GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

System #@!!%@%! security 2009 got me

View previous topic View next topic Go down

System #@!!%@%! security 2009 got me

Post by Notcoolness on Thu Sep 03, 2009 10:38 pm

I got infected with system security 2009 awhile back. I ran safe mode and used antimalware and a registry cleaner to get it out or i thought. Now I cant get my internet to work and cant connect to my network without limited connectivity which is why no internet I think. any idea what happened? Or if I just left a part of system security in there how I can get it out manually . Everything else is fine no locked start up no YOUR SYSTEM IS INFECTED changed back round and no fake system scan with fake errors and viruses. Please help me

Notcoolness
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-09-03
OS : windows vista home basic
Points : 26478
# Likes : 0

View user profile

Back to top Go down

Re: System #@!!%@%! security 2009 got me

Post by Belahzur on Fri Sep 04, 2009 11:35 am

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Ok did what you said

Post by Notcoolness on Sat Sep 05, 2009 1:41 am

Ok I clicked the link and got hijack this. I ran a system scan and here is the log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:36:27 AM, on 9/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] "C:\Windows\system32\WLTRAY.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ([You must be registered and logged in to see this link.] - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

--
End of file - 6678 bytes


Oh also scanned multiple times with malware bytes earlier today and kept getting same trojan. I rebooted like it told me but still kept getting same one at

windows\system32\SKYNETlog.dat

Notcoolness
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-09-03
OS : windows vista home basic
Points : 26478
# Likes : 0

View user profile

Back to top Go down

Re: System #@!!%@%! security 2009 got me

Post by Belahzur on Sat Sep 05, 2009 4:35 pm

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Ok heres Combofix log couldnt fit all next half is below

Post by Notcoolness on Sun Sep 06, 2009 12:55 am

ComboFix 09-09-05.01 - Trillest 09/05/2009 17:59.1.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1013.470 [GMT -5:00]
Running from: f:\wtf don delete\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Webroot Spy Sweeper *disabled* (Outdated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions

c:\$recycle.bin\S-1-5-21-66771231-259741160-2761330436-1001
c:\$recycle.bin\S-1-5-21-66771231-259741160-2761330436-1002
C:\drivers
c:\drivers\audio\R170217\AESTAC64.dll
c:\drivers\audio\R170217\AESTACap.dll
c:\drivers\audio\R170217\AESTAR64.dll
c:\drivers\audio\R170217\AESTARen.dll
c:\drivers\audio\R170217\AESTEC64.dll
c:\drivers\audio\R170217\AESTECap.dll
c:\drivers\audio\R170217\AESTSr64.exe
c:\drivers\audio\R170217\AESTSrv.exe
c:\drivers\audio\R170217\CTAPO32.dll
c:\drivers\audio\R170217\CTAPO64.dll
c:\drivers\audio\R170217\ctppld.dll
c:\drivers\audio\R170217\stacgui.cpl
c:\drivers\audio\R170217\staco.dll
c:\drivers\audio\R170217\staco64.dll
c:\drivers\audio\R170217\stacsv.exe
c:\drivers\audio\R170217\stacsv64.exe
c:\drivers\audio\R170217\stacui64.cpl
c:\drivers\audio\R170217\stapi32.dll
c:\drivers\audio\R170217\stapi64.dll
c:\drivers\audio\R170217\stapo.dll
c:\drivers\audio\R170217\stapo64.dll
c:\drivers\audio\R170217\stcplx.dll
c:\drivers\audio\R170217\stcplx64.dll
c:\drivers\audio\R170217\stlang.dll
c:\drivers\audio\R170217\stlang64.dll
c:\drivers\audio\R170217\sttray.exe
c:\drivers\audio\R170217\sttray64.exe
c:\drivers\audio\R170217\STWRT.cat
c:\drivers\audio\R170217\STWRT.INF
c:\drivers\audio\R170217\Stwrt.ini
c:\drivers\audio\R170217\stwrt.sys
c:\drivers\audio\R170217\STWRT64.cat
c:\drivers\audio\R170217\STWRT64.INF
c:\drivers\audio\R170217\stwrt64.ini
c:\drivers\audio\R170217\stwrt64.sys
c:\drivers\audio\R170217\suhlp.exe
c:\drivers\audio\R170217\suhlp64.exe
c:\drivers\audio\R170217\WRT_M2-1.INI
c:\drivers\audio\R170217\WRT_M2-2.INI
c:\drivers\audio\R170217\WRT_M2-3.INI
c:\drivers\audio\R170217\WRT_M2-4.INI
c:\drivers\audio\R170217\WRT_M2-5.INI
c:\drivers\audio\R170217\WRT_M2-6.INI
c:\drivers\audio\R170217\WRT_M2-7.INI
c:\drivers\audio\R170217\WRT_M2-8.INI
c:\drivers\audio\R170217\WRT_M2-9.INI
c:\drivers\audio\R170217\WRT_M4-2.INI
c:\drivers\audio\R170217\WRT_M4-3.INI
c:\drivers\audio\R170217\WRT_M4-4.INI
c:\drivers\audio\R170217\WRT_M4-7.INI
c:\drivers\audio\R170217\WRT_M4-8.INI
c:\drivers\audio\R170217\WRT_M8-1.INI
c:\drivers\audio\R170217\WRT_M8-2.INI
c:\drivers\audio\R170217\WRT_M8-3.INI
c:\drivers\audio\R170217\WRT_M8-4.INI
c:\drivers\audio\R170217\WRT_M8-5.INI
c:\drivers\audio\R170217\WRT_M8-6.INI
c:\drivers\audio\R170217\WRT_M8-7.INI
c:\drivers\audio\R170217\WRT_M8-8.INI
c:\drivers\audio\R170217\WRTNO2-8.INI
c:\drivers\audio\R170217\WRTNO4-2.INI
c:\drivers\audio\R170217\WRTNO4-3.INI
c:\drivers\audio\R170217\WRTNO4-7.INI
c:\drivers\input\R166314\apfiltr.cat
c:\drivers\input\R166314\Apfiltr.inf
c:\drivers\input\R166314\Apfiltr.sys
c:\drivers\input\R166314\ApInst.dll
c:\drivers\input\R166314\ApMouCpl.dll
c:\drivers\input\R166314\ApMsgFwd.exe
c:\drivers\input\R166314\ApntEx.exe
c:\drivers\input\R166314\Apoint.dll
c:\drivers\input\R166314\Apoint.exe
c:\drivers\input\R166314\DellTPad.exe
c:\drivers\input\R166314\DPInst.exe
c:\drivers\input\R166314\dpinst.xml
c:\drivers\input\R166314\ELProp.dll
c:\drivers\input\R166314\Eula\Eula_BP.txt
c:\drivers\input\R166314\Eula\Eula_CS.txt
c:\drivers\input\R166314\Eula\Eula_CT.txt
c:\drivers\input\R166314\Eula\Eula_FR.txt
c:\drivers\input\R166314\Eula\Eula_GR.txt
c:\drivers\input\R166314\Eula\Eula_IT.txt
c:\drivers\input\R166314\Eula\Eula_JP.txt
c:\drivers\input\R166314\Eula\Eula_KR.txt
c:\drivers\input\R166314\Eula\Eula_SP.txt
c:\drivers\input\R166314\Eula\Eula_TH.txt
c:\drivers\input\R166314\Eula\Eula_US.txt
c:\drivers\input\R166314\EzAuto.dll
c:\drivers\input\R166314\hidfind.exe
c:\drivers\input\R166314\Readme_E.htm
c:\drivers\input\R166314\Readme_E.txt
c:\drivers\input\R166314\Readme_J.htm
c:\drivers\input\R166314\Readme_J.txt
c:\drivers\input\R166314\Setup.exe
c:\drivers\input\R166314\Uninstap.exe
c:\drivers\input\R166314\Vxdif.dll
c:\drivers\input\R166314\WdfCoInstaller01005.dll
c:\drivers\modem\R150152\del000fz.cat
c:\drivers\modem\R150152\del000fz.inf
c:\drivers\modem\R150152\del1028.cty
c:\drivers\modem\R150152\difxapi.dll
c:\drivers\modem\R150152\disk1
c:\drivers\modem\R150152\HSX_CNXT.sys
c:\drivers\modem\R150152\HSX_DPV.sys
c:\drivers\modem\R150152\HSXHWAZL.sys
c:\drivers\modem\R150152\HXFSetup.exe
c:\drivers\modem\R150152\MdmXSdk.dll
c:\drivers\modem\R150152\MDMXSDK.sys
c:\drivers\modem\R150152\Setup.exe
c:\drivers\modem\R150152\UCI32114.dll
c:\drivers\modem\R150152\UIUDLL.dll
c:\drivers\modem\R150152\UIUSYS.sys
c:\drivers\modem\R150152\Version.txt
c:\drivers\modem\R150152\xaudio.exe
c:\drivers\modem\R150152\xaudio.sys
c:\drivers\network\R167854\README.htm
c:\drivers\network\R167854\Readmes\yk60x86_0404.htm
c:\drivers\network\R167854\Readmes\yk60x86_0406.htm
c:\drivers\network\R167854\Readmes\yk60x86_0407.htm
c:\drivers\network\R167854\Readmes\yk60x86_0408.htm
c:\drivers\network\R167854\Readmes\yk60x86_0409.htm
c:\drivers\network\R167854\Readmes\yk60x86_040A.htm
c:\drivers\network\R167854\Readmes\yk60x86_040B.htm
c:\drivers\network\R167854\Readmes\yk60x86_040C.htm
c:\drivers\network\R167854\Readmes\yk60x86_040D.htm
c:\drivers\network\R167854\Readmes\yk60x86_0410.htm
c:\drivers\network\R167854\Readmes\yk60x86_0411.htm
c:\drivers\network\R167854\Readmes\yk60x86_0412.htm
c:\drivers\network\R167854\Readmes\yk60x86_0413.htm
c:\drivers\network\R167854\Readmes\yk60x86_0414.htm
c:\drivers\network\R167854\Readmes\yk60x86_0415.htm
c:\drivers\network\R167854\Readmes\yk60x86_0416.htm
c:\drivers\network\R167854\Readmes\yk60x86_0419.htm
c:\drivers\network\R167854\Readmes\yk60x86_041D.htm
c:\drivers\network\R167854\Readmes\yk60x86_041F.htm
c:\drivers\network\R167854\Readmes\yk60x86_0424.htm
c:\drivers\network\R167854\Readmes\yk60x86_0804.htm
c:\drivers\network\R167854\Readmes\yk60x86_3801.htm
c:\drivers\network\R167854\yk60x86.cat
c:\drivers\network\R167854\yk60x86.inf
c:\drivers\network\R167854\yk60x86.sys
c:\drivers\network\R174292\bcm43xx.cat
c:\drivers\network\R174292\bcm43xx64.cat
c:\drivers\network\R174292\bcmihvsrv.dll
c:\drivers\network\R174292\bcmihvsrv64.dll
c:\drivers\network\R174292\bcmihvui.dll
c:\drivers\network\R174292\bcmihvui64.dll
c:\drivers\network\R174292\bcmwl6.inf
c:\drivers\network\R174292\bcmwl6.sys
c:\drivers\network\R174292\bcmwl664.sys
c:\drivers\network\R174292\bcmwlcoi.dll
c:\drivers\network\R174292\bcmwlcoi64.dll
c:\drivers\storage\R166187\5000xzvp.cat
c:\drivers\storage\R166187\5000XZVP.inf
c:\drivers\storage\R166187\945.cat
c:\drivers\storage\R166187\945.inf
c:\drivers\storage\R166187\945gm.cat
c:\drivers\storage\R166187\945GM.inf
c:\drivers\storage\R166187\965g.cat
c:\drivers\storage\R166187\965g.inf
c:\drivers\storage\R166187\965m.cat
c:\drivers\storage\R166187\965m.inf
c:\drivers\storage\R166187\dmi_pci.cat
c:\drivers\storage\R166187\dmi_pci.inf
c:\drivers\storage\R166187\esb2id2.cat
c:\drivers\storage\R166187\ESB2id2.inf
c:\drivers\storage\R166187\esb2ide.cat
c:\drivers\storage\R166187\ESB2ide.inf
c:\drivers\storage\R166187\esb2usb.cat
c:\drivers\storage\R166187\ESB2usb.inf
c:\drivers\storage\R166187\ich7core.cat
c:\drivers\storage\R166187\ich7core.inf
c:\drivers\storage\R166187\ich7id2.cat
c:\drivers\storage\R166187\ich7id2.inf
c:\drivers\storage\R166187\ich7ide.cat
c:\drivers\storage\R166187\ich7ide.inf
c:\drivers\storage\R166187\ich7usb.cat
c:\drivers\storage\R166187\ich7usb.inf
c:\drivers\storage\R166187\ich8ahci.cat
c:\drivers\storage\R166187\ich8ahci.inf
c:\drivers\storage\R166187\ich8core.cat
c:\drivers\storage\R166187\ich8core.inf
c:\drivers\storage\R166187\ich8id2.cat
c:\drivers\storage\R166187\ich8id2.inf
c:\drivers\storage\R166187\ich8ide.cat
c:\drivers\storage\R166187\ich8ide.inf
c:\drivers\storage\R166187\ich8smb.cat
c:\drivers\storage\R166187\ich8smb.inf
c:\drivers\storage\R166187\ich8usb.cat
c:\drivers\storage\R166187\ich8usb.inf
c:\drivers\storage\R166187\ichxdev.cat
c:\drivers\storage\R166187\ichXdev.inf
c:\drivers\storage\R166187\INFAnswr.txt
c:\drivers\storage\R166187\readme.txt
c:\drivers\storage\R166187\Version.txt
c:\drivers\storage\R166188\rimmptsk.cat
c:\drivers\storage\R166188\Rimmptsk.inf
c:\drivers\storage\R166188\rimmptsk.sys
c:\drivers\storage\R166188\rimsptsk.cat
c:\drivers\storage\R166188\rimsptsk.inf
c:\drivers\storage\R166188\rimsptsk.sys
c:\drivers\storage\R166188\RixDICON.dll
c:\drivers\storage\R166188\rixdptsk.cat
c:\drivers\storage\R166188\rixdptsk.inf
c:\drivers\storage\R166188\rixdptsk.sys
c:\drivers\storage\R166188\snymsico.dll
c:\drivers\storage\R166200\iaahci.cat
c:\drivers\storage\R166200\iaahci.inf
c:\drivers\storage\R166200\iastor.cat
c:\drivers\storage\R166200\iastor.inf
c:\drivers\storage\R166200\iastor.sys
c:\drivers\storage\R166200\license.txt
c:\drivers\storage\R166200\readme.txt
c:\drivers\storage\R166200\txtsetup.oem
c:\drivers\storage\R166200\Version.txt
c:\drivers\video\R180254\autorun.inf
c:\drivers\video\R180254\difxapi.dll
c:\drivers\video\R180254\Graphics\difx32.dll
c:\drivers\video\R180254\Graphics\hccutils.dll
c:\drivers\video\R180254\Graphics\hkcmd.exe
c:\drivers\video\R180254\Graphics\ig4dev32.dll
c:\drivers\video\R180254\Graphics\ig4icd32.dll
c:\drivers\video\R180254\Graphics\igdkmd32.sys
c:\drivers\video\R180254\Graphics\igdumd32.dll
c:\drivers\video\R180254\Graphics\igfxcfg.exe
c:\drivers\video\R180254\Graphics\igfxcpl.cpl
c:\drivers\video\R180254\Graphics\igfxdev.dll
c:\drivers\video\R180254\Graphics\igfxdo.dll
c:\drivers\video\R180254\Graphics\igfxexps.dll
c:\drivers\video\R180254\Graphics\igfxext.exe
c:\drivers\video\R180254\Graphics\igfxpers.exe
c:\drivers\video\R180254\Graphics\igfxpph.dll
c:\drivers\video\R180254\Graphics\igfxrara.lrc
c:\drivers\video\R180254\Graphics\igfxrchs.lrc
c:\drivers\video\R180254\Graphics\igfxrcht.lrc
c:\drivers\video\R180254\Graphics\igfxrcsy.lrc
c:\drivers\video\R180254\Graphics\igfxrdan.lrc
c:\drivers\video\R180254\Graphics\igfxrdeu.lrc
c:\drivers\video\R180254\Graphics\igfxrell.lrc
c:\drivers\video\R180254\Graphics\igfxrenu.lrc
c:\drivers\video\R180254\Graphics\igfxresp.lrc
c:\drivers\video\R180254\Graphics\igfxress.dll
c:\drivers\video\R180254\Graphics\igfxrfin.lrc
c:\drivers\video\R180254\Graphics\igfxrfra.lrc
c:\drivers\video\R180254\Graphics\igfxrheb.lrc
c:\drivers\video\R180254\Graphics\igfxrhun.lrc
c:\drivers\video\R180254\Graphics\igfxrita.lrc
c:\drivers\video\R180254\Graphics\igfxrjpn.lrc
c:\drivers\video\R180254\Graphics\igfxrkor.lrc
c:\drivers\video\R180254\Graphics\igfxrnld.lrc
c:\drivers\video\R180254\Graphics\igfxrnor.lrc
c:\drivers\video\R180254\Graphics\igfxrplk.lrc
c:\drivers\video\R180254\Graphics\igfxrptb.lrc
c:\drivers\video\R180254\Graphics\igfxrptg.lrc
c:\drivers\video\R180254\Graphics\igfxrrus.lrc
c:\drivers\video\R180254\Graphics\igfxrsky.lrc
c:\drivers\video\R180254\Graphics\igfxrslv.lrc
c:\drivers\video\R180254\Graphics\igfxrsve.lrc
c:\drivers\video\R180254\Graphics\igfxrtha.lrc
c:\drivers\video\R180254\Graphics\igfxrtrk.lrc
c:\drivers\video\R180254\Graphics\igfxsrvc.dll
c:\drivers\video\R180254\Graphics\igfxsrvc.exe
c:\drivers\video\R180254\Graphics\igfxTMM.dll
c:\drivers\video\R180254\Graphics\igfxtray.exe
c:\drivers\video\R180254\Graphics\igfxzoom.exe
c:\drivers\video\R180254\Graphics\igklg400.dll
c:\drivers\video\R180254\Graphics\igklg450.dll
c:\drivers\video\R180254\Graphics\iglhxc32.vp
c:\drivers\video\R180254\Graphics\iglhxo32.vp
c:\drivers\video\R180254\Graphics\iglhxs32.vp
c:\drivers\video\R180254\Graphics\igmedcompkrn.dll
c:\drivers\video\R180254\Graphics\igxpco32.dll
c:\drivers\video\R180254\Graphics\igxpun.exe
c:\drivers\video\R180254\Graphics\kit12877.cat
c:\drivers\video\R180254\Graphics\Kit12877.inf
c:\drivers\video\R180254\Graphics\LANG\HDMI\ara\HDMIara.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\ara\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\chs\HDMIchs.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\chs\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\cht\HDMIcht.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\cht\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\csy\HDMIcsy.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\csy\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\dan\HDMIdan.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\dan\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\deu\HDMIdeu.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\deu\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\ell\HDMIell.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\ell\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\ENU\HDMIenu.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\ENU\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\esp\HDMIesp.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\esp\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\fin\HDMIfin.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\fin\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\fra\HDMIfra.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\fra\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\heb\HDMIheb.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\heb\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\hun\HDMIhun.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\hun\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\ita\HDMIita.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\ita\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\jpn\HDMIjpn.dll

Notcoolness
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-09-03
OS : windows vista home basic
Points : 26478
# Likes : 0

View user profile

Back to top Go down

And here is more tried to get split someplace else but couldn't

Post by Notcoolness on Sun Sep 06, 2009 12:57 am

c:\drivers\video\R180254\Graphics\LANG\HDMI\jpn\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\kor\HDMIkor.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\kor\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\nld\HDMInld.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\nld\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\nor\HDMInor.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\nor\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\plk\HDMIplk.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\plk\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\ptb\HDMIptb.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\ptb\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\ptg\HDMIptg.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\ptg\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\rus\HDMIrus.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\rus\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\SKY\HDMISKY.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\SKY\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\SLV\HDMISLV.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\SLV\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\sve\HDMIsve.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\sve\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\tha\HDMItha.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\tha\license.txt
c:\drivers\video\R180254\Graphics\LANG\HDMI\trk\HDMItrk.dll
c:\drivers\video\R180254\Graphics\LANG\HDMI\trk\license.txt
c:\drivers\video\R180254\Graphics\oemdspif.dll
c:\drivers\video\R180254\Graphics\TVWSetup.exe
c:\drivers\video\R180254\HDMI\HdmiCoin.dll
c:\drivers\video\R180254\HDMI\IntcHDMI.cat
c:\drivers\video\R180254\HDMI\IntcHdmi.inf
c:\drivers\video\R180254\HDMI\IntcHdmi.sys
c:\drivers\video\R180254\IIF2.ini
c:\drivers\video\R180254\Lang\HDMI\ara\HDMIara.dll
c:\drivers\video\R180254\Lang\HDMI\ara\license.txt
c:\drivers\video\R180254\Lang\HDMI\chs\HDMIchs.dll
c:\drivers\video\R180254\Lang\HDMI\chs\license.txt
c:\drivers\video\R180254\Lang\HDMI\cht\HDMIcht.dll
c:\drivers\video\R180254\Lang\HDMI\cht\license.txt
c:\drivers\video\R180254\Lang\HDMI\csy\HDMIcsy.dll
c:\drivers\video\R180254\Lang\HDMI\csy\license.txt
c:\drivers\video\R180254\Lang\HDMI\dan\HDMIdan.dll
c:\drivers\video\R180254\Lang\HDMI\dan\license.txt
c:\drivers\video\R180254\Lang\HDMI\deu\HDMIdeu.dll
c:\drivers\video\R180254\Lang\HDMI\deu\license.txt
c:\drivers\video\R180254\Lang\HDMI\ell\HDMIell.dll
c:\drivers\video\R180254\Lang\HDMI\ell\license.txt
c:\drivers\video\R180254\Lang\HDMI\ENU\HDMIenu.dll
c:\drivers\video\R180254\Lang\HDMI\ENU\license.txt
c:\drivers\video\R180254\Lang\HDMI\esp\HDMIesp.dll
c:\drivers\video\R180254\Lang\HDMI\esp\license.txt
c:\drivers\video\R180254\Lang\HDMI\fin\HDMIfin.dll
c:\drivers\video\R180254\Lang\HDMI\fin\license.txt
c:\drivers\video\R180254\Lang\HDMI\fra\HDMIfra.dll
c:\drivers\video\R180254\Lang\HDMI\fra\license.txt
c:\drivers\video\R180254\Lang\HDMI\heb\HDMIheb.dll
c:\drivers\video\R180254\Lang\HDMI\heb\license.txt
c:\drivers\video\R180254\Lang\HDMI\hun\HDMIhun.dll
c:\drivers\video\R180254\Lang\HDMI\hun\license.txt
c:\drivers\video\R180254\Lang\HDMI\ita\HDMIita.dll
c:\drivers\video\R180254\Lang\HDMI\ita\license.txt
c:\drivers\video\R180254\Lang\HDMI\jpn\HDMIjpn.dll
c:\drivers\video\R180254\Lang\HDMI\jpn\license.txt
c:\drivers\video\R180254\Lang\HDMI\kor\HDMIkor.dll
c:\drivers\video\R180254\Lang\HDMI\kor\license.txt
c:\drivers\video\R180254\Lang\HDMI\nld\HDMInld.dll
c:\drivers\video\R180254\Lang\HDMI\nld\license.txt
c:\drivers\video\R180254\Lang\HDMI\nor\HDMInor.dll
c:\drivers\video\R180254\Lang\HDMI\nor\license.txt
c:\drivers\video\R180254\Lang\HDMI\plk\HDMIplk.dll
c:\drivers\video\R180254\Lang\HDMI\plk\license.txt
c:\drivers\video\R180254\Lang\HDMI\ptb\HDMIptb.dll
c:\drivers\video\R180254\Lang\HDMI\ptb\license.txt
c:\drivers\video\R180254\Lang\HDMI\ptg\HDMIptg.dll
c:\drivers\video\R180254\Lang\HDMI\ptg\license.txt
c:\drivers\video\R180254\Lang\HDMI\rus\HDMIrus.dll
c:\drivers\video\R180254\Lang\HDMI\rus\license.txt
c:\drivers\video\R180254\Lang\HDMI\SKY\HDMISKY.dll
c:\drivers\video\R180254\Lang\HDMI\SKY\license.txt
c:\drivers\video\R180254\Lang\HDMI\SLV\HDMISLV.dll
c:\drivers\video\R180254\Lang\HDMI\SLV\license.txt
c:\drivers\video\R180254\Lang\HDMI\sve\HDMIsve.dll
c:\drivers\video\R180254\Lang\HDMI\sve\license.txt
c:\drivers\video\R180254\Lang\HDMI\tha\HDMItha.dll
c:\drivers\video\R180254\Lang\HDMI\tha\license.txt
c:\drivers\video\R180254\Lang\HDMI\trk\HDMItrk.dll
c:\drivers\video\R180254\Lang\HDMI\trk\license.txt
c:\drivers\video\R180254\readme.txt
c:\drivers\video\R180254\Setup.exe
c:\windows\system32\drivers\SKYNEToxbihueb.sys
c:\windows\system32\oem2.inf
c:\windows\system32\SKYNETidbvntiy.dll
c:\windows\system32\SKYNETlog.dat
c:\windows\system32\SKYNETmwoxyssk.dat
c:\windows\system32\SKYNETvfxmrcjq.dll
c:\windows\system32\SKYNETytexpvna.dat
((((((((((((((((((((((((((((((((((((((( Drivers/Services
-------\Service_SKYNETcpxnnvpt
-------\Legacy_SKYNETcpxnnvpt
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06

2009-09-06 02:31 . 2009-09-06 02:31 -------- dc----w- c:\users\new user\AppData\Local\temp
2009-09-06 02:31 . 2009-09-06 03:42 -------- dc----w- c:\users\Trillest\AppData\Local\temp
2009-09-06 02:31 . 2009-09-06 02:31 -------- dc----w- c:\users\Default\AppData\Local\temp
2009-09-05 22:57 . 2009-09-05 22:57 -------- dc----w- c:\users\Trillest\AppData\Local\VirtualStore
2009-09-05 05:29 . 2009-09-05 05:29 -------- dc----w- c:\program files\Trend Micro
2009-08-15 04:11 . 2009-08-15 04:11 -------- dc----w- c:\program files\Marcos Velasco Security
2009-08-08 05:58 . 2009-08-08 05:58 -------- dc----w- c:\users\Trillest\AppData\Roaming\Malwarebytes
2009-08-08 05:57 . 2009-08-03 18:36 38160 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-08 05:57 . 2009-08-08 05:57 -------- dc----w- c:\programdata\Malwarebytes
2009-08-08 05:57 . 2009-08-08 05:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-08 05:57 . 2009-08-03 18:36 19096 -c--a-w- c:\windows\system32\drivers\mbam.sys
2009-08-08 01:20 . 2009-08-08 01:20 -------- dc----w- c:\programdata\SUPERAntiSpyware.com
2009-08-08 01:19 . 2009-08-08 01:19 -------- dc----w- c:\program files\SUPERAntiSpyware
2009-08-08 01:19 . 2009-08-08 01:19 -------- dc----w- c:\users\Trillest\AppData\Roaming\SUPERAntiSpyware.com
2009-08-08 01:18 . 2009-08-08 01:18 -------- dc----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-08 01:18 . 2009-08-08 01:18 -------- dc----w- c:\program files\WizardRecovery
2009-08-07 23:28 . 2009-08-15 04:46 -------- dc----w- c:\program files\Free Window Registry Repair
2009-08-07 18:39 . 2000-03-23 17:50 446464 -c--a-r- c:\windows\system32\hhactivex.dll
2009-08-07 18:39 . 1999-03-06 02:15 74000 -c--a-w- c:\windows\system32\msrclr40.dll
2009-08-07 18:39 . 1999-03-06 02:15 28944 -c--a-w- c:\windows\system32\msrecr40.dll
2009-08-07 18:39 . 1998-06-18 04:00 89360 -c--a-w- c:\windows\system32\VB5DB.DLL
2009-08-07 18:38 . 2001-08-22 13:42 13632 -c----w- c:\windows\system32\drivers\omci.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report
2009-09-04 18:25 . 2009-02-21 04:29 65800 -c--a-w- c:\users\Trillest\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-15 04:47 . 2009-08-07 02:40 -------- dc----w- c:\program files\RCrawler
2009-08-08 05:10 . 2009-02-21 04:43 -------- dc----w- c:\users\Trillest\AppData\Roaming\LimeWire
2009-08-07 18:39 . 2008-08-11 16:28 -------- dc-h--w- c:\program files\InstallShield Installation Information
2009-08-07 18:38 . 2008-08-11 04:27 -------- dc----w- c:\program files\Common Files\InstallShield
2009-08-07 05:19 . 2009-02-21 04:55 -------- dc----w- c:\users\Trillest\AppData\Roaming\Yahoo!
2009-08-06 23:16 . 2008-06-17 19:19 128248992 ----a-w- c:\windows\DUMP8f34.tmp
2009-08-06 23:02 . 2009-08-06 23:02 -------- dc----w- c:\users\Trillest\AppData\Roaming\Webroot
2009-08-06 23:02 . 2009-08-06 23:02 -------- dc----w- c:\programdata\Webroot
2009-08-06 23:02 . 2009-08-06 23:02 -------- dc----w- c:\program files\Webroot
2009-08-06 23:02 . 2009-08-06 23:00 -------- dc----w- c:\program files\AskSBar
2009-08-06 18:52 . 2009-03-28 18:42 248 -c--a-w- c:\users\Trillest\AppData\Roaming\wklnhst.dat
2009-08-06 18:28 . 2009-08-06 18:28 4 -c--a-w- c:\users\Trillest\AppData\Roaming\NP.sys
2009-08-06 18:26 . 2009-08-06 18:26 76800 -c--a-w- c:\windows\tqard01025.exe
2009-08-06 18:26 . 2009-08-06 18:26 412160 -c--a-w- c:\windows\wajw2281.exe
2009-08-06 18:25 . 2009-08-06 18:25 889078 -c--a-w- c:\windows\awrim45212.exe
2009-08-05 23:42 . 2009-08-05 23:43 410984 -c--a-w- c:\windows\system32\deploytk.dll
2009-08-05 23:42 . 2008-08-11 07:53 -------- dc----w- c:\program files\Java
2009-08-05 23:39 . 2008-12-21 03:06 -------- dc----w- c:\program files\Sony
2009-07-25 02:09 . 2009-07-25 02:09 -------- dc----w- c:\programdata\WindowsSearch
2009-07-24 19:35 . 2009-07-24 19:35 -------- dc----w- c:\programdata\Blizzard
2009-07-24 17:47 . 2009-07-24 17:47 -------- dc----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-24 02:10 . 2009-07-24 02:08 -------- dc----w- c:\program files\FLV Player
2009-07-21 06:02 . 2009-07-21 06:02 96 -c--a-w- c:\users\Trillest\AppData\Local\fusioncache.dat
2009-07-21 06:02 . 2009-07-21 06:02 -------- dc----w- c:\users\Trillest\AppData\Roaming\Sony
2009-07-21 06:00 . 2009-07-21 06:00 -------- dc----w- c:\program files\Microsoft SQL Server
2009-07-21 05:58 . 2009-07-21 05:58 -------- dc----w- c:\programdata\Sony
2009-07-21 05:35 . 2008-12-21 03:04 -------- dc----w- c:\program files\Sony Setup
2009-07-21 05:35 . 2009-07-21 05:34 -------- dc----w- c:\users\Trillest\AppData\Roaming\Audacity
2009-07-18 16:06 . 2009-07-29 00:34 827904 -c--a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 00:33 78336 -c--a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 00:33 26624 -c--a-w- c:\windows\system32\ieUnatt.exe
2009-07-18 01:37 . 2006-11-02 11:18 -------- dc----w- c:\program files\Windows Mail
2009-07-18 00:59 . 2008-07-25 22:52 -------- dc----w- c:\program files\Microsoft Works
2009-07-16 21:47 . 2008-09-05 18:18 -------- dc----w- c:\program files\Dl_cats
2009-06-15 15:24 . 2009-07-16 21:58 156672 -c--a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-16 21:58 72704 -c--a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-16 21:58 10240 -c--a-w- c:\windows\system32\dciman32.dll
2009-06-15 12:52 . 2009-07-16 21:58 289792 -c--a-w- c:\windows\system32\atmfd.dll

Notcoolness
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-09-03
OS : windows vista home basic
Points : 26478
# Likes : 0

View user profile

Back to top Go down

OK last of it

Post by Notcoolness on Sun Sep 06, 2009 12:57 am

((((((((((((((((((((((((((((((((((((( Reg Loading Points

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2009-08-06 66912]

[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2009-08-06 23:02 66912 -c--a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-08-09 5418864]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 19:56 352256 -c--a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{290B6E2F-1649-4985-B045-E5BBF420CCD2}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BE1120EF-A175-4E62-B1BB-9C625E5A7570}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{E6E2C80F-E94D-416D-8944-D00ADF604902}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{5585AFAC-68BD-4FBD-8249-E5012ECBF92F}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{932BB497-F95C-4266-98A6-65796F6FFF96}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{373D87FE-4DDB-443B-ACC4-DA586404177C}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{9BFEF211-151C-4F52-B2FC-59D2179A464C}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{DDDC2DEF-5098-45DA-AD2E-A791A3F0C5ED}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"TCP Query User{DF0A034B-F551-4A16-88E4-9BB1FF35F4FB}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{38620EB8-FFB7-4921-BE47-C1E38470C7CA}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"{FE02C8FA-05D8-4F8B-9078-25A1804A8AE5}"= UDP:c:\windows\System32\dlbfcoms.exe:AIO Printer A960 Server
"{6A28B52E-C80A-4BDB-98D2-B15566D0971B}"= TCP:c:\windows\System32\dlbfcoms.exe:AIO Printer A960 Server
"{27D0D14D-0CA3-45F8-A21A-14E78E1E5D0A}"= UDP:3724:Blizzard Downloader: 3724

R0 ssfs0bbc;ssfs0bbc;c:\windows\System32\drivers\ssfs0bbc.sys [8/9/2008 2:42 PM 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/4/2008 1:50 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]
S4 dlbf_device;dlbf_device;c:\windows\system32\dlbfcoms.exe -service --> c:\windows\system32\dlbfcoms.exe -service [?]
S4 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder

2009-09-06 c:\windows\Tasks\User_Feed_Synchronization-{62590D7D-946E-49D7-B630-D77422460DDB}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:34]

2009-09-04 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-08-06 21:04]

2009-09-04 c:\windows\Tasks\wrSpySweeperFullSweep.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2009-08-06 21:04]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
------- Supplementary Scan -------
.
mStart Page = [You must be registered and logged in to see this link.]
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mDefault_Search_URL = [You must be registered and logged in to see this link.]
mSearch Page = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\Trillest\AppData\Roaming\Mozilla\Firefox\Profiles\fzb63qgt.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-09-05 22:40
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
**************************************************************************
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\wlanext.exe
c:\windows\System32\BCMWLTRY.EXE
c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Common Files\Teleca Shared\Generic.exe
c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
**************************************************************************
Completion time: 2009-09-06 23:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 04:26

Pre-Run: 48,843,296,768 bytes free
Post-Run: 48,585,834,496 bytes free

618 --- E O F --- 2009-08-06 00:36

Notcoolness
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-09-03
OS : windows vista home basic
Points : 26478
# Likes : 0

View user profile

Back to top Go down

HAHAHA YOU ROCK!!!

Post by Notcoolness on Sun Sep 06, 2009 1:08 am

Ok awesome after those posts I tried the net on my laptop and it works again!!!!! Don't know if you want me to do anything else with that log info ill check back tomorrow. Thanks again you are a light at the end of the nasty virus infected net hole. Awesome work!!!!

Notcoolness
Novice
Novice

Status :
Online
Offline

Posts : 6
Joined : 2009-09-03
OS : windows vista home basic
Points : 26478
# Likes : 0

View user profile

Back to top Go down

Re: System #@!!%@%! security 2009 got me

Post by Belahzur on Sun Sep 06, 2009 2:09 pm

Hello.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Ask Toolbar
    Limewire

  • Click on the Uninstall/Change button at the top.

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\DUMP8f34.tmp
    c:\users\Trillest\AppData\Roaming\LimeWire
    c:\program files\AskSBar
    c:\windows\tqard01025.exe
    c:\windows\wajw2281.exe
    c:\windows\awrim45212.exe


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum