Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Malware related problems.Would appreciate Help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Malware related problems.Would appreciate Help.

Unread postby paulo » June 10th, 2010, 6:11 am

Hi there,I'm having some problems with my computer and apparently they are malware related.I am trying to install and run windows one time safety scanner and it wont run,I'm getting error 0x04601001 which can be malware related.I have tried it in safe mode and cant connect to the internet while in safe mode with networking.I am also experiencing some boot problems and event viewer is showing an error "The following boot-start or system start drivers failed to load.Klif" I've searched and it says it relates either to Kaspersky(Which I've never had installed)or a rootkit.Also when highlighting start,it wont always let me into programs/documents/settings etc.I would really appreciate help to see what's causing these problems.P.s malwarebytes finds nothing.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:04:46, on 10/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.33.90.66:3128:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4105 bytes


Adobe Flash Player 10 Plugin
Audacity 1.2.6
Avira AntiVir Personal - Free Antivirus
Backup CD Player
BOClean
broadband medic
CCleaner (remove only)
COMODO Internet Security
DVD Flick 1.3.0.6
DVD Shrink 3.2
FLAC Installer 1.1.2a (remove only)
Foxit Reader
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.3)
MSConfig CleanUp 1.2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Suite
PowerDVD
Prism Video Converter
QT Lite 3.0.0
Revo Uninstaller 1.88
SAMSUNG CDMA Modem Driver Set
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
Samsung PC Studio 3 USB Driver Installer
SeaTools for Windows
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Spyware Terminator
SpywareBlaster 4.3
SUPERAntiSpyware Free Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Winamp (remove only)
WinASO Registry Optimizer 4.5.3
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinPatrol
WinRAR archiver
paulo
Active Member
 
Posts: 14
Joined: December 11th, 2009, 4:50 pm
Advertisement
Register to Remove

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 14th, 2010, 3:40 am

Hello and welcome to the forums!

I'm Odd dude, pleased to meet you; if it helps, you can call me OD ;). I will be helping you to get rid of whatever you have on your computer (don't worry, just the malware stuff :D). However, it is important to take note of the following:

  • Logs from malware removal programs (Hijackthis is one of them) can take some time to analyze. I need you to be patient whilst I analyze any logs you post.
  • Please carefully read any instruction that I give you.
    Reading too lightly will cause you to miss important steps, which could have destructive effects.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Please try to reply within three days - failure to do so might result in this thread being archived before we have finished cleaning you up. :o
    If you need more time than that, all you need to do is tell me. ;)
  • Do not do things I do not ask for, such as running a spyware scan. The one thing you should always do, though, is making sure that your antivirus definitions are up-to-date!
  • If I tell you to download a tool which you already have, please re-download it and do not use the copy you already have. This is because the tools are updated regularly.
  • Lastly, I am no magican. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

I am now analyzing your situation and will be back with instructions shortly.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 14th, 2010, 4:00 am

Hi :)

There are no problems in the hijackthis log, only a few orphans which are harmless. There is, however, a different problem. You see, you have all this security software installed:

    Avira AntiVir Personal - Free Antivirus
    BOClean
    COMODO Internet Security
    Malwarebytes' Anti-Malware
    Spyware Terminator
    SpywareBlaster 4.3
    SUPERAntiSpyware Free Edition

Of this software, the following all have real-time protection through a scanner application which is loaded in memory:

    Avira AntiVir Personal - Free Antivirus
    BOClean
    COMODO Internet Security
    Malwarebytes' Anti-Malware (only if you have the paid version, which it looks like you do not)
    Spyware Terminator
    SUPERAntiSpyware Free Edition

And that's too much:
  • Antivirus programs take up a lot of memory - imagine running two!
  • Your computer stability is reduced by running more antivirus programs than one
  • Your two antivirus programs both patch important system areas and could hinder eachother
  • Antivirus software cannot scan files that are already in use by another antivirus scanner. This means they will both miss malware!

The distinction that we need to make is the one between antivirus and antispyware software. You can have one of both of these. This means you can keep one of these (antivirus):

  • Avira AntiVir Personal - Free Antivirus
  • COMODO Internet Security

and one of these (antispyware):

  • COMODO Internet Security
  • Spyware Terminator
  • SUPERAntiSpyware Free Edition

(COMODO Internet Security is both antivirus and antispyware, so you can't use another antispyware program with it. BOClean is no longer maintained and has now been integrated into COMODO internet security, so there's no point in keeping it installed.)

Uninstall all the programs you do not choose to keep and uninstall BOClean. Also I would recommend you to uninstall WinASO Registry Optimizer 4.5.3 and MSConfig CleanUp 1.2 - in fact I strongly suggest you avoid anything that claims to clean, fix or optimize the Windows registry: even the best programs have occasionally made "mistakes" and made Windows inoperable by deleting critical registry entries. The gains are negligible and the risks are great.

Check the links below for various explanations and opinions.
An example of what can happen.
Registry cleaners?
Do I Need a Registry Cleaner? - Bill Pytlovany (creator of WinPatrol)
Should I Use a Registry Cleaner?

Lastly, Windows Media Player 10 has been superceded: we know have Windows Media Player 11 - please update to that version by using this link: http://www.microsoft.com/downloads/deta ... 66114010ca

After that, I would like you to run this program:

RSIT
Please download random/random's system information tool (RSIT) and run it. At the disclaimer screen, choose a period of one month. Then click Continue. It will produce two logs:

  • log.txt (will be maximized)
  • info.txt (will be minimized)

Please post both in your next reply. If they won't fit into one post, divide them over multiple posts.
(There's no need to post a new hijackthis log or uninstall list as RSIT includes both)


Post back:
- RSIT log.txt
- RSIT info.txt
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Possible Malware related problems.Would appreciate Help

Unread postby paulo » June 14th, 2010, 5:28 am

Hi OD,Thank you very much for your assistance,I only have one anti virus installed and that is avira.I am only using comodo firewall,you can choose not to uninstall the anti virus/spyware section of CIS and that's what I done.Regarding antispyware I only run malwarebytes and superantispyware as on demand scanners(for extra security)there is no real time function to these programs.My only realtime antispyware programs are spyware terminator and boclean anti malware.Regarding Winaso I use that only for the registry defrag and the privacy cleaner(occasionally)so I hope this won't cause any problems?If you would still like me to uninstall it I will no problem.I have posted the logs you require below.Many thanks. :)

Logfile of random's system information tool 1.07 (written by random/random)
Run by Default at 2010-06-14 10:23:41
Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (18%) free of 78 GB
Total RAM: 255 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:24:42, on 14/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Comodo\CBOClean\BOCORE.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Default\Desktop\RSIT.exe
C:\Program Files\trend micro\Default.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.33.90.66:3128:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BOCore - COMODO - C:\Program Files\Comodo\CBOClean\BOCORE.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4110 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-08 2039240]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
"BOC-427"=C:\PROGRA~1\Comodo\CBOClean\BOC427.exe [2008-07-14 351480]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2008-08-27 1783808]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2010-05-31 323976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPodService"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoResolveSearch"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Default\Desktop\utorrent.exe"="C:\Documents and Settings\Default\Desktop\utorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.txt - open - C:\WINDOWS\NOTEPAD.EXE %1

======List of files/folders created in the last 1 months======

2010-06-14 10:23:41 ----DC---- C:\rsit
2010-06-10 15:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB982381$
2010-06-10 15:07:25 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 14:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 13:15:01 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 13:04:48 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-06-10 12:33:01 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 12:30:31 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-06-10 11:03:19 ----D---- C:\Program Files\Trend Micro
2010-06-07 14:11:25 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2010-06-04 10:23:33 ----D---- C:\Documents and Settings\Default\Application Data\WinPatrol
2010-06-04 10:23:24 ----D---- C:\Program Files\BillP Studios
2010-05-27 10:40:33 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
2010-05-27 10:25:18 ----D---- C:\Program Files\VS Revo Group
2010-05-26 12:04:42 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$

======List of files/folders modified in the last 1 months======

2010-06-14 10:24:11 ----D---- C:\WINDOWS\temp
2010-06-14 10:23:37 ----D---- C:\WINDOWS\Prefetch
2010-06-14 10:19:18 ----RAD---- C:\Program Files
2010-06-14 09:58:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-14 09:55:23 ----A---- C:\WINDOWS\BOC427.INI
2010-06-14 09:55:03 ----D---- C:\WINDOWS
2010-06-11 15:11:34 ----D---- C:\Documents and Settings\Default\Application Data\Spyware Terminator
2010-06-11 14:04:25 ----D---- C:\WINDOWS\Debug
2010-06-11 13:08:36 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-11 12:35:15 ----RSD---- C:\WINDOWS\assembly
2010-06-11 11:03:58 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-06-10 15:32:26 ----D---- C:\WINDOWS\system32
2010-06-10 15:28:25 ----HD---- C:\WINDOWS\inf
2010-06-10 15:23:20 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 14:02:46 ----SHDC---- C:\Config.Msi
2010-06-10 14:02:46 ----SHD---- C:\WINDOWS\Installer
2010-06-10 13:37:16 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 13:34:08 ----D---- C:\WINDOWS\WinSxS
2010-06-10 13:03:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-08 13:51:03 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-06-08 13:34:36 ----D---- C:\Documents and Settings\Default\Application Data\uTorrent
2010-06-08 10:27:21 ----A---- C:\WINDOWS\system32\guard32.dll
2010-06-07 17:22:02 ----AC---- C:\WINDOWS\NeroDigital.ini
2010-06-04 14:03:02 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-06-04 14:02:42 ----D---- C:\Program Files\SpywareBlaster
2010-05-31 16:14:40 ----RASHC---- C:\boot.ini
2010-05-31 16:14:40 ----AC---- C:\WINDOWS\win.ini
2010-05-31 16:14:40 ----AC---- C:\WINDOWS\system.ini
2010-05-28 20:37:34 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-05-28 16:47:20 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2010-05-27 13:05:34 ----D---- C:\Program Files\Comodo
2010-05-27 10:45:50 ----D---- C:\WINDOWS\system32\drivers

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-06-01 75096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-06-08 230360]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-06-08 25240]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 Aspi32;Aspi32; C:\WINDOWS\System32\drivers\aspi32.sys [2004-07-16 16512]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-04-19 2317504]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BOCDRIVE;BOClean Kernel Monitor.; \??\C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys []
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\ipfnd51.sys [2005-02-02 26752]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-12-24 1897408]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S1 Klif;Klif; \??\C:\WINDOWS\system32\Drivers\klif.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-28 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-28 151297]
R2 BOCore;BOCore; C:\Program Files\Comodo\CBOClean\BOCORE.exe [2008-07-14 73464]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-08 1778480]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2008-08-27 570880]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2002-12-31 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.06 2010-06-14 10:24:48

======Uninstall list======

-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{0906B442-D0EC-4FE2-B666-95C82EF8B8A6}
-->C:\PROGRA~1\ntl\BROADB~1\Uninstall.exe ntl
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Backup CD Player-->C:\PROGRA~1\BACKUP~1\UNWISE.EXE C:\PROGRA~1\BACKUP~1\INSTALL.LOG
BOClean-->C:\WINDOWS\UNBOC.EXE
broadband medic-->C:\WINDOWS\Motive\ntl\MCCUninst.exe
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
COMODO Internet Security-->MsiExec.exe /I{CC6B1BB4-4E06-4A5B-A166-B371B551324B}
DVD Flick 1.3.0.6-->"C:\Program Files\DVD Flick\unins000.exe"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
FLAC Installer 1.1.2a (remove only)-->C:\Program Files\FLAC\uninstall.exe
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
HiJackThis-->MsiExec.exe /X{45A66726-69BC-466B-A7A4-12FCBA4883D7}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.6.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setup.exe /uninstall ExtraUninstallID=""
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Prism Video Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
QT Lite 3.0.0-->"C:\Program Files\QT Lite\unins000.exe"
Revo Uninstaller 1.88-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x9 -removeonly
Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x0009 -removeonly
SeaTools for Windows-->MsiExec.exe /I{98613C99-1399-416C-A07C-1EE1C585D872}
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972260)-->"C:\WINDOWS\$NtUninstallKB972260$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981349)-->"C:\WINDOWS\$NtUninstallKB981349$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update for Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"
Update for Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"
Update for Windows XP (KB980182)-->"C:\WINDOWS\$NtUninstallKB980182$\spuninst\spuninst.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
WinASO Registry Optimizer 4.5.3-->"C:\Program Files\WinASO\Registry Optimizer\unins000.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPatrol-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: COMODO Firewall

======System event log======

Computer Name: PAULO
Event Code: 18
Message: TIMEOUT<svchost.exe>

Record Number: 43416
Source Name: avgntflt
Time Written: 20100410111544.000000+060
Event Type: warning
User:

Computer Name: PAULO
Event Code: 7000
Message: The SASDIFSV service failed to start due to the following error:
Cannot create a file when that file already exists.


Record Number: 43413
Source Name: Service Control Manager
Time Written: 20100410110530.000000+060
Event Type: error
User:

Computer Name: PAULO
Event Code: 18
Message: TIMEOUT<System> C:\....default\Cache\2269FA49d01

Record Number: 43411
Source Name: avgntflt
Time Written: 20100410105519.000000+060
Event Type: warning
User:

Computer Name: PAULO
Event Code: 18
Message: TIMEOUT<System> C:\...\OfflineCache\index.sqlite

Record Number: 43410
Source Name: avgntflt
Time Written: 20100410104942.000000+060
Event Type: warning
User:

Computer Name: PAULO
Event Code: 18
Message: TIMEOUT<System> C:\...ault\urlclassifier3.sqlite

Record Number: 43409
Source Name: avgntflt
Time Written: 20100410104913.000000+060
Event Type: warning
User:

=====Application event log=====

Computer Name: PAUL
Event Code: 4118
Message: EXCEPTION calling function for the file
C:\WINDOWS\BDOSCAN8\plugins\emalware.121
[ACCESS_VIOLATION Exception!! EIP = 2089880750]
Please inform Avira and submit the appropriate file!

Record Number: 6868
Source Name: Avira AntiVir
Time Written: 20090217125623.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PAUL
Event Code: 4118
Message: EXCEPTION calling function for the file
C:\WINDOWS\BDOSCAN8\plugins\emalware.048
[ACCESS_VIOLATION Exception!! EIP = 2089880750]
Please inform Avira and submit the appropriate file!

Record Number: 6867
Source Name: Avira AntiVir
Time Written: 20090217125618.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PAUL
Event Code: 4118
Message: EXCEPTION calling function for the file
C:\WINDOWS\BDOSCAN8\plugins\bzip2.xmd
[ACCESS_VIOLATION Exception!! EIP = 2089880750]
Please inform Avira and submit the appropriate file!

Record Number: 6866
Source Name: Avira AntiVir
Time Written: 20090217125613.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PAUL
Event Code: 4118
Message: EXCEPTION calling function for the file
C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\9a5jo9md.default\cookies.sqlite-journal
[ACCESS_VIOLATION Exception!! EIP = 2089880750]
Please inform Avira and submit the appropriate file!

Record Number: 6865
Source Name: Avira AntiVir
Time Written: 20090217125608.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: PAUL
Event Code: 4118
Message: EXCEPTION calling function for the file
C:\WINDOWS\$NtUninstallKB960715$\reg00001
[ACCESS_VIOLATION Exception!! EIP = 2089880750]
Please inform Avira and submit the appropriate file!

Record Number: 6864
Source Name: Avira AntiVir
Time Written: 20090217125603.000000+000
Event Type: error
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\Program Files\QT Lite\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=2c02
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%

-----------------EOF-----------------
paulo
Active Member
 
Posts: 14
Joined: December 11th, 2009, 4:50 pm

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 14th, 2010, 6:02 am

paulo wrote:Hi OD,Thank you very much for your assistance,I only have one anti virus installed and that is avira.I am only using comodo firewall,you can choose not to uninstall the anti virus/spyware section of CIS and that's what I done.Regarding antispyware I only run malwarebytes and superantispyware as on demand scanners(for extra security)there is no real time function to these programs.My only realtime antispyware programs are spyware terminator and boclean anti malware.Regarding Winaso I use that only for the registry defrag and the privacy cleaner(occasionally)so I hope this won't cause any problems?If you would still like me to uninstall it I will no problem.I have posted the logs you require below.Many thanks. :)
OK, that's all fine then :)
I still would like you to uninstall BOClean as it has no more use since it's been integrated into COMODO Internet Security, which you have. :)

Your system does not have enough RAM (system memory). Though it is possible to install Windows XP with a mere 128 MB of RAM, it will not be able to function normally. The same goes for the 255 MB of RAM you have - with that kind of system memory, you can comfortably run Windows XP - and nothing else! I VERY strongly recommend you to upgrade to AT LEAST 512 MB of RAM (that would mean adding one 256 MB stick), but having said that I think you should go for 1 GB while you're at it. It will most certainly dramatically increase your computer's performance.

First uninstall BOClean. Reboot your system afterwards. Then exit WinPatrol by right clicking the system tray icon and clicking exit. Also disable Spyware Terminator by opening the interface, then clicking on the "Real-time Protection" tab, unchecking the "Use Real-time Protection" box and clicking on the "Save Changes" button. Open hijackthis, click do a system scan only. Put a check next to these and click fix checked:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [BOC-427] C:\PROGRA~1\Comodo\CBOClean\BOC427.exe (this may not be there anymore, that's OK)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

Re-enable Spyware Terminator by re-checking the "Use Real-time Protection" box and clicking on the "Save Changes" button. Then restart WinPatrol by clicking Start>Run and entering this line (just copy & paste it and click OK):
Code: Select all
c:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe


Have you ever used AVG Antispyware and/or any security software from Trend Micro? (that's just a question, not a recommendation)
Have you had any issues with SuperAntiSpyware lately?

Submit a file for analysis
We need to have something checked for malware. Please go to Jotti's.
  • Click Browse next to File to upload & scan and copy and paste the following line into the browse box:
    Code: Select all
    C:\WINDOWS\system32\Drivers\klif.sys
  • Click Submit. The file will now be scanned for malware and the results will be displayed from the screen. Select the part where the virus scan results are shown (the part starting with A-squared and ending with VBA32) and copy and paste this to notepad.
  • Copy and paste the whole notepad file you just made into your reply.


Post back:
- answer to my 2 questions
- Jotti results
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Possible Malware related problems.Would appreciate Help

Unread postby paulo » June 14th, 2010, 10:25 am

Hi Od.I uninstalled Boclean as you asked.I don't have it as part Of CIS, I only installed the firewall.I know it's no longer updated but I heard it is really good at stopping older malware from getting on your computer.I've uninstalled it now anyway.Regarding your questions,I used to have avg antispyware years ago but uninstalled it a long time ago.The only trendmicro software I have ever had installed was hijack this(for this forum)and I used the housecall online scanner a couple of times a while ago now.I've not had any issues at all when I've ran super antispyware recently.I actually don't use it that often,just once in a while to make sure my computer is clean.I have done exactly as you aked.When submitting the file to jotti,when I click browse mozilla firefox comes up as the destination.Is this ok?None of them found anything.Here are the results.Many thanks.

[ArcaVir]
2010-06-14 Found nothing
[G DATA]
2010-06-14 Found nothing
[Avast! antivirus]
2010-06-14 Found nothing
[Ikarus]
2010-06-14 Found nothing
[Grisoft AVG Anti-Virus]
2010-06-14 Found nothing
[Kaspersky Anti-Virus]
2010-06-14 Found nothing
[Avira AntiVir]
2010-06-14 Found nothing
[ESET NOD32]
2010-06-14 Found nothing
[Softwin BitDefender]
2010-06-14 Found nothing
[Panda Antivirus]
2010-06-13 Found nothing
[ClamAV]
2010-06-14 Found nothing
[Quick Heal]
2010-06-14 Found nothing
[CPsecure]
2010-06-14 Found nothing
[Sophos]
2010-06-14 Found nothing
[Dr.Web]
2010-06-14 Found nothing
[VirusBlokAda VBA32]
2010-06-13 Found nothing
[Frisk F-Prot Antivirus]
2010-06-13 Found nothing
[VirusBuster]
2010-06-14 Found nothing
[F-Secure Anti-Virus]
2010-06-14 Found nothing
paulo
Active Member
 
Posts: 14
Joined: December 11th, 2009, 4:50 pm

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 14th, 2010, 11:28 am

paulo wrote:Hi Od.I uninstalled Boclean as you asked.I don't have it as part Of CIS, I only installed the firewall.I know it's no longer updated but I heard it is really good at stopping older malware from getting on your computer.I've uninstalled it now anyway.
BoClean has been integrated into the scanner part of CIS. If you didn't install that then you don't have it. If you really need BoClean's functionality I recommend installing but disabling the antivirus part of CIS (however, what do you need BoClean for when you have forums as this?).
When submitting the file to jotti,when I click browse mozilla firefox comes up as the destination.Is this ok?
Perfectly fine and expected. :)

OK, we have some leftovers which can be fixed, but there is still no malware showing.
Let's fix those leftovers now and then see how the computer's doing. If you still notice issues, we can always dig deeper.

Backup the registry
  1. Download ERUNT to your desktop from HERE
  2. Double-click on the file to install the program
  3. Uncheck the NTREGOPT desktop shortcut option
  4. Click No when you get the option to run ERUNT at Windows startup.
  5. During the installation, check Launch ERUNT
  6. Accept the defaults for running a backup
  7. ERUNT will then back up your registry

Modifying the registry
  • Copy/paste the contents of the code box below to notepad
  • Make sure that Word Wrap is turned off in notepad: click the Format menu and uncheck Word Wrap
  • Save the file to your desktop as "fix.reg" and please include the quotation marks!
  • Close notepad and make sure that all other windows are closed!
Code: Select all
Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Default\Desktop\utorrent.exe"=-

Important:
  • Make sure there are NO blank lines before the first line of my code; otherwise the fix will fail
  • Make sure there IS one blank line at the end of the file
  • Make sure that you have copied all of the text!


Now double-click fix.reg, and when the computer prompts a registry merge choose Yes.

Open Notepad and copy and paste this in:
Code: Select all
@echo off
mkdir\Quarantine
move C:\WINDOWS\BOC427.INI \Quarantine\
sc stop tmcomm
sc delete tmcomm
move C:\WINDOWS\system32\drivers\tmcomm.sys \Quarantine\
sc stop bocdrive
sc delete bocdrive
move C:\Program Files\Comodo\CBOClean\BOCDRIVE.sys \Quarantine\
sc stop klif
sc delete klif
sc stop tsp
sc delete tsp
move C:\WINDOWS\system32\Drivers\klif.sys \Quarantine\
dir\Quarantine/l/a/b>\PostMe.txt
del %0

Save it as "Run.cmd" on your desktop, include the quotation marks when saving. Then double click it. A CMD prompt will open and close quickly, that's normal - if you see any success or error messages in the brief flash that's normal too. Reboot the computer. Post the contents of C:\PostMe.txt (which will have been created by the above script) to me. Also tell me how the computer is running.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Possible Malware related problems.Would appreciate Help

Unread postby paulo » June 14th, 2010, 12:21 pm

Hi Od.I done exactly as you asked.When I ran the CMD prompt it said file not found.Below is the short result of the post me.txt.(just 2 entries?)I hope I've done it correct as I just copied and pasted exactly what was highlighted?I'll have to go out soon so may not be able to post back untill later.The computer just seems the same for now although I haven't tried to install the one time safety scanner yet.OD can you see any remnants of limewire at all?I uninstalled it ages ago but when I ran the reg cleaner it was finding limewire related files.Thank you so much for your time and your help. :thumbright:

klif.sys
tmcomm.sys
paulo
Active Member
 
Posts: 14
Joined: December 11th, 2009, 4:50 pm

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 14th, 2010, 12:31 pm

From the looks of it everything went fine and I don't see limewire anywhere (though I did see one lone remnant of µtorrent, but I cleaned that up for you seeing as you no longer have it installed) :joker:

There has never been any malware in your logs, and I have cleaned up all orphaned registry entries I saw on your system. Are these symptoms resolved?

I am trying to install and run windows one time safety scanner and it wont run,I'm getting error 0x04601001
(this can be related to your real-time protection antivirus/antispyware software, it can also be related to your system RAM which you REALLY need to upgrade)

cant connect to the internet while in safe mode with networking.


event viewer is showing an error "The following boot-start or system start drivers failed to load.Klif"


Also when highlighting start,it wont always let me into programs/documents/settings etc.


None of these immediately strike me as being caused by malware, but if you still believe you have been infected with malware we can run extra scans if you wish.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Possible Malware related problems.Would appreciate Help

Unread postby paulo » June 14th, 2010, 12:38 pm

Hi Od.It's just that on the windows safety scanner they were saying that the error code I was getting was had been seen in cases of malware?Do you know what the KLIF error was?Apparently that is kaspersky related(I've never had kaspersky)or rootkit related.There has been no pop ups or redirections or anything of that nature so if you think I am malware free I'm prepared to trust you on that :D With regards to not being able to connect in safe mode with networking I've been on the other forums and tried everything.Not sure why this is?Do you think we shoud try anything else?Thanks.
paulo
Active Member
 
Posts: 14
Joined: December 11th, 2009, 4:50 pm

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 14th, 2010, 12:48 pm

[quote="paulo"on the windows safety scanner they were saying that the error code I was getting was had been seen in cases of malware?[/quote]The fact that it had been seen to be caused by malware doesn't mean it always is - I can assure you I see no malware in your logs.
Do you know what the KLIF error was?Apparently that is kaspersky related(I've never had kaspersky)or rootkit related.
I'm not 100% sure what the problem was but seeing as you don't use kaspersky I've just removed the driver.
With regards to not being able to connect in safe mode with networking I've been on the other forums and tried everything.Not sure why this is?
I saw AVG-Antispyware-related entries being loaded upon safe mode boot. Seeing as you don't use AVG Antispyware, I've removed those entries. Try if it works now.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Possible Malware related problems.Would appreciate Help

Unread postby paulo » June 15th, 2010, 6:46 am

Hi OD.Just to bring you up to date.My computer is just the same.I still can't connect to the internet while in safe mode with networking.All the drivers are loading in device manager too.If you are convinced there is no malware should I delete the logs and the programs we installed yet?As soon as I can afford to I'll get some more ram.
paulo
Active Member
 
Posts: 14
Joined: December 11th, 2009, 4:50 pm

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 15th, 2010, 8:40 am

It does not look like there is any malware on your system. We can always take a closer look but seeing as you don't have any of the ususal symptoms that would warrant doing that I don't think it would yield anything.

You can delete RSIT and its logs and you can remove ERUNT as well. You can also delete c:\Quarantine and c:\PostMe.txt.

The remaining issues do not appear to be caused by malware; therefore I think it would be best if you asked help for these issues at a forum that assists with non-malware-specific issues such as PcPitstop.
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)

Re: Possible Malware related problems.Would appreciate Help

Unread postby paulo » June 16th, 2010, 1:22 pm

Hi Od.I uninstalled erunt and deleted the RIST.exe.What should I do with the fix.reg file on my desktop and the quarintine folder with klif.sys and tmcomm.sys?Should I also uninstall hijack this?I'm just curious would it be a hassle to take a deeper look incase there is something lurking?Many thanks for you continued help and assistance.
paulo
Active Member
 
Posts: 14
Joined: December 11th, 2009, 4:50 pm

Re: Possible Malware related problems.Would appreciate Help

Unread postby Odd dude » June 16th, 2010, 1:46 pm

paulo wrote:Hi Od.I uninstalled erunt and deleted the RIST.exe.What should I do with the fix.reg file on my desktop and the quarintine folder with klif.sys and tmcomm.sys?
You can delete both.
Should I also uninstall hijack this?
That's entirely up to you.
I'm just curious would it be a hassle to take a deeper look incase there is something lurking?
Not at all. We can run the below scans:

GMER
Do not touch the computer while GMER is running! If you do, it'll go completely unresponsive and you'll have to shut it down using the power switch. Just don't touch the PC while GMER is working.
Please download gmer.zip by GMER and save it to your desktop.

  • Right click the file you just downloaded and choose Extract all
  • Click Next
  • Click Browse
  • Click the + next to My Computer
  • Click Local Disk (C:)
  • Click Make new folder
  • Enter GMER
  • Click OK, then Next
  • Check Show extracted files and click Finish
  • Double click on GMER.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the GMER scan log and post it in your next reply.
  • Close GMER.

ESET Online Scan
  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Many thanks for you continued help and assistance.
You're most welcome :)
User avatar
Odd dude
Retired Graduate
 
Posts: 2819
Joined: May 18th, 2008, 11:16 am
Location: The Netherlands (GMT +1)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 306 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware