Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Can not remove Addware & SpyWare,Virtumande

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 15th, 2008, 1:37 am

ComboFix 08-10-11.02 - Robert 2008-10-14 13:35:44.6 - NTFSx86
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-09-14 to 2008-10-14 )))))))))))))))))))))))))))))))
.

2008-10-13 02:41 . 2008-10-13 02:41 335 --a------ C:\WINDOWS\mozregistry.dat
2008-10-05 15:37 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-04 21:14 . 2008-10-04 21:15 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-10-04 21:14 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-10-04 21:14 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-04 21:14 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-01 10:05 . 2008-10-12 19:33 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-01 09:53 . 2007-02-28 04:10 2,180,352 --a------ C:\WINDOWS\system32\ntoskrnl.exe
2008-09-26 07:05 . 2008-09-26 07:05 <DIR> d-------- C:\rsit
2008-09-20 00:12 . 2008-09-20 00:14 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-09-19 11:54 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-09-19 11:54 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-09-19 11:54 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-09-19 11:44 . 2008-09-19 11:44 <DIR> d--hs---- C:\found.000
2008-09-19 09:31 . 2008-09-19 09:31 16 --a------ C:\WINDOWS\system32\coh.cache
2008-09-19 08:15 . 2008-09-19 08:15 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Motive
2008-09-19 08:13 . 2008-10-01 09:21 <DIR> d-------- C:\WINDOWS\Motive
2008-09-19 08:13 . 2008-09-19 08:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Motive
2008-09-17 20:33 . 2008-04-13 19:12 8,461,312 --a------ C:\WINDOWS\system32\SET1DF.tmp
2008-09-17 20:32 . 2008-04-13 19:11 3,066,880 --a------ C:\WINDOWS\system32\SET312.tmp
2008-09-17 20:17 . 2008-09-17 20:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-17 14:15 . 2008-09-17 14:15 197 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 21:49 --------- d-----w C:\Documents and Settings\Robert\Application Data\WeatherBug
2008-10-05 20:37 --------- d-----w C:\Program Files\Java
2008-10-05 01:52 --------- d-----w C:\Program Files\Viewpoint
2008-10-05 01:52 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint
2008-10-01 15:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-01 15:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Symantec
2008-10-01 14:28 --------- d-----w C:\Program Files\Yahoo!
2008-10-01 14:28 --------- d-----w C:\Program Files\Common Files\Scanner
2008-10-01 14:27 --------- d-----w C:\Program Files\Symantec
2008-10-01 14:21 --------- d-----w C:\Program Files\Common Files\Vbox
2008-10-01 14:21 --------- d-----w C:\Program Files\Ahead
2008-10-01 14:21 --------- d-----w C:\Program Files\Absolute Poker
2008-10-01 04:44 --------- d-----w C:\Documents and Settings\Robert\Application Data\SuperNZB
2008-09-21 20:22 --------- d-----w C:\Program Files\Trend Micro
2008-09-19 18:29 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-09-19 17:38 --------- d-----w C:\Program Files\RM Converter
2008-09-19 14:10 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Yahoo!
2008-09-17 18:20 --------- d--h--r C:\Documents and Settings\Robert\Application Data\yahoo!
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2004-06-13 23:20 449 ----a-w C:\Documents and Settings\Robert\UpdateReg.reg
2002-10-16 07:39 19,552 ----a-w C:\Documents and Settings\Robert\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

2004-08-04 02:56 17408 69fdf8b967ab39fef170454b6e943398 C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
2004-08-04 02:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2008-04-13 19:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\system32\svchost.exe

2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
2008-04-13 19:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll
2004-08-04 02:56 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2004-08-04 01:14 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-04 02:56 506368 d05b3d809fa8d9684807eeaa55237b7d C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2004-08-04 02:56 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-05-26 20:38 483328 e7f9d2e4e4a94a6f58014e5ffa16a65e C:\WINDOWS\SoftwareDistribution\Download\0bfb0fd6d1529228f4175fc177388244\sp1qfe\winlogon.exe
2008-04-13 19:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\ServicePackFiles\i386\ndis.sys
2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\$NtServicePackUninstall$\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\ServicePackFiles\i386\ip6fw.sys
2008-04-13 13:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2008-04-13 19:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\explorer.exe
2007-06-13 06:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 05:23 1035776 84999af5063d29ab54ef88eba0409215 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2004-08-04 02:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\$NtServicePackUninstall$\services.exe
2004-08-04 02:56 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\ServicePackFiles\i386\services.exe
2008-04-13 19:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\services.exe
2004-08-04 02:56 110592 8ac9d5418c9f5911ee5e29ccc652678d C:\WINDOWS\system32\services.exe

2004-08-04 02:56 14848 21cddf4ecaae17a98e020bc28960a04a C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
2004-08-04 02:56 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\ServicePackFiles\i386\lsass.exe
2008-04-13 19:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\system32\lsass.exe

2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-13 19:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 02:56 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

2005-06-10 19:17 57856 ad3d9d191aea7b5445fe1d82ffbb4788 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-10 18:53 58880 af4b08cf909b94ef2568736f3111c9d7 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 02:56 57856 7435b108b935e42ea92ca94f59c8e717 C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-13 19:12 57856 d8e14a61acc1d4a6cd0d38aebac7fa3b C:\WINDOWS\system32\spoolsv.exe

2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-13 19:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot_2008-10-05_20.13.31.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-06-13 10:23:07 1,035,776 ----a-w C:\WINDOWS\explorer(2).exe
+ 2004-08-04 07:56:29 62,976 ----a-w C:\WINDOWS\ime\spgrmr(2).dll
+ 2004-08-04 07:56:45 250,880 ----a-w C:\WINDOWS\ime\sptip(2).dll
+ 2004-08-04 07:56:44 38,912 ----a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc(2).dll
- 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w C:\WINDOWS\ServicePackFiles\i386\dcache.bin
+ 2004-08-04 07:56:41 194,048 ----a-w C:\WINDOWS\system32\activeds(2).dll
+ 2004-08-04 07:56:41 101,888 ----a-w C:\WINDOWS\system32\actxprxy(2).dll
+ 2004-08-04 07:56:41 143,360 ----a-w C:\WINDOWS\system32\adsldpc(2).dll
+ 2004-08-04 07:56:41 99,840 ----a-w C:\WINDOWS\system32\advpack(2).dll
+ 2004-08-04 07:56:47 44,544 ----a-w C:\WINDOWS\system32\alg(2).exe
+ 2004-08-04 07:56:41 58,880 ----a-w C:\WINDOWS\system32\atl(2).dll
+ 2004-08-04 07:56:41 42,496 ----a-w C:\WINDOWS\system32\audiosrv(2).dll
+ 2005-03-02 18:09:29 56,832 ----a-w C:\WINDOWS\system32\authz(2).dll
+ 2004-08-04 07:56:41 84,992 ----a-w C:\WINDOWS\system32\avifil32(2).dll
+ 2004-08-04 07:56:41 28,672 ----a-w C:\WINDOWS\system32\batmeter(2).dll
+ 2004-08-04 07:55:59 63,488 ----a-w C:\WINDOWS\system32\browselc(2).dll
+ 2008-06-23 15:38:28 1,023,488 ----a-w C:\WINDOWS\system32\browseui(2).dll
+ 2004-08-04 07:56:41 59,904 ----a-w C:\WINDOWS\system32\cabinet(2).dll
+ 2005-07-26 04:39:42 225,792 ----a-w C:\WINDOWS\system32\catsrv(2).dll
+ 2005-07-26 04:39:43 625,152 ----a-w C:\WINDOWS\system32\catsrvut(2).dll
+ 2004-08-04 07:56:41 194,560 ----a-w C:\WINDOWS\system32\certcli(2).dll
+ 2004-08-04 07:56:00 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32(2).dll
+ 2005-07-26 04:39:43 498,688 ----a-w C:\WINDOWS\system32\clbcatq(2).dll
+ 2004-08-04 07:56:41 57,856 ----a-w C:\WINDOWS\system32\clusapi(2).dll
+ 2004-08-04 07:56:41 47,104 ----a-w C:\WINDOWS\system32\cnbjmon(2).dll
+ 2005-07-26 04:39:43 60,416 ----a-w C:\WINDOWS\system32\colbact(2).dll
+ 2004-08-04 07:56:41 792,064 ----a-w C:\WINDOWS\system32\comres(2).dll
+ 2005-07-26 04:39:44 1,267,200 ----a-w C:\WINDOWS\system32\comsvcs(2).dll
+ 2004-08-04 07:56:41 163,840 ----a-w C:\WINDOWS\system32\credui(2).dll
+ 2004-08-04 07:56:41 597,504 ----a-w C:\WINDOWS\system32\crypt32(2).dll
+ 2004-08-04 07:56:41 33,280 ----a-w C:\WINDOWS\system32\cryptdll(2).dll
+ 2004-08-04 07:56:41 63,488 ----a-w C:\WINDOWS\system32\cryptnet(2).dll
+ 2004-08-04 07:56:41 60,416 ----a-w C:\WINDOWS\system32\cryptsvc(2).dll
+ 2004-08-04 07:56:41 512,512 ----a-w C:\WINDOWS\system32\cryptui(2).dll
+ 2004-08-04 07:56:41 101,888 ----a-w C:\WINDOWS\system32\cscdll(2).dll
+ 2004-08-04 07:56:41 326,656 ----a-w C:\WINDOWS\system32\cscui(2).dll
+ 2004-08-04 07:56:48 6,144 ----a-w C:\WINDOWS\system32\csrss(2).exe
+ 2004-08-04 07:56:48 15,360 ----a-w C:\WINDOWS\system32\ctfmon(2).exe
+ 2004-08-04 07:56:42 24,576 ----a-w C:\WINDOWS\system32\davclnt(2).dll
- 2004-08-04 08:07:21 1,788 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2008-04-14 00:25:26 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
+ 2004-08-04 07:56:42 8,704 ----a-w C:\WINDOWS\system32\dciman32(2).dll
+ 2004-08-04 07:56:42 266,240 ----a-w C:\WINDOWS\system32\ddraw(2).dll
+ 2004-08-04 07:56:42 27,136 ----a-w C:\WINDOWS\system32\ddrawex(2).dll
+ 2004-08-04 07:56:42 68,608 ----a-w C:\WINDOWS\system32\digest(2).dll
+ 2004-08-04 07:56:42 23,552 ----a-w C:\WINDOWS\system32\dmserver(2).dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2).dll
+ 2004-08-04 07:56:42 14,336 ----a-w C:\WINDOWS\system32\drprov(2).dll
+ 2004-08-04 05:31:43 137,216 ----a-w C:\WINDOWS\system32\dssenh(2).dll
+ 2004-08-04 07:56:42 304,128 ----a-w C:\WINDOWS\system32\duser(2).dll
+ 2004-08-04 07:56:42 23,040 ----a-w C:\WINDOWS\system32\ersvc(2).dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es(2).dll
+ 2005-10-20 22:20:03 1,082,368 ----a-w C:\WINDOWS\system32\esent(2).dll
+ 2004-08-04 07:56:42 55,808 ----a-w C:\WINDOWS\system32\eventlog(2).dll
- 2008-05-01 07:11:51 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-13 06:54:02 117,360 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2004-08-04 07:56:42 344,064 ----a-w C:\WINDOWS\system32\hnetcfg(2).dll
+ 2004-08-04 07:56:42 11,264 ----a-w C:\WINDOWS\system32\icaapi(2).dll
+ 2004-08-04 07:56:42 35,840 ----a-w C:\WINDOWS\system32\imgutil(2).dll
+ 2004-08-04 07:56:42 33,280 ----a-w C:\WINDOWS\system32\inetmib1(2).dll
+ 2004-08-04 07:56:42 75,264 ----a-w C:\WINDOWS\system32\inetpp(2).dll
+ 2006-05-19 12:59:41 94,720 ----a-w C:\WINDOWS\system32\iphlpapi(2).dll
+ 2004-08-04 07:56:42 331,264 ----a-w C:\WINDOWS\system32\ipnathlp(2).dll
+ 2007-12-18 14:40:58 450,560 ----a-w C:\WINDOWS\system32\jscript(2).dll
+ 2005-06-15 17:49:30 295,936 ----a-w C:\WINDOWS\system32\kerberos(2).dll
- 2006-06-19 21:19:42 571,184 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 23:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.DLL
+ 2005-09-01 01:41:53 19,968 ----a-w C:\WINDOWS\system32\linkinfo(2).dll
+ 2004-08-04 07:56:42 97,280 ----a-w C:\WINDOWS\system32\loadperf(2).dll
+ 2004-08-04 07:56:50 14,848 ----a-w C:\WINDOWS\system32\lsass(2).exe
+ 2004-08-04 07:56:42 1,028,096 ----a-w C:\WINDOWS\system32\mfc42(2).dll
+ 2004-08-04 07:56:42 22,528 ----a-w C:\WINDOWS\system32\mfcsubs(2).dll
+ 2004-08-04 07:56:42 18,944 ----a-w C:\WINDOWS\system32\midimap(2).dll
+ 2004-08-04 07:56:42 586,240 ----a-w C:\WINDOWS\system32\mlang(2).dll
+ 2004-08-04 07:56:42 59,904 ----a-w C:\WINDOWS\system32\mpr(2).dll
+ 2004-08-04 07:56:42 87,040 ----a-w C:\WINDOWS\system32\mprapi(2).dll
+ 2007-07-06 12:46:59 95,744 ----a-w C:\WINDOWS\system32\mqsec(2).dll
+ 2007-07-06 12:46:59 471,552 ----a-w C:\WINDOWS\system32\mqutil(2).dll
+ 2004-08-04 07:56:42 71,680 ----a-w C:\WINDOWS\system32\msacm32(2).dll
+ 2004-08-04 07:56:42 86,016 ----a-w C:\WINDOWS\system32\msapsspc(2).dll
+ 2004-08-04 07:56:42 57,344 ----a-w C:\WINDOWS\system32\msasn1(2).dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms(2).dll
+ 2004-08-04 07:56:42 294,400 ----a-w C:\WINDOWS\system32\msctf(2).dll
+ 2008-06-23 15:38:33 449,024 ----a-w C:\WINDOWS\system32\mshtmled(2).dll
+ 2004-08-04 07:56:43 6,656 ----a-w C:\WINDOWS\system32\msidle(2).dll
+ 2004-08-04 07:56:43 4,608 ----a-w C:\WINDOWS\system32\msimg32(2).dll
+ 2004-08-04 07:56:43 159,232 ----a-w C:\WINDOWS\system32\msimtf(2).dll
+ 2004-08-04 07:56:43 25,088 ----a-w C:\WINDOWS\system32\mslbui(2).dll
+ 2004-08-04 07:56:43 30,208 ----a-w C:\WINDOWS\system32\mspatcha(2).dll
+ 2004-08-04 07:56:18 48,128 ----a-w C:\WINDOWS\system32\msprivs(2).dll
+ 2004-08-04 07:56:43 115,712 ----a-w C:\WINDOWS\system32\mstlsapi(2).dll
+ 2004-08-04 07:56:43 195,072 ----a-w C:\WINDOWS\system32\msutb(2).dll
+ 2004-08-04 07:56:43 413,696 ----a-w C:\WINDOWS\system32\msvcp60(2).dll
+ 2004-08-04 07:56:43 343,040 ----a-w C:\WINDOWS\system32\msvcrt(2).dll
+ 2004-08-04 05:58:25 61,440 ----a-w C:\WINDOWS\system32\msvcrt40(2).dll
+ 2004-08-04 07:56:43 120,832 ----a-w C:\WINDOWS\system32\msvfw32(2).dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock(2).dll
+ 2006-03-01 19:42:42 66,560 ----a-w C:\WINDOWS\system32\mtxclu(2).dll
+ 2004-08-04 07:56:44 17,920 ----a-w C:\WINDOWS\system32\nddeapi(2).dll
+ 2006-08-17 12:28:27 332,288 ----a-w C:\WINDOWS\system32\netapi32(2).dll
+ 2004-08-04 07:56:44 622,080 ----a-w C:\WINDOWS\system32\netcfgx(2).dll
+ 2004-08-04 07:56:44 407,040 ----a-w C:\WINDOWS\system32\netlogon(2).dll
+ 2005-08-22 18:29:46 197,632 ----a-w C:\WINDOWS\system32\netman(2).dll
+ 2004-08-04 07:56:44 1,708,032 ----a-w C:\WINDOWS\system32\netshell(2).dll
+ 2004-08-04 07:56:44 248,832 ----a-w C:\WINDOWS\system32\newdev(2).dll
+ 2004-08-04 07:56:44 67,072 ----a-w C:\WINDOWS\system32\ntdsapi(2).dll
+ 2004-08-04 07:56:44 118,784 ----a-w C:\WINDOWS\system32\ntmarta(2).dll
+ 2004-08-04 07:56:44 143,872 ----a-w C:\WINDOWS\system32\ntshrui(2).dll
+ 2001-08-23 12:00:00 60,928 ----a-w C:\WINDOWS\system32\ocmanage(2).dll
+ 2005-07-26 04:39:48 1,285,120 ----a-w C:\WINDOWS\system32\ole32(2).dll
+ 2005-07-26 04:39:48 74,752 ----a-w C:\WINDOWS\system32\olecli32(2).dll
- 2008-04-03 21:33:16 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-13 00:45:19 39,992 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-03 21:33:16 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-13 00:45:19 311,604 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2004-08-04 07:56:44 25,088 ----a-w C:\WINDOWS\system32\perfos(2).dll
+ 2004-08-04 07:56:44 15,360 ----a-w C:\WINDOWS\system32\pjlmon(2).dll
+ 2008-06-23 15:38:33 39,424 ----a-w C:\WINDOWS\system32\pngfilt(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\powrprof(2).dll
+ 2004-08-04 07:56:44 27,648 ----a-w C:\WINDOWS\system32\profmap(2).dll
+ 2004-08-04 07:56:44 23,040 ----a-w C:\WINDOWS\system32\psapi(2).dll
+ 2004-08-04 07:56:44 96,768 ----a-w C:\WINDOWS\system32\psbase(2).dll
+ 2004-08-04 07:56:44 34,304 ----a-w C:\WINDOWS\system32\pstorsvc(2).dll
+ 2006-06-26 17:37:10 8,192 ----a-w C:\WINDOWS\system32\rasadhlp(2).dll
+ 2004-08-04 07:56:44 69,632 ----a-w C:\WINDOWS\system32\raschap(2).dll
+ 2006-06-22 10:47:18 181,248 ----a-w C:\WINDOWS\system32\rasmans(2).dll
+ 2004-08-04 07:56:44 206,336 ----a-w C:\WINDOWS\system32\rasppp(2).dll
+ 2004-08-04 07:56:44 112,128 ----a-w C:\WINDOWS\system32\rastls(2).dll
+ 2004-08-04 07:56:44 49,664 ----a-w C:\WINDOWS\system32\regapi(2).dll
+ 2004-08-04 07:56:44 59,904 ----a-w C:\WINDOWS\system32\regsvc(2).dll
+ 2008-10-13 06:52:30 3,253,928 ----a-w C:\WINDOWS\system32\Restore\rstrlog.dat
+ 2004-08-04 07:56:44 58,880 ----a-w C:\WINDOWS\system32\resutils(2).dll
+ 2007-07-09 13:09:42 584,192 ----a-w C:\WINDOWS\system32\rpcrt4(2).dll
+ 2005-07-26 04:39:49 397,824 ----a-w C:\WINDOWS\system32\rpcss(2).dll
+ 2004-08-04 05:31:43 152,576 ----a-w C:\WINDOWS\system32\rsaenh(2).dll
+ 2004-08-04 07:56:44 44,032 ----a-w C:\WINDOWS\system32\rtutils(2).dll
+ 2004-08-04 07:56:44 180,224 ----a-w C:\WINDOWS\system32\scecli(2).dll
+ 2004-08-04 07:56:44 313,856 ----a-w C:\WINDOWS\system32\scesrv(2).dll
+ 2004-08-04 07:56:44 190,976 ----a-w C:\WINDOWS\system32\schedsvc(2).dll
+ 2004-08-04 07:56:44 18,944 ----a-w C:\WINDOWS\system32\seclogon(2).dll
+ 2004-08-04 07:56:44 55,808 ----a-w C:\WINDOWS\system32\secur32(2).dll
+ 2004-08-04 07:56:44 5,632 ----a-w C:\WINDOWS\system32\security(2).dll
+ 2004-08-04 07:56:44 38,912 ----a-w C:\WINDOWS\system32\sens(2).dll
+ 2004-08-04 07:56:44 6,656 ----a-w C:\WINDOWS\system32\sensapi(2).dll
+ 2001-08-23 12:00:00 259,584 ----a-w C:\WINDOWS\system32\Setup\comsetup(2).dll
+ 2004-08-04 07:56:42 32,828 ----a-w C:\WINDOWS\system32\Setup\fp40ext(2).dll
+ 2004-08-04 07:56:42 132,608 ----a-w C:\WINDOWS\system32\Setup\fxsocm(2).dll
+ 2004-08-04 07:56:42 505,344 ----a-w C:\WINDOWS\system32\Setup\iis(2).dll
+ 2001-08-23 12:00:00 115,712 ----a-w C:\WINDOWS\system32\Setup\imsinsnt(2).dll
+ 2004-08-04 07:56:42 16,896 ----a-w C:\WINDOWS\system32\Setup\medctroc(2).dll
+ 2001-08-23 12:00:00 82,432 ----a-w C:\WINDOWS\system32\Setup\msdtcstp(2).dll
+ 2004-08-04 07:56:43 15,360 ----a-w C:\WINDOWS\system32\Setup\msgrocm(2).dll
+ 2004-08-04 07:56:43 169,984 ----a-w C:\WINDOWS\system32\Setup\msmqocm(2).dll
+ 2004-08-04 07:56:44 77,312 ----a-w C:\WINDOWS\system32\Setup\netoc(2).dll
+ 2004-08-04 07:56:44 62,976 ----a-w C:\WINDOWS\system32\Setup\ntoc(2).dll
+ 2004-08-04 07:56:44 15,872 ----a-w C:\WINDOWS\system32\Setup\ocgen(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn(2).dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll
+ 2004-08-04 07:56:44 17,408 ----a-w C:\WINDOWS\system32\Setup\ocmsn.dll.OLD
+ 2004-08-04 07:56:44 101,376 ----a-w C:\WINDOWS\system32\Setup\setupqry(2).dll
+ 2004-08-04 07:56:46 33,792 ----a-w C:\WINDOWS\system32\Setup\tabletoc(2).dll
+ 2004-08-04 07:56:46 121,856 ----a-w C:\WINDOWS\system32\Setup\tsoc(2).dll
+ 2004-08-04 07:56:44 5,120 ----a-w C:\WINDOWS\system32\sfc(2).dll
+ 2004-08-04 07:56:44 140,288 ----a-w C:\WINDOWS\system32\sfc_os(2).dll
+ 2004-08-04 07:56:27 549,376 ----a-w C:\WINDOWS\system32\shdoclc(2).dll
+ 2007-10-26 03:36:51 8,454,656 ----a-w C:\WINDOWS\system32\shell32(2).dll
+ 2008-06-23 15:38:34 474,112 ----a-w C:\WINDOWS\system32\shlwapi(2).dll
+ 2004-08-04 07:56:45 151,552 ----a-w C:\WINDOWS\system32\shmedia(2).dll
+ 2004-08-04 07:56:45 151,552 ----a-w C:\WINDOWS\system32\shmedia(3).dll
+ 2006-12-19 21:52:18 134,656 ----a-w C:\WINDOWS\system32\shsvcs(2).dll
+ 2004-08-04 07:56:45 18,944 ----a-w C:\WINDOWS\system32\snmpapi(2).dll
+ 2004-08-04 07:56:45 74,752 ----a-w C:\WINDOWS\system32\spoolss(2).dll
+ 2005-06-10 23:53:32 58,880 ----a-w C:\WINDOWS\system32\spoolsv(2).exe
+ 2004-08-04 07:56:45 67,584 ----a-w C:\WINDOWS\system32\srclient(2).dll
+ 2004-08-04 07:56:45 170,496 ----a-w C:\WINDOWS\system32\srsvc(2).dll
+ 2004-08-04 07:56:45 34,816 ----a-w C:\WINDOWS\system32\ssdpapi(2).dll
+ 2004-08-04 07:56:45 71,680 ----a-w C:\WINDOWS\system32\ssdpsrv(2).dll
+ 2004-08-04 07:56:45 67,584 ----a-w C:\WINDOWS\system32\sti(2).dll
+ 2004-08-04 07:56:45 121,856 ----a-w C:\WINDOWS\system32\stobject(2).dll
+ 2004-08-04 07:56:57 17,408 ----a-w C:\WINDOWS\system32\svchost(2).exe
+ 2006-10-19 13:56:32 713,216 ----a-w C:\WINDOWS\system32\sxs(2).dll
+ 2004-08-04 07:56:46 181,760 ----a-w C:\WINDOWS\system32\tapi32(2).dll
+ 2005-07-08 16:27:56 249,344 ----a-w C:\WINDOWS\system32\tapisrv(2).dll
+ 2004-08-04 07:56:46 45,568 ----a-w C:\WINDOWS\system32\tcpmon(2).dll
+ 2004-08-04 07:56:46 295,424 ----a-w C:\WINDOWS\system32\termsrv(2).dll
+ 2004-08-04 07:56:46 385,536 ----a-w C:\WINDOWS\system32\themeui(2).dll
+ 2004-08-04 07:56:46 90,624 ----a-w C:\WINDOWS\system32\trkwks(2).dll
+ 2005-08-23 03:35:42 123,392 ----a-w C:\WINDOWS\system32\umpnpmgr(2).dll
+ 2004-08-04 07:56:46 132,608 ----a-w C:\WINDOWS\system32\upnp(2).dll
+ 2004-08-04 07:56:46 37,888 ----a-w C:\WINDOWS\system32\url(2).dll
+ 2008-06-23 15:38:34 615,936 ----a-w C:\WINDOWS\system32\urlmon(2).dll
+ 2004-08-04 07:56:46 16,896 ----a-w C:\WINDOWS\system32\usbmon(2).dll
+ 2004-08-04 07:56:46 218,624 ----a-w C:\WINDOWS\system32\uxtheme(2).dll
+ 2007-12-18 14:40:58 417,792 ----a-w C:\WINDOWS\system32\vbscript(2).dll
+ 2004-08-04 07:56:46 18,944 ----a-w C:\WINDOWS\system32\version(2).dll
+ 2004-08-04 07:56:46 430,592 ----a-w C:\WINDOWS\system32\vssapi(2).dll
+ 2004-08-04 07:56:46 174,592 ----a-w C:\WINDOWS\system32\w32time(2).dll
+ 2004-08-04 07:56:42 185,856 ----a-w C:\WINDOWS\system32\wbem\framedyn(2).dll
+ 2004-08-04 07:56:46 18,944 ----a-w C:\WINDOWS\system32\wbem\wbemprox(2).dll
+ 2004-08-04 07:56:46 49,152 ----a-w C:\WINDOWS\system32\wdigest(2).dll
+ 2004-08-04 07:56:46 276,480 ----a-w C:\WINDOWS\system32\webcheck(2).dll
+ 2006-01-04 03:35:05 68,096 ----a-w C:\WINDOWS\system32\webclnt(2).dll
+ 2006-12-19 18:16:47 333,824 ----a-w C:\WINDOWS\system32\wiaservc(2).dll
+ 2004-08-04 07:56:46 351,232 ----a-w C:\WINDOWS\system32\winhttp(2).dll
+ 2008-06-23 15:38:34 659,456 ----a-w C:\WINDOWS\system32\wininet(2).dll
+ 2004-08-04 07:56:46 32,768 ----a-w C:\WINDOWS\system32\winipsec(2).dll
+ 2004-08-04 07:56:46 176,128 ----a-w C:\WINDOWS\system32\winmm(2).dll
+ 2004-08-04 07:56:46 16,896 ----a-w C:\WINDOWS\system32\winrnr(2).dll
+ 2004-08-04 07:56:46 99,328 ----a-w C:\WINDOWS\system32\winscard(2).dll
+ 2004-08-04 07:56:46 176,640 ----a-w C:\WINDOWS\system32\wintrust(2).dll
+ 2004-08-04 07:56:46 172,032 ----a-w C:\WINDOWS\system32\wldap32(2).dll
+ 2004-08-04 07:56:46 92,672 ----a-w C:\WINDOWS\system32\wlnotify(2).dll
+ 2004-08-04 07:56:35 5,632 ----a-w C:\WINDOWS\system32\wmi(2).dll
+ 2004-08-04 07:56:46 264,192 ----a-w C:\WINDOWS\system32\wow32(2).dll
+ 2004-08-04 07:56:46 82,944 ----a-w C:\WINDOWS\system32\ws2_32(2).dll
+ 2004-08-04 07:56:46 19,968 ----a-w C:\WINDOWS\system32\ws2help(2).dll
+ 2004-08-04 07:56:57 13,824 ----a-w C:\WINDOWS\system32\wscntfy(2).exe
+ 2004-08-04 07:56:46 81,408 ----a-w C:\WINDOWS\system32\wscsvc(2).dll
+ 2004-08-04 07:56:46 19,968 ----a-w C:\WINDOWS\system32\wshtcpip(2).dll
+ 2004-08-04 07:56:46 22,528 ----a-w C:\WINDOWS\system32\wsock32(2).dll
+ 2004-08-04 07:56:46 18,432 ----a-w C:\WINDOWS\system32\wtsapi32(2).dll
+ 2004-08-04 07:56:46 6,656 ----a-w C:\WINDOWS\system32\wuauserv(2).dll
+ 2004-08-04 07:56:46 51,712 ----a-w C:\WINDOWS\system32\wzcsapi(2).dll
+ 2004-08-04 07:56:46 359,936 ----a-w C:\WINDOWS\system32\wzcsvc(2).dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"2wSysTray"="C:\Program Files\2Wire\2PortalMon.exe" [2003-10-10 393216]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-07 180269]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
2Wire Wireless Client Manager.lnk - C:\Program Files\2Wire Wireless\Client Manager\CMTWO.EXE [2004-02-18 323584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"= 1 (0x1)
"Btn_Search"= 2 (0x2)
"NoBandCustomize"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.ctmp3"= C:\WINDOWS\System32\ctmp3.acm
"VIDC.I263"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\pnpsvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^AT&T Self Support Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk
backup=C:\WINDOWS\pss\AT&T Self Support Tool.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2004-09-01 11:26 66672 C:\Program Files\AIM95\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2003-01-31 09:42 1228800 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPInSightMonitor 01]
--a------ 2003-07-14 14:30 98304 C:\Program Files\SBC Yahoo!\Connection Manager\IP Insight\ipmon32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2003-05-19 00:14 77824 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-04-13 03:48 36975 C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-05-07 06:47 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
--a------ 2004-09-09 17:35 1597440 C:\Program Files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2002-05-03 10:06 364544 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
--a------ 2002-07-02 17:56 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RpcPatch"=2 (0x2)
"MDM"=2 (0x2)
"C-DillaSrv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"nwiz"=nwiz.exe /install
"UpdReg"=C:\WINDOWS\Updreg.exe
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
"Jet Detection"=C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-05 9344]
R1 BpCdrVsd;BpCdrVsd;C:\WINDOWS\system32\drivers\BpCdrVsd.sys [2002-12-12 7936]
R1 bpfinder;BACKPACK Finder;C:\WINDOWS\system32\DRIVERS\bpfinder.sys [2003-02-17 62279]
R2 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2003-01-31 389504]
R3 bpflt;BACKPACK Filter;C:\WINDOWS\system32\DRIVERS\bpflt.sys [2002-08-08 4538]
R3 wltwo48b;2Wire Wireless PC Card Driver;C:\WINDOWS\system32\DRIVERS\wltwo48b.sys [2003-08-10 170496]
S0 Cdr4vsd;Cdr4vsd;C:\WINDOWS\system32\drivers\Cdr4vsd.sys [2003-03-26 72032]
S1 af51f9f7;af51f9f7;C:\WINDOWS\system32\drivers\af51f9f7.sys [ ]
S2 pnpsvc;Plug and Play svc service;C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S3 AON325;AOpen AON-325 10/100M Fast Ethernet PCI Adapter;C:\WINDOWS\system32\DRIVERS\AON325.SYS [2001-04-16 24172]
S3 ATIPCXXX;ATI Parental control device;C:\WINDOWS\system32\DRIVERS\atipcxxx.sys [2001-08-17 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);C:\WINDOWS\system32\DRIVERS\atirtcap.sys [2001-08-17 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);C:\WINDOWS\system32\DRIVERS\ativxbar.sys [2001-08-17 26624]
S3 bppccard;BACKPACK PC Card;C:\WINDOWS\system32\DRIVERS\bppccard.sys [2003-01-09 5493]
S3 bppnpdrv;BACKPACK Driver;C:\WINDOWS\system32\DRIVERS\bppnpdrv.sys [2003-02-17 19670]
S3 bpusbdrv;BACKPACK USB 1 Cable;C:\WINDOWS\system32\DRIVERS\bpusbdrv.sys [2003-02-06 109708]
S3 bpusbflt;BACKPACK USB Filter;C:\WINDOWS\system32\DRIVERS\bpusbflt.sys [2002-08-08 8333]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;C:\WINDOWS\system32\DRIVERS\sustucam.sys [2006-04-12 38016]
S3 SUSTUCAP;Susteen USB Cable Port Driver;C:\WINDOWS\system32\DRIVERS\sustucap.sys [2006-04-12 38016]
S3 SUSTUCAU;Susteen USB Cable USB Driver;C:\WINDOWS\system32\DRIVERS\sustucau.sys [2006-04-12 20096]
S3 WBMS;Winbond Memory Stick Storage (MS) Device Driver;C:\WINDOWS\system32\Drivers\WBMS.SYS [2002-02-28 29056]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pnpsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2bfee426-7b89-11dd-96c2-000feafaf926}]
\shell\autorun\command - G:\podcastready.exe
.
Contents of the 'Scheduled Tasks' folder

2008-10-14 C:\WINDOWS\Tasks\AB5C3A3B9183B003.job
- c:\docume~1\robert\applic~1\timeph~1\Slow Owns Wma.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\laefvq4y.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-14 13:38:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
Completion time: 2008-10-14 13:41:36
ComboFix-quarantined-files.txt 2008-10-14 18:40:34
ComboFix2.txt 2008-10-12 01:12:51
ComboFix3.txt 2008-10-06 01:14:42
ComboFix4.txt 2008-09-20 05:06:10
ComboFix5.txt 2008-10-14 18:35:09

Pre-Run: 2,314,530,816 bytes free
Post-Run: 2,416,402,432 bytes free

491 --- E O F --- 2008-10-02 08:00:46
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am
Advertisement
Register to Remove

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 15th, 2008, 4:21 am

How is your machine behaving now?

Now that we have removed the patched files, we would be making another attempt at SP3. Before doing that, let's clear some those useless ******(2).exe files which System Restore inadvertently created.



Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

Code: Select all
@echo off
del /a/f "C:\WINDOWS\explorer(2).exe"
del /a/f "C:\WINDOWS\ime\spgrmr(2).dll"
del /a/f "C:\WINDOWS\ime\sptip(2).dll"
del /a/f "C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\pchsvc(2).dll"
del /a/f "C:\WINDOWS\system32\activeds(2).dll"
del /a/f "C:\WINDOWS\system32\actxprxy(2).dll"
del /a/f "C:\WINDOWS\system32\adsldpc(2).dll"
del /a/f "C:\WINDOWS\system32\advpack(2).dll"
del /a/f "C:\WINDOWS\system32\alg(2).exe"
del /a/f "C:\WINDOWS\system32\atl(2).dll"
del /a/f "C:\WINDOWS\system32\audiosrv(2).dll"
del /a/f "C:\WINDOWS\system32\authz(2).dll"
del /a/f "C:\WINDOWS\system32\avifil32(2).dll"
del /a/f "C:\WINDOWS\system32\batmeter(2).dll"
del /a/f "C:\WINDOWS\system32\browselc(2).dll"
del /a/f "C:\WINDOWS\system32\browseui(2).dll"
del /a/f "C:\WINDOWS\system32\cabinet(2).dll"
del /a/f "C:\WINDOWS\system32\catsrv(2).dll"
del /a/f "C:\WINDOWS\system32\catsrvut(2).dll"
del /a/f "C:\WINDOWS\system32\certcli(2).dll"
del /a/f "C:\WINDOWS\system32\cfgmgr32(2).dll"
del /a/f "C:\WINDOWS\system32\clbcatq(2).dll"
del /a/f "C:\WINDOWS\system32\clusapi(2).dll"
del /a/f "C:\WINDOWS\system32\cnbjmon(2).dll"
del /a/f "C:\WINDOWS\system32\colbact(2).dll"
del /a/f "C:\WINDOWS\system32\comres(2).dll"
del /a/f "C:\WINDOWS\system32\comsvcs(2).dll"
del /a/f "C:\WINDOWS\system32\credui(2).dll"
del /a/f "C:\WINDOWS\system32\crypt32(2).dll"
del /a/f "C:\WINDOWS\system32\cryptdll(2).dll"
del /a/f "C:\WINDOWS\system32\cryptnet(2).dll"
del /a/f "C:\WINDOWS\system32\cryptsvc(2).dll"
del /a/f "C:\WINDOWS\system32\cryptui(2).dll"
del /a/f "C:\WINDOWS\system32\cscdll(2).dll"
del /a/f "C:\WINDOWS\system32\cscui(2).dll"
del /a/f "C:\WINDOWS\system32\csrss(2).exe"
del /a/f "C:\WINDOWS\system32\ctfmon(2).exe"
del /a/f "C:\WINDOWS\system32\davclnt(2).dll"
del /a/f "C:\WINDOWS\system32\dcache.bin"
del /a/f "C:\WINDOWS\system32\dciman32(2).dll"
del /a/f "C:\WINDOWS\system32\ddraw(2).dll"
del /a/f "C:\WINDOWS\system32\ddrawex(2).dll"
del /a/f "C:\WINDOWS\system32\digest(2).dll"
del /a/f "C:\WINDOWS\system32\dmserver(2).dll"
del /a/f "C:\WINDOWS\system32\dnsapi(2).dll"
del /a/f "C:\WINDOWS\system32\drprov(2).dll"
del /a/f "C:\WINDOWS\system32\dssenh(2).dll"
del /a/f "C:\WINDOWS\system32\duser(2).dll"
del /a/f "C:\WINDOWS\system32\ersvc(2).dll"
del /a/f "C:\WINDOWS\system32\es(2).dll"
del /a/f "C:\WINDOWS\system32\esent(2).dll"
del /a/f "C:\WINDOWS\system32\eventlog(2).dll"
del /a/f "C:\WINDOWS\system32\FNTCACHE.DAT"
del /a/f "C:\WINDOWS\system32\hnetcfg(2).dll"
del /a/f "C:\WINDOWS\system32\icaapi(2).dll"
del /a/f "C:\WINDOWS\system32\imgutil(2).dll"
del /a/f "C:\WINDOWS\system32\inetmib1(2).dll"
del /a/f "C:\WINDOWS\system32\inetpp(2).dll"
del /a/f "C:\WINDOWS\system32\iphlpapi(2).dll"
del /a/f "C:\WINDOWS\system32\ipnathlp(2).dll"
del /a/f "C:\WINDOWS\system32\jscript(2).dll"
del /a/f "C:\WINDOWS\system32\kerberos(2).dll"
del /a/f "C:\WINDOWS\system32\linkinfo(2).dll"
del /a/f "C:\WINDOWS\system32\loadperf(2).dll"
del /a/f "C:\WINDOWS\system32\lsass(2).exe"
del /a/f "C:\WINDOWS\system32\mfc42(2).dll"
del /a/f "C:\WINDOWS\system32\mfcsubs(2).dll"
del /a/f "C:\WINDOWS\system32\midimap(2).dll"
del /a/f "C:\WINDOWS\system32\mlang(2).dll"
del /a/f "C:\WINDOWS\system32\mpr(2).dll"
del /a/f "C:\WINDOWS\system32\mprapi(2).dll"
del /a/f "C:\WINDOWS\system32\mqsec(2).dll"
del /a/f "C:\WINDOWS\system32\mqutil(2).dll"
del /a/f "C:\WINDOWS\system32\msacm32(2).dll"
del /a/f "C:\WINDOWS\system32\msapsspc(2).dll"
del /a/f "C:\WINDOWS\system32\msasn1(2).dll"
del /a/f "C:\WINDOWS\system32\mscms(2).dll"
del /a/f "C:\WINDOWS\system32\msctf(2).dll"
del /a/f "C:\WINDOWS\system32\mshtmled(2).dll"
del /a/f "C:\WINDOWS\system32\msidle(2).dll"
del /a/f "C:\WINDOWS\system32\msimg32(2).dll"
del /a/f "C:\WINDOWS\system32\msimtf(2).dll"
del /a/f "C:\WINDOWS\system32\mslbui(2).dll"
del /a/f "C:\WINDOWS\system32\mspatcha(2).dll"
del /a/f "C:\WINDOWS\system32\msprivs(2).dll"
del /a/f "C:\WINDOWS\system32\mstlsapi(2).dll"
del /a/f "C:\WINDOWS\system32\msutb(2).dll"
del /a/f "C:\WINDOWS\system32\msvcp60(2).dll"
del /a/f "C:\WINDOWS\system32\msvcrt(2).dll"
del /a/f "C:\WINDOWS\system32\msvcrt40(2).dll"
del /a/f "C:\WINDOWS\system32\msvfw32(2).dll"
del /a/f "C:\WINDOWS\system32\mswsock(2).dll"
del /a/f "C:\WINDOWS\system32\mtxclu(2).dll"
del /a/f "C:\WINDOWS\system32\nddeapi(2).dll"
del /a/f "C:\WINDOWS\system32\netapi32(2).dll"
del /a/f "C:\WINDOWS\system32\netcfgx(2).dll"
del /a/f "C:\WINDOWS\system32\netlogon(2).dll"
del /a/f "C:\WINDOWS\system32\netman(2).dll"
del /a/f "C:\WINDOWS\system32\netshell(2).dll"
del /a/f "C:\WINDOWS\system32\newdev(2).dll"
del /a/f "C:\WINDOWS\system32\ntdsapi(2).dll"
del /a/f "C:\WINDOWS\system32\ntmarta(2).dll"
del /a/f "C:\WINDOWS\system32\ntshrui(2).dll"
del /a/f "C:\WINDOWS\system32\ocmanage(2).dll"
del /a/f "C:\WINDOWS\system32\ole32(2).dll"
del /a/f "C:\WINDOWS\system32\olecli32(2).dll"
del /a/f "C:\WINDOWS\system32\perfc009.dat"
del /a/f "C:\WINDOWS\system32\perfh009.dat"
del /a/f "C:\WINDOWS\system32\perfos(2).dll"
del /a/f "C:\WINDOWS\system32\pjlmon(2).dll"
del /a/f "C:\WINDOWS\system32\pngfilt(2).dll"
del /a/f "C:\WINDOWS\system32\powrprof(2).dll"
del /a/f "C:\WINDOWS\system32\profmap(2).dll"
del /a/f "C:\WINDOWS\system32\psapi(2).dll"
del /a/f "C:\WINDOWS\system32\psbase(2).dll"
del /a/f "C:\WINDOWS\system32\pstorsvc(2).dll"
del /a/f "C:\WINDOWS\system32\rasadhlp(2).dll"
del /a/f "C:\WINDOWS\system32\raschap(2).dll"
del /a/f "C:\WINDOWS\system32\rasmans(2).dll"
del /a/f "C:\WINDOWS\system32\rasppp(2).dll"
del /a/f "C:\WINDOWS\system32\rastls(2).dll"
del /a/f "C:\WINDOWS\system32\regapi(2).dll"
del /a/f "C:\WINDOWS\system32\regsvc(2).dll"
del /a/f "C:\WINDOWS\system32\resutils(2).dll"
del /a/f "C:\WINDOWS\system32\rpcrt4(2).dll"
del /a/f "C:\WINDOWS\system32\rpcss(2).dll"
del /a/f "C:\WINDOWS\system32\rsaenh(2).dll"
del /a/f "C:\WINDOWS\system32\rtutils(2).dll"
del /a/f "C:\WINDOWS\system32\scecli(2).dll"
del /a/f "C:\WINDOWS\system32\scesrv(2).dll"
del /a/f "C:\WINDOWS\system32\schedsvc(2).dll"
del /a/f "C:\WINDOWS\system32\seclogon(2).dll"
del /a/f "C:\WINDOWS\system32\secur32(2).dll"
del /a/f "C:\WINDOWS\system32\security(2).dll"
del /a/f "C:\WINDOWS\system32\sens(2).dll"
del /a/f "C:\WINDOWS\system32\sensapi(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\comsetup(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\fp40ext(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\fxsocm(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\iis(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\imsinsnt(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\medctroc(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\msdtcstp(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\msgrocm(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\msmqocm(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\netoc(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\ntoc(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\ocgen(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\ocmsn(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\ocmsn.dll.OLD"
del /a/f "C:\WINDOWS\system32\Setup\setupqry(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\tabletoc(2).dll"
del /a/f "C:\WINDOWS\system32\Setup\tsoc(2).dll"
del /a/f "C:\WINDOWS\system32\sfc(2).dll"
del /a/f "C:\WINDOWS\system32\sfc_os(2).dll"
del /a/f "C:\WINDOWS\system32\shdoclc(2).dll"
del /a/f "C:\WINDOWS\system32\shell32(2).dll"
del /a/f "C:\WINDOWS\system32\shlwapi(2).dll"
del /a/f "C:\WINDOWS\system32\shmedia(2).dll"
del /a/f "C:\WINDOWS\system32\shmedia(3).dll"
del /a/f "C:\WINDOWS\system32\shsvcs(2).dll"
del /a/f "C:\WINDOWS\system32\snmpapi(2).dll"
del /a/f "C:\WINDOWS\system32\spoolss(2).dll"
del /a/f "C:\WINDOWS\system32\spoolsv(2).exe"
del /a/f "C:\WINDOWS\system32\srclient(2).dll"
del /a/f "C:\WINDOWS\system32\srsvc(2).dll"
del /a/f "C:\WINDOWS\system32\ssdpapi(2).dll"
del /a/f "C:\WINDOWS\system32\ssdpsrv(2).dll"
del /a/f "C:\WINDOWS\system32\sti(2).dll"
del /a/f "C:\WINDOWS\system32\stobject(2).dll"
del /a/f "C:\WINDOWS\system32\svchost(2).exe"
del /a/f "C:\WINDOWS\system32\sxs(2).dll"
del /a/f "C:\WINDOWS\system32\tapi32(2).dll"
del /a/f "C:\WINDOWS\system32\tapisrv(2).dll"
del /a/f "C:\WINDOWS\system32\tcpmon(2).dll"
del /a/f "C:\WINDOWS\system32\termsrv(2).dll"
del /a/f "C:\WINDOWS\system32\themeui(2).dll"
del /a/f "C:\WINDOWS\system32\trkwks(2).dll"
del /a/f "C:\WINDOWS\system32\umpnpmgr(2).dll"
del /a/f "C:\WINDOWS\system32\upnp(2).dll"
del /a/f "C:\WINDOWS\system32\url(2).dll"
del /a/f "C:\WINDOWS\system32\urlmon(2).dll"
del /a/f "C:\WINDOWS\system32\usbmon(2).dll"
del /a/f "C:\WINDOWS\system32\uxtheme(2).dll"
del /a/f "C:\WINDOWS\system32\vbscript(2).dll"
del /a/f "C:\WINDOWS\system32\version(2).dll"
del /a/f "C:\WINDOWS\system32\vssapi(2).dll"
del /a/f "C:\WINDOWS\system32\w32time(2).dll"
del /a/f "C:\WINDOWS\system32\wbem\framedyn(2).dll"
del /a/f "C:\WINDOWS\system32\wbem\wbemprox(2).dll"
del /a/f "C:\WINDOWS\system32\wdigest(2).dll"
del /a/f "C:\WINDOWS\system32\webcheck(2).dll"
del /a/f "C:\WINDOWS\system32\webclnt(2).dll"
del /a/f "C:\WINDOWS\system32\wiaservc(2).dll"
del /a/f "C:\WINDOWS\system32\winhttp(2).dll"
del /a/f "C:\WINDOWS\system32\wininet(2).dll"
del /a/f "C:\WINDOWS\system32\winipsec(2).dll"
del /a/f "C:\WINDOWS\system32\winmm(2).dll"
del /a/f "C:\WINDOWS\system32\winrnr(2).dll"
del /a/f "C:\WINDOWS\system32\winscard(2).dll"
del /a/f "C:\WINDOWS\system32\wintrust(2).dll"
del /a/f "C:\WINDOWS\system32\wldap32(2).dll"
del /a/f "C:\WINDOWS\system32\wlnotify(2).dll"
del /a/f "C:\WINDOWS\system32\wmi(2).dll"
del /a/f "C:\WINDOWS\system32\wow32(2).dll"
del /a/f "C:\WINDOWS\system32\ws2_32(2).dll"
del /a/f "C:\WINDOWS\system32\ws2help(2).dll"
del /a/f "C:\WINDOWS\system32\wscntfy(2).exe"
del /a/f "C:\WINDOWS\system32\wscsvc(2).dll"
del /a/f "C:\WINDOWS\system32\wshtcpip(2).dll"
del /a/f "C:\WINDOWS\system32\wsock32(2).dll"
del /a/f "C:\WINDOWS\system32\wtsapi32(2).dll"
del /a/f "C:\WINDOWS\system32\wuauserv(2).dll"
del /a/f "C:\WINDOWS\system32\wzcsapi(2).dll"
del /a/f "C:\WINDOWS\system32\wzcsvc(2).dll"
pause
del %0


Save this as Delete(2).bat Choose to "Save type as - All Files"
It should look like this: Image
Double click on Delete(2).bat & allow it to remove the files.

-----


In your next post, please tell me the exact error message that SP3 threw at you.
It's not fair that you have to be stuck at SP2 when the rest of the world has migrated to SP3 :D
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 16th, 2008, 1:38 am

Messages were as follows:

Service Pak3 Setup access is denied.
xp partially updated and may not work properly.
Not installed XP service pak 3 (KB96929)
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 16th, 2008, 1:45 am

Service Pack 3 setup error. Access is denied.


http://support.microsoft.com/kb/949377

Open the Svcpack.log file. By default, this file is located in the C:\Windows folder. To open the Svcpack.log file, click Start, click Run, type %windir%\svcpack.log, and then click OK.


Kindly post the contents of the above log
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 16th, 2008, 7:10 am

Do you want me to go to the microsoft sight first and try to do that advance stuff? Or do the second part only?
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 16th, 2008, 8:11 am

The file which I requested should have got created when you attempted SP3, the first time round. I just need to peruse it.
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 16th, 2008, 6:12 pm

I tried to copy and paste but it said it was to large.



Return to the index page
General Error
SQL ERROR [ mysql4 ]

Got a packet bigger than 'max_allowed_packet' bytes [1153]

An SQL error occurred while fetching this page. Please contact the Board Administrator if this problem persists.
Please notify the board administrator or webmaster: admin@malwareremoval.com

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 16th, 2008, 6:24 pm

Kindly upload it to this website: > http://www.bleepingcomputer.com/submit- ... ?channel=4
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 16th, 2008, 6:46 pm

I do not get how to upload at that sight.
Link to topic: what would that be?

Browse to the file: Where would that be found? svcpack-Notebook.

Sorry.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 16th, 2008, 7:00 pm

Just browse to the file that needs uploading > C:\Windows\\svcpack.log
No need to fill in anything else. Just click 'Send'. I'll know who it's from
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 17th, 2008, 12:30 am

Thanks. I think I got it sent. svcpack.log
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 17th, 2008, 5:11 am

Okay, here's what you need to do. I'm going to list them down in numbers. Please do each task in the correct sequence.

1) Download & install this file from Microsoft.com

http://www.microsoft.com/downloads/details.aspx?FamilyID=e8ba3e56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en


-----------


2) Download this file > http://subs.geekstogo.com/Beta/CatMove.zip
This is a zipped file containing 2 separate files.

* Reset.bat
* Cat.bat


Extract/Unzip the files before use.
Double click on Reset.bat & allow it to run.


-----------


I do have a Hp 520 upstairs with the upgraded service pack 3 installed on it now, it came with the original service pak 2 I believe.


3) I shall need for you to copy some folders from the other machine. Then transfer them to the troubled machine.

a) Assuming that you have a removable-drive/pendrive, please place CatMove.bat into the pendrive & plug it into the HP520.

b) Double click CatMove.bat so that it may copy the necessary files/folders. It shall inform you once it completed.


c) Unplug the pendrive & take it to the troubled machine. Then double click on CatMove.bat again.

d) You shall need to reboot the machine after that.


-----------


4) After the reboot, download/install Service Pack 3 again. Make sure that your security programs ( antivirus/antispyware or even 3rd party firewalls like Comodo) are closed/disabled before installing the Service Pack

Good Luck
Last edited by sUBs on October 18th, 2008, 9:16 am, edited 1 time in total.
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 18th, 2008, 12:39 am

I did step one to the troubled machine.
Step 2 I down loaded to the troubled machine?
I don't get it.
Could you explain it differently so I understand it better please.
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby sUBs » October 18th, 2008, 1:02 am

Download the file & just double click on Reset.bat.

Do you have a pendrive (removable drive) we can use for transferring files? Floppy disk wont work as the capacity is too small.
User avatar
sUBs
Honored Member (RIP)
 
Posts: 1397
Joined: October 27th, 2006, 2:52 pm

Re: Can not remove Addware & SpyWare,Virtumande

Unread postby schef » October 18th, 2008, 9:09 am

I think I am goofing it up.
I need to know which machine to do what.
step 1 to the good clean machine or the messed up one?
step 2, 3 4 "to etc."
schef
Regular Member
 
Posts: 40
Joined: September 20th, 2008, 2:07 am
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 301 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware