MBAM Cannot Remove A Malware

View previous topic View next topic Go down

MBAM Cannot Remove A Malware

Post by ravenlord on 15th May 2010, 3:27 pm

Hi,

I had a Malware attack but was able to remove all malwares through MalwareBytes, except one. The location of the Trojan is C:\WINDOWS\System32\drivers and is called spnki.sys. Apparently, there is a wmpscgfs.exe reference (not the actual file) somewhere in my registry that could be driving it. I have tried a lot of force delete tools including Unlocker and File Shredder to delete it but I get a message saying "A device attached to the system is not functioning". Can you help?

Thanks,
Raven

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 15th May 2010, 9:07 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 16th May 2010, 6:49 am

Hi Belahzur,

Thank you for your reply. I have pasted the two logs here. I look forward to your next steps.

Raven

EXTRAS.TXT
OTL Extras logfile created on: 5/16/2010 12:10:24 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 39.24 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.66 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EAD1430-BA44-452C-8BAB-769F8DB8048A}" = lport=59578 | protocol=17 | dir=in | name=ut-u |
"{9E2EF22C-95D4-4E94-AC94-F3DF9248681F}" = lport=59578 | protocol=6 | dir=in | name=ut |
"{D953E726-A932-40E3-BC92-C732A9999503}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08353BCA-095B-4C7E-97E6-38B436306156}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0A3E1F98-C014-42EB-8F68-BA50D60F0A87}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{0D26767E-1200-4714-8D7B-5D0C17D364BA}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{1527A20A-9856-4DE3-852A-10E73B707B3C}" = protocol=17 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{15E80639-A7E0-45C2-A7B0-FAB9D84C925B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1F01BF90-4230-48B1-A759-7E8251A1C816}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{209DD644-EE5B-41B3-9983-74E3DBF635F0}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{284C5056-01E4-489B-823E-0EB9ACA9D60D}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{29FE259B-9D04-4B5E-9AB3-12335286CE44}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{344114AA-9FB4-48B5-84B2-7994E04D8AC4}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{3FC691E1-8459-498E-921B-AADFECCC4D4C}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{4F56A28C-8910-4ABE-9861-1C23A9764686}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{5D4E537E-DEF2-4B74-B555-EF473F2CC5F4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{5D752E3B-9435-4FE8-88BA-783E9B4F4ED7}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{63909C6C-29A6-4EAA-B316-A809469D6324}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{654DA20C-F92F-4B0D-8ED1-E1A4DB4986C7}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{65AB7C18-22A4-489E-98F4-13DA8113AB3F}" = protocol=6 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"{76E2CDFA-CC47-44B4-9120-F3214297AC38}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7749002D-D747-4B78-A89A-915A1CD0A72E}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{7C3074D9-8BFC-46F2-8985-A262CEE40423}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{85E113F6-2BAD-472B-BF41-FECD2C1E6B22}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8ECF75EE-7A23-4125-9450-AD516D89B9AB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{93DEE0D6-072B-4A62-992A-DEB55E549F19}" = protocol=17 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{97C35DD8-5A0B-4BB2-8E8D-46F3ADD03644}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A25F7FF2-E6C9-4E9D-AED5-9AC6C553AC81}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE8960BC-A4D2-4B87-B132-8054F6B6D639}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{C250CA26-7020-46A8-B3C8-8F9DAD05A600}" = protocol=17 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"{DFDABD66-FC91-4665-AF02-B0EFD4A814B5}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E76B4AC4-ED29-487A-AE3B-AD101B503B38}" = protocol=17 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{EC26FDE5-C510-41B1-B076-F82C513848BB}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{ECB8CCBE-75E5-427E-BF7D-F4A9FDE16A6F}" = protocol=6 | dir=in | app=c:\users\hp\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{EFC9D4AE-10C3-4692-985E-886923753284}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F4E0BFFB-526C-4E4C-97C6-2D12F963440C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5FAE2A8-D534-43B4-8A75-DFB5F4F8B543}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{F68661BE-C072-4C3F-8437-B845A302674C}" = protocol=6 | dir=in | app=c:\program files\hp connections\6811507\program\hp connections.exe |
"{F7026D09-1190-4F05-86F8-3BF987431F4B}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{FF410DC1-9B89-450A-9149-56091397F842}" = protocol=6 | dir=in | app=c:\program files\hp\quickplay\qp.exe |
"TCP Query User{2FEAFE42-ABD4-4D47-88D1-275E04AA92BA}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{3146DB0F-B595-4E43-AEEE-146D7A91D156}C:\users\hp\downloads\software\utorrent.exe" = protocol=6 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"TCP Query User{64580976-7EEB-49D2-9FAE-A1D0DE2EE058}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{80B743AA-8BE0-4F90-B498-9E37895E5CCC}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B4E6D9C6-1AB1-4974-8A32-FA5E9E7068B1}C:\users\hp\downloads\software\utorrent.exe" = protocol=6 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"UDP Query User{2B9F5592-8B18-4D18-A60E-42691C0889A1}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{8B4667C8-8825-494A-99F7-D08D45FFBB07}C:\users\hp\downloads\software\utorrent.exe" = protocol=17 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"UDP Query User{A65897CC-6943-46E9-B13E-818EE0FF8523}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{E0B0E29B-B4EF-4DC4-8C9D-7B9BA0C39F6A}C:\users\hp\downloads\software\utorrent.exe" = protocol=17 | dir=in | app=c:\users\hp\downloads\software\utorrent.exe |
"UDP Query User{E8903299-386D-43DC-9080-6F7BE779C075}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F33FB0-F7D5-4C0A-B4AD-8CE5CE230BBE}" = HP Wireless Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F85CAAA-B786-4E5B-AADD-638856992EF3}" = Opera 10.53
"{21E62565-8639-457C-B64C-A3FF0A8B4D80}" = HP Active Support Library
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{315F5FFC-1A5C-4A2A-B8E7-1C5B1174C198}_is1" = AML Free Registry Cleaner 4.20
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{33C65B6A-5D73-4E3E-A1F9-127C27BD3F72}" = Roxio MyDVD Basic v9
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0
"{4B200398-CA2D-4F67-8D00-C618F04020A7}" = Open Metronome
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00005
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BB42024-D62A-33F5-B883-52069E2C9668}" = Google Talk Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{99C5770C-1C90-42E7-9B74-D47CFAF14621}" = muvee autoProducer 5.0
"{A12A3DED-CCDA-4F29-A1BA-00F0C6521CD5}" = HP Total Care Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E4DDBA93-769B-49D8-BA33-8814E45ED0C1}" = HP Help and Support
"{E8A602BF-C276-4DB2-A9FF-B4C30EA1CB7C}_is1" = iDump (Freeware) Build:29
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED4905E3-2B32-4DD8-BC14-7CAFD30E9ECD}" = HP User Guide 0048
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = ASL_HS_Installer32
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced File Shredder_is1" = Advanced File Shredder 1.14
"AVG9Uninstall" = AVG Free 9.0
"AviSynth" = AviSynth 2.5
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Digsby" = Digsby
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileASSASSIN" = FileASSASSIN
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HPOOVClient-6811507 Uninstaller" = HP Connections (remove only)
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Metronome_is1" = D'Accord Metronome
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPE" = MyPhoneExplorer
"Picasa 3" = Picasa 3
"Recover My Files_is1" = Recover My Files
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"Trojan Remover_is1" = Trojan Remover 6.8.1
"Unlocker" = Unlocker 1.8.9
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"WildTangent hplaptop Master Uninstall" = My HP Games
"Windows Updater 2.45" = Windows Updater 2.45
"Windows Updater 2010 2.45" = Windows Updater 2010 2.45
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 9:19:25 AM | Computer Name = hp-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/15/2010 9:20:07 AM | Computer Name = hp-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 5/15/2010 10:06:12 AM | Computer Name = hp-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/15/2010 10:18:43 AM | Computer Name = hp-PC | Source = EventSystem | ID = 4609
Description =

Error - 5/15/2010 10:22:22 AM | Computer Name = hp-PC | Source = Microsoft-Windows-CAPI2 | ID = 131584
Description =

Error - 5/15/2010 10:47:10 AM | Computer Name = hp-PC | Source = Perflib | ID = 1010
Description =

Error - 5/15/2010 10:47:11 AM | Computer Name = hp-PC | Source = Perflib | ID = 1008
Description =

Error - 5/16/2010 2:30:02 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 5/16/2010 2:30:03 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 5/16/2010 2:30:03 AM | Computer Name = hp-PC | Source = Windows Search Service | ID = 3058
Description =

[ OSession Events ]
Error - 9/10/2009 4:10:52 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 6666
seconds with 1260 seconds of active time. This session ended with a crash.

Error - 11/25/2009 1:42:33 PM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 355 seconds with 300 seconds of active time. This session ended with a crash.

Error - 11/25/2009 1:59:09 PM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 349 seconds with 120 seconds of active time. This session ended with a crash.

Error - 1/24/2010 5:41:15 AM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1165
seconds with 720 seconds of active time. This session ended with a crash.

Error - 5/13/2010 2:51:57 PM | Computer Name = hp-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/15/2010 10:19:41 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/15/2010 10:19:41 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/15/2010 10:19:41 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 5/15/2010 10:26:47 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/15/2010 10:38:07 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/15/2010 10:38:22 AM | Computer Name = hp-PC | Source = DCOM | ID = 10010
Description =

Error - 5/15/2010 10:40:58 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2010 2:31:21 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 5/16/2010 2:31:21 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7024
Description =

Error - 5/16/2010 2:31:21 AM | Computer Name = hp-PC | Source = Service Control Manager | ID = 7031
Description =


< End of report >

...OTL.txt follows in the next post

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 16th May 2010, 6:51 am

OTL.TXT:

OTL logfile created on: 5/16/2010 12:10:24 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142.49 Gb Total Space | 39.24 Gb Free Space | 27.54% Space Free | Partition Type: NTFS
Drive D: | 6.56 Gb Total Space | 0.66 Gb Free Space | 10.07% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP-PC
Current User Name: hp
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/16 12:09:49 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\OTL.exe
PRC - [2010/04/19 21:17:24 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/07 23:48:57 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/15 09:11:51 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/15 09:10:28 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/03/09 08:22:48 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/11 11:57:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/25 05:04:20 | 000,118,877 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
PRC - [2006/11/25 05:04:16 | 000,270,431 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2006/10/11 06:14:10 | 000,034,520 | ---- | M] (Hewlett Packard) -- C:\Program Files\HP Connections\6811507\Program\HP Connections.exe


========== Modules (SafeList) ==========

MOD - [2010/05/16 12:09:49 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\OTL.exe
MOD - [2010/03/15 09:11:50 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2009/04/11 11:51:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 13:03:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - File not found [On_Demand | Stopped] -- -- (AddFiltr)
SRV - [2010/05/13 22:10:09 | 001,291,544 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/03/15 09:11:45 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Disabled | Stopped] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/09/25 06:57:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 13:08:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/11/25 05:04:20 | 000,118,877 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/11/25 05:04:16 | 000,270,431 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2004/10/22 16:54:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/05/14 22:25:27 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/19 21:17:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/15 09:11:50 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/15 09:10:28 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/04 21:23:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/10/26 19:17:34 | 004,247,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/28 02:06:00 | 000,199,472 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/03 05:10:44 | 000,182,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/02/11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/07/10 06:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 03:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/04/04 12:43:38 | 000,098,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716unic.sys -- (s716unic) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM)
DRV - [2007/04/04 12:43:36 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716obex.sys -- (s716obex)
DRV - [2007/04/04 12:43:36 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716nd5.sys -- (s716nd5) Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS)
DRV - [2007/04/04 12:43:34 | 000,108,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716mdm.sys -- (s716mdm)
DRV - [2007/04/04 12:43:34 | 000,100,360 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716mgmt.sys -- (s716mgmt) Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM)
DRV - [2007/04/04 12:43:32 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716mdfl.sys -- (s716mdfl)
DRV - [2007/04/04 12:43:20 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\s716bus.sys -- (s716bus) Sony Ericsson Device 716 driver (WDM)
DRV - [2006/11/19 17:02:16 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/16 14:46:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/16 10:12:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/16 08:05:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/09 14:32:30 | 001,786,880 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 15:21:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 15:21:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 15:21:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 15:21:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 15:21:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 15:21:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 15:21:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 15:20:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 15:20:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 15:20:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 15:20:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 15:20:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 15:20:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 15:20:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 15:20:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 15:20:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 15:20:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 15:20:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 15:20:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 15:20:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 15:20:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 15:20:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 15:20:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 15:20:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 15:20:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 15:20:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 15:20:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 15:20:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 15:19:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 15:19:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 15:19:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 15:19:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 15:19:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 15:19:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 13:55:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 13:54:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 13:54:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 13:54:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 13:54:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 13:54:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 13:11:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 13:06:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 13:00:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 13:00:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/06/28 23:27:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 23:24:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.812

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/04/19 21:23:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/06 23:53:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/06 23:53:32 | 000,000,000 | ---D | M]

[2010/03/21 15:33:38 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Extensions
[2010/05/15 15:26:24 | 000,000,000 | ---D | M] -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\cbkgedm1.default\extensions
[2010/03/21 15:51:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\hp\AppData\Roaming\mozilla\Firefox\Profiles\cbkgedm1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/21 15:27:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

Hosts file not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} [You must be registered and logged in to see this link.] (F-Secure Health Check 1.1)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-3835418278-2600349672-3107389679-1000 Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\hp\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/18 10:42:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 19:48:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/15 20:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\AFShredder
[2010/05/15 20:22:02 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/05/15 19:18:30 | 000,000,000 | ---D | C] -- C:\Users\hp\Documents\Simply Super Software
[2010/05/15 19:16:21 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010/05/15 19:16:16 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/05/15 19:16:16 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Simply Super Software
[2010/05/15 19:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/05/15 16:38:15 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/05/15 16:21:16 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2010/05/15 16:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\FileASSASSIN
[2010/04/27 03:34:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/25 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\gtk-2.0
[2010/04/25 03:29:03 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\PCF-VLC
[2010/04/25 03:21:34 | 000,000,000 | ---D | C] -- C:\Users\hp\AppData\Roaming\Participatory Culture Foundation
[2010/04/21 22:59:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/04/21 22:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/17 12:32:40 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\My Karaoke

========== Files - Modified Within 30 Days ==========

[2010/05/16 12:12:49 | 000,823,808 | ---- | M] () -- C:\Windows\System32\drivers\spnki.sys
[2010/05/16 12:10:33 | 002,621,440 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT
[2010/05/16 12:02:19 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{092BFF95-2086-4851-AB13-623F4CEFF619}.job
[2010/05/16 12:00:01 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 12:00:01 | 000,002,000 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 11:59:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/16 11:59:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/16 01:24:13 | 000,524,288 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/16 01:24:13 | 000,065,536 | -HS- | M] () -- C:\Users\hp\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/16 01:23:23 | 002,430,358 | -H-- | M] () -- C:\Users\hp\AppData\Local\IconCache.db
[2010/05/16 00:35:02 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000UA.job
[2010/05/15 23:00:04 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/05/15 22:00:01 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/05/15 20:51:54 | 000,005,892 | ---- | M] () -- C:\Users\hp\AppData\Local\d3d9caps.dat
[2010/05/15 20:40:27 | 000,000,762 | ---- | M] () -- C:\Users\hp\Desktop\Advanced File Shredder.lnk
[2010/05/15 20:35:04 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000Core.job
[2010/05/15 17:56:41 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/05/15 16:07:28 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2010/05/15 10:57:01 | 000,183,296 | ---- | M] () -- C:\Users\hp\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/15 10:32:19 | 000,694,964 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/15 10:32:19 | 000,598,588 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/15 10:32:19 | 000,102,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/15 10:25:52 | 059,999,323 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/05/15 10:19:15 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/05/15 02:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/05/14 20:23:13 | 000,014,184 | ---- | M] () -- C:\Users\hp\Documents\Dad Contact Numbers.xlsx
[2010/05/14 20:23:13 | 000,014,184 | ---- | M] () -- C:\Users\hp\Desktop\Dad Contact Numbers.xlsx
[2010/05/13 22:19:55 | 000,189,952 | ---- | M] () -- C:\Users\hp\Documents\Copy of Sodexo-Establishments-Gurgaon.xls
[2010/05/11 21:45:58 | 000,127,591 | ---- | M] () -- C:\Users\hp\Desktop\6M.pptx
[2010/05/11 21:27:29 | 002,595,351 | ---- | M] () -- C:\Users\hp\Desktop\CHREB5868610SYN Book.pdf
[2010/05/10 23:09:38 | 000,060,416 | ---- | M] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.doc
[2010/05/10 23:09:38 | 000,000,162 | -H-- | M] () -- C:\Users\hp\Desktop\~$ptarshi Nath--April-2010.doc
[2010/05/08 12:11:47 | 000,113,633 | ---- | M] () -- C:\Users\hp\Documents\Citi April full payment 2010.jpg
[2010/05/06 21:30:54 | 000,001,391 | ---- | M] () -- C:\Users\hp\Desktop\DivX Movies.lnk
[2010/05/02 23:59:27 | 000,026,344 | ---- | M] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.docx
[2010/05/01 17:38:18 | 000,421,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/29 22:04:38 | 000,779,704 | ---- | M] () -- C:\Users\hp\Desktop\AX100G_Manual.pdf
[2010/04/29 21:57:58 | 000,141,848 | ---- | M] () -- C:\Users\hp\Desktop\ax100gpresets.pdf
[2010/04/29 21:40:44 | 000,002,027 | ---- | M] () -- C:\Users\hp\Desktop\Google Chrome.lnk
[2010/04/28 20:30:40 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010/04/27 03:34:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\Windows\System32\DivXControlPanelApplet.cpl
[2010/04/25 12:44:10 | 000,000,218 | ---- | M] () -- C:\Users\hp\.recently-used.xbel
[2010/04/24 16:35:07 | 000,109,965 | ---- | M] () -- C:\Users\hp\Desktop\April Part Payment.jpg
[2010/04/19 21:17:13 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/17 15:25:25 | 000,063,856 | ---- | M] () -- C:\Users\hp\Desktop\JAW-Canon_in_D.pdf

========== Files Created - No Company Name ==========

[2010/05/15 20:40:27 | 000,000,762 | ---- | C] () -- C:\Users\hp\Desktop\Advanced File Shredder.lnk
[2010/05/15 19:16:21 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/05/15 19:16:21 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/05/15 19:16:21 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/05/15 19:16:21 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/05/15 17:56:41 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010/05/15 16:07:28 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2010/05/15 10:30:50 | 000,014,184 | ---- | C] () -- C:\Users\hp\Documents\Dad Contact Numbers.xlsx
[2010/05/14 20:10:07 | 000,014,184 | ---- | C] () -- C:\Users\hp\Desktop\Dad Contact Numbers.xlsx
[2010/05/13 22:19:50 | 000,189,952 | ---- | C] () -- C:\Users\hp\Documents\Copy of Sodexo-Establishments-Gurgaon.xls
[2010/05/11 21:27:13 | 002,595,351 | ---- | C] () -- C:\Users\hp\Desktop\CHREB5868610SYN Book.pdf
[2010/05/11 20:29:32 | 000,127,591 | ---- | C] () -- C:\Users\hp\Desktop\6M.pptx
[2010/05/10 23:09:38 | 000,000,162 | -H-- | C] () -- C:\Users\hp\Desktop\~$ptarshi Nath--April-2010.doc
[2010/05/10 23:09:36 | 000,060,416 | ---- | C] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.doc
[2010/05/08 12:11:46 | 000,113,633 | ---- | C] () -- C:\Users\hp\Documents\Citi April full payment 2010.jpg
[2010/05/06 21:30:54 | 000,001,391 | ---- | C] () -- C:\Users\hp\Desktop\DivX Movies.lnk
[2010/04/29 22:04:38 | 000,779,704 | ---- | C] () -- C:\Users\hp\Desktop\AX100G_Manual.pdf
[2010/04/29 21:57:58 | 000,141,848 | ---- | C] () -- C:\Users\hp\Desktop\ax100gpresets.pdf
[2010/04/28 22:00:30 | 000,026,344 | ---- | C] () -- C:\Users\hp\Desktop\Saptarshi Nath--April-2010.docx
[2010/04/25 12:44:10 | 000,000,218 | ---- | C] () -- C:\Users\hp\.recently-used.xbel
[2010/04/24 16:35:06 | 000,109,965 | ---- | C] () -- C:\Users\hp\Desktop\April Part Payment.jpg
[2010/04/17 15:25:25 | 000,063,856 | ---- | C] () -- C:\Users\hp\Desktop\JAW-Canon_in_D.pdf
[2010/03/29 23:41:24 | 000,823,808 | ---- | C] () -- C:\Windows\System32\drivers\spnki.sys
[2010/01/04 00:48:20 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/11/26 22:33:40 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009/11/26 22:33:40 | 000,001,024 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009/11/26 22:33:40 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009/11/26 22:27:24 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009/11/26 22:27:24 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009/11/22 19:06:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/06 19:19:48 | 000,000,291 | ---- | C] () -- C:\Windows\System32\XMLConfig_SYSID.ini
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/29 13:02:42 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/06 16:32:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/02 18:05:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 13:10:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 12:32:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 12:32:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 05:28:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/08 09:36:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004/09/17 01:54:26 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:8FF81EB0
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 16th May 2010, 7:53 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 17th May 2010, 5:44 pm

Hi Belahzur,

Thank you for your prompt reply. Here's the info from Combofix, I look forward to hearing from you again.

Raven

Combofix log:

ComboFix 10-05-16.02 - hp 05/17/2010 22:34:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.308 [GMT 5.5:30]
Running from: c:\users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\spnki.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_spnki
-------\Service_spnki


((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 17:17 . 2010-05-17 17:23 -------- d-----w- c:\users\hp\AppData\Local\temp
2010-05-17 17:17 . 2010-05-17 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-16 16:53 . 2010-05-16 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-16 16:53 . 2010-05-16 16:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-16 16:53 . 2010-05-16 16:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-16 16:53 . 2010-05-16 16:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-16 16:53 . 2010-05-17 16:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-15 15:10 . 2010-05-15 15:10 -------- d-----w- c:\program files\AFShredder
2010-05-15 14:52 . 2010-05-15 14:52 -------- d-----w- c:\windows\Sun
2010-05-15 13:46 . 2006-06-19 06:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-15 13:46 . 2006-05-25 09:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-15 13:46 . 2005-08-25 19:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-15 13:46 . 2003-02-02 13:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-15 13:46 . 2002-03-05 18:30 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\program files\Trojan Remover
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\users\hp\AppData\Roaming\Simply Super Software
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\programdata\Simply Super Software
2010-05-15 11:08 . 2010-05-15 11:08 -------- d-----w- C:\VundoFix Backups
2010-05-15 10:51 . 2010-05-15 10:51 -------- d-----w- c:\program files\Unlocker
2010-05-15 10:37 . 2010-05-15 10:37 -------- d-----w- c:\program files\FileASSASSIN
2010-05-12 17:30 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-25 07:07 . 2010-04-25 07:07 -------- d-----w- c:\users\hp\AppData\Roaming\gtk-2.0
2010-04-24 21:59 . 2010-04-27 03:16 -------- d-----w- c:\users\hp\AppData\Roaming\PCF-VLC
2010-04-24 21:51 . 2010-04-24 21:51 -------- d-----w- c:\users\hp\AppData\Roaming\Participatory Culture Foundation
2010-04-21 17:29 . 2010-04-21 17:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-21 17:23 . 2010-05-06 16:14 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 16:58 . 2010-01-26 08:06 5892 ----a-w- c:\users\hp\AppData\Local\d3d9caps.dat
2010-05-16 19:11 . 2009-09-05 07:09 -------- d-----w- c:\users\hp\AppData\Roaming\uTorrent
2010-05-16 16:49 . 2009-11-16 20:23 -------- d-----w- c:\programdata\avg9
2010-05-16 14:33 . 2010-01-16 15:50 -------- d-----w- c:\users\hp\AppData\Roaming\vlc
2010-05-15 12:26 . 2009-09-04 18:54 -------- d-----w- c:\program files\Opera
2010-05-15 12:01 . 2010-01-10 19:17 -------- d-----w- c:\program files\Fiat
2010-05-14 16:58 . 2010-05-14 16:58 63488 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-14 16:58 . 2010-04-06 19:25 117760 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-14 16:55 . 2010-04-06 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 18:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-08 15:49 . 2006-12-18 04:32 -------- d-----w- c:\programdata\Roxio
2010-05-08 06:36 . 2010-05-08 06:36 688920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-05-06 16:14 . 2010-04-21 17:30 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-06 16:00 . 2010-05-06 16:00 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-06 16:00 . 2006-12-18 05:12 -------- d-----w- c:\program files\DivX
2010-05-06 16:00 . 2010-05-06 16:00 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-06 16:00 . 2010-05-06 16:00 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-06 15:54 . 2010-04-21 17:30 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-06 15:54 . 2010-04-21 17:30 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-06 05:06 . 2009-10-03 05:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 17:29 . 2010-04-21 17:29 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-19 15:47 . 2010-04-19 15:47 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-19 15:43 . 2010-04-19 15:43 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-19 09:29 . 2010-04-19 09:29 255472 ----a-w- c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-17 07:03 . 2006-12-18 04:56 -------- d-----w- c:\programdata\CyberLink
2010-04-10 08:28 . 2010-04-10 08:28 155648 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Installer\{4B200398-CA2D-4F67-8D00-C618F04020A7}\oMetronome_WAV.exe
2010-04-10 08:28 . 2010-04-10 08:28 -------- d-----w- c:\program files\Open Metronome
2010-04-10 08:18 . 2010-04-10 08:18 -------- d-----w- c:\program files\D'Accord Metronome
2010-04-10 06:03 . 2010-04-10 06:03 -------- d-----w- c:\users\hp\AppData\Roaming\AVG9
2010-04-09 16:42 . 2010-04-09 16:42 -------- d-----w- c:\programdata\WindowsSearch
2010-04-08 16:57 . 2010-04-08 16:57 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-08 16:57 . 2010-04-08 16:57 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-08 16:57 . 2010-04-08 16:57 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-07 16:16 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 16:13 . 2010-04-07 16:13 -------- d-----w- c:\users\hp\AppData\Roaming\GTek
2010-04-06 19:25 . 2010-04-06 19:25 52224 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com
2010-04-06 19:22 . 2010-04-06 19:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-01 16:36 . 2010-04-01 16:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-01 16:35 . 2010-04-01 16:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-01 16:26 . 2010-04-01 16:25 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\programdata\Lavasoft
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\program files\Lavasoft
2010-03-30 18:22 . 2010-01-01 17:19 197900 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-30 18:18 . 2010-03-30 17:51 -------- d-----w- c:\program files\MicroSoft
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\programdata\Malwarebytes
2010-03-29 19:21 . 2010-01-26 08:37 -------- d-----w- c:\program files\QuickTime
2010-03-29 19:20 . 2010-03-28 18:49 -------- d-----w- c:\program files\iTunes
2010-03-29 16:13 . 2010-01-03 17:08 -------- d-----w- c:\program files\Carbonite
2010-03-29 09:54 . 2010-03-30 18:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 09:54 . 2010-03-30 18:08 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 18:49 . 2010-03-28 18:49 -------- d-----w- c:\program files\iPod
2010-03-28 18:49 . 2009-09-10 16:07 -------- d-----w- c:\program files\Common Files\Apple
2010-03-28 18:30 . 2010-03-28 18:30 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-28 11:00 . 2010-02-20 09:06 -------- d-----w- c:\program files\Nero
2010-03-28 11:00 . 2010-02-20 09:05 -------- d-----w- c:\program files\Common Files\Nero
2010-03-28 10:18 . 2010-02-20 09:05 -------- d-----w- c:\programdata\Nero
2010-03-28 06:05 . 2006-12-18 04:10 -------- d-----w- c:\program files\CONEXANT
2010-03-26 18:30 . 2010-03-26 18:30 -------- d-----w- c:\program files\Trend Micro
2010-03-23 20:06 . 2009-12-28 16:10 -------- d-----w- c:\users\hp\AppData\Roaming\Skype
2010-03-23 18:32 . 2009-12-28 16:12 -------- d-----w- c:\users\hp\AppData\Roaming\skypePM
2010-03-05 14:01 . 2010-04-14 16:08 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 16:53 . 2009-08-26 04:58 119144 ----a-w- c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 11:10 . 2010-04-14 16:08 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 16:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 16:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-30 23:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 23:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 23:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 21:30 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 21:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 21:30 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 14:07 . 2010-04-14 16:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 16:08 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-14 16:08 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-14 16:07 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 16:07 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll
2005-11-29 10:47 . 2005-11-29 10:47 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll
2005-11-29 10:47 . 2005-11-29 10:47 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll
2005-11-29 10:47 . 2005-11-29 10:47 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll
2005-11-29 10:47 . 2005-11-29 10:47 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll
.
Code:
<pre>
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\23850
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 19:34 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-05-16 16:52 2064736 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 05:34 133104 ----atw- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2006-11-22 00:36 1474560 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 12:37 141608 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 09:54 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-25 18:01 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 17:38 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a9,fa,3a,d9,fe,7a,ca,01

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-13 1291544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-16 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-05-16 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-14 68168]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-16 308064]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 07:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-17 c:\windows\Tasks\User_Feed_Synchronization-{092BFF95-2086-4851-AB13-623F4CEFF619}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\cbkgedm1.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npican.dll
FF - plugin: c:\users\hp\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-17 22:53
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-17 23:03:24 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-17 17:33

Pre-Run: 41,342,943,232 bytes free
Post-Run: 41,415,688,192 bytes free

- - End Of File - - DD50E4FABFE0EF1A3305A8605876703B

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 17th May 2010, 9:35 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    RenV::
    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\qlbctrl .exe
    c:\program files\Hewlett-Packard\HP Wireless Assistant\hpwamain .exe
    c:\program files\Hewlett-Packard\HP Wireless Assistant\wifimsg .exe
    c:\program files\Java\jre6\bin\jusched .exe
    c:\program files\Synaptics\SynTP\syntpenh .exe

    DDS::
    uStart Page = about:blank

    File::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 18th May 2010, 3:16 pm

Thanks again! Here's the log, I look forward to your next guidance:

ComboFix 10-05-16.02 - hp 05/18/2010 20:09:39.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1013.213 [GMT 5.5:30]
Running from: c:\users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\ComboFix.exe
Command switches used :: c:\users\hp\Downloads\Software\To Fix Trojan--From GeeksPolice\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 14:52 . 2010-05-18 15:00 -------- d-----w- c:\users\hp\AppData\Local\temp
2010-05-18 14:52 . 2010-05-18 14:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-18 14:52 . 2010-05-18 14:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-16 16:53 . 2010-05-16 16:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-16 16:53 . 2010-05-16 16:53 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-16 16:53 . 2010-05-16 16:53 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-16 16:53 . 2010-05-16 16:53 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-16 16:53 . 2010-05-18 14:36 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-15 15:10 . 2010-05-15 15:10 -------- d-----w- c:\program files\AFShredder
2010-05-15 14:52 . 2010-05-15 14:52 -------- d-----w- c:\windows\Sun
2010-05-15 13:46 . 2006-06-19 06:31 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-15 13:46 . 2006-05-25 09:22 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-15 13:46 . 2005-08-25 19:20 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-15 13:46 . 2003-02-02 13:36 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-15 13:46 . 2002-03-05 18:30 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\program files\Trojan Remover
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\users\hp\AppData\Roaming\Simply Super Software
2010-05-15 13:46 . 2010-05-15 13:46 -------- d-----w- c:\programdata\Simply Super Software
2010-05-15 11:08 . 2010-05-15 11:08 -------- d-----w- C:\VundoFix Backups
2010-05-15 10:51 . 2010-05-15 10:51 -------- d-----w- c:\program files\Unlocker
2010-05-15 10:37 . 2010-05-15 10:37 -------- d-----w- c:\program files\FileASSASSIN
2010-05-12 17:30 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-25 07:07 . 2010-04-25 07:07 -------- d-----w- c:\users\hp\AppData\Roaming\gtk-2.0
2010-04-24 21:59 . 2010-04-27 03:16 -------- d-----w- c:\users\hp\AppData\Roaming\PCF-VLC
2010-04-24 21:51 . 2010-04-24 21:51 -------- d-----w- c:\users\hp\AppData\Roaming\Participatory Culture Foundation
2010-04-21 17:29 . 2010-04-21 17:29 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-04-21 17:23 . 2010-05-06 16:14 -------- d-----w- c:\programdata\DivX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 18:40 . 2009-09-05 07:09 -------- d-----w- c:\users\hp\AppData\Roaming\uTorrent
2010-05-17 17:57 . 2010-01-26 08:06 5892 ----a-w- c:\users\hp\AppData\Local\d3d9caps.dat
2010-05-16 16:49 . 2009-11-16 20:23 -------- d-----w- c:\programdata\avg9
2010-05-16 14:33 . 2010-01-16 15:50 -------- d-----w- c:\users\hp\AppData\Roaming\vlc
2010-05-15 12:26 . 2009-09-04 18:54 -------- d-----w- c:\program files\Opera
2010-05-15 12:01 . 2010-01-10 19:17 -------- d-----w- c:\program files\Fiat
2010-05-14 16:58 . 2010-05-14 16:58 63488 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-05-14 16:58 . 2010-04-06 19:25 117760 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-14 16:55 . 2010-04-06 19:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 18:22 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-08 15:49 . 2006-12-18 04:32 -------- d-----w- c:\programdata\Roxio
2010-05-08 06:36 . 2010-05-08 06:36 688920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2010-05-06 16:14 . 2010-04-21 17:30 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-06 16:00 . 2010-05-06 16:00 56766 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-06 16:00 . 2006-12-18 05:12 -------- d-----w- c:\program files\DivX
2010-05-06 16:00 . 2010-05-06 16:00 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-05-06 16:00 . 2010-05-06 16:00 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-06 15:54 . 2010-04-21 17:30 754984 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-05-06 15:54 . 2010-04-21 17:30 1180952 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-05-06 05:06 . 2009-10-03 05:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-21 17:29 . 2010-04-21 17:29 56978 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-04-21 17:29 . 2010-04-21 17:29 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-04-19 15:47 . 2010-04-19 15:47 242696 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-04-19 15:43 . 2010-04-19 15:43 1689952 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-04-19 09:29 . 2010-04-19 09:29 255472 ----a-w- c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-04-17 07:03 . 2006-12-18 04:56 -------- d-----w- c:\programdata\CyberLink
2010-04-10 08:28 . 2010-04-10 08:28 155648 ----a-r- c:\users\hp\AppData\Roaming\Microsoft\Installer\{4B200398-CA2D-4F67-8D00-C618F04020A7}\oMetronome_WAV.exe
2010-04-10 08:28 . 2010-04-10 08:28 -------- d-----w- c:\program files\Open Metronome
2010-04-10 08:18 . 2010-04-10 08:18 -------- d-----w- c:\program files\D'Accord Metronome
2010-04-10 06:03 . 2010-04-10 06:03 -------- d-----w- c:\users\hp\AppData\Roaming\AVG9
2010-04-09 16:42 . 2010-04-09 16:42 -------- d-----w- c:\programdata\WindowsSearch
2010-04-08 16:57 . 2010-04-08 16:57 53088 ----a-w- c:\windows\system32\drivers\pxrts.sys
2010-04-08 16:57 . 2010-04-08 16:57 30280 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-04-08 16:57 . 2010-04-08 16:57 24368 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2010-04-07 16:16 . 2006-12-18 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-07 16:13 . 2010-04-07 16:13 -------- d-----w- c:\users\hp\AppData\Roaming\GTek
2010-04-06 19:25 . 2010-04-06 19:25 52224 ----a-w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-06 19:23 . 2010-04-06 19:23 -------- d-----w- c:\users\hp\AppData\Roaming\SUPERAntiSpyware.com
2010-04-06 19:22 . 2010-04-06 19:22 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-01 16:36 . 2010-04-01 16:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-04-01 16:35 . 2010-04-01 16:51 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-01 16:26 . 2010-04-01 16:25 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\programdata\Lavasoft
2010-04-01 16:25 . 2010-02-06 09:47 -------- d-----w- c:\program files\Lavasoft
2010-03-30 18:22 . 2010-01-01 17:19 197900 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-30 18:18 . 2010-03-30 17:51 -------- d-----w- c:\program files\MicroSoft
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\users\hp\AppData\Roaming\Malwarebytes
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 18:08 . 2010-03-30 18:08 -------- d-----w- c:\programdata\Malwarebytes
2010-03-29 19:21 . 2010-01-26 08:37 -------- d-----w- c:\program files\QuickTime
2010-03-29 19:20 . 2010-03-28 18:49 -------- d-----w- c:\program files\iTunes
2010-03-29 16:13 . 2010-01-03 17:08 -------- d-----w- c:\program files\Carbonite
2010-03-29 09:54 . 2010-03-30 18:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 09:54 . 2010-03-30 18:08 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 18:49 . 2010-03-28 18:49 -------- d-----w- c:\program files\iPod
2010-03-28 18:49 . 2009-09-10 16:07 -------- d-----w- c:\program files\Common Files\Apple
2010-03-28 18:30 . 2010-03-28 18:30 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-28 11:00 . 2010-02-20 09:06 -------- d-----w- c:\program files\Nero
2010-03-28 11:00 . 2010-02-20 09:05 -------- d-----w- c:\program files\Common Files\Nero
2010-03-28 10:18 . 2010-02-20 09:05 -------- d-----w- c:\programdata\Nero
2010-03-28 06:05 . 2006-12-18 04:10 -------- d-----w- c:\program files\CONEXANT
2010-03-26 18:30 . 2010-03-26 18:30 -------- d-----w- c:\program files\Trend Micro
2010-03-23 20:06 . 2009-12-28 16:10 -------- d-----w- c:\users\hp\AppData\Roaming\Skype
2010-03-23 18:32 . 2009-12-28 16:12 -------- d-----w- c:\users\hp\AppData\Roaming\skypePM
2010-03-05 14:01 . 2010-04-14 16:08 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 16:53 . 2009-08-26 04:58 119144 ----a-w- c:\users\hp\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 11:10 . 2010-04-14 16:08 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-14 16:08 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-14 16:08 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-03-30 23:43 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-30 23:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-30 23:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-30 23:43 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-11 21:30 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-11 21:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-11 21:30 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-18 14:07 . 2010-04-14 16:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-14 16:08 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-14 16:08 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-14 16:07 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-14 16:07 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\cgpcfg.dll
2005-11-29 10:47 . 2005-11-29 10:47 74000 ----a-w- c:\program files\opera\program\plugins\cgpcore.dll
2005-11-29 10:47 . 2005-11-29 10:47 45328 ----a-w- c:\program files\opera\program\plugins\icalogon.dll
2005-11-29 10:47 . 2005-11-29 10:47 28944 ----a-w- c:\program files\opera\program\plugins\pscript.dll
2005-11-29 10:47 . 2005-11-29 10:47 69904 ----a-w- c:\program files\opera\program\plugins\sslsdk_b.dll
2005-11-29 10:47 . 2005-11-29 10:47 24848 ----a-w- c:\program files\opera\program\plugins\tcppserv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-03-09 15872]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-18 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 09:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^hp^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 19:34 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-05-16 16:52 2064736 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-29 05:34 133104 ----atw- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 19:17 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2006-11-28 23:42 46704 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-17 07:11 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2006-11-22 00:36 1474560 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 12:37 141608 ----a-w- c:\program files\iTunes\ituneshelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-03-29 09:54 1086856 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MaxMenuMgr]
2009-09-25 18:01 185640 ----a-w- c:\program files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 17:38 417792 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a9,fa,3a,d9,fe,7a,ca,01

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-09-25 189736]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-13 1291544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-05-16 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-05-16 242896]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-14 68168]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-05-16 308064]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-10-26 4247552]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 07:54 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000Core.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3835418278-2600349672-3107389679-1000UA.job
- c:\users\hp\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-29 05:34]

2010-05-18 c:\windows\Tasks\User_Feed_Synchronization-{092BFF95-2086-4851-AB13-623F4CEFF619}.job
- c:\windows\system32\msfeedssync.exe [2010-03-30 04:54]
.
.
------- Supplementary Scan -------
.
DPF: {B9F79165-A264-4C4A-A211-133A5E8D647F} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\hp\AppData\Roaming\Mozilla\Firefox\Profiles\cbkgedm1.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Opera\program\plugins\npican.dll
FF - plugin: c:\users\hp\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\hp\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-18 20:30
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c6,e6,58,99,5e,9b,d0,42,8d,88,95,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-18 20:36:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 15:06
ComboFix2.txt 2010-05-17 17:33

Pre-Run: 41,437,614,080 bytes free
Post-Run: 41,412,186,112 bytes free

- - End Of File - - 8AF7ACB80C6B8FA908B74F59F885812B

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 18th May 2010, 10:20 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 19th May 2010, 2:57 pm

Hi,

When I was trying to uninstall Combofix, I received this message: Alert, it is not safe to continue. The contents of the Combofix package have been compromised. Please download a fresh copy from. ....

....may be infected with virus "virut".

I did manage to uninstall after this message. Am posting the log shortly.
Thanks,
Raven

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 19th May 2010, 10:34 pm

Okay, standing by.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 20th May 2010, 3:41 am

Hi Belahzur,

Sorry I had to keep the scan running all night! A log file wasn't saved though, but I saved a different txt file with details of the removed malware. Here it is:
C:\Users\hp\Downloads\Software\MyPhoneExplorer_Setup_v1.7.4.exe Win32/Adware.ADON application deleted - quarantined
C:\Users\hp\Downloads\Software\Nero 9 All Products - Crack.exe probably a variant of Win32/PSW.Agent trojan cleaned by deleting - quarantined
C:\Users\hp\Downloads\Software\MediaMonkey Gold v.3.1.1.1261-CORE[H33T][Frapmat212]\keygen.exe probably a variant of Win32/Agent trojan cleaned by deleting - quarantined
C:\Users\hp\Downloads\Software\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar application deleted - quarantined

Here is an already existing log file which is not what you were looking for, I think:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

I think my laptop is clean now. Thanks a billion! :-)

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 20th May 2010, 10:30 pm

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 21st May 2010, 5:52 pm

Hi,

Here is the log I got:
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\hp games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\hp games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
c:\program files\hp games\jewel quest\audio\st_win3_crackle.ogg
c:\program files\hp games\word symphony\resources\ball\eggcrack.wjp
c:\program files\hp games\word symphony\resources\ball\eggcrack_a.wjp
c:\users\hp\downloads\software\nero 7.10.1.0\keygen.exe
c:\users\hp\downloads\software\nero 9.4.26.0+keygen [gr420]\nero-9.4.26.0_update.exe
c:\users\hp\downloads\software\nero 9.4.26.0+keygen [gr420]\trial.txt
c:\users\hp\downloads\utorrent\completed\spss 17\keygen.exe
c:\users\hp\downloads\utorrent\downloading\guitarpro v5.2 incl. keygen.rar
c:\users\hp\downloads\utorrent\torrent files\[isohunt] guitarpro v5.2 incl. keygen.rar.torrent
scanner sequence 3.EF.11
----- EOF -----

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 21st May 2010, 10:01 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\users\hp\downloads\utorrent
    c:\users\hp\AppData\Roaming\uTorrent
    C:\VundoFix Backups
    c:\users\hp\downloads\software\nero 7.10.1.0


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 22nd May 2010, 5:08 am

I am not sure that worked. I wasn't prompted to delete/remove anything, here is the log:

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTL by OldTimer - Version 3.2.4.1 log created on 05222010_103400

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 22nd May 2010, 2:02 pm

Hello.
You may have missed :OTL as the top header line as the script didn't work correctly, please run it again.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 22nd May 2010, 3:45 pm

Oops, you were right! Smile Here is the log I got this time:
========== FILES ==========
c:\users\hp\downloads\utorrent\Torrent Files\Completed folder moved successfully.
c:\users\hp\downloads\utorrent\Torrent Files folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Satanic Panic.2009.DvdRip.Xvid {1337x}-Noir folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Photoshop CS2 v9.0 + working KeyGen folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers\Nightwish\Wishmastour folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers\Nightwish\Walking In The Air folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers\Nightwish\The Carpenter folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers\Nightwish\Kuolema Tekee Taiteilijan folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers\Nightwish folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading\Metallica Orgullo Pasion Y Gloria Tres Noches En Mexico 2009 BDRip H264 Wrath folder moved successfully.
c:\users\hp\downloads\utorrent\Downloading folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Three Days Grace - Life Starts Now folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\The.Secret.of.Kells.2009.LiMiTED.DVDRip.XviD-LPD- [ [You must be registered and logged in to see this link.] ] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\The Blind Side folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Tarot - Gravity of Light (2010) folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Static-X\Machine folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Static-X folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\SPSS 17 folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Slash - Slash CDRip 2010 [Cov+CD][Bubanee] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Possession folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Pirates.of.the.Caribbean.Trilogy.BRRip.XviD.AC3-DEViSE\Pirates.of.the.Caribbean.The.Curse.of.the.Black.Pearl.2003.BRRip.XviD.AC3-DEViSE folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Pirates.of.the.Caribbean.Trilogy.BRRip.XviD.AC3-DEViSE folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne\2003 The Essential Ozzy Osbourne CD 2 folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne\2003 The Essential Ozzy Osbourne CD 1 folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne\1997 The Ozzman Cometh folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne\1995 Ozzmosis folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne\1993 Live & Loud CD 2 folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne\1993 Live & Loud CD 1 folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne\1991 No More Tears folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Ozzy Osbourne folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers\Nightwish\Century Child folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers\Nightwish folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Nightwish Complete Discography 7 albums 17 singles High Quality + Album Covers folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Nickelback - Dark Horse-CD-2008 seeded by [You must be registered and logged in to see this link.] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Leaves' Eyes - (2009) Njord folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Leap Year.2010.BdRip.Xvid {1337x}-Noir folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Guitar Pro 5.2 (with complete RSE packs) folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Gorky Park - Gorky Park folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Falling.Up.2009.DVDRip.XviD-Emery folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography\Faith No More - This Is It The Best Of(Darkside_RG) folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography\Faith No More - Fools Small Victory B-sides and Rarities 90-95 folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography\Faith No More - 1997 - Album Of The Year folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography\Faith No More - 1992 - Angel Dust folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography\Faith No More - 1991 - Live at the Brixton Acadamy folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography\Faith No More - 1989 - The Real Thing folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography\Faith No More - 1987 - Introduce Yourself folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Faith No More - Discography folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Eluveitie -2010- Everything Remains As It Never Was [Limited Edition]\Everything Remains As It Never Was Artwork folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Eluveitie -2010- Everything Remains As It Never Was [Limited Edition] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Doro\2009 Fear No Evil folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Doro folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Dimmu Borgir - Discografia [[You must be registered and logged in to see this link.] Puritanical Euphoric Misanthropia folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Dimmu Borgir - Discografia [[You must be registered and logged in to see this link.] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Delain -2009- April Rain folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Coraline.DVDRip.XviD-ARROW.[[You must be registered and logged in to see this link.] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Collective Soul\Blender folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Collective Soul folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Coheed and Cambria - Year Of The Black Rainbow folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Avatar 2009 DvDRip Xvid AC3-FLAWL3SS folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Avantasia 2010 - The Wicked Symphony @320 (Ger) SPM folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Avantasia 2010 - Angel Of Babylon @320 (Ger) SPM folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\AUDIOSLAVE - DISCOGRAPHY [CHANNEL NEO]\(2003) Audioslave [Self Titled] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\AUDIOSLAVE - DISCOGRAPHY [CHANNEL NEO] folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Astro.Boy.2009.DVDRip.XviD-Emery1337x folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\As I Lay Dying - The Powerless Rise (2010-MP3) folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\An.Education.2009.DVDrip.XviD-Emery1337x folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Amreeka.2009.DVDRip.XviD-DVSKY.(USABIT.com)\Sample folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\Amreeka.2009.DVDRip.XviD-DVSKY.(USABIT.com) folder moved successfully.
c:\users\hp\downloads\utorrent\Completed\A Serious Man 2009 XviD DVDRIP SAFCuk009 folder moved successfully.
c:\users\hp\downloads\utorrent\Completed folder moved successfully.
c:\users\hp\downloads\utorrent folder moved successfully.
c:\users\hp\AppData\Roaming\uTorrent folder moved successfully.
File\Folder C:\VundoFix Backups not found.
c:\users\hp\downloads\software\Nero 7.10.1.0 folder moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05222010_211440

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 22nd May 2010, 3:47 pm

Hey, where did OTL move all my downloads!? Is there a location I can find them in?

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by Belahzur on 22nd May 2010, 3:50 pm

Hello.

They are moved to C:\_OTL\Moved Files

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: MBAM Cannot Remove A Malware

Post by ravenlord on 22nd May 2010, 3:51 pm

Oh, thanks. Makes sense. I will get rid of those right away. Smile Thank you for all your help!

ravenlord
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-05-15
OS OS : Vista 32 bit
Points Points : 24158
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum