GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

need help removing antisoft

View previous topic View next topic Go down

need help removing antisoft

Post by Shangsta on Tue May 04, 2010 8:46 pm

Hi, i read the guide on the site about removing antisoft from my computer. The problem i am having is when i try to run/open malwarebites it give me a "run-time error '440'. I have tried removing and dowloading multiple times to no avail and the same message. Any help would be greatly appriciated.

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Belahzur on Tue May 04, 2010 10:25 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Wed May 05, 2010 3:59 pm

OTL logfile created on: 5/5/2010 10:54:25 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 362.00 Mb Available Physical Memory | 71.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.69 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
Drive D: | 62.72 Gb Total Space | 47.47 Gb Free Space | 75.69% Space Free | Partition Type: NTFS
Drive E: | 3.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 596.02 Gb Total Space | 456.35 Gb Free Space | 76.57% Space Free | Partition Type: FAT32
Drive I: | 465.65 Gb Total Space | 338.26 Gb Free Space | 72.64% Space Free | Partition Type: FAT32
Drive J: | 1.88 Gb Total Space | 0.36 Gb Free Space | 19.09% Space Free | Partition Type: FAT

Computer Name: STUDY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 10:53:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 10:53:28 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 01:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/02/02 17:35:06 | 001,235,032 | ---- | M] (Famatech International Corp.) [Auto | Stopped] -- C:\WINDOWS\System32\rserver30\RServer3.exe -- (RServer3)
SRV - [2002/11/13 20:21:12 | 000,376,898 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe -- (VAIOMediaPlatform-MusicServer-AppServer) VAIO Media Music Server (Application)
SRV - [2002/11/07 12:23:06 | 000,167,936 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\giga pocket\GPVSvr.exe -- (VAIOMediaPlatform-VideoServer-AppServer) VAIO Media Video Server (Application)
SRV - [2002/11/06 13:42:26 | 000,585,728 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP)
SRV - [2002/11/06 13:42:26 | 000,585,728 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP)
SRV - [2002/11/06 13:42:26 | 000,585,728 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe -- (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP)
SRV - [2002/10/30 12:43:30 | 000,462,848 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe -- (VAIOMediaPlatform-PhotoServer-AppServer) VAIO Media Photo Server (Application)
SRV - [2002/10/07 17:26:52 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)
SRV - [2002/07/23 08:45:12 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2002/07/19 00:27:26 | 000,045,056 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP)
SRV - [2002/07/19 00:27:26 | 000,045,056 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe -- (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP)
SRV - [2002/07/19 00:27:26 | 000,045,056 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe -- (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP)


========== Driver Services (SafeList) ==========

DRV - [2007/12/28 15:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2007/02/02 17:54:26 | 000,041,176 | ---- | M] (Famatech International Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\rserver30\raddrvv3.sys -- (raddrvv3)
DRV - [2006/11/01 08:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
DRV - [2004/08/04 01:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2004/08/04 01:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2004/08/04 01:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2004/08/04 01:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/11/27 17:36:38 | 000,591,232 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\soma.sys -- (soma)
DRV - [2002/11/19 03:12:04 | 000,036,184 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS) Sony Memory Stick controller(WB)
DRV - [2002/11/14 19:34:48 | 000,224,256 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/11/11 14:26:38 | 000,819,408 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/11/08 13:24:54 | 000,115,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/11/08 13:24:42 | 000,135,728 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/11/08 13:24:24 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/11/08 13:24:20 | 000,113,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/11/08 13:24:08 | 000,492,560 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/11/08 13:22:36 | 000,186,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2002/11/06 20:13:00 | 001,177,594 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/10/31 14:58:42 | 000,030,848 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002/10/18 14:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/10/07 17:24:36 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/09/19 22:19:56 | 000,205,056 | ---- | M] (YAMAHA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yacxgc.sys -- (WDM_YAMAHAAC97)
DRV - [2002/06/13 14:37:16 | 000,045,568 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/04/03 21:51:34 | 000,005,760 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2001/09/10 11:00:00 | 000,017,976 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\epusbsto.sys -- (EPUSBSTOR)
DRV - [2000/12/05 19:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CB17FA45-BF0D-4C98-940B-6FD7CD37D0F1}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{CB17FA45-BF0D-4C98-940B-6FD7CD37D0F1}: C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\{CB17FA45-BF0D-4C98-940B-6FD7CD37D0F1} [2010/04/24 18:17:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 02:57:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 13:46:46 | 000,000,000 | ---D | M]

[2010/02/17 06:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/05/04 14:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b0qf2wt5.default\extensions
[2010/02/17 06:23:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b0qf2wt5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/04/24 20:01:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2002/08/29 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CleanupProgram] C:\Sonysys\cleanup.exe File not found
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\cthelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HTpatch] C:\WINDOWS\htpatch.exe ()
O4 - HKLM..\Run: [lnkrrtcd] C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\thiwct\bmcrsftav.exe ()
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [qaomvwnw] C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\gebwcmudo\imyxtkptssd.exe ()
O4 - HKLM..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe File not found
O4 - HKLM..\Run: [SiS Tray] File not found
O4 - HKLM..\Run: [tpmgseqi] C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\fooytm\dykrsftav.exe ()
O4 - HKLM..\Run: [Ycafuqepiconihu] C:\WINDOWS\axifomohuxe.DLL (Sipro Lab Telecom Inc.)
O4 - HKLM..\Run: [ZTgServerSwitch] c:\Program Files\support.com\client\lserver\Server.vbs ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Giga Pocket Remocon Driver.lnk = C:\Program Files\Sony\giga pocket\USBsircs.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Timer Recording Manager.lnk = C:\Program Files\Sony\giga pocket\ReserveModule.exe (Sony Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VAIO Action Setup (Server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} [You must be registered and logged in to see this link.] (PCInfo.CMClass)
O16 - DPF: {C3DFA998-A486-11D4-AA25-00C04F72DAEB} [You must be registered and logged in to see this link.] (MSN Photo Upload Tool)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Serenus Wallpaper TrueColor 1280X1024.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Serenus Wallpaper TrueColor 1280X1024.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/12/04 21:24:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/13 09:46:20 | 000,000,090 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2006/02/13 14:08:58 | 000,000,145 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - H:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/01/05 14:19:30 | 000,000,000 | ---D | M] - H:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2008/04/01 13:53:24 | 000,000,071 | -H-- | M] () - I:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/04/25 20:37:24 | 000,000,000 | ---D | M] - I:\autorun -- [ FAT32 ]
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- [2006/02/13 14:09:04 | 000,921,600 | R--- | M] ()
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\WDSetup.exe -- [2008/03/31 10:39:56 | 001,774,550 | ---- | M] (Western Digital Corporation )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 15:20:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/04 15:20:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/04 15:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/04 15:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/04 15:00:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/05/04 14:55:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\U3
[2002/12/04 20:15:34 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 00:31:25 | 001,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/05/04 15:20:06 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 14:54:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/04 14:54:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 14:53:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 14:18:40 | 000,002,965 | ---- | M] () -- C:\WINDOWS\okapitucigenog.dll
[2010/05/04 13:15:43 | 000,002,953 | ---- | M] () -- C:\WINDOWS\Kgiwiwa.dat
[2010/05/04 12:16:41 | 000,002,953 | ---- | M] () -- C:\WINDOWS\alowisuc.dll
[2010/05/04 10:18:31 | 000,002,953 | ---- | M] () -- C:\WINDOWS\ufubihebajog.dll
[2010/05/04 08:15:35 | 000,002,953 | ---- | M] () -- C:\WINDOWS\uzayesubaseb.dll
[2010/05/04 06:14:05 | 000,002,953 | ---- | M] () -- C:\WINDOWS\idahozazohecewew.dll
[2010/05/04 04:10:09 | 000,002,953 | ---- | M] () -- C:\WINDOWS\utehemofivutamu.dll
[2010/05/04 02:09:20 | 000,002,953 | ---- | M] () -- C:\WINDOWS\inihemof.dll
[2010/05/04 00:06:55 | 000,002,953 | ---- | M] () -- C:\WINDOWS\atuyudafawinaqa.dll
[2010/05/03 22:02:41 | 000,002,953 | ---- | M] () -- C:\WINDOWS\ayiquqis.dll
[2010/05/03 20:33:07 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/03 20:00:40 | 000,002,953 | ---- | M] () -- C:\WINDOWS\apawajurija.dll
[2010/05/03 17:58:40 | 000,002,953 | ---- | M] () -- C:\WINDOWS\adijuzakaxod.dll
[2010/05/03 15:57:39 | 000,002,953 | ---- | M] () -- C:\WINDOWS\akedosexasuxom.dll
[2010/05/03 15:56:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rfusi.bin
[2010/04/30 12:18:34 | 000,002,941 | ---- | M] () -- C:\WINDOWS\oxusuwule.dll
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/22 13:03:16 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/15 03:02:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 15:20:06 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/04 14:18:40 | 000,002,965 | ---- | C] () -- C:\WINDOWS\okapitucigenog.dll
[2010/05/04 12:16:40 | 000,002,953 | ---- | C] () -- C:\WINDOWS\alowisuc.dll
[2010/05/04 10:16:38 | 000,002,953 | ---- | C] () -- C:\WINDOWS\ufubihebajog.dll
[2010/05/04 08:14:15 | 000,002,953 | ---- | C] () -- C:\WINDOWS\uzayesubaseb.dll
[2010/05/04 06:12:37 | 000,002,953 | ---- | C] () -- C:\WINDOWS\idahozazohecewew.dll
[2010/05/04 04:09:50 | 000,002,953 | ---- | C] () -- C:\WINDOWS\utehemofivutamu.dll
[2010/05/04 02:08:45 | 000,002,953 | ---- | C] () -- C:\WINDOWS\inihemof.dll
[2010/05/04 00:06:05 | 000,002,953 | ---- | C] () -- C:\WINDOWS\atuyudafawinaqa.dll
[2010/05/03 22:02:40 | 000,002,953 | ---- | C] () -- C:\WINDOWS\ayiquqis.dll
[2010/05/03 20:00:40 | 000,002,953 | ---- | C] () -- C:\WINDOWS\apawajurija.dll
[2010/05/03 17:58:40 | 000,002,953 | ---- | C] () -- C:\WINDOWS\adijuzakaxod.dll
[2010/05/03 15:57:39 | 000,002,953 | ---- | C] () -- C:\WINDOWS\akedosexasuxom.dll
[2010/04/30 12:18:34 | 000,002,941 | ---- | C] () -- C:\WINDOWS\oxusuwule.dll
[2010/04/24 18:17:21 | 000,002,953 | ---- | C] () -- C:\WINDOWS\Kgiwiwa.dat
[2010/04/24 18:17:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Rfusi.bin
[2008/04/16 13:27:16 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/07/26 23:34:16 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/15 19:17:39 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/09/13 22:44:11 | 000,000,083 | ---- | C] () -- C:\WINDOWS\importclient.INI
[2005/09/13 22:25:32 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Bti.ini
[2005/09/13 22:25:30 | 000,116,640 | ---- | C] () -- C:\WINDOWS\System32\Ptsaci40.dll
[2005/09/05 20:49:33 | 000,004,007 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2005/09/05 20:49:04 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2005/08/22 22:41:58 | 000,000,037 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/02/14 22:06:39 | 000,000,684 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/10/10 19:50:59 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/10/10 19:46:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\U12A_20e.INI
[2004/10/10 18:59:03 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2004/10/10 18:15:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/12/05 22:04:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2002/12/05 18:26:33 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2002/12/05 18:26:33 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2002/12/05 18:21:00 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2002/12/05 18:20:12 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
[2002/12/05 18:00:36 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
[2002/12/04 21:36:44 | 000,029,729 | ---- | C] () -- C:\WINDOWS\System32\1_ssetup.ini
[2002/12/04 21:36:44 | 000,013,187 | ---- | C] () -- C:\WINDOWS\System32\sunistlog.ini
[2002/12/04 21:36:44 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\srvkp.sys
[2002/12/04 21:33:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\winio.sys
[2002/12/04 21:32:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/12/04 21:29:29 | 000,000,805 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2002/12/04 20:15:34 | 000,052,992 | ---- | C] () -- C:\WINDOWS\System32\UPDDRV9X.DLL
[2002/12/04 20:15:31 | 000,000,028 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2002/12/04 20:15:30 | 000,005,609 | ---- | C] () -- C:\WINDOWS\System32\ctucom.ini
[2002/12/04 20:15:29 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002/12/04 20:15:29 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\editinf.ini
[2002/12/04 20:15:22 | 000,000,672 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2002/06/12 15:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll

========== Files - Unicode (All) ==========
[2009/08/11 03:36:08 | 000,000,000 | ---D | M](C:\WINDOWS\system3?) -- C:\WINDOWS\system3࠲
[2009/08/11 03:36:08 | 000,000,000 | ---D | C](C:\WINDOWS\system3?) -- C:\WINDOWS\system3࠲
< End of report >

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Wed May 05, 2010 3:59 pm

OTL Extras logfile created on: 5/5/2010 10:54:25 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 362.00 Mb Available Physical Memory | 71.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.69 Gb Free Space | 12.07% Space Free | Partition Type: NTFS
Drive D: | 62.72 Gb Total Space | 47.47 Gb Free Space | 75.69% Space Free | Partition Type: NTFS
Drive E: | 3.79 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 596.02 Gb Total Space | 456.35 Gb Free Space | 76.57% Space Free | Partition Type: FAT32
Drive I: | 465.65 Gb Total Space | 338.26 Gb Free Space | 72.64% Space Free | Partition Type: FAT32
Drive J: | 1.88 Gb Total Space | 0.36 Gb Free Space | 19.09% Space Free | Partition Type: FAT

Computer Name: STUDY
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4900:TCP" = 4900:TCP:*:Enabled:Radmin Port
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Anthony\aim.exe" = D:\Anthony\aim.exe:*:Enabled:AOL Instant Messenger -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Disabled:tgcmd Module -- (Support.com, Inc.)
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found
"C:\Program Files\Sony\giga pocket\gps.exe" = C:\Program Files\Sony\giga pocket\gps.exe:*:Enabled:Giga Pocket Server -- (Sony Corporation)
"D:\Anthony\aim.exe" = D:\Anthony\aim.exe:*:Enabled:AOL Instant Messenger -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- ()
"D:\LimeWire\LimeWire.exe" = D:\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Radmin Viewer 3.0\Radmin.exe" = C:\Program Files\Radmin Viewer 3.0\Radmin.exe:*:Enabled:Radmin Viewer 3.0 -- (Famatech International Corp.)
"D:\LimeWiretamsyn\LimeWire.exe" = D:\LimeWiretamsyn\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{07D00E73-7F67-4008-A33C-80C7D53F1857}" = Radmin Viewer 3.0
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}" = OpenMG Secure Module 3.1
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.0
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe Extendscript Toolkit 2
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29F61465-428A-11D4-B646-00C04F790F76}" = DVgate
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FE914F-1B2B-4D83-B3E1-032A508E9EC4}" = Experience VAIO
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{3C67D8C0-F0EC-11D3-99D3-00C04FCCB775}" = VAIO Action Setup
"{48BE827A-2D06-4804-90C3-4F2F8460F9D4}" = Support Actions WinXP
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{59324A56-6450-47D1-87DE-E8CEB8EE74D0}" = Firmware upgrade utility 2.0C For Sony DW-U12A DVD-RW Drive
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony DV Shared Library
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Installer 2.0
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7228CB73-80E9-48D3-A7FD-C2A242686AB3}" = Microsoft Office Live Meeting 2005
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.4
"{802EF464-4992-42B3-8434-45151AD3C933}" = VAIO Serenus Wallpaper
"{80EE18E6-F16C-11D4-8BE8-006097C9A3ED}" = ISscript
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E1A8479-D871-4573-AA8C-90BF0338B242}" = VAIO Media Photo Server 2.0
"{8F1338C8-CA9E-4136-928B-453243AFE8F8}" = Giga Pocket Demo Movie
"{95739E8F-79EE-4BF5-89DA-02E6E96995B9}" = Giga Pocket 5.0
"{96F4FC6E-4F73-11D3-B4DC-00C04F6BE078}" = HP PrecisionScan
"{98C387CB-95E2-457D-ADF0-20D24ECAF227}" = VAIO TV
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AA14D661-8B7A-4A8F-B093-405C160178AF}" = VAIO Registration
"{AAD51583-6D43-4444-A1FF-0C8345345526}" = Radmin Server 3.0
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DD18BE6E-F0B8-41DC-A9F3-AC1ABB918587}" = Help and Support
"{DF0DD6E9-F673-4466-8353-70B50A506FD9}" = VAIO Media Platform 2.0
"{DF733005-0F40-11D6-9254-0000F460E7A9}" = VAIO Media Music Server 2.0
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FF005ABC-1422-4BEC-91C4-DD5935E56AAA}" = DVD Creation
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe Extendscript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Creative Driver" = Creative Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{AA14D661-8B7A-4A8F-B093-405C160178AF}" = VAIO Registration
"InstallShield_{DD18BE6E-F0B8-41DC-A9F3-AC1ABB918587}" = Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSD GraphView 3.19" = MSD GraphView 3.19
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PhotomatixPro3_is1" = Photomatix Pro version 3.0.2
"RealProducer 8.5" = RealProducer Basic 8.5
"Shockwave" = Shockwave
"SiS Compatible VGA V2.09s" = SiS Compatible VGA V2.09s
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TheAllInClubPoker_is1" = The AllIn Club 1.7
"VAIO Support" = VAIO Support
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/19/2010 9:40:05 PM | Computer Name = STUDY | Source = .NET Runtime | ID = 1023
Description = Application: firefox.exe CoreCLR Version: 3.0.50106.0 Description: The
process was terminated due to an internal error in the .NET Runtime at IP 7B8D8AD6
with exit code 8013150a.

Error - 4/19/2010 9:40:07 PM | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3726, faulting module
coreclr.dll, version 3.0.50106.0, fault address 0x00158ad6.

Error - 4/19/2010 9:40:17 PM | Computer Name = STUDY | Source = Application Error | ID = 1001
Description = Fault bucket 1786938344.

Error - 4/26/2010 10:57:29 AM | Computer Name = STUDY | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3726, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2010 10:57:34 AM | Computer Name = STUDY | Source = Application Hang | ID = 1001
Description = Fault bucket 1765894641.

Error - 4/30/2010 4:04:55 AM | Computer Name = STUDY | Source = Application Error | ID = 1000
Description = Faulting application control.exe, version 5.1.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x0007f255.

[ System Events ]
Error - 5/4/2010 3:52:42 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VAIO Media Music Server
(Application) service to connect.

Error - 5/4/2010 3:52:42 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7000
Description = The VAIO Media Music Server (Application) service failed to start
due to the following error: %%1053

Error - 5/4/2010 3:52:42 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Music Server (HTTP) service depends on the VAIO Media
Music Server (Application) service which failed to start because of the following
error: %%1053

Error - 5/4/2010 3:52:42 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7001
Description = The VAIO Media Music Server (UPnP) service depends on the VAIO Media
Music Server (HTTP) service which failed to start because of the following error:
%%1068

Error - 5/4/2010 3:54:56 PM | Computer Name = STUDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/4/2010 3:55:50 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DMICall Fips intelppm

Error - 5/4/2010 3:55:56 PM | Computer Name = STUDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/4/2010 3:59:21 PM | Computer Name = STUDY | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 5/4/2010 4:01:39 PM | Computer Name = STUDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/4/2010 4:39:36 PM | Computer Name = STUDY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Belahzur on Wed May 05, 2010 7:53 pm

Hello.

Please download GooredFix from one of the locations below and save it to your Desktop
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [lnkrrtcd] C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\thiwct\bmcrsftav.exe ()
    O4 - HKLM..\Run: [qaomvwnw] C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\gebwcmudo\imyxtkptssd.exe ()
    O4 - HKLM..\Run: [tpmgseqi] C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\fooytm\dykrsftav.exe ()
    O4 - HKLM..\Run: [Ycafuqepiconihu] C:\WINDOWS\axifomohuxe.DLL (Sipro Lab Telecom Inc.)
    [2002/12/04 20:15:34 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [2010/05/03 20:00:40 | 000,002,953 | ---- | M] () -- C:\WINDOWS\apawajurija.dll
    [2010/05/03 17:58:40 | 000,002,953 | ---- | M] () -- C:\WINDOWS\adijuzakaxod.dll
    [2010/05/03 15:57:39 | 000,002,953 | ---- | M] () -- C:\WINDOWS\akedosexasuxom.dll
    [2010/05/03 15:56:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Rfusi.bin
    [2010/04/30 12:18:34 | 000,002,941 | ---- | M] () -- C:\WINDOWS\oxusuwule.dll
    [2010/05/04 14:18:40 | 000,002,965 | ---- | M] () -- C:\WINDOWS\okapitucigenog.dll
    [2010/05/04 13:15:43 | 000,002,953 | ---- | M] () -- C:\WINDOWS\Kgiwiwa.dat
    [2010/05/04 12:16:41 | 000,002,953 | ---- | M] () -- C:\WINDOWS\alowisuc.dll
    [2010/05/04 10:18:31 | 000,002,953 | ---- | M] () -- C:\WINDOWS\ufubihebajog.dll
    [2010/05/04 08:15:35 | 000,002,953 | ---- | M] () -- C:\WINDOWS\uzayesubaseb.dll
    [2010/05/04 06:14:05 | 000,002,953 | ---- | M] () -- C:\WINDOWS\idahozazohecewew.dll
    [2010/05/04 04:10:09 | 000,002,953 | ---- | M] () -- C:\WINDOWS\utehemofivutamu.dll
    [2010/05/04 02:09:20 | 000,002,953 | ---- | M] () -- C:\WINDOWS\inihemof.dll
    [2010/05/04 00:06:55 | 000,002,953 | ---- | M] () -- C:\WINDOWS\atuyudafawinaqa.dll
    [2010/05/03 22:02:41 | 000,002,953 | ---- | M] () -- C:\WINDOWS\ayiquqis.dll


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Thu May 06, 2010 12:27 am

Here is the goorfix log

GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:26 on 05/05/2010 (Administrator)
Firefox version 3.5.9 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{CB17FA45-BF0D-4C98-940B-6FD7CD37D0F1} -> Success!
Deleting C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\{CB17FA45-BF0D-4C98-940B-6FD7CD37D0F1} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:01 25/04/2009]

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b0qf2wt5.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [11:23 17/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [08:21 12/10/2009]

-=E.O.F=-

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Thu May 06, 2010 12:31 am

And here is the otl log

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\lnkrrtcd deleted successfully.
C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\thiwct\bmcrsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\qaomvwnw deleted successfully.
C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\gebwcmudo\imyxtkptssd.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tpmgseqi deleted successfully.
C:\Documents and Settings\Ivor Solomon\Local Settings\Application Data\fooytm\dykrsftav.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ycafuqepiconihu deleted successfully.
C:\WINDOWS\axifomohuxe.dll moved successfully.
C:\WINDOWS\system32\a3d.dll moved successfully.
C:\WINDOWS\apawajurija.dll moved successfully.
C:\WINDOWS\adijuzakaxod.dll moved successfully.
C:\WINDOWS\akedosexasuxom.dll moved successfully.
C:\WINDOWS\Rfusi.bin moved successfully.
C:\WINDOWS\oxusuwule.dll moved successfully.
C:\WINDOWS\okapitucigenog.dll moved successfully.
C:\WINDOWS\Kgiwiwa.dat moved successfully.
C:\WINDOWS\alowisuc.dll moved successfully.
C:\WINDOWS\ufubihebajog.dll moved successfully.
C:\WINDOWS\uzayesubaseb.dll moved successfully.
C:\WINDOWS\idahozazohecewew.dll moved successfully.
C:\WINDOWS\utehemofivutamu.dll moved successfully.
C:\WINDOWS\inihemof.dll moved successfully.
C:\WINDOWS\atuyudafawinaqa.dll moved successfully.
C:\WINDOWS\ayiquqis.dll moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05052010_192928

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Belahzur on Thu May 06, 2010 9:27 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Sun May 09, 2010 8:30 pm

I did what you said above but when i try to run malware bites it gives me "run-time error '440' automation error

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Belahzur on Sun May 09, 2010 11:43 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Mon May 10, 2010 3:54 am

Thanks here is the combofix results

ComboFix 10-05-09.04 - Administrator 05/09/2010 22:45:12.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.512.382 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\NDNuninstall6_38.exe
c:\windows\NDNuninstall7_22.exe
c:\windows\NDNuninstall7_48.exe
D:\Autorun.inf
H:\Autorun.inf
I:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-06 00:29 . 2010-05-06 00:29 -------- dc----w- C:\_OTL
2010-05-04 19:55 . 2010-05-04 19:55 -------- dc----w- c:\documents and settings\Administrator\Application Data\U3
2010-04-30 07:09 . 2010-05-06 00:29 -------- d-----w- c:\documents and settings\Ivor Solomon\Local Settings\Application Data\gebwcmudo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-09 22:31 . 2009-12-02 00:36 -------- d-----w- c:\program files\Full Tilt Poker
2010-04-23 10:40 . 2009-08-30 22:53 -------- d-----w- c:\documents and settings\Ivor Solomon\Application Data\BitTorrent
2010-04-01 16:28 . 2010-02-14 22:13 -------- d-----w- c:\program files\AIM
2010-04-01 16:28 . 2010-04-01 16:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-11 12:38 . 2005-06-18 06:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-10-10 23:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2002-12-05 01:14 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2002-12-05 01:15 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2002-12-05 01:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 11:19 . 2010-02-17 11:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 13:17 . 2002-08-29 01:04 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2002-08-29 01:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2002-12-05 01:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2002-12-05 01:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[7] 2002-10-24 . F1D915C3870E741D83B5142F3B358761 . 87040 . . [5.1.2600.1135] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2002-08-29 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2002-08-29 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2002-08-29 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll
[-] 2002-08-29 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
[7] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
[7] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2002-08-29 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 225280 . . [------] . . c:\windows\$NtUninstallKB828741$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2002-08-29 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2000-12-28 20:07 . 48B9EB256D0C464146139148A3DA21E4 . 290869 . . [6.10.8637.0] . . c:\windows\Drivers\Audio2\ADDON\MSVCRT.DLL

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2002-08-29 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2002-08-29 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2002-08-29 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2002-08-29 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2002-08-29 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2002-08-29 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2002-08-29 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2002-08-29 12:00 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-07-09 11:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 11:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-31 28672]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]
"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 11406]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Giga Pocket Remocon Driver.lnk - c:\program files\sony\giga pocket\usbsircs.exe [2004-10-10 159744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]
Timer Recording Manager.lnk - c:\program files\Sony\giga pocket\ReserveModule.exe [2004-10-10 229376]
VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2002-12-5 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Sony\\giga pocket\\gps.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Radmin Viewer 3.0\\Radmin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4900:TCP"= 4900:TCP:Radmin Port

R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2/2/2007 5:54 PM 41176]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
S2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2/2/2007 5:35 PM 1235032]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/10/2001 11:00 AM 17976]
.
Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b0qf2wt5.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SiS Tray - (no file)
HKLM-Run-SiS KHooker - c:\windows\System32\khooker.exe
HKLM-Run-CleanupProgram - c:\sonysys\cleanup.exe
HKLM-Run-Microsoft Works Update Detection - c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
AddRemove-Creative Driver - c:\windows\System32\ctdrvins
AddRemove-Network Play System (Patching) - c:\program files\Electronic Arts\Network Play System\NPSPatch.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-09 22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????0G?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-09 22:52:56
ComboFix-quarantined-files.txt 2010-05-10 03:52

Pre-Run: 1,559,154,688 bytes free
Post-Run: 2,172,092,416 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2CE21C1645707F3A28F137C77CEC3C3D

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Belahzur on Mon May 10, 2010 9:58 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 9.1
    Java(TM) SE Runtime Environment 6 Update 1

You aren't running Anti Virus Software

Please install Avira antivirus otherwise you won't be protected.

1) [You must be registered and logged in to see this link.]
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.




  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    Folder::
    c:\documents and settings\Ivor Solomon\Local Settings\Application Data\gebwcmudo
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Tue May 11, 2010 4:41 am

I got this computer from my sister a while back and she used limewire. I removed it when i got it from her and when i go to add/remove programs it doesnt show up. Is there still hidden folders somewhere? And ill be dl'ing the anti virus you suggested tomorrow. Heres the log

ComboFix 10-05-10.02 - Administrator 05/10/2010 23:29:46.2.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.512.383 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ivor Solomon\Local Settings\Application Data\gebwcmudo
c:\windows\system32\config\systemprofile\Application Data\HbTools
c:\windows\system32\config\systemprofile\Application Data\HbTools\HbTools.log
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\221540.sdf
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\ASPL1.dat
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\domains.txt
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\hstat\3533.dat
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\17025
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\361427
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\427075
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\540999
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\738022
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\TooltipXML\93921
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\dynamic\ustat\3533.dat
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\ads.cdf
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\btntrans.idx
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\btntrans1.dat
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\business_promo.htm
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\buttondir.txt
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\components.cdf
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_1000.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_2000.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_3000.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bar.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_bbar1.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_logos.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_buttons_other.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\d_icons_weather.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\default.cdf
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_511745-514279.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz1.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz10.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz11.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz12.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz13.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz14.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz15.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz16.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz17.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz18.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz19.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz2.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz20.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz3.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz4.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz5.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz6.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz7.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz8.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_bidz9.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_categorize.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_comparison.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_em_PROFL_CA_flow_b_IEB.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-Mails.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_explorer-people.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_favorites.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_Games.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hide.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_hotbarcom.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_Hotmail.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_hsskin.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemster.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsterie.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_jemsteruk.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_jobsearch.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_Mails.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_new.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_premium.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_reun.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_ringtones.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_SearchBoxTrapper.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchfor.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_searchgo.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_weather.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Default_yellowpages.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-548964.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\email-def-511724-9595.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\email-t1-bg.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium-hotbar-premium.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\hotbar-premium.cdf
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\hotbar_promo.htm
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\icons2.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\keywords.idx
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\keywords1.dat
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\layout.cdf
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\linkpathlegal.txt
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\progress.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\s_icons_buttons.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\sales_buttons.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\t2_bg.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\theweb.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\top7.cdf
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\Top7_theweb.mnu
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\1\tsd_bg.res
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\ads.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\BtnTrans1.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\business_promo.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\buttondir.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_1000.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_2000.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_3000.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bar.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_bbar1.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_logos.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_buttons_other.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\d_icons_weather.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\default.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\email-t1-bg.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar-premium.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\hotbar_promo.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\icons2.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\keywords1.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\layout.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\linkpathlegal.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\progress.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\s_icons_buttons.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\sales_buttons.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.txt
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\samplegroups2.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\t2_bg.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\top7.xip
c:\windows\system32\config\systemprofile\Application Data\HbTools\v3.0\HbTools\static\DownLoad\tsd_bg.xip

.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-06 00:29 . 2010-05-06 00:29 -------- dc----w- C:\_OTL
2010-05-04 19:55 . 2010-05-04 19:55 -------- dc----w- c:\documents and settings\Administrator\Application Data\U3

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 03:59 . 2002-12-17 23:18 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-09 22:31 . 2009-12-02 00:36 -------- d-----w- c:\program files\Full Tilt Poker
2010-04-23 10:40 . 2009-08-30 22:53 -------- d-----w- c:\documents and settings\Ivor Solomon\Application Data\BitTorrent
2010-04-01 16:28 . 2010-02-14 22:13 -------- d-----w- c:\program files\AIM
2010-04-01 16:28 . 2010-04-01 16:28 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-03-11 12:38 . 2005-06-18 06:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-10-10 23:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2002-12-05 01:14 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2002-12-05 01:15 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 12:31 . 2002-12-05 01:15 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 11:19 . 2010-02-17 11:18 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-16 13:17 . 2002-08-29 01:04 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2002-08-29 01:04 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2002-12-05 01:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2002-12-05 01:15 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

------- Sigcheck -------

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\atapi.sys
[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys
[7] 2002-10-24 . F1D915C3870E741D83B5142F3B358761 . 87040 . . [5.1.2600.1135] . . c:\windows\$NtServicePackUninstall$\atapi.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\asyncmac.sys
[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys
[-] 2002-08-29 . 03F403B07A884FC2AA54A0916C410931 . 13568 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

[-] 2002-08-29 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\kbdclass.sys
[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys
[-] 2002-08-29 . 1E7F78C2FC393356CD884C6FDE7966F9 . 23424 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ndis.sys
[-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys
[-] 2002-08-29 . 3B350E5A2A5E951453F3993275A4523A . 167552 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ndis.sys

[-] 2002-08-29 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\tcpip.sys
[7] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2005-05-25 . 228B0385BBFCA24332FA22DB45A8B684 . 339968 . . [5.1.2600.1693] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2GDR\tcpip.sys
[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2002-08-29 . 244A2F9816BC9B593957281EF577D976 . 332928 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893066_0$\tcpip.sys

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\browser.dll
[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll
[-] 2002-08-29 . 3671D928554E124A8AC326A1769F2FFB . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\browser.dll

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lsass.exe
[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe
[-] 2002-08-29 . B2B6BA905D0E3F8A32A0EB3B4051807B . 11776 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\lsass.exe

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\ServicePackFiles\i386\qmgr.dll
[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\$NtServicePackUninstall$\qmgr.dll
[7] 2004-07-01 . 696AC82FB290A03F205901442E0E9589 . 361984 . . [6.6.2600.1569] . . c:\windows\system32\bits\qmgr.dll
[-] 2002-08-29 . 6A1CF14D0E7D0B2241F552223769C8A7 . 221696 . . [6.2.2600.1106] . . c:\windows\$NtUninstallKB842773$\qmgr.dll

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2002-08-29 . 2246D8D8F4714A2CEDB21AB9B1849ABB . 516608 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll
[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll
[-] 2002-08-29 . 41C70161BFCB17E7E12ED89BADD2AEF4 . 53248 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\es.dll
[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\es.dll
[7] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . . c:\windows\$NtUninstallKB950974$\es.dll
[7] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtUninstallKB902400$\es.dll
[-] 2004-08-04 07:56 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\ServicePackFiles\i386\es.dll
[7] 2004-03-06 02:16 . B748D0ABBACD362052D4D61DCD562289 . 226816 . . [2001.12.4414.53] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2002-08-29 12:00 . !HASH: COULD NOT OPEN FILE !!!!! . 225280 . . [------] . . c:\windows\$NtUninstallKB828741$\es.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\imm32.dll
[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll
[-] 2002-08-29 . C9F9E3E6B59C6D6CBCE7F14494A4518A . 103936 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\imm32.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\lpk.dll
[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll
[-] 2002-08-29 . 55990CA08692E2739A8DDCE0B04352AC . 18944 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\lpk.dll

[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\asms\70\msft\windows\mswincrt\msvcrt.dll
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\ServicePackFiles\i386\msvcrt.dll
[-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll
[-] 2002-08-29 . 886A6C3C185AAEDECD00477F72279B07 . 323072 . . [7.0.2600.1106] . . c:\windows\$NtServicePackUninstall$\msvcrt.dll
[-] 2002-08-29 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\I386\ASMS\7000\MSFT\WINDOWS\MSWINCRT\MSVCRT.DLL
[-] 2000-12-28 20:07 . 48B9EB256D0C464146139148A3DA21E4 . 290869 . . [6.10.8637.0] . . c:\windows\Drivers\Audio2\ADDON\MSVCRT.DLL

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[-] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
[-] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\mswsock.dll
[-] 2002-08-29 . 18A8BE5A66B93F9C9615F7D4C148EDE2 . 228352 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[7] 2009-02-06 . 6C476D33D82F1054849790181E8F7772 . 408064 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\netlogon.dll
[-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll
[-] 2002-08-29 . 3ADD563ED7A1C66E6F5E0F7A661AA96D . 399360 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\netlogon.dll

[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\powrprof.dll
[-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll
[-] 2002-08-29 . 865AD7CCB20856727D5BD994B094DC5E . 14848 . . [6.00.2600.0000] . . c:\windows\$NtServicePackUninstall$\powrprof.dll

[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\scecli.dll
[-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll
[-] 2002-08-29 . 97418A5C642A5C748A28BD7CF6860B57 . 174592 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\scecli.dll

[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfc.dll
[-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll
[-] 2002-08-29 . 52BB2A508CB3EB8AAA5F6F142F5B73D6 . 4096 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\sfc.dll

[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe
[-] 2002-08-29 . 0F7D9C87B0CE1FA520473119752C6F79 . 12800 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\svchost.exe

[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\userinit.exe
[-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe
[-] 2002-08-29 . E931E0A2B8BF0019DB902E98D03662CB . 22016 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\userinit.exe

[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ws2_32.dll
[-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll
[-] 2002-08-29 . 8529C295DF59B564D37A73B5629162B1 . 75264 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\ws2_32.dll

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\srsvc.dll
[-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll
[-] 2002-08-29 . 38E9CFAC7881435764051FD7B1F010FB . 158720 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\srsvc.dll

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe
[-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll
[-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll

[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll
[-] 2002-08-29 . BF3C8CF53C77B48206B39910B6D6CBCC . 49152 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

[-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\sfcfiles.dll
[-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
[-] 2002-08-29 . 2564949DBE5F643F50913BBE45D346E2 . 1157632 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\sfcfiles.dll

[-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe
[-] 2002-08-29 . 414DE7CF9D3F19C3EA902F1BB38EC116 . 13312 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe

[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\regsvc.dll
[-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll
[-] 2002-08-29 . 9DF4527D53613601D3F79946EAA1DCB1 . 51712 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\regsvc.dll

[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\schedsvc.dll
[-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll
[-] 2002-08-29 . 719B05113003A1934EA25EA1FED68C85 . 159232 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\schedsvc.dll

[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ssdpsrv.dll
[-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll
[-] 2002-08-29 . 75B5821307B2F4491F9ED06732366872 . 43008 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\ssdpsrv.dll

[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\termsrv.dll
[-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll
[-] 2002-08-29 . FE84E045A09A4ABC4DEEF7270448B64E . 200192 . . [5.1.2600.1106] . . c:\windows\$NtServicePackUninstall$\termsrv.dll

[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2002-08-29 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys

[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\agp440.sys
[-] 2004-08-04 . 2C428FA0C3E3A01ED93C9B2A27D8D4BB . 42368 . . [5.1.2600.2180] . . c:\windows\system32\drivers\agp440.sys

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
[-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys

[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\msgsvc.dll
[-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll
[-] 2002-08-29 . A81487520F11F65BF270D50EE29887B2 . 34304 . . [5.1.2600.0] . . c:\windows\$NtServicePackUninstall$\msgsvc.dll

[-] 2006-10-19 05:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 20:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-11 08:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
[7] 2004-08-04 07:56 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll

[-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\ServicePackFiles\i386\ntmssvc.dll
[-] 2004-08-04 07:56 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll
[-] 2002-08-29 12:00 . AAC49EF5C84A2EBD7409A51A1B65C542 . 392704 . . [5.1.2400.1106] . . c:\windows\$NtServicePackUninstall$\ntmssvc.dll

[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\e9500597a78495f397efb821e37bf356\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\ServicePackFiles\i386\dsound.dll
[-] 2004-08-04 . 55E148C01296696588EAFA425782C3E8 . 367616 . . [5.3.2600.2180] . . c:\windows\system32\dsound.dll
[-] 2004-07-09 11:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\$NtServicePackUninstall$\dsound.dll
[-] 2004-07-09 11:27 . 5BFA0676E082D4DD2CC0B376BB6210A9 . 363520 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dsound.dll
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-12-05 01:15 . 2010-05-10 04:12 71264 c:\windows\system32\perfc009.dat
- 2002-12-05 01:15 . 2010-03-23 17:03 71264 c:\windows\system32\perfc009.dat
+ 2002-12-05 01:15 . 2010-05-10 04:12 441454 c:\windows\system32\perfh009.dat
- 2002-12-05 01:15 . 2010-03-23 17:03 441454 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2009-07-18 257440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="c:\windows\htpatch.exe" [2002-10-31 28672]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2002-11-07 4243456]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]
"CTHelper"="CTHELPER.EXE" [2002-11-08 24576]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"ZTgServerSwitch"="c:\program files\support.com\client\lserver\server.vbs" [2002-07-14 11406]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMidi"="MIDIDEF.EXE" [2002-03-01 61440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Giga Pocket Remocon Driver.lnk - c:\program files\sony\giga pocket\usbsircs.exe [2004-10-10 159744]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]
Timer Recording Manager.lnk - c:\program files\Sony\giga pocket\ReserveModule.exe [2004-10-10 229376]
VAIO Action Setup (Server).lnk - c:\program files\Sony\VAIO Action Setup\VAServ.exe [2002-12-5 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Sony\\giga pocket\\gps.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Radmin Viewer 3.0\\Radmin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4900:TCP"= 4900:TCP:Radmin Port

R1 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2/2/2007 5:54 PM 41176]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
S2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
S2 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2/2/2007 5:35 PM 1235032]
S3 EPUSBSTOR;EPSON USB Storage Driver;c:\windows\system32\drivers\epusbsto.sys [9/10/2001 11:00 AM 17976]
.
Contents of the 'Scheduled Tasks' folder

2010-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
DPF: DirectAnimation Java Classes - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {A305FBA3-4A87-483D-A53B-138F9F635357} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\b0qf2wt5.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-10 23:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HTpatch = c:\windows\htpatch.exe?ows\CurrentVersion\Run???\??????Z????`??Z???Z`??Z???????????????Z???Z???Z???Z$??????Z???????????????Z???????????Z???w????(????3?w???w?????3?w ??w???Z:???????d???r??Z1??Z???Zd??????Z?-?Z????z??w8h?Z\2?Z?1?Zhtinst.INI?Z?u?Z????d???????0G?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-05-10 23:38:37
ComboFix-quarantined-files.txt 2010-05-11 04:38
ComboFix2.txt 2010-05-10 03:52

Pre-Run: 2,446,696,448 bytes free
Post-Run: 2,436,554,752 bytes free

- - End Of File - - 57A9653A4888BB48112A7515959F9A4F

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Belahzur on Tue May 11, 2010 7:25 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Shangsta on Wed May 12, 2010 6:55 am

Should i delete the file in the quarentine folder?

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.17023 (vista_gdr.100222-0012)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=898fe153371db745949ebc51e4ba541b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-05-12 06:52:59
# local_time=2010-05-12 01:52:59 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=134749
# found=16
# cleaned=16
# scan_time=5716
C:\Program Files\Save\SaveNowupdate.exe a variant of Win32/Adware.WhenU.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{39B55467-8C7E-46C6-B32A-C58455643C25}\RP1113\A0204229.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{39B55467-8C7E-46C6-B32A-C58455643C25}\RP1115\A0205868.exe a variant of Win32/Adware.WhenU.AB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\lpnusler.dll a variant of Win32/Cimag.CJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05052010_192928\C_Documents and Settings\Ivor Solomon\Local Settings\Application Data\fooytm\dykrsftav.exe Win32/Adware.SpywareProtect2009 application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05052010_192928\C_Documents and Settings\Ivor Solomon\Local Settings\Application Data\gebwcmudo\imyxtkptssd.exe a variant of Win32/Kryptik.EBY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05052010_192928\C_Documents and Settings\Ivor Solomon\Local Settings\Application Data\thiwct\bmcrsftav.exe a variant of Win32/Kryptik.DOF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\05052010_192928\C_WINDOWS\axifomohuxe.dll a variant of Win32/Cimag.CK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\My Documents\My Music\iTunes\iTunes Music\limewire\gramy family consequence 22.wma WMA/TrojanDownloader.Wimad.D trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
H:\Desktop 1\limewire\gramy family consequence 22.wma WMA/TrojanDownloader.Wimad.D trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
I:\round 2\Saved\creepin chamilionaire (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
I:\round 2\Saved\dobenbeck feat. joanna(Club MIX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
I:\round 2\Saved\dobenbeck feat. joanna(Club RMX).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
I:\round 2\Saved\josh guru project-infinity.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
I:\round 2\Saved\josh guru project2008-infinity.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
I:\round 2\Saved\push feeling on whitecoat.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C

Shangsta
Novice
Novice

Status :
Online
Offline

Posts : 10
Joined : 2010-05-04
OS : xp
Points : 24164
# Likes : 0

View user profile

Back to top Go down

Re: need help removing antisoft

Post by Belahzur on Wed May 12, 2010 10:38 pm

Hello.
You have several songs on your machine that were brought on through Limewire that are all infections, please remove Limewire.

Delete this folder:
C:\Program Files\Save

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245029
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum