-17 20:32:38 ----A---- C:\WINDOWS\system32\SET2B0.tmp
2008-09-17 20:32:38 ----A---- C:\WINDOWS\system32\SET2AE.tmp
2008-09-17 20:32:36 ----A---- C:\WINDOWS\system32\SET2C9.tmp
2008-09-17 20:32:36 ----A---- C:\WINDOWS\system32\SET2C7.tmp
2008-09-17 20:32:36 ----A---- C:\WINDOWS\system32\SET2C5.tmp
2008-09-17 20:32:28 ----A---- C:\WINDOWS\system32\SET2D5.tmp
2008-09-17 20:32:28 ----A---- C:\WINDOWS\system32\SET2D1.tmp
2008-09-17 20:32:28 ----A---- C:\WINDOWS\system32\SET2D0.tmp
2008-09-17 20:32:27 ----A---- C:\WINDOWS\system32\SET2F3.tmp
2008-09-17 20:32:27 ----A---- C:\WINDOWS\system32\SET2F1.tmp
2008-09-17 20:32:27 ----A---- C:\WINDOWS\system32\SET2EB.tmp
2008-09-17 20:32:26 ----A---- C:\WINDOWS\system32\SET2FD.tmp
2008-09-17 20:32:26 ----A---- C:\WINDOWS\system32\SET2F9.tmp
2008-09-17 20:32:25 ----A---- C:\WINDOWS\005980_.tmp
2008-09-17 20:32:24 ----A---- C:\WINDOWS\system32\SET30B.tmp
2008-09-17 20:32:24 ----A---- C:\WINDOWS\SET3EE.tmp
2008-09-17 20:32:23 ----A---- C:\WINDOWS\system32\SET30F.tmp
2008-09-17 20:32:23 ----A---- C:\WINDOWS\system32\SET30E.tmp
2008-09-17 20:32:23 ----A---- C:\WINDOWS\system32\SET30D.tmp
2008-09-17 20:32:22 ----A---- C:\WINDOWS\system32\SET328.tmp
2008-09-17 20:32:22 ----A---- C:\WINDOWS\system32\SET31D.tmp
2008-09-17 20:32:22 ----A---- C:\WINDOWS\system32\SET319.tmp
2008-09-17 20:32:21 ----A---- C:\WINDOWS\system32\SET33D.tmp
2008-09-17 20:32:21 ----A---- C:\WINDOWS\system32\SET339.tmp
2008-09-17 20:32:20 ----A---- C:\WINDOWS\system32\SET364.tmp
2008-09-17 20:32:20 ----A---- C:\WINDOWS\system32\SET34D.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET377.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET376.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET374.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET371.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET370.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36F.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36D.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36C.tmp
2008-09-17 20:32:19 ----A---- C:\WINDOWS\system32\SET36B.tmp
2008-09-17 20:32:18 ----A---- C:\WINDOWS\system32\SET37C.tmp
2008-09-17 20:32:18 ----A---- C:\WINDOWS\system32\SET379.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET38B.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET383.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET382.tmp
2008-09-17 20:32:17 ----A---- C:\WINDOWS\system32\SET37D.tmp
2008-09-17 20:32:16 ----A---- C:\WINDOWS\system32\SET39A.tmp
2008-09-17 20:32:16 ----A---- C:\WINDOWS\system32\SET397.tmp
2008-09-17 20:32:16 ----A---- C:\WINDOWS\system32\SET392.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET3A7.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET3A5.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET3A3.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET39F.tmp
2008-09-17 20:32:15 ----A---- C:\WINDOWS\system32\SET39D.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3B5.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3B0.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3AF.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3AB.tmp
2008-09-17 20:32:14 ----A---- C:\WINDOWS\system32\SET3AA.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET558.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3C7.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3C4.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3C1.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3BF.tmp
2008-09-17 20:32:12 ----A---- C:\WINDOWS\system32\SET3BC.tmp
2008-09-17 20:32:11 ----A---- C:\WINDOWS\system32\SET3C9.tmp
2008-09-17 20:17:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:16:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-09-17 14:15:58 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-09-17 14:15:55 ----HDC---- C:\WINDOWS\$NtUninstallKB953839$
2008-09-17 14:15:36 ----A---- C:\WINDOWS\system32\MRT.INI
2008-09-17 14:13:49 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-09-17 14:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-09-17 14:13:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-09-17 14:13:29 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-09-17 14:13:16 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$
2008-09-17 14:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-09-17 13:50:46 ----A---- C:\WINDOWS\system32\capicom.dll

======List of files/folders modified in the last 1 months======

2008-10-05 12:43:06 ----RD---- C:\Program Files
2008-10-05 12:43:06 ----D---- C:\WINDOWS\system32
2008-10-05 02:57:22 ----D---- C:\Program Files\Mozilla Firefox
2008-10-04 21:15:56 ----D---- C:\WINDOWS\system32\drivers
2008-10-04 21:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-10-04 20:52:58 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-04 20:52:56 ----D---- C:\Program Files\Viewpoint
2008-10-02 22:50:13 ----A---- C:\WINDOWS\HPODJC05.INI
2008-10-02 03:02:17 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-02 03:00:46 ----HD---- C:\WINDOWS\inf
2008-10-02 03:00:46 ----D---- C:\Program Files\Messenger
2008-10-02 03:00:45 ----D---- C:\WINDOWS
2008-10-01 10:53:08 ----D---- C:\WINDOWS\system32\CatRoot2
2008-10-01 10:45:05 ----SHD---- C:\WINDOWS\Installer
2008-10-01 10:45:04 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-10-01 10:45:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-01 10:40:48 ----D---- C:\Program Files\Windows Media Player
2008-10-01 10:38:18 ----A---- C:\WINDOWS\2PortalMon_Debug.txt
2008-10-01 10:37:29 ----D---- C:\WINDOWS\system32\wbem
2008-10-01 10:37:29 ----D---- C:\WINDOWS\AppPatch
2008-10-01 10:37:28 ----D---- C:\WINDOWS\system32\Setup
2008-10-01 10:37:21 ----RSD---- C:\WINDOWS\Fonts
2008-10-01 10:36:13 ----D---- C:\WINDOWS\security
2008-10-01 10:35:41 ----D---- C:\WINDOWS\ServicePackFiles
2008-10-01 10:32:50 ----D---- C:\WINDOWS\WinSxS
2008-10-01 10:32:38 ----D---- C:\WINDOWS\system32\bits
2008-10-01 10:32:02 ----D---- C:\WINDOWS\system32\usmt
2008-10-01 10:31:58 ----D---- C:\WINDOWS\system32\Restore
2008-10-01 10:31:58 ----D---- C:\WINDOWS\system32\oobe
2008-10-01 10:31:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-01 10:31:57 ----D---- C:\WINDOWS\system32\npp
2008-10-01 10:31:57 ----D---- C:\WINDOWS\system32\inetsrv
2008-10-01 10:31:42 ----D---- C:\WINDOWS\system32\Com
2008-10-01 10:30:02 ----D---- C:\WINDOWS\system
2008-10-01 10:30:01 ----D---- C:\WINDOWS\srchasst
2008-10-01 10:27:04 ----D---- C:\WINDOWS\peernet
2008-10-01 10:27:01 ----D---- C:\WINDOWS\msagent
2008-10-01 10:26:53 ----D---- C:\WINDOWS\ime
2008-10-01 10:26:52 ----D---- C:\WINDOWS\Help
2008-10-01 10:26:51 ----D---- C:\WINDOWS\ehome
2008-10-01 10:26:47 ----D---- C:\Program Files\Windows NT
2008-10-01 10:26:45 ----D---- C:\Program Files\Outlook Express
2008-10-01 10:26:44 ----D---- C:\Program Files\NetMeeting
2008-10-01 10:26:42 ----D---- C:\Program Files\Movie Maker
2008-10-01 10:26:40 ----D---- C:\Program Files\Internet Explorer
2008-10-01 10:26:34 ----D---- C:\Program Files\Common Files\System
2008-10-01 10:25:57 ----SD---- C:\WINDOWS\Tasks
2008-10-01 09:57:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-10-01 09:28:21 ----D---- C:\Program Files\Yahoo!
2008-10-01 09:28:07 ----D---- C:\Program Files\Common Files\Scanner
2008-10-01 09:27:17 ----D---- C:\Program Files\Symantec
2008-10-01 09:26:40 ----D---- C:\Program Files\Common Files
2008-10-01 09:21:30 ----D---- C:\Program Files\Common Files\Vbox
2008-10-01 09:21:27 ----D---- C:\Program Files\Ahead
2008-10-01 09:21:26 ----D---- C:\Program Files\Absolute Poker
2008-09-30 23:44:23 ----D---- C:\Documents and Settings\Robert\Application Data\SuperNZB
2008-09-27 07:09:20 ----D---- C:\Documents and Settings
2008-09-24 23:19:29 ----D---- C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-09-21 15:22:19 ----D---- C:\Program Files\Trend Micro
2008-09-20 22:51:43 ----RASH---- C:\boot.ini
2008-09-20 22:51:43 ----A---- C:\WINDOWS\win.ini
2008-09-20 22:51:43 ----A---- C:\WINDOWS\system.ini
2008-09-20 00:12:09 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft
2008-09-19 14:24:19 ----D---- C:\WINDOWS\system32\config
2008-09-19 14:22:58 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-09-19 13:35:09 ----A---- C:\WINDOWS\ntbtlog.txt
2008-09-19 13:29:44 ----D---- C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 12:38:32 ----D---- C:\Program Files\RM Converter
2008-09-19 12:21:33 ----D---- C:\WINDOWS\pss
2008-09-19 12:16:31 ----A---- C:\WINDOWS\setuplog.txt
2008-09-19 11:59:43 ----A---- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000004-00511102}.BAK
2008-09-19 09:10:50 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-19 09:01:18 ----A---- C:\WINDOWS\ModemLog_Lucent Win Modem #2.txt
2008-09-19 08:34:37 ----SD---- C:\Documents and Settings\Robert\Application Data\Microsoft
2008-09-17 20:17:15 ----D---- C:\WINDOWS\Debug
2008-09-17 14:16:04 ----A---- C:\WINDOWS\imsins.BAK
2008-09-17 14:15:58 ----HD---- C:\WINDOWS\$hf_mig$
2008-09-17 13:20:49 ----RHD---- C:\Documents and Settings\Robert\Application Data\yahoo!
2008-09-17 13:00:41 ----SHD---- C:\System Volume Information

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-04 37376]
R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 BpCdrVsd;BpCdrVsd; C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder; C:\WINDOWS\System32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R1 eectrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 incdrm;InCD EasyWrite Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2002-10-08 7582]
R1 srtsp;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2007-11-30 279088]
R1 srtspx;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2007-11-30 43696]
R1 VIAPFD;VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [2001-12-18 3279]
R2 BsUDF;InCD UDF Driver; C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 bpflt;BACKPACK Filter; C:\WINDOWS\System32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-08-12 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-08-12 998004]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2004-08-04 606684]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 naveng;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080930.003\NAVENG.SYS []
R3 navex15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20080930.003\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2002-08-29 891711]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 wltwo48b;2Wire Wireless PC Card Driver; C:\WINDOWS\System32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S1 af51f9f7;af51f9f7; C:\WINDOWS\System32\drivers\af51f9f7.sys []
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter; C:\WINDOWS\System32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-04 701440]
S3 atimtag;atimtag; C:\WINDOWS\System32\DRIVERS\atimtag.sys []
S3 ATIPCXXX;ATI Parental control device; C:\WINDOWS\System32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATITUNEP;ATI TV Tuner (ATITuneP); C:\WINDOWS\System32\DRIVERS\atitunep.sys [2001-08-17 17152]
S3 ATIVRAXX;ATI Rage Theatre Audio (ATIRTSND); C:\WINDOWS\System32\DRIVERS\atirtsnd.sys [2001-08-17 26880]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP); C:\WINDOWS\System32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR); C:\WINDOWS\System32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card; C:\WINDOWS\System32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver; C:\WINDOWS\System32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable; C:\WINDOWS\System32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter; C:\WINDOWS\System32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2004-08-04 71552]
S3 catchme;catchme; \??\C:\ComboFix2\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\System32\drivers\CDANT.SYS []
S3 Dot4;IEEE-1284.4 Driver; C:\WINDOWS\System32\DRIVERS\Dot4.sys [2004-08-04 207360]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\WINDOWS\System32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-14 42496]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\System32\DRIVERS\ativmdcd.sys [2001-08-17 9472]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\System32\ntsim.sys []
S3 pcampr5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 srtspl;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2007-11-30 317616]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 SUSTUCAM;Susteen USB Cable Modem Driver; C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver; C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver; C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-04 26624]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver; C:\WINDOWS\System32\Drivers\WBMS.SYS [2002-02-28 29056]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.EXE [1999-12-13 44032]
R2 NVSvc;AOpen NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.exe [2002-05-03 61440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
S2 automatic liveupdate scheduler;Automatic LiveUpdate Scheduler; C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe []
S2 pnpsvc;Plug and Play svc service; C:\WINDOWS\system32\svchost.exe [2004-08-04 17408]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 liveupdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE []
S4 C-DillaSrv;C-DillaSrv; C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE [2001-09-10 32256]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]

-----------------EOF-----------------



Malwarebytes' Anti-Malware 1.28
Database version: 1229
Windows 5.1.2600 Service Pack 2

10/5/2008 12:43:06 PM
mbam-log-2008-10-05 (12-43-06).txt

Scan type: Full Scan (C:\|F:\|)
Objects scanned: 163315
Time elapsed: 10 hour(s), 10 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx.1 (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll (Adware.Minibug) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AE1F4156-F816-4ABE-A1DC-F3231125BB59}\RP5\A0002008.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ide21201.vxd (Adware.Winad) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\MYSEARCHPLUGINPROXY.CLASS (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.BMP (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\PARTNER.DAT (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\UNINSTALL.INF (Adware.MyWebSearch) -> Quarantined and deleted successfully.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 5th, 2008, 2:28 pm

Good. Looks like Malwarebytes' found a bunch of stuff.

There should have been two logs generated by RSIT. The one you posted which is log.txt, and the other which is info.txt.

I need to see the info.txt log. If you look on your C: drive in the RSIT folder, you should find the info.txt log. Can you please post that for me?

Also, have you tried Norton again? Honestly, if you have paid for Norton, then you might want to keep it, however there are several other very good free Anti-Virus programs that will serve you well.....

Here are some Anti Virus products which are free for personal use and most used:
AntiVir
Avast
BitDefender

You may wish to try one of these.

One note however, if you use one of the above Anti-Virus programs, let me know and we will want to make sure that we remove Norton completely. Having 2 Anti-Virus programs on your system is not a good thing and can cause crashes and system instability.

Lets do a couple of other things....

*===============================================*

Here is a little note about WeatherBug:
WEATHERBUG-OPTIONAL FIX

WeatherBug is a system tray icon that offers weather information and includes built-in ads. WeatherBug is controlled by AWS Convergence Technologies (weatherbugmedia.com). There is some controversy over whether WeatherBug should be targeted by anti-parasite software. AWS strongly deny their software is 'spyware', and by the definition used here, it is not, as it does not leak information back to its controlling servers. However, WeatherBug has in the past been silently installed by the FavoriteMan parasite and Freeze.com screensavers, and more recently has been bundled by software such as AIM and Blubster. This makes it 'unsolicited', and since it is installed to raise money for its creators through the built-in ads it is certainly 'commercial'. So it does meet the definition for 'parasite': unsolicited commercial software. It is nonetheless listed as a borderline case because it is not overtly harmful and many people do install it deliberately. WeatherBug bundles the MySearch parasite in its standalone distribution and has in the past, installed Gator and SVAPlayer.

I recommend that you uninstall WeatherBugand choose one of these alternatives:
Weather Pulse
Weather Watcher
or
Get mozilla Firefox and then get FORECASTFOX!!!
or check the weather at these websites:
Weather Street: US Weather
Intellicast
To uninstall WeatherBug:
  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs, highlight WeatherBug, click Remove.
  • Close the Add or Remove Programs and the Control Panel windows.

*===============================================*

I would also like to get a Kaspersky scan to make sure nothing else is hiding:

Step #1: Run Kaspersky Online Scan

Please go to Kaspersky website to perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to your desktop by changing the Files of type to Text file (.txt) before clicking on the Save button.
  • Now close the window.

*===============================================*

Step #2: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the info.txt log generated by RSIT (C:\RSIT\info.txt)
  • Contents of the Kaspersky Online Scan Log

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 5th, 2008, 4:25 pm

info.txt logfile of random's system information tool 1.02 2008-09-26 07:05:31

======Uninstall list======

-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}_10_2_0_30\{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}.exe" /X
-->"C:\Program Files\Creative Tech\Sound Blaster Audigy\Program\Ctzapxx.EXE" /U /S /R
-->"C:\Program Files\SBC Yahoo!\umuninst.exe" /S
-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Creative\SBAudigy\Program\Ctzapxx.EXE
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\News\CTNews.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\AudioHQ\AudioHQU.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Demo\AUDIGYDEMO.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Diagnose2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Midi.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\MiniDisc\MDC.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\PlayCenter2\Player2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Program\RDefault.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\QuickStart\QuickStart.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Recorder\Recorder.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Sound Blaster Audigy Manual\English\CTManual.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\SoundFont.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\SurMix2\SurMix2.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\Taskbar\Taskbar.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SBAudigy\WaveStudio\Wstudio.isu"
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Uninstall\Installer.isu"
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B13E073-4E96-4040-BE73-CC27E8853762}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2B13E073-4E96-4040-BE73-CC27E8853762}\Setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
2Wire Wireless Client Manager V3.02-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD81BDE-FB56-4B2B-A98D-34E381286B7F}\Setup.exe" -l0x9
Absolute Poker-->C:\Program Files\_uninstallation_info\Absolute Poker\CasinoUninstall.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Download Manager 2.0 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}
AdWare & SpyWare-->"C:\Program Files\Internet Explorer\IEXPLORE.EXE" "http://www.adwareremovergold.com/?revid=31418&s=1"
Ahead InCD EasyWrite Reader-->C:\WINDOWS\UNMrw.exe /UNINSTALL
Ahead InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead NeroMediaPlayer-->C:\WINDOWS\UNNMP.exe /UNINSTALL
Ahead NeroVision Express-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
AIM Toolbar-->C:\Program Files\AIM Toolbar\uninstall.exe
AOL Instant Messenger-->C:\Program Files\AIM95\uninstll.exe -LOG= C:\Program Files\AIM95\install.log -OEM=
AOpen Multimedia Utilities-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AOpen\Multimedia Utilities\AOMUnins.isu"
AOpen NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
ArcSoft PhotoStudio 5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CBB5BD6B-7B3C-45A0-AB3D-40DC8B6C3625}\Setup.exe" -l0x9 -uninst
AT&T Self Support Tool-->C:\WINDOWS\Motive\SBC\MCCUninst.exe
AT&T Yahoo! Applications-->C:\PROGRA~1\Yahoo!\Common\uninstall.exe
AV-->MsiExec.exe /I{F4DB525F-A986-4249-B98B-42A8066251CA}
Backpack Driver-->C:\Program Files\Backpack\BPUNINST.EXE Driver
Backpack SpeedyCD-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\SpeedyCD\Uninstall\SPEEDYCD.ISU" -c"C:\Program Files\SpeedyCD\Uninstall\UDLL.DLL"
BitTornado 0.3.14-->C:\Program Files\BitTornado\uninst.exe
ccCommon-->MsiExec.exe /I{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}
Civilization III v1.29f-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}\Setup.exe"
Commando-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Eidos Interactive\Pyro\Commandos\DeIsL1.isu"
Crystalys Media Internet Assistant-->C:\Program Files\Crystalys media\cm.exe /uninstall
DataPilot Pix 'n Tunes-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{87B481FA-1E4A-40B0-80C3-157E9770F436} /l1033
Desert Dollar-->C:\PROGRA~1\DESERT~1\UNWISE.EXE C:\PROGRA~1\DESERT~1\INSTALL.LOG
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Frogger v1.0-->C:\WINDOWS\SCEEunin.exe C:\WINDOWS\Froggersetup.ini
GSIM-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\gsim.inf, Uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperLoad-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Nabisco\HyperLoad\Uninst.isu"
IsoBuster 2.3-->"F:\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150030}
Java 2 Runtime Environment Standard Edition v1.3.1_04-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_04\Uninst.isu"
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 3.2 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}
Macromedia Flash Player 8-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Medieval Total War-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Total War\Medieval - Total War\Uninst.isu"
Microsoft FrontPage 2002-->MsiExec.exe /I{90170409-6000-11D3-8CFE-0050048383C9}
Microsoft Interactive Training-->C:\Program Files\MSPress\Training\lunins32_s.exe
Microsoft Office XP Media Content-->MsiExec.exe /I{90300409-6000-11D3-8CFE-0050048383C9}
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Mob Rule-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Studio 3\Mob Rule\Uninst.isu"
Mozilla Firefox (2.0.0.16)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSRedist-->MsiExec.exe /I{B7C61755-DB48-4003-948F-3D34DB8EAF69}
Nero - Burning Rom-->MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
Norton AntiVirus-->MsiExec.exe /X{830D8CBD-C668-49e2-A969-C2C2106332E0}
Norton Internet Security-->MsiExec.exe /I{48185814-A224-447A-81DA-71BD20580E1B}
Norton Internet Security-->MsiExec.exe /I{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}
Norton Internet Security-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton Internet Security-->MsiExec.exe /I{E5EE9939-259F-4DE2-8023-5C49E16A4F43}
Norton Protection Center-->MsiExec.exe /I{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}
Oozic Player-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\Oozic Player\OZPLAY30.isu"
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PokerRoom.com (remove only)-->"C:\Program Files\PokerRoom.com\uninstall.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RM Converter 3.28-->"C:\Program Files\RM Converter\unins000.exe"
SBC Yahoo! DSL Activation-->C:\PROGRA~1\Yahoo!\Common\undsldlk.exe
SBC Yahoo! DSL Home Networking Installer-->C:\Program Files\2Wire\Uninstaller.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896422)-->"C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922760)-->"C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Seven Seas 1.01-->C:\Program Files\Games\Seven Seas\UnGins.exe "C:\Program Files\Games\Seven Seas\install.log"
Shareaza version 2.2.1.0-->"C:\Program Files\Shareaza\Uninstall\unins000.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sid Meier's Alpha Centauri 2000/XP Compatibility Update-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{102E4D60-5A93-4A3C-8105-FE390427C60D}
Snood for Windows version 3.01-W-->"C:\Program Files\Snood\unins000.exe"
Sound Blaster Audigy Web 2K/XP-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2B71D23-52F0-49AD-AC56-6DAB4CF9443C}\Setup.exe" -l0x9 /remove
Sound Blaster Audigy-->C:\Program Files\Creative\Uninstall\CTUNINST.EXE /U:UNINST1.INI
SoundFont Showcase-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\SoundFont Showcase\Uninst.isu"
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SuperNZB v3.2.0-->"C:\Program Files\SuperNZB\unins000.exe"
SymNet-->MsiExec.exe /I{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}
Ultimate.Browser En hancer-->C:\DOCUME~1\Robert\APPLIC~1\tstfrjab.exe -UnIst
UltimateBet-->C:\PROGRA~1\ULTIMA~1\UNWISE.EXE C:\PROGRA~1\ULTIMA~1\INSTALL.LOG
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
USB-IrDA Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}\SETUP.EXE" -l0x9
VIA Platform Device Manager-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Viewpoint Toolbar (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarInstaller.exe /u /k
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows SR 2.0-->C:\WINDOWS\UnstSA2.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall

======Security center information======

AV: Norton Security Online
FW: Norton Security Online

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;F:\IsoBuster
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0800
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:32 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\2Wire\2PortalMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=23100
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_6.cab
O23 - Service: Automatic LiveUpdate Scheduler (automatic liveupdate scheduler) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (liveupdate) - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6216 bytes


Ken
Kaspersky will not install. It does the same thing norton does, wiil not run with another antivirus program installed.
I was able to install the latest Java, Still wil not install.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 5th, 2008, 5:24 pm

This is why you couldn't uninstall "Adware & Spyware":
AdWare & SpyWare-->"C:\Program Files\Internet Explorer\IEXPLORE.EXE" "hxxp://www.adwareremovergold.com/?revid=31418&s=1"


It's pointing you to a link: "hXXp://www.adwareremovergold.com/?revid=31418&s=1"...... Don't click on it anymore. We will take care of it.

There is one thing that I have noticed. You have three (3) different P2P programs installed on your system:

µTorrent
BitTornado 0.3.14
Shareaza version 2.2.1.0


These are no doubt why you became infected to begin with (which was described to you in my second post). If you would like to continue to receive help in cleaning your computer, please uninstall all of the P2P programs that you have installed now. If you choose not to, then you are just wasting time for both of us, and there is no sense in continuing.

Once you have done this, please post a new HijackThis log, along with a new Uninstall list, and we will continue.
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 5th, 2008, 6:00 pm

Ken

I believe that I took those programs off already when You asked me before.


2Wire Wireless Client Manager V3.02
Absolute Poker
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Flash Player Plugin
Adobe Reader 7.0.8
AdWare & SpyWare
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
Ahead NeroVision Express
AIM Toolbar
AOL Instant Messenger
AOpen Multimedia Utilities
AOpen NVIDIA Windows 2000/XP Display Drivers
ArcSoft PhotoStudio 5
AT&T Yahoo! Applications
Backpack Driver
Backpack SpeedyCD
Civilization III v1.29f
Commando
Crystalys Media Internet Assistant
DataPilot Pix 'n Tunes
Desert Dollar
DivX
DivX Content Uploader
DivX Player
DivX Web Player
Frogger v1.0
GSIM
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
HyperLoad
IsoBuster 2.3
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java(TM) 6 Update 7
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Medieval Total War
Microsoft FrontPage 2002
Microsoft Interactive Training
Microsoft Office XP Media Content
Microsoft Office XP Professional
Mob Rule
Mozilla Firefox (2.0.0.17)
Nero - Burning Rom
Oozic Player
PartyPoker
PokerRoom.com (remove only)
QuickTime
RealPlayer
Realtek AC'97 Audio
RM Converter 3.28
SBC Yahoo! DSL Activation
SBC Yahoo! DSL Home Networking Installer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Seven Seas 1.01
Shockwave
Sid Meier's Alpha Centauri 2000/XP Compatibility Update
Snood for Windows version 3.01-W
Sound Blaster Audigy
Sound Blaster Audigy Web 2K/XP
SoundFont Showcase
SuperNZB v3.2.0
UltimateBet
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
USB-IrDA Adapter
VIA Platform Device Manager
VIA Rhine-Family Fast Ethernet Adapter
WeatherBug
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows SR 2.0
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB891781
WinZip











Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:57:06 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\YBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=23100
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_6.cab
O23 - Service: Automatic LiveUpdate Scheduler (automatic liveupdate scheduler) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (liveupdate) - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6107 bytes
Last edited by schef on October 5th, 2008, 7:57 pm, edited 1 time in total.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 5th, 2008, 7:52 pm

OK. Thanks. :)

Lets keep going:

Step #1: Remove program with HijackThis

  • Start HijackThis
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • In the list find "AdWare & SpyWare" and simply click on the program.
  • Then click on the Delete this entry button.

*===============================================*

Step #2: Download and Run ComboFix

Please visit this web page for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


*===============================================*

Step #3: Things to put in your next reply

Please post the following in your next reply:
  • A New Hijack This Log
  • Contents of the ComboFix Log (C:\ComboFix.txt)

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 5th, 2008, 9:46 pm

ComboFix 08-10-05.03 - Robert 2008-10-05 20:04:29.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.688 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_006358_.tmp.dll
C:\WINDOWS\system32\_006360_.tmp.dll
C:\WINDOWS\system32\_006367_.tmp.dll
C:\WINDOWS\system32\_006368_.tmp.dll
C:\WINDOWS\system32\_006369_.tmp.dll
C:\WINDOWS\system32\_006370_.tmp.dll
C:\WINDOWS\system32\_006372_.tmp.dll
C:\WINDOWS\system32\_006373_.tmp.dll
C:\WINDOWS\system32\_006376_.tmp.dll
C:\WINDOWS\system32\_006377_.tmp.dll
C:\WINDOWS\system32\_006379_.tmp.dll
C:\WINDOWS\system32\_006380_.tmp.dll
C:\WINDOWS\system32\_006381_.tmp.dll
C:\WINDOWS\system32\_006383_.tmp.dll
C:\WINDOWS\system32\_006386_.tmp.dll
C:\WINDOWS\system32\_006387_.tmp.dll
C:\WINDOWS\system32\_006391_.tmp.dll
C:\WINDOWS\system32\_006392_.tmp.dll
C:\WINDOWS\system32\_006394_.tmp.dll
C:\WINDOWS\system32\_006397_.tmp.dll
C:\WINDOWS\system32\_006399_.tmp.dll
C:\WINDOWS\system32\_006400_.tmp.dll
C:\WINDOWS\system32\_006401_.tmp.dll
C:\WINDOWS\system32\_006402_.tmp.dll
C:\WINDOWS\system32\_006403_.tmp.dll
C:\WINDOWS\system32\_006406_.tmp.dll
C:\WINDOWS\system32\_006407_.tmp.dll
C:\WINDOWS\system32\_006408_.tmp.dll
C:\WINDOWS\system32\_006409_.tmp.dll
C:\WINDOWS\system32\_006410_.tmp.dll
C:\WINDOWS\system32\_006415_.tmp.dll
C:\WINDOWS\system32\_006417_.tmp.dll
C:\WINDOWS\system32\_006418_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-06 to 2008-10-06 )))))))))))))))))))))))))))))))
.

2008-10-05 15:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 21:14 . 2008-10-04 21:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 21:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 10:05 . 2008-10-01 10:26 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-01 10:05 . 2008-10-01 10:26 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-01 10:05 . 2008-10-01 10:26 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-01 09:53 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-09-26 07:05 . 2008-09-26 07:05 <DIR> d-------- C:\rsit
2008-09-20 00:12 . 2008-09-20 00:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-19 11:54 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-19 11:54 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-19 11:54 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-19 11:44 . 2008-09-19 11:44 <DIR> d--hs---- C:\found.000
2008-09-19 09:31 . 2008-09-19 09:31 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-19 08:15 . 2008-09-19 08:15 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13 . 2008-10-01 09:21 <DIR> d-------- C:\WINDOWS\Motive
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-17 20:34 . 2008-04-13 19:12 483,840 --a------ C:\WINDOWS\system32\SETE0.tmp
2008-09-17 20:34 . 2008-04-13 19:12 264,192 --a------ C:\WINDOWS\system32\SETF2.tmp
2008-09-17 20:34 . 2008-04-13 19:12 82,432 --a------ C:\WINDOWS\system32\SETEF.tmp
2008-09-17 20:34 . 2008-04-13 19:12 52,736 --a------ C:\WINDOWS\system32\SETE1.tmp
2008-09-17 20:34 . 2008-04-13 19:12 22,528 --a------ C:\WINDOWS\system32\SETE5.tmp
2008-09-17 20:34 . 2008-04-13 19:12 19,968 --a------ C:\WINDOWS\system32\SETEE.tmp
2008-09-17 20:34 . 2008-04-13 19:12 19,456 --a------ C:\WINDOWS\system32\SETE7.tmp
2008-09-17 20:34 . 2008-04-13 19:12 18,432 --a------ C:\WINDOWS\system32\SETE3.tmp
2008-09-17 20:34 . 2008-04-13 19:12 6,656 --a------ C:\WINDOWS\system32\SETF4A.tmp
2008-09-17 20:32 . 2008-04-13 19:11 3,066,880 --a------ C:\WINDOWS\system32\SET261.tmp
2008-09-17 20:17 . 2008-09-17 20:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:15 . 2008-09-17 14:15 197 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 21:49 --------- d-----w C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-10-05 20:37 --------- d-----w C:\Program Files\Java
2008-10-05 01:52 --------- d-----w C:\Program Files\Viewpoint
2008-10-05 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-01 15:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-01 15:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-01 14:28 --------- d-----w C:\Program Files\Yahoo!
2008-10-01 14:28 --------- d-----w C:\Program Files\Common Files\Scanner
2008-10-01 14:27 --------- d-----w C:\Program Files\Symantec
2008-10-01 14:21 --------- d-----w C:\Program Files\Common Files\Vbox
2008-10-01 14:21 --------- d-----w C:\Program Files\Ahead
2008-10-01 14:21 --------- d-----w C:\Program Files\Absolute Poker
2008-10-01 04:44 --------- d-----w C:\Documents and Settings\Robert\Application Data\SuperNZB
2008-09-21 20:22 --------- d-----w C:\Program Files\Trend Micro
2008-09-19 18:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 17:38 --------- d-----w C:\Program Files\RM Converter
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-17 18:20 --------- d--h--r C:\Documents and Settings\Robert\Application Data\yahoo!
2004-06-13 23:20 449 ----a-w C:\Documents and Settings\Robert\UpdateReg.reg
2002-10-16 07:39 19,552 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 02:56 17408 69fdf8b967ab39fef170454b6e943398 C:\WINDOWS\system32\svchost.exe

2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 02:56 506368 d05b3d809fa8d9684807eeaa55237b7d C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-06-13 05:23 1035776 84999af5063d29ab54ef88eba0409215 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\system32\services.exe

2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 02:56 14848 21cddf4ecaae17a98e020bc28960a04a C:\WINDOWS\system32\lsass.exe

2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 18:53 58880 af4b08cf909b94ef2568736f3111c9d7 C:\WINDOWS\system32\spoolsv.exe

2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-09-19_14.32.48.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 06:00:15 41,856 ------w C:\WINDOWS\ServicePackFiles\i386\imapi.sys
+ 2004-08-04 06:00:16 41,856 ----a-w C:\WINDOWS\ServicePackFiles\i386\imapi.sys
- 2004-08-04 05:59:37 57,472 ------w C:\WINDOWS\ServicePackFiles\i386\redbook.sys
+ 2004-08-04 05:59:38 57,472 ----a-w C:\WINDOWS\ServicePackFiles\i386\redbook.sys
+ 2004-08-04 06:00:54 71,040 ------w C:\WINDOWS\system32\drivers\_006343_.tmp.dll
- 2005-04-13 07:19:56 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-04-13 07:20:04 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-04-13 08:48:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2004-08-04 05:59:20 37,376 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\amdk7.sys
- 2004-08-04 07:56:56 8,192 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
+ 2008-04-14 00:12:36 7,680 ----a-w C:\WINDOWS\system32\spdwnwxp.exe
- 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe
+ 2007-08-11 01:46:18 26,488 ----a-w C:\WINDOWS\system32\spupdsvc.exe
- 2007-01-19 20:15:24 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
+ 2008-04-14 00:12:50 74,802 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\atl.dll
- 2007-01-19 20:15:24 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
+ 2008-04-14 00:12:50 995,383 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42.dll
- 2007-01-19 20:15:24 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
+ 2008-04-14 00:12:50 1,011,774 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\mfc42u.dll
- 2007-01-19 20:15:24 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2008-04-14 00:12:50 401,462 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries_6595b64144ccf1df_6.0.9792.0_x-ww_08a6620a\msvcp60.dll
+ 2008-04-14 00:12:51 1,054,208 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
- 2004-08-04 07:56:59 853,504 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
+ 2008-04-14 00:12:49 853,504 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7\dxmrtp.dll
- 2004-08-04 07:56:59 991,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
+ 2008-04-14 00:12:50 991,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcDll_6595b64144ccf1df_5.2.2.3_x-ww_d6bd8b95\rtcdll.dll
- 2004-08-04 07:55:56 132,096 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
+ 2008-04-13 18:26:33 132,096 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Networking.RtcRes_6595b64144ccf1df_5.2.2.3_en_16a24bc0\rtcres.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 393216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-02-18 323584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"NoBandCustomize"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-01-31 09:42 1228800 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-07-14 14:30 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-19 00:14 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-07 06:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-09-09 17:35 1597440 C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-05-03 10:06 364544 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"MDM"=2 (0x2)
"C-DillaSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"UpdReg"=C:\WINDOWS\Updreg.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2003-03-26 72032]
S1 af51f9f7;af51f9f7;C:\WINDOWS\system32\drivers\af51f9f7.sys [ ]
S2 pnpsvc;Plug and Play svc service;C:\WINDOWS\system32\svchost.exe [2004-08-04 17408]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-02-28 29056]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnpsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
\shell\autorun\command - G:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-06 C:\WINDOWS\Tasks\AB5C3A3B9183B003.job
- c:\docume~1\robert\applic~1\timeph~1\Slow Owns Wma.exe []
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
MSConfigStartUp-YOP - C:\PROGRA~1\Yahoo!\YOP\yop.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\laefvq4y.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-05 20:09:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-10-05 20:14:40 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-06 01:14:02
ComboFix2.txt 2008-09-20 05:06:10
ComboFix3.txt 2008-09-19 19:37:03

Pre-Run: 4,222,296,064 bytes free
Post-Run: 4,202,905,600 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

348 --- E O F --- 2008-10-02 08:00:46









Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:25 PM, on 10/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\2Wire\2PortalMon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [2wSysTray] C:\Program Files\2Wire\2PortalMon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: 2Wire Wireless Client Manager.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... potc_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/ ... leId=23100
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.yahoo.c ... _0_2_6.cab
O23 - Service: Automatic LiveUpdate Scheduler (automatic liveupdate scheduler) - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate (liveupdate) - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: AOpen NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6364 bytes
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby ktreffin » October 6th, 2008, 9:06 pm

Hi Schef,

You have some interesting things showing in your ComboFix log. I have been discussing this with the developer of ComboFix and we need to take a look at some of the logs that have been generated.

I need you to post the contents of the following logs:

ComboFix-quarantined-files.txt 2008-10-06 01:14:02
ComboFix2.txt 2008-09-20 05:06:10
ComboFix3.txt 2008-09-19 19:37:03

All of these logs should be found in the qoobox folder which is located on the C: drive (C:\qoobox).
C:\qoobox\ComboFix-quarantined-files.txt
C:\qoobox\ComboFix2.txt
C:\qoobox\ComboFix3.txt

In addition to posting the above logs, we also need see if we can get that Kaspersky Scan. I know that you stated you had trouble with it before, but now we have cleaned things up some I would like for you to try it again. Here are the directions to follow:

Run Kaspersky Online Scan

Please go to Kaspersky website to perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to your desktop by changing the Files of type to Text file (.txt) before clicking on the Save button.
  • Now close the window.

Let me know if you have any questions or problems.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 6th, 2008, 11:03 pm

Sorry

You lost me on copying. Not sure how to perform that function. Walk me threw it?
I'll try it. Let me how it did. Thanks. I'll work on the anti.


2002-10-17 14:56:50 36 C:\Qoobox\Quarantine\F\autorun.inf.vir
2004-08-04 07:56:44 382,464 C:\Qoobox\Quarantine\C\WINDOWS\system32\%~NX1.vir
2007-05-18 08:39:42 47,318 C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\danger.jpg.vir
2007-05-18 08:39:56 23,870 C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\capt.gif.vir
2007-05-18 08:40:06 14,916 C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\down.gif.vir
2007-05-18 08:44:00 43 C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\images\spacer.gif.vir
2007-06-19 01:39:40 1,127 C:\Qoobox\Quarantine\C\WINDOWS\privacy_danger\index.htm.vir
2007-07-02 15:51:20 79,872 C:\Qoobox\Quarantine\C\WINDOWS\msdde.dll.vir
2007-07-02 15:51:40 4,286 C:\Qoobox\Quarantine\C\Program Files\NewMediaCodec\install.ico.vir
2007-07-02 18:38:26 226 C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Favorites\Error Cleaner.url.vir
2007-07-02 18:38:26 226 C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Favorites\Privacy Protector.url.vir
2007-07-02 18:38:26 226 C:\Qoobox\Quarantine\C\Documents and Settings\Robert\Favorites\Spyware&Malware Protection.url.vir
2007-07-02 18:38:50 37,033 C:\Qoobox\Quarantine\C\Program Files\NewMediaCodec\Uninstall.exe.vir
2007-07-03 06:47:35 391 C:\Qoobox\Quarantine\C\WINDOWS\dat.txt.vir
2008-09-03 03:54:08 174 C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssservers.dat.vir
2008-09-19 15:37:04 58,824 C:\Qoobox\Quarantine\C\WINDOWS\system32\tdssinit.dll.vir
2008-09-19 19:23:49 1,220 C:\Qoobox\Quarantine\Registry_backups\Legacy_TDSSSERV.reg.dat
2008-09-19 19:23:49 1,268 C:\Qoobox\Quarantine\Registry_backups\Service_tdssserv.reg.dat
2008-09-19 19:23:49 292 C:\Qoobox\Quarantine\Registry_backups\Legacy_SYSREST.SYS.reg.dat
2008-09-19 19:32:49 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-09-19 19:32:49 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-09-19 19:32:49 2 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-09-19 19:36:10 0 C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{701402A1-C510-1DDD-331E-C4CC3818FEF1}.reg.dat
2008-09-19 19:36:10 0 C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{C849540C-192E-4506-8E95-A1C2A01F4FEE}.reg.dat
2008-09-19 19:36:11 136 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-sysrest32.exe.reg.dat
2008-09-19 19:36:27 377 C:\Qoobox\Quarantine\Registry_backups\SSODL-AKbTslhyAO-{EC6075AB-46CA-DF01-5D3D-DC46BFC63DA7}.reg.dat
2008-09-19 19:36:30 502 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-smgr.reg.dat
2008-09-19 19:36:30 558 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-LYELSYIPV.reg.dat
2008-10-06 01:06:05 14,924 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-10-06 01:06:19 216 C:\Qoobox\Quarantine\catchme.log
2008-10-06 01:13:44 270 C:\Qoobox\Quarantine\Registry_backups\Notify-dimsntfy.reg.dat
2008-10-06 01:13:46 572 C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-YOP.reg.dat




ComboFix 08-09-19.06 - Robert 2008-09-20 0:03:09.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.647 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix3.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-20 to 2008-09-20 )))))))))))))))))))))))))))))))
.

2008-09-19 11:54 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-19 11:54 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-19 11:54 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-19 11:44 . 2008-09-19 11:44 <DIR> d--hs---- C:\found.000
2008-09-19 09:31 . 2008-09-19 09:31 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-19 09:11 . 2008-09-19 11:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 09:11 . 2008-09-19 11:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-19 09:11 . 2008-09-19 11:05 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-19 09:11 . 2008-09-19 11:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-19 08:15 . 2008-09-19 08:15 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\WINDOWS\Motive
2008-09-19 08:13 . 2008-09-19 08:15 <DIR> d-------- C:\Program Files\SBC Self Support Tool
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-19 08:11 . 2008-09-19 08:13 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-09-19 08:11 . 2003-10-22 11:54 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2008-09-19 08:11 . 2003-10-22 11:54 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2008-09-19 08:11 . 2003-10-22 11:54 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2008-09-19 08:11 . 2003-10-22 11:54 16,073 --a------ C:\WINDOWS\system32\Pcandis3.vxd
2008-09-17 20:17 . 2008-09-17 20:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:15 . 2008-09-17 14:15 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-05 15:26 . 2008-09-17 20:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-08-20 22:34 . 2008-08-20 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-20 05:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-19 18:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 17:38 --------- d-----w C:\Program Files\RM Converter
2008-09-19 16:54 --------- d-----w C:\Program Files\Symantec
2008-09-19 16:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-17 18:20 --------- d--h--r C:\Documents and Settings\Robert\Application Data\yahoo!
2008-09-15 11:39 --------- d-----w C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2004-06-13 23:20 449 ----a-w C:\Documents and Settings\Robert\UpdateReg.reg
2003-04-12 02:31 100,465 ----a-w C:\Documents and Settings\Robert\Application Data\tstfrjab.exe
2002-10-16 07:39 19,552 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2001-08-23 07:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 02:56 17408 69fdf8b967ab39fef170454b6e943398 C:\WINDOWS\system32\svchost.exe

2001-08-23 07:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2002-08-29 03:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

2002-08-29 05:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 02:56 506368 d05b3d809fa8d9684807eeaa55237b7d C:\WINDOWS\system32\winlogon.exe

2002-08-29 04:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-06-13 05:23 1035776 84999af5063d29ab54ef88eba0409215 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 05:41 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2001-08-23 07:00 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\system32\services.exe

2002-08-29 05:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 02:56 14848 21cddf4ecaae17a98e020bc28960a04a C:\WINDOWS\system32\lsass.exe

2002-08-29 05:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2001-08-23 07:00 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 18:53 58880 af4b08cf909b94ef2568736f3111c9d7 C:\WINDOWS\system32\spoolsv.exe

2002-08-29 05:41 22016 e931e0a2b8bf0019db902e98d03662cb C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 393216]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-02-18 323584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"NoBandCustomize"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-01-31 09:42 1228800 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-07-14 14:30 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-19 00:14 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-07 06:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-09-09 17:35 1597440 C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-05-03 10:06 364544 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"MDM"=2 (0x2)
"C-DillaSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"UpdReg"=C:\WINDOWS\Updreg.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2003-03-26 72032]
S1 af51f9f7;af51f9f7;C:\WINDOWS\system32\drivers\af51f9f7.sys [ ]
S2 pnpsvc;Plug and Play svc service;C:\WINDOWS\system32\svchost.exe [2004-08-04 17408]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-02-28 29056]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnpsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
\shell\autorun\command - G:\podcastready.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - comhost
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Robert.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\laefvq4y.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-20 00:04:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-20 0:06:08
ComboFix-quarantined-files.txt 2008-09-20 05:05:40
ComboFix2.txt 2008-09-19 19:37:03

Pre-Run: 4,979,097,600 bytes free
Post-Run: 4,963,110,912 bytes free

267 --- E O F --- 2008-09-17 19:16:05






ComboFix 08-09-19.02 - Robert 2008-09-19 14:33:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.647 [GMT -5:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix2.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Autorun.inf
.
---- Previous Run -------
.
C:\Documents and Settings\Robert\Favorites\Error Cleaner.url
C:\Documents and Settings\Robert\Favorites\Privacy Protector.url
C:\Documents and Settings\Robert\Favorites\Spyware&Malware Protection.url
C:\Program Files\Dynamic Toolbar
C:\Program Files\NewMediaCodec
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\WINDOWS\dat.txt
C:\WINDOWS\Downloaded Program Files\temp
C:\WINDOWS\msdde.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssservers.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Legacy_TDSSSERV
-------\Service_tdssserv


((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 )))))))))))))))))))))))))))))))
.

2008-09-19 11:54 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-19 11:54 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-19 11:54 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-19 11:44 . 2008-09-19 11:44 <DIR> d--hs---- C:\found.000
2008-09-19 09:31 . 2008-09-19 09:31 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-19 09:11 . 2008-09-19 11:05 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-19 09:11 . 2008-09-19 11:05 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-19 09:11 . 2008-09-19 11:05 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-19 09:11 . 2008-09-19 11:05 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-19 08:15 . 2008-09-19 08:15 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\WINDOWS\Motive
2008-09-19 08:13 . 2008-09-19 08:15 <DIR> d-------- C:\Program Files\SBC Self Support Tool
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-19 08:11 . 2008-09-19 08:13 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-09-19 08:11 . 2003-10-22 11:54 81,920 --a------ C:\WINDOWS\system32\W32n50.dll
2008-09-19 08:11 . 2003-10-22 11:54 17,162 --a------ C:\WINDOWS\system32\Pcandis5.sys
2008-09-19 08:11 . 2003-10-22 11:54 16,848 --a------ C:\WINDOWS\system32\Pcandis4.sys
2008-09-19 08:11 . 2003-10-22 11:54 16,073 --a------ C:\WINDOWS\system32\Pcandis3.vxd
2008-09-17 20:17 . 2008-09-17 20:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:15 . 2008-09-17 14:15 197 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-05 15:26 . 2008-09-17 20:36 <DIR> d-------- C:\WINDOWS\system32\CatRoot
2008-08-20 22:34 . 2008-08-20 22:34 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-19 19:35 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-19 18:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 17:38 --------- d-----w C:\Program Files\RM Converter
2008-09-19 16:54 --------- d-----w C:\Program Files\Symantec
2008-09-19 16:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-17 18:20 --------- d--h--r C:\Documents and Settings\Robert\Application Data\yahoo!
2008-09-15 11:39 --------- d-----w C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:38 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2004-06-13 23:20 449 ----a-w C:\Documents and Settings\Robert\UpdateReg.reg
2003-04-12 02:31 100,465 ----a-w C:\Documents and Settings\Robert\Application Data\tstfrjab.exe
2002-10-16 07:39 19,552 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2001-08-23 07:00 12800 0f7d9c87b0ce1fa520473119752c6f79 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 02:56 17408 69fdf8b967ab39fef170454b6e943398 C:\WINDOWS\system32\svchost.exe

2001-08-23 07:00 75264 8529c295df59b564d37a73b5629162b1 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2002-08-29 03:58 332928 244a2f9816bc9b593957281ef577d976 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

2002-08-29 05:41 516608 2246d8d8f4714a2cedb21ab9b1849abb C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe
2004-08-04 02:56 506368 d05b3d809fa8d9684807eeaa55237b7d C:\WINDOWS\system32\winlogon.exe

2002-08-29 04:09 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-06-13 05:23 1035776 84999af5063d29ab54ef88eba0409215 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-08-29 05:41 1004032 a82b28bfc2e4455fe43022a498c0ef0a C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe

2001-08-23 07:00 101376 e3df4a0252d287c44606ee55355e1623 C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\system32\services.exe

2002-08-29 05:41 11776 b2b6ba905d0e3f8a32a0eb3b4051807b C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe
2004-08-04 02:56 14848 21cddf4ecaae17a98e020bc28960a04a C:\WINDOWS\system32\lsass.exe

2002-08-29 05:41 13312 414de7cf9d3f19c3ea902f1bb38ec116 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2001-08-23 07:00 51200 9b4155ba58192d4073082b8fc5d42612 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 18:53 58880 af4b08cf909b94ef2568736f3111c9d7 C:\WINDOWS\system32\spoolsv.exe

2002-08-29 05:41 22016 e931e0a2b8bf0019db902e98d03662cb C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 129536]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 393216]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-02-18 323584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"NoBandCustomize"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-01-31 09:42 1228800 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-07-14 14:30 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-19 00:14 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-07 06:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-09-09 17:35 1597440 C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-10-26 15:42 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-05-03 10:06 364544 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"MDM"=2 (0x2)
"C-DillaSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"UpdReg"=C:\WINDOWS\Updreg.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2003-03-26 72032]
S1 af51f9f7;af51f9f7;C:\WINDOWS\system32\drivers\af51f9f7.sys [ ]
S2 pnpsvc;Plug and Play svc service;C:\WINDOWS\system32\svchost.exe [2004-08-04 17408]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-02-28 29056]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnpsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
\shell\autorun\command - G:\podcastready.exe

*Newly Created Service* - comhost
.
Contents of the 'Scheduled Tasks' folder

2008-09-19 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Robert.job
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe [2007-01-14 04:09]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{C849540C-192E-4506-8E95-A1C2A01F4FEE} - (no file)
WebBrowser-{701402A1-C510-1DDD-331E-C4CC3818FEF1} - (no file)
HKLM-Run-sysrest32.exe - C:\WINDOWS\system32\sysrest32.exe
SSODL-AKbTslhyAO-{EC6075AB-46CA-DF01-5D3D-DC46BFC63DA7} - C:\WINDOWS\System32\sktmav.dll
MSConfigStartUp-LYELSYIPV - C:\WINDOWS\LYELSYIPV.exe
MSConfigStartUp-smgr - mgrs.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\laefvq4y.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 14:35:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-19 14:37:02
ComboFix-quarantined-files.txt 2008-09-19 19:36:40

Pre-Run: 5,008,023,552 bytes free
Post-Run: 4,987,371,520 bytes free

301 --- E O F --- 2008-09-17 19:16:05
Last edited by schef on October 6th, 2008, 11:16 pm, edited 1 time in total.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware