some 1 hacked my registry i think

View previous topic View next topic Go down

some 1 hcked my registry i think

Post by matressman on Sun Sep 13, 2009 3:52 pm

My problem is that some1 on a free online game threatened to hack me after a litte bit of smack talk. The next day when i logged on the game and layed for a litte bit my comp crashed. and when u tried to turn it back on the second you turn on it shuts back down. I have to wait for a little bit for it t start up back normally. most of the time i hav t stat luanch up repair and it makes me restore theharddrive. Whenever i log on now it happens. Hethen messaged meon xfire saying the my registry has bee fxed that he fixed it. Then the game workedfr a couple days. Then the same problem started repeating its self. Please help me!!

matressman
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-09-12
OS OS : Vista
Points Points : 26460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: some 1 hacked my registry i think

Post by Dr Jay on Sun Sep 13, 2009 6:15 pm

Hi

Rooter Rootkit Detector - [You must be registered and logged in to see this link.]

Download [You must be registered and logged in to see this link.] to your desktop

  1. Double click it to start the tool.
  2. A Notepad file containing the report will open, also found at
    %systemdrive%(usually C:)\Rooter.txt. Post that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13717
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Protection Protection : Bitdefender Total Security
Points Points : 302127
# Likes # Likes : 10

View user profile

Back to top Go down

Re: some 1 hacked my registry i think

Post by matressman on Sun Sep 13, 2009 9:42 pm

The token does not have the SeDebugPrivilege privilege ! (error:1300)
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (468)
Locked csrss.exe (536)
Locked wininit.exe (588)
Locked csrss.exe (616)
Locked services.exe (644)
Locked lsass.exe (656)
Locked lsm.exe (664)
Locked winlogon.exe (808)
Locked svchost.exe (836)
Locked PresentationFontCache.exe (880)
Locked svchost.exe (924)
Locked svchost.exe (968)
Locked Ati2evxx.exe (352)
Locked svchost.exe (344)
Locked svchost.exe (488)
Locked svchost.exe (12)
Locked audiodg.exe (544)
Locked svchost.exe (1048)
Locked SLsvc.exe (1072)
Locked svchost.exe (1112)
Locked svchost.exe (1292)
Locked Ati2evxx.exe (1384)
Locked wlanext.exe (1476)
Locked spoolsv.exe (1580)
Locked CCSVCHST.EXE (1660)
Locked svchost.exe (1800)
Locked svchost.exe (1248)
Locked CFProcSRVC.exe (2084)
Locked CFSvcs.exe (2112)
Locked o2flash.exe (2156)
Locked pinger.exe (2200)
Locked PnkBstrA.exe (2320)
Locked svchost.exe (2340)
Locked svchost.exe (2372)
Locked swupdtmr.exe (2404)
Locked TNaviSrv.exe (2468)
Locked TODDSrv.exe (2528)
Locked TosCoSrv.exe (2548)
Locked TosBtSrv.exe (2600)
Locked TosIPCSrv.exe (2652)
Locked ULCDRSvr.exe (2676)
Locked svchost.exe (2696)
Locked SearchIndexer.exe (2724)
Locked XAudio64.exe (2752)
Locked SDWinSec.exe (2788)
Locked SmartFaceVWatchSrv.exe (3060)
Locked AluSchedulerSvc.exe (1256)
Locked taskeng.exe (1924)
______ ?????????? (3196)
______ ?????????? (3240)
______ ?????????? (3288)
______ ?????????? (3540)
______ ?????????? (3548)
______ ?????????? (3580)
______ ?????????? (3596)
______ ?????????? (3604)
______ ?????????? (3628)
______ ?????????? (3672)
______ C:\Program Files (x86)\Skype\Phone\Skype.exe (3696)
______ C:\Program Files (x86)\Crawler\Smileys\CSmileysIM.exe (3728)
______ C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (3736)
______ C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe (3752)
______ C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe (3800)
______ ?????????? (3808)
______ C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe (3832)
______ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe (3876)
______ C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe (3900)
______ C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (3944)
______ C:\Program Files (x86)\Java\jre6\bin\jusched.exe (3956)
______ C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (3980)
______ ?????????? (4084)
______ C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe (4372)
______ C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe (4448)
______ ?????????? (4676)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (4984)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (5068)
______ ?????????? (4296)
Locked wmpnetwk.exe (3664)
______ C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe (4772)
______ C:\PROGRA~2\Crawler\Smileys\CSMILE~1.EXE (4412)
______ C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msntask.exe (1932)
Locked SynTPHelper.exe (5076)
______ C:\Windows\SysWow64\Macromed\Flash\FlashUtil10b.exe (3788)
Locked mbam.exe (2288)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (2812)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (6132)
______ C:\Program Files (x86)\Internet Explorer\iexplore.exe (3512)
Locked SearchProtocolHost.exe (4036)
Locked SearchFilterHost.exe (3368)
______ C:\Users\Charles\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EP89ZDUW\Rooter[2].exe (6928)

.
C:\Rooter$\Rooter_1.txt - (13/09/2009 | 14:40.55)

matressman
Novice
Novice

Posts Posts : 24
Joined Joined : 2009-09-12
OS OS : Vista
Points Points : 26460
# Likes # Likes : 0

View user profile

Back to top Go down

Re: some 1 hacked my registry i think

Post by Dr Jay on Sun Sep 13, 2009 10:00 pm

Hi

That person fixed the Registry alright...the person meant that they locked the Registry. As I see it from here, the Registry is on lockdown, making the read/writes from the System harder.

Please download ComboFix from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] to your Desktop.

**Note:
In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**


  1. If you are using Firefox, make sure that your download settings are as follows:

    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

  • During the download, rename Combofix to Combo-Fix as follows:




  • It is important you rename Combofix during the download, but not after.
  • Please do not rename Combofix to other names, but only to the one indicated.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    -----------------------------------------------------------


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on [You must be registered and logged in to see this link.] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------



    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------


  • Double click on combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\Combo-Fix.txt" along with a new HijackThis log for further review.

  • **Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

    If you still cannot get this to run, try booting into Safe Mode, and run it there.

    To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode."

    If this doesn't work either, try the same method (above method), but name
    Combofix.exe to iexplore.exe instead, or winlogon.exe.
    This is because it also happens in some cases that malware blocks EVERY process except for what is in its own whitelist, so this whitelist also includes system important processes such as iexplore.exe, explorer.exe, winlogon.exe.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Mon Sep 14, 2009 3:21 am

    It says its not OC capable to Vista. Only windows 2000 and somethng else

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Mon Sep 14, 2009 7:16 pm

    Hi

    Did you disable antivirus and firewall software?

    Is your system 32 bit or 64 bit?

    If 32 bit: this link for sure would work: [You must be registered and logged in to see this link.]
    If you can do the scan post the log in your next reply. Try to elevate it by right clicking it and clicking Run as Administrator.

    Else 64 bit: Do MBAM:
    Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.].

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Full Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the entire report in your next reply.

    Extra Note:

    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

    ==

    If you have the ComboFix log, please post it in your next reply. If you have the MBAM log, post that in your next reply as well.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Mon Sep 14, 2009 11:24 pm

    Malwarebytes' Anti-Malware 1.41
    Database version: 2797
    Windows 6.0.6001 Service Pack 1

    9/14/2009 4:23:18 PM
    mbam-log-2009-09-14 (16-23-18).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 286665
    Time elapsed: 1 hour(s), 2 minute(s), 48 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 22
    Registry Values Infected: 1
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MyWebSearch Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Mon Sep 14, 2009 11:32 pm

    Hi

    Please run a free online scan with the [You must be registered and logged in to see this link.]
    Note: You will need to use Internet Explorer for this scan

    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Tue Sep 15, 2009 2:09 am

    the search found 2 threats. I chose clean as usuall. Then when I clicked finish i closed the window. But no notepad popped up like usuall. So then i searched through my computer for the C:\Program Files\EsetOnlineScanner\log.txt
    But it told me the file didnt exist. I looked through notepad many times but to no avail.

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Tue Sep 15, 2009 2:19 am

    Hi

    Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Please post the log in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Tue Sep 15, 2009 4:53 pm

    Malwarebytes' Anti-Malware 1.41
    Database version: 2804
    Windows 6.0.6001 Service Pack 1

    9/15/2009 9:52:53 AM
    mbam-log-2009-09-15 (09-52-53).txt

    Scan type: Quick Scan
    Objects scanned: 81275
    Time elapsed: 3 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Tue Sep 15, 2009 4:58 pm

    Hi

    Please navigate to this webpage: [You must be registered and logged in to see this link.] and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

    ==

    Then,

    Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Tue Sep 15, 2009 10:22 pm

    Results of screen317's Security Check version 0.98.9
    Windows Vista
    Out of date service pack!!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Norton 360


    WMIC entry does not exist for antivirus; attempting automatic update.
    ``````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 11
    Java(TM) 6 Update 6
    Out of date Java installed!
    Adobe Flash Player 10
    Adobe Reader 8.1.2
    Out of date Adobe Reader installed!
    ``````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe

    Windows Defender MSASCui.exe

    ``````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    `````````End of Log```````````

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Tue Sep 15, 2009 10:37 pm

    Hi

    Please consider updating to Windows Vista Service Pack 2 (SP2).
    Windows Vista Service Pack 2 (SP2) contains all the updates released since SP1 plus support for new types of hardware and emerging hardware standards.
    It is now available via [You must be registered and logged in to see this link.] or as a standalone installation [You must be registered and logged in to see this link.].

    ==

    Adobe Acrobat Reader is out of date.

    Please download the newest version from here: [You must be registered and logged in to see this link.]

    It's important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to Start > Control Panel > Software and open Add or Remove Programs.
    Search in the list for all previous installed versions of Adobe Acrobat Reader.

    Once old versions are gone, please install the newest version.

    ==

    Java is out of date.

    Download the newest version from here [You must be registered and logged in to see this link.].

    It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
    Go to Start > Control Panel > Software and open Add or Remove Programs.
    Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).
    They will have this icon next to them:
    Select each in turn and click Remove.

    Once old versions are gone, please install the newest version.

    ==

    How is your computer running? Please tell me how the updates went. This is important, because any problems in updating can be a sign of more malware on your computer.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Sat Sep 19, 2009 12:58 am

    hey updates went great but im still having the same original problem

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Sat Sep 19, 2009 1:24 am

    Hi

    Go Start type in CMD and right-click on it in the results pane and select Run as Administrator.
    Type in: sfc /scannow
    Press enter.

    After the first run, reboot your computer. Do a second run. Now the scan and fix is finished.

    Does this fix your problem?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Sat Sep 19, 2009 10:52 pm

    are there any other downloads that can help me with my computer?

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Sat Sep 19, 2009 10:54 pm

    o my bad i didnt c ur latest post let me get right on that

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Sun Sep 20, 2009 11:31 pm

    i scanned it using CMD and it said it found dangerouse files but werent able to fix some of them. And my computer is still randomly shutting down during certain programs

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Mon Sep 21, 2009 12:38 am

    Hi

    Please download the latest version of Kaspersky GetSystemInfo (GSI) from [You must be registered and logged in to see this link.] and save it to your Desktop.
    • Please close all other applications running on your system.
    • Please double click GetSystemInfo.exe to open it.
    • Click the Settings button.
    • Set it to Maximum
    • IMPORTANT! Then please click Customize - choose Driver / Ports tab and
    • Uncheck Scan Ports.
    • Click Create Report to run it.
    • It will create a zip folder called GetSystemInfo_XXXXXXXXXXXXXX.zip on your Desktop. Please upload the folder to [You must be registered and logged in to see this link.] and click the Submit button.

    Please copy and paste the url of the GSI Parser report (not the log) in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Thu Sep 24, 2009 2:08 am

    C:\Users\Charles\Desktop\GetSystemInfo_CHARLES-PC_Charles_2009_09_23_19_03_37.zip

    I tried to veiw settings like you asked but it said i needed administration rights to veiw the settings. This is what i ot ona regular report

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Thu Sep 24, 2009 2:14 am

    and when i ran it as administrator it said run time error 339 Componet COMCTL32.OCX or one of its dependencies are not registered or invalid

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Thu Sep 24, 2009 4:06 am

    Hi

    Please download DDS by sUBs from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.] and save it to your Desktop.

    Note: Before scanning, make sure all other running programs are closed. There shouldn't be any scheduled antivirus scans running while the scan is being performed. Do not use your computer for anything else during the scan.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
    • Notepad will open with the results, click Yes to the Optional_Scan
    • Please follow the instructions that pop up for posting the results.
    • Close the program window, and delete the program from your Desktop.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Fri Sep 25, 2009 3:33 am

    it tells me this tool doesnt support my operating system.

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Fri Sep 25, 2009 5:03 am

    Hi


    • Download random's system information tool (RSIT) by random/random from [You must be registered and logged in to see this link.].
    • It is important that is saved to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Click Continue at the disclaimer screen.
    • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Sun Sep 27, 2009 11:50 pm

    info.txt logfile of random's system information tool 1.06 2009-09-27 16:42:38

    ======Uninstall list======

    -->"C:\Program Files (x86)\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
    -->"C:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
    -->"C:\Program Files (x86)\TOSHIBA Games\Battlestar Galactica\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\FATE\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Polar Golfer\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers - A New Home\Uninstall.exe"
    -->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
    -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
    2007 Microsoft Office system-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
    A.V.A-->"C:\Program Files (x86)\InstallShield Installation Information\{42AF51C0-4028-46CF-B616-FB1F75286457}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
    ALOT Toolbar-->"C:\Program Files (x86)\alot\alotUninst.exe"
    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
    Atheros Wi-Fi Protected Setup Library-->C:\Program Files (x86)\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0009 -removeonly
    Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
    Battlefield Heroes-->"C:\Program Files (x86)\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstall.xml"
    Camera Assistant Software for Toshiba-->C:\Program Files (x86)\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
    Carbonite Online Backup Setup-->"C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 /uninstall
    Catalyst Control Center - Branding-->MsiExec.exe /I{69E5255D-9D43-4CFF-8984-843ABD7753B7}
    ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
    CD/DVD Drive Acoustic Silencer-->C:\Program Files (x86)\InstallShield Installation Information\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}\setup.exe -runfromtemp -l0x0009 -removeonly
    Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
    Commandos Strike Force-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{544DB849-AB59-4C12-A333-2F214E24870F}\setup.exe" -l0x9 -removeonly
    Crawler Smileys-->"C:\Program Files (x86)\Crawler\Smileys\unins000.exe"
    Crawler Toolbar-->C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe uninst
    Cross Fire En-->"C:\Program Files (x86)\Subagames\CrossFire\unins000.exe"
    CyberLink PowerCinema for TOSHIBA-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" /z-uninstall
    Data Doctor - Mobile Phone Inspector 2.0.1.5-->C:\Program Files (x86)\Data Doctor - Mobile Phone Inspector\Uninstall.exe
    Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5-->C:\Program Files (x86)\Data Doctor Recovery - SIM Card (Evaluation)\Uninstall.exe
    DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
    DyynoPlayer 0.8.6f.2-->C:\Program Files (x86)\Dyyno\Dyyno Player\uninstall.exe
    ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
    Fast Browser Search (My Web Tattoo)-->regsvr32 /u /s "C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll"
    GameShadow-->MsiExec.exe /I{141FBF87-4FB4-41E1-80B4-E1389268D541}
    GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
    Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    GSC 2.00-->"C:\Program Files (x86)\GSC 2.00\gsc-uninst.exe"
    HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
    ijji REACTOR-->"C:\Program Files (x86)\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Inbox Toolbar-->"C:\Program Files (x86)\Inbox Toolbar\unins000.exe"
    Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
    Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
    Memeo AutoBackup-->C:\Program Files (x86)\InstallShield Installation Information\{C515A5CE-7B56-4C80-881C-86B7768E2FD0}\setup.exe -runfromtemp -l0x0409
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MSN Toolbar-->MsiExec.exe /I{94D16248-E39A-46A4-8CBD-0DAE9C7444B4}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    NetWaiting-->C:\Program Files (x86)\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    Norton 360 (Symantec Corporation)-->"C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
    Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
    Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
    Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
    Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
    Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
    OPERATION7-->"c:\Netgame\OPERATION7\uninstall.exe"
    Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
    ParetoLogic DriverCure-->C:\Program Files (x86)\ParetoLogic\DriverCure\uninstall.exe
    Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
    PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
    QUAD RegistryCleaner v.1.5.94-->C:\Program Files (x86)\QUAD Utilities\QUAD RegistryCleaner\uninst.exe
    QuickBooks Financial Center-->MsiExec.exe /I{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
    QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
    Reader Rabbit Kindergarten-->C:\Windows\TLCUninstall.exe -f "C:\Program Files (x86)\The Learning Company\Reader Rabbit Kindergarten\Uninstall.xml"
    Registry Mechanic 8.0-->"C:\Program Files (x86)\Registry Mechanic\unins000.exe" /Log
    Scions Of Fate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DA3C53B8-49B0-41CF-9D5C-D96A7FCBD029}\setup.exe" -l0x9 -removeonly
    Search Guard Plus (My Web Tattoo)-->C:\Program Files\Search Guard Plus\uninstalSGP.exe
    Search Guard Plus Updater (My Web Tattoo)-->C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
    Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Soldier Front-->"C:\Program Files (x86)\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
    SuddenAttackNA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{732799C0-7785-43C5-8496-71546A062992}\setup.exe" -l0x9 -removeonly
    Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
    TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
    Toshiba Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly
    TOSHIBA ConfigFree-->MsiExec.exe /X{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
    TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
    TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
    TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
    TOSHIBA Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"
    TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E8B39B08-7FAB-48CC-89E9-37C5589E130C} /l1033
    TOSHIBA PowerCinema Helper-->MsiExec.exe /X{FB356619-7ECE-42BC-A28A-541973E29F28}
    Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
    TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
    TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
    TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
    TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{DF0853CA-A1D0-4169-8472-F2822C8FA1EB} /l1033
    TOSHIBA Value Added Package-->C:\Program Files (x86)\InstallShield Installation Information\{066CFFF8-12BF-4390-A673-75F95EFF188E}\setup.exe -runfromtemp -l0x0409
    Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
    Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
    VideoLAN VLC media player 0.8.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
    Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    WolfTeam-->C:\AeriaGames\WolfTeam\Uninst.exe
    Xfire (remove only)-->"C:\Program Files (x86)\Xfire\lol\uninst.exe"

    ======Hosts File======

    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 008k.com
    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 032439.com

    ======Security center information======

    AS: Spybot - Search and Destroy (outdated)
    AS: Windows Defender

    ======System event log======

    Computer Name: Charles-PC
    Event Code: 10010
    Message: The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register with DCOM within the required timeout.
    Record Number: 121608
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090927230814.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 6008
    Message: The previous system shutdown at 4:32:12 PM on 9/27/2009 was unexpected.
    Record Number: 121624
    Source Name: EventLog
    Time Written: 20090927233805.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 15016
    Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
    Record Number: 121630
    Source Name: Microsoft-Windows-HttpEvent
    Time Written: 20090927233812.196560-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 7
    Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 57 seconds since the last report.
    Record Number: 121732
    Source Name: Microsoft-Windows-Kernel-Processor-Power
    Time Written: 20090927233914.588960-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: Charles-PC
    Event Code: 7
    Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 56 seconds since the last report.
    Record Number: 121733
    Source Name: Microsoft-Windows-Kernel-Processor-Power
    Time Written: 20090927233914.776160-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM

    =====Application event log=====

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44626
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44627
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44628
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44629
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44630
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    =====Security event log=====

    Computer Name: Charles-PC
    Event Code: 4672
    Message: Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7

    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 29064
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233824.219360-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4648
    Message: A logon was attempted using explicit credentials.

    Subject:
    Security ID: S-1-5-18
    Account Name: CHARLES-PC$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Account Whose Credentials Were Used:
    Account Name: Charles
    Account Domain: Charles-PC
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Target Server:
    Target Server Name: localhost
    Additional Information: localhost

    Process Information:
    Process ID: 0x354
    Process Name: C:\Windows\System32\winlogon.exe

    Network Information:
    Network Address: 127.0.0.1
    Port: 0

    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
    Record Number: 29065
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4624
    Message: An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: CHARLES-PC$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7

    Logon Type: 2

    New Logon:
    Security ID: S-1-5-21-260390127-3849902338-1034600469-1000
    Account Name: Charles
    Account Domain: Charles-PC
    Logon ID: 0x4d1d8
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x354
    Process Name: C:\Windows\System32\winlogon.exe

    Network Information:
    Workstation Name: CHARLES-PC
    Source Network Address: 127.0.0.1
    Source Port: 0

    Detailed Authentication Information:
    Logon Process: User32
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to reƖ this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Record Number: 29066
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4624
    Message: An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: CHARLES-PC$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7

    Logon Type: 2

    New Logon:
    Security ID: S-1-5-21-260390127-3849902338-1034600469-1000
    Account Name: Charles
    Account Domain: Charles-PC
    Logon ID: 0x4d1f0
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x354
    Process Name: C:\Windows\System32\winlogon.exe

    Network Information:
    Workstation Name: CHARLES-PC
    Source Network Address: 127.0.0.1
    Source Port: 0

    Detailed Authentication Information:
    Logon Process: User32
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to reƖ this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Record Number: 29067
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4672
    Message: Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-21-260390127-3849902338-1034600469-1000
    Account Name: Charles
    Account Domain: Charles-PC
    Logon ID: 0x4d1d8

    Privileges: SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 29068
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=AMD64
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=17
    "PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=0301
    "NUMBER_OF_PROCESSORS"=2
    "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
    "DFSTRACINGON"=FALSE

    -----------------EOF-----------------

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Sun Sep 27, 2009 11:53 pm

    info.txt logfile of random's system information tool 1.06 2009-09-27 16:42:38

    ======Uninstall list======

    -->"C:\Program Files (x86)\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
    -->"C:\Program Files (x86)\Symantec\LiveUpdate\LSETUP.EXE" /U
    -->"C:\Program Files (x86)\TOSHIBA Games\Battlestar Galactica\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Bejeweled 2 Deluxe\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Chuzzle Deluxe\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\FATE\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Mah Jong Quest\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Mystery P.I. - The Lottery Ticket\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Penguins!\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Polar Bowler\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Polar Golfer\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\Uninstall.exe"
    -->"C:\Program Files (x86)\TOSHIBA Games\Virtual Villagers - A New Home\Uninstall.exe"
    -->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
    -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
    2007 Microsoft Office system-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROHYBRIDR /dll OSETUP.DLL
    A.V.A-->"C:\Program Files (x86)\InstallShield Installation Information\{42AF51C0-4028-46CF-B616-FB1F75286457}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
    Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
    AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
    ALOT Toolbar-->"C:\Program Files (x86)\alot\alotUninst.exe"
    AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
    Atheros Driver Installation Program-->C:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
    Atheros Wi-Fi Protected Setup Library-->C:\Program Files (x86)\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0009 -removeonly
    Backup-->MsiExec.exe /I{24DF7221-644B-4C3A-A478-459502D40522}
    Battlefield Heroes-->"C:\Program Files (x86)\EA Games\Battlefield Heroes\uninstaller.exe" "C:\Program Files (x86)\EA Games\Battlefield Heroes\Uninstall.xml"
    Camera Assistant Software for Toshiba-->C:\Program Files (x86)\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
    Carbonite Online Backup Setup-->"C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800 /uninstall
    Catalyst Control Center - Branding-->MsiExec.exe /I{69E5255D-9D43-4CFF-8984-843ABD7753B7}
    ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
    CD/DVD Drive Acoustic Silencer-->C:\Program Files (x86)\InstallShield Installation Information\{4C3F3228-13BE-41D0-A782-3DDE7CB2479A}\setup.exe -runfromtemp -l0x0009 -removeonly
    Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US
    Commandos Strike Force-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{544DB849-AB59-4C12-A333-2F214E24870F}\setup.exe" -l0x9 -removeonly
    Crawler Smileys-->"C:\Program Files (x86)\Crawler\Smileys\unins000.exe"
    Crawler Toolbar-->C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe uninst
    Cross Fire En-->"C:\Program Files (x86)\Subagames\CrossFire\unins000.exe"
    CyberLink PowerCinema for TOSHIBA-->"C:\Program Files (x86)\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" /z-uninstall
    Data Doctor - Mobile Phone Inspector 2.0.1.5-->C:\Program Files (x86)\Data Doctor - Mobile Phone Inspector\Uninstall.exe
    Data Doctor Recovery - SIM Card (Evaluation) 3.0.1.5-->C:\Program Files (x86)\Data Doctor Recovery - SIM Card (Evaluation)\Uninstall.exe
    DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
    DyynoPlayer 0.8.6f.2-->C:\Program Files (x86)\Dyyno\Dyyno Player\uninstall.exe
    ESET Online Scanner v3-->C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
    Fast Browser Search (My Web Tattoo)-->regsvr32 /u /s "C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll"
    GameShadow-->MsiExec.exe /I{141FBF87-4FB4-41E1-80B4-E1389268D541}
    GearDrvs-->MsiExec.exe /I{CB84F0F2-927B-458D-9DC5-87832E3DC653}
    Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
    Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
    GSC 2.00-->"C:\Program Files (x86)\GSC 2.00\gsc-uninst.exe"
    HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
    ijji REACTOR-->"C:\Program Files (x86)\InstallShield Installation Information\{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Inbox Toolbar-->"C:\Program Files (x86)\Inbox Toolbar\unins000.exe"
    Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
    Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
    LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
    Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
    Memeo AutoBackup-->C:\Program Files (x86)\InstallShield Installation Information\{C515A5CE-7B56-4C80-881C-86B7768E2FD0}\setup.exe -runfromtemp -l0x0409
    Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
    Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Professional Hybrid 2007-->MsiExec.exe /X{91120000-0031-0000-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    MSN Toolbar-->MsiExec.exe /I{94D16248-E39A-46A4-8CBD-0DAE9C7444B4}
    MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    NetWaiting-->C:\Program Files (x86)\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
    Norton 360 (Symantec Corporation)-->"C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_2_0_0_242\Setup.exe" /X
    Norton 360 HTMLHelp-->MsiExec.exe /I{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}
    Norton 360-->MsiExec.exe /I{21829177-4DED-4209-AD08-490B3AC9C01A}
    Norton 360-->MsiExec.exe /I{2D617065-1C52-4240-B5BC-C0AE12157777}
    Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
    Norton Security Scan-->C:\Program Files (x86)\NortonInstaller\{397E31AA-0D78-4649-A01C-339D73A2ED35}\NSS\LicenseType\2.3.0.44\InstStub.exe /X
    OPERATION7-->"c:\Netgame\OPERATION7\uninstall.exe"
    Pando Media Booster-->C:\Program Files (x86)\Pando Networks\Media Booster\uninst.exe
    ParetoLogic DriverCure-->C:\Program Files (x86)\ParetoLogic\DriverCure\uninstall.exe
    Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
    PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
    QUAD RegistryCleaner v.1.5.94-->C:\Program Files (x86)\QUAD Utilities\QUAD RegistryCleaner\uninst.exe
    QuickBooks Financial Center-->MsiExec.exe /I{890EF3F8-742F-46BD-9E8E-084B3A1F4364}
    QuickTime-->C:\Windows\unvise32qt.exe C:\Windows\system32\QuickTime\Uninstall.log
    Reader Rabbit Kindergarten-->C:\Windows\TLCUninstall.exe -f "C:\Program Files (x86)\The Learning Company\Reader Rabbit Kindergarten\Uninstall.xml"
    Registry Mechanic 8.0-->"C:\Program Files (x86)\Registry Mechanic\unins000.exe" /Log
    Scions Of Fate-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DA3C53B8-49B0-41CF-9D5C-D96A7FCBD029}\setup.exe" -l0x9 -removeonly
    Search Guard Plus (My Web Tattoo)-->C:\Program Files\Search Guard Plus\uninstalSGP.exe
    Search Guard Plus Updater (My Web Tattoo)-->C:\Program Files\Search Guard PlusU\uninstalSGPU.exe
    Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
    Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
    Soldier Front-->"C:\Program Files (x86)\InstallShield Installation Information\{8ADE24B2-DCA4-4A1E-8B52-A5B435522D9E}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
    SuddenAttackNA-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{732799C0-7785-43C5-8496-71546A062992}\setup.exe" -l0x9 -removeonly
    Symantec Technical Support Controls-->MsiExec.exe /I{45690715-80A6-4445-B61D-ADEC5888E8CD}
    TeamSpeak 2 RC2-->"C:\Program Files (x86)\Teamspeak2_RC2\unins000.exe"
    Toshiba Assist-->C:\Program Files (x86)\InstallShield Installation Information\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}\setup.exe -runfromtemp -l0x0009 -removeonly
    TOSHIBA ConfigFree-->MsiExec.exe /X{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
    TOSHIBA DVD PLAYER-->C:\Program Files (x86)\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
    TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files (x86)\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
    TOSHIBA Face Recognition-->"C:\Program Files (x86)\InstallShield Installation Information\{F67FA545-D8E5-4209-86B1-AEE045D1003F}\setup.exe" -runfromtemp -l0x0409 -removeonly
    TOSHIBA Games-->"C:\Program Files (x86)\TOSHIBA Games\Uninstall.exe"
    TOSHIBA Hardware Setup-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E8B39B08-7FAB-48CC-89E9-37C5589E130C} /l1033
    TOSHIBA PowerCinema Helper-->MsiExec.exe /X{FB356619-7ECE-42BC-A28A-541973E29F28}
    Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
    TOSHIBA Software Upgrades-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{425A2BC2-AA64-4107-9C29-484245BBEA05}\setup.exe" -l0x9 -removeonly
    TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
    TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
    TOSHIBA Supervisor Password-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{DF0853CA-A1D0-4169-8472-F2822C8FA1EB} /l1033
    TOSHIBA Value Added Package-->C:\Program Files (x86)\InstallShield Installation Information\{066CFFF8-12BF-4390-A673-75F95EFF188E}\setup.exe -runfromtemp -l0x0409
    Unreal Tournament 3-->MsiExec.exe /X{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->c:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Office 2007 (KB934528)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {2B939677-2FFD-48F6-9075-7BF48CB87C80}
    Update for Office System 2007 Setup (KB929722)-->msiexec /package {91120000-0031-0000-0000-0000000FF1CE} /uninstall {D8E9BEBD-655F-467D-8176-CA9959C140A3}
    VideoLAN VLC media player 0.8.5-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
    Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
    WolfTeam-->C:\AeriaGames\WolfTeam\Uninst.exe
    Xfire (remove only)-->"C:\Program Files (x86)\Xfire\lol\uninst.exe"

    ======Hosts File======

    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 008k.com
    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 [You must be registered and logged in to see this link.]
    127.0.0.1 032439.com

    ======Security center information======

    AS: Spybot - Search and Destroy (outdated)
    AS: Windows Defender

    ======System event log======

    Computer Name: Charles-PC
    Event Code: 10010
    Message: The server {6BA70EAF-D5FF-4687-829A-A646EEC622F8} did not register with DCOM within the required timeout.
    Record Number: 121608
    Source Name: Microsoft-Windows-DistributedCOM
    Time Written: 20090927230814.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 6008
    Message: The previous system shutdown at 4:32:12 PM on 9/27/2009 was unexpected.
    Record Number: 121624
    Source Name: EventLog
    Time Written: 20090927233805.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 15016
    Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
    Record Number: 121630
    Source Name: Microsoft-Windows-HttpEvent
    Time Written: 20090927233812.196560-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 7
    Message: The speed of processor 0 is being limited by system firmware. The processor has been in this reduced performance state for 57 seconds since the last report.
    Record Number: 121732
    Source Name: Microsoft-Windows-Kernel-Processor-Power
    Time Written: 20090927233914.588960-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM

    Computer Name: Charles-PC
    Event Code: 7
    Message: The speed of processor 1 is being limited by system firmware. The processor has been in this reduced performance state for 56 seconds since the last report.
    Record Number: 121733
    Source Name: Microsoft-Windows-Kernel-Processor-Power
    Time Written: 20090927233914.776160-000
    Event Type: Warning
    User: NT AUTHORITY\SYSTEM

    =====Application event log=====

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44626
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44627
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44628
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44629
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    Computer Name: Charles-PC
    Event Code: 3013
    Message: The entry in the hash map cannot be updated.

    Context: Application, SystemIndex Catalog

    Details:
    A device attached to the system is not functioning. (0x8007001f)

    Record Number: 44630
    Source Name: Microsoft-Windows-Search
    Time Written: 20090927234031.000000-000
    Event Type: Error
    User:

    =====Security event log=====

    Computer Name: Charles-PC
    Event Code: 4672
    Message: Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-18
    Account Name: SYSTEM
    Account Domain: NT AUTHORITY
    Logon ID: 0x3e7

    Privileges: SeAssignPrimaryTokenPrivilege
    SeTcbPrivilege
    SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeAuditPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 29064
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233824.219360-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4648
    Message: A logon was attempted using explicit credentials.

    Subject:
    Security ID: S-1-5-18
    Account Name: CHARLES-PC$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Account Whose Credentials Were Used:
    Account Name: Charles
    Account Domain: Charles-PC
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Target Server:
    Target Server Name: localhost
    Additional Information: localhost

    Process Information:
    Process ID: 0x354
    Process Name: C:\Windows\System32\winlogon.exe

    Network Information:
    Network Address: 127.0.0.1
    Port: 0

    This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
    Record Number: 29065
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4624
    Message: An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: CHARLES-PC$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7

    Logon Type: 2

    New Logon:
    Security ID: S-1-5-21-260390127-3849902338-1034600469-1000
    Account Name: Charles
    Account Domain: Charles-PC
    Logon ID: 0x4d1d8
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x354
    Process Name: C:\Windows\System32\winlogon.exe

    Network Information:
    Workstation Name: CHARLES-PC
    Source Network Address: 127.0.0.1
    Source Port: 0

    Detailed Authentication Information:
    Logon Process: User32
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to reƖ this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Record Number: 29066
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4624
    Message: An account was successfully logged on.

    Subject:
    Security ID: S-1-5-18
    Account Name: CHARLES-PC$
    Account Domain: WORKGROUP
    Logon ID: 0x3e7

    Logon Type: 2

    New Logon:
    Security ID: S-1-5-21-260390127-3849902338-1034600469-1000
    Account Name: Charles
    Account Domain: Charles-PC
    Logon ID: 0x4d1f0
    Logon GUID: {00000000-0000-0000-0000-000000000000}

    Process Information:
    Process ID: 0x354
    Process Name: C:\Windows\System32\winlogon.exe

    Network Information:
    Workstation Name: CHARLES-PC
    Source Network Address: 127.0.0.1
    Source Port: 0

    Detailed Authentication Information:
    Logon Process: User32
    Authentication Package: Negotiate
    Transited Services: -
    Package Name (NTLM only): -
    Key Length: 0

    This event is generated when a logon session is created. It is generated on the computer that was accessed.

    The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

    The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

    The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

    The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

    The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to reƖ this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
    Record Number: 29067
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    Computer Name: Charles-PC
    Event Code: 4672
    Message: Special privileges assigned to new logon.

    Subject:
    Security ID: S-1-5-21-260390127-3849902338-1034600469-1000
    Account Name: Charles
    Account Domain: Charles-PC
    Logon ID: 0x4d1d8

    Privileges: SeSecurityPrivilege
    SeTakeOwnershipPrivilege
    SeLoadDriverPrivilege
    SeBackupPrivilege
    SeRestorePrivilege
    SeDebugPrivilege
    SeSystemEnvironmentPrivilege
    SeImpersonatePrivilege
    Record Number: 29068
    Source Name: Microsoft-Windows-Security-Auditing
    Time Written: 20090927233833.672960-000
    Event Type: Audit Success
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "OS"=Windows_NT
    "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~2\COMMON~1\ULEADS~1\MPEG;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
    "PROCESSOR_ARCHITECTURE"=AMD64
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "USERNAME"=SYSTEM
    "windir"=%SystemRoot%
    "PROCESSOR_LEVEL"=17
    "PROCESSOR_IDENTIFIER"=AMD64 Family 17 Model 3 Stepping 1, AuthenticAMD
    "PROCESSOR_REVISION"=0301
    "NUMBER_OF_PROCESSORS"=2
    "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
    "DFSTRACINGON"=FALSE

    -----------------EOF-----------------

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Mon Sep 28, 2009 12:14 am

    Hi

    There are many rogue software on your computer and undesirable products.

    Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    QUAD Registry Cleaner
    alot Toolbar
    Crawler (any entry you see)
    Search Guard Plus
    DriverCure


    Please reboot your computer.

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files (x86)\alot
    C:\Program Files (x86)\Crawler
    C:\Program Files (x86)\ParetoLogic
    C:\Program Files (x86)\QUAD Utilities
    C:\Program Files (x86)\Search Guard Plus

    Please reboot your computer.

    Please download: [You must be registered and logged in to see this link.] to your Desktop.
    • Double Click the HijackThis icon, located on your Desktop.
    • By Default, it will install to: C:\Program Files\Trend Micro\HijackThis
      It will also create a shortcut on your Desktop.
    • Accept the license agreement.
    • Click Do a System Scan and Save a Logfile.
    • Please post the log in your next reply.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Mon Sep 28, 2009 1:41 am

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:37:28 PM, on 9/27/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18813)
    Boot mode: Normal

    Running processes:
    C:\Program Files\Search Guard PlusU\sgpupdaters.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Crawler\Smileys\CSmileysIM.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Registry Mechanic\RMTray.exe
    C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
    C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe
    C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
    C:\Program Files (x86)\Java\jre6\bin\jusched.exe
    C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\PROGRA~2\Crawler\Toolbar\CToolbar.exe
    C:\PROGRA~2\Crawler\Smileys\CSMILE~1.EXE
    C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msntask.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [You must be registered and logged in to see this link.]
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [You must be registered and logged in to see this link.]
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files (x86)\alot\bin\BHO\alotBHO.dll
    O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O2 - BHO: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~2\INBOXT~1\Inbox.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Search Assistant - {F0626A63-410B-45E2-99A1-3F2475B2D695} - C:\Program Files\SGPSA\BHO.dll
    O2 - BHO: XBTBPos00 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll
    O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~2\INBOXT~1\Inbox.dll
    O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
    O3 - Toolbar: Fast Browser Search Toolbar - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\Fast Browser Search\IE\FBStoolbar.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
    O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files (x86)\alot\bin\alot.dll
    O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
    O4 - HKLM\..\Run: [PCMAgent] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\PCMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files (x86)\Norton 360\osCheck.exe"
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files (x86)\Jumpstart\jswtrayutil.exe"
    O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
    O4 - HKLM\..\Run: [CSmileys] "C:\Program Files (x86)\Crawler\Smileys\CSmileysIM.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
    O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [CSmileys] "C:\PROGRA~2\Crawler\Smileys\CSmileysIM.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\3.bin\mwsoemon.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: Kuma_Tray.lnk = C:\Program Files (x86)\Kuma Games\kgsystray\Kuma_tray.exe
    O8 - Extra context menu item: &Search - ?p=ZKxdm174YYUS
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - [You must be registered and logged in to see this link.]
    O8 - Extra context menu item: Crawler Search - tbr:iemenu
    O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [You must be registered and logged in to see this link.]
    O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - [You must be registered and logged in to see this link.]
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - [You must be registered and logged in to see this link.]
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - [You must be registered and logged in to see this link.]
    O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_v1004 Class) - [You must be registered and logged in to see this link.]
    O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~2\INBOXT~1\Inbox.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll
    O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: ConfigFree Gadget Service - TOSHIBA Corporation. - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
    O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files (x86)\Jumpstart\jswpsapi.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
    O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
    O23 - Service: pinger - Unknown owner - C:\TOSHIBA\IVP\ISM\pinger.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
    O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files (x86)\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
    O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

    --
    End of file - 16432 bytes

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Mon Sep 28, 2009 2:16 am

    Did you uninstall the programs or not?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Tue Sep 29, 2009 10:16 pm

    i deleted them from start. but i had a diffucult time trying to find them using windows explorer. Also most of those programs i downloaded after the problem occured. i Was trying to clean up my computer tryign to fond the virus. The only thing i had when the problem occured was crawler.

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Wed Sep 30, 2009 4:58 am

    Hi


    1. Download [You must be registered and logged in to see this link.]
    2. Double-click erunt_setup.exe to run.
    3. Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
    4. Say No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
    5. Start ERUNT
    6. Choose a location for the backup
      The default location C:\WINDOWS\ERDNT\[today's date] is preferred
    7. The first two check boxes are ticked by default (System registry and Current user registry).
    8. Press OK
    9. When prompted, click YES to create a new folder.
    10. Progress bars will show backup status.
    11. A confirmation window will popup when complete. Click OK to close.
    ==

    Please download the following file and save it to your Desktop: [You must be registered and logged in to see this link.]

    Double-click on it and confirm the prompt. Then, please restart your computer.

    Please let me know in your next reply if Crawler is removed.


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Thu Oct 01, 2009 3:19 am

    after rebooting my computer right after the 2 downloades there was a message saying that ERDNT didnt install correctly immediatly after another pop up told me "Error saving file
    C;/Windows/ERDNT.....
    Continue wih next file?
    Regcreatekeyex5-Access is denied." And everytime i clicked continue the say message would pop up. and crawler tool bar has been removed

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Thu Oct 01, 2009 7:48 am

    Hi

    Download and install SubInACL from:

    [You must be registered and logged in to see this link.]

    Start Notepad, and enter the following text in to it (copy and paste):

    cd /d "%programfiles%\Windows Resource Kits\Tools"
    subinacl /subkeyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=Charles=f /setowner=administrators
    subinacl /keyreg HKEY_CLASSES_ROOT /grant=administrators=f /grant=system=f /grant=Charles=f /setowner=administrators
    subinacl /subkeyreg HKEY_CURRENT_USER /grant=administrators=f
    /grant=system=f /grant=restricted=r /grant=Charles=f /grant=restricted=r
    /setowner=administrators
    subinacl /keyreg HKEY_CURRENT_USER /grant=administrators=f
    /grant=system=f /grant=restricted=r /grant=Charles=f /grant=restricted=r
    /setowner=administrators
    subinacl /subkeyreg HKEY_LOCAL_MACHINE /grant=administrators=f
    /grant=system=f /grant=Charles=f /grant=everyone=r
    /setowner=administrators
    subinacl /keyreg HKEY_LOCAL_MACHINE /grant=administrators=f
    /grant=system=f /grant=Charles=f /grant=everyone=r
    /setowner=administrators
    subinacl /subkeyreg HKEY_USERS /grant=administrators=f /grant=system=f
    /grant=restricted=r /grant=Charles=f /grant=restricted=r
    /setowner=administrators
    subinacl /keyreg HKEY_USERS /grant=administrators=f /grant=system=f
    /grant=restricted=r /grant=Charles=f /grant=restricted=r
    /setowner=administrators

    Then, click File > Save As

    Drop-down Save as Type and select All Files

    Then in the File Name box, enter in reset.bat and save it in C:\Program Files\Windows
    Resource Kits\Tools

    Then, go to C:\Program Files\Windows
    Resource Kits\Tools and double-click on reset.bat to run the tool.

    Please restart your computer.

    How is your computer running?


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Sun Oct 11, 2009 7:06 pm

    yes it works perfectly now thank you!!!

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Sun Oct 11, 2009 8:06 pm

    You are welcome. Smile


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Fri Oct 16, 2009 2:33 am

    hey i feel awful about bothering u again. but the problem is still here -.-. it was working for a full week and a half without any signs of problems. Then 2 days ago it slowly started happenign again. once the first day twice the second.. till it came back almost back to normal. It just takes a lil longer now for it to happen. Sorry for being a hassle Sad tearing

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by Dr Jay on Fri Oct 16, 2009 7:22 am

    Please do the following to backup your computer: [You must be registered and logged in to see this link.] (using Vista backup utility is the alternative).

    Then, please reinstall (in-place upgrade) Windows Vista. [You must be registered and logged in to see this link.], and read this section only: "To reinstall Windows Vista."

    All of your data is usually fine when doing a reinstall. However, I gave you backup instructions first to ensure your would not lose any data. Failure to backup your data will result in a possible loss of any documents, pictures, videos, special files, or any other important thing you need to save.

    Please tell me whether or not you have completed this task. Thank you!

    Note: this is not to do a reformat. This will fully repair your system!


    Dr. Jay (DJ)


    [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

    Dr Jay
    Head Administrator
    Head Administrator

    Posts Posts : 13717
    Joined Joined : 2009-09-06
    Gender Gender : Male
    OS OS : Windows 10 Home & Pro
    Protection Protection : Bitdefender Total Security
    Points Points : 302127
    # Likes # Likes : 10

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Fri Oct 16, 2009 1:57 pm

    i was actually thinking of doing this last night however im having trouble findinng the disk. ill look later today and tell u how it goes [i][b] :smile2:

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Thu Nov 12, 2009 9:03 am

    hey long time no see! I just moved and it has been kinda hectic anyways,
    I am pretty sure ill never find that disk to fully restore my harddrive. Is there any where i can purchase a new disk or dowload somethign off the internet?

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    Re: some 1 hacked my registry i think

    Post by matressman on Mon Dec 21, 2009 9:30 am

    hey thank you for all your help but i have given up on that computer. it now shuts down on any program. thaank you anyways!

    matressman
    Novice
    Novice

    Posts Posts : 24
    Joined Joined : 2009-09-12
    OS OS : Vista
    Points Points : 26460
    # Likes # Likes : 0

    View user profile

    Back to top Go down

    View previous topic View next topic Back to top

    - Similar topics

     
    Permissions in this forum:
    You cannot reply to topics in this forum