PDA

View Full Version : malware: kbiwkm, uacbbr. unable to remove



Anders61
2009-09-08, 21:26
I have read the posting rules but I am unfortunately able to post an audit report due to malware infection. I cannot Run Spybot or anyother virus cleaner. I had been able to run drweb where it detected uacbbr.dll but could not remove it. It also seemed to find kbiwkm... but skipped over it or could not identify it at that time. I am now in safemode after a rebot that now locked me out of internet access and most all application are running with errors.....

I found that Sedward (http://forums.spybot.info/showthread.php?t=51174&page=3&) case seems to be very similar to my current situation. I believe Blade81 found a solution for cleaning sedwicks machine.

I would greatly appreciate your help!!!

Anders61
2009-09-10, 21:52
Am out of safemode after running GMER and disabling both:
UACyvyjhniyyj & kbiwkmubfdcdqp also removed all sign of them in the C:\WINDOWS\system32\

disabling caused .exe errors and have a winlogon.exe issue

I need some security expert support on this one.

thanks,

:rockon:

GMER log now is :

**************************************
GMER 1.0.15.15077 [4x49o2xr.exe] - http://www.gmer.net
Rootkit scan 2009-09-09 19:27:07
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT F8B46716 ZwCreateKey
SSDT F8B4670C ZwCreateThread
SSDT F8B4671B ZwDeleteKey
SSDT F8B46725 ZwDeleteValueKey
SSDT F8B4672A ZwLoadKey
SSDT F8B466F8 ZwOpenProcess
SSDT F8B466FD ZwOpenThread
SSDT F8B46734 ZwReplaceKey
SSDT F8B4672F ZwRestoreKey
SSDT F8B46720 ZwSetValueKey
SSDT F8B46707 ZwTerminateProcess

---- User code sections - GMER 1.0.15 ----

? C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] image checksum mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll
.data C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe unknown last section [0x00404000, 0x26ACC, 0xC0000040]
? C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe[476] C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe The system cannot find the file specified.
? C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] image checksum mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll
.data C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe unknown last section [0x00404000, 0x26ACC, 0xC0000040]
? C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] image checksum mismatch; unknown module: urlmon.dllunknown module: oleaut32.dll
.data C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe unknown last section [0x00404000, 0x26ACC, 0xC0000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualProtect] FFFFFEDC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetOEMCP] 8B0852FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetWindowsDirectoryW] FFFEE895
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedIncrement] FF128BFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateFileA] FFFEE8B5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentThreadId] 0852FFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetVersion] FEF4958B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindFirstFileA] 128BFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetStartupInfoA] FEF4B5FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentProcessId] 52FFFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleHandleA] 94858B08
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetLocaleInfoA] C9FFFFFE
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GlobalFree] 550008C2
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetStdHandle] C483EC8B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!TlsFree] C045C7C0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedExchange] 00000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WriteFile] 00F845C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadLibraryA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetACP] 50F8458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateDirectoryW] FF0C75FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindNextFileW] 7D833452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetConsoleCP] 840F00F8
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WideCharToMultiByte] 00F445C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrcmpiW] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WaitForSingleObject] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!DisableThreadLibraryCalls] 50F4458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!Sleep] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!ExitProcess] 7D832452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CompareStringW] 840F00F4
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindResourceExW] 000000F1
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualAlloc] 14DC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetTickCount] E9000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetSystemTimeAsFileTime] 000000D5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!IsDebuggerPresent] E8F475FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadResource] 00002B84
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleFileNameW] E850CC45
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrlenA] CC45C766
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindClose] 458B0003
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!TranslateMessage] 00F045C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetWindowLongA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DialogBoxParamA] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DispatchMessageW] 50F0458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetSysColorBrush] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDlgButtonChecked] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetForegroundWindow] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetWindowTextW] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!RedrawWindow] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetScrollInfo] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDialogMessageA] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!MessageBoxA] 7D832C52
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!InvalidateRect] 7E7400F0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!EnableWindow] 7A75C00B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetRect] 00EC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!wcsrchr] 128BF055
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_vsnwprintf] 50EC458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_cexit] 4098E868
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!memcpy] F075FF00
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!??1type_info@@UAE@XZ] 7D8312FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[312] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_lock] 4F7400EC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualProtect] FFFFFEDC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetOEMCP] 8B0852FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetWindowsDirectoryW] FFFEE895
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedIncrement] FF128BFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateFileA] FFFEE8B5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentThreadId] 0852FFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetVersion] FEF4958B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindFirstFileA] 128BFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetStartupInfoA] FEF4B5FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetCurrentProcessId] 52FFFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleHandleA] 94858B08
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetLocaleInfoA] C9FFFFFE
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GlobalFree] 550008C2
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetStdHandle] C483EC8B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!TlsFree] C045C7C0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!InterlockedExchange] 00000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WriteFile] 00F845C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadLibraryA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetACP] 50F8458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CreateDirectoryW] FF0C75FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindNextFileW] 7D833452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!SetConsoleCP] 840F00F8
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WideCharToMultiByte] 00F445C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrcmpiW] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!WaitForSingleObject] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!DisableThreadLibraryCalls] 50F4458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!Sleep] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!ExitProcess] 7D832452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!CompareStringW] 840F00F4
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindResourceExW] 000000F1
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!VirtualAlloc] 14DC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetTickCount] E9000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetSystemTimeAsFileTime] 000000D5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!IsDebuggerPresent] E8F475FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!LoadResource] 00002B84
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!GetModuleFileNameW] E850CC45
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!lstrlenA] CC45C766
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [KERNEL32.DLL!FindClose] 458B0003
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!TranslateMessage] 00F045C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetWindowLongA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DialogBoxParamA] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!DispatchMessageW] 50F0458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetSysColorBrush] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDlgButtonChecked] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetForegroundWindow] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!GetWindowTextW] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!RedrawWindow] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetScrollInfo] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!IsDialogMessageA] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!MessageBoxA] 7D832C52
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!InvalidateRect] 7E7400F0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!EnableWindow] 7A75C00B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [USER32.DLL!SetRect] 00EC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!wcsrchr] 128BF055
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_vsnwprintf] 50EC458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_cexit] 4098E868
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!memcpy] F075FF00
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!??1type_info@@UAE@XZ] 7D8312FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe[876] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\services.exe [MSVCRT.DLL!_lock] 4F7400EC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!VirtualProtect] FFFFFEDC
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetOEMCP] 8B0852FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetWindowsDirectoryW] FFFEE895
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!InterlockedIncrement] FF128BFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CreateFileA] FFFEE8B5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetCurrentThreadId] 0852FFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetVersion] FEF4958B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindFirstFileA] 128BFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetStartupInfoA] FEF4B5FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetCurrentProcessId] 52FFFFFF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetModuleHandleA] 94858B08
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetLocaleInfoA] C9FFFFFE
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GlobalFree] 550008C2
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetStdHandle] C483EC8B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!TlsFree] C045C7C0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!InterlockedExchange] 00000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WriteFile] 00F845C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!LoadLibraryA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetACP] 50F8458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CreateDirectoryW] FF0C75FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindNextFileW] 7D833452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!SetConsoleCP] 840F00F8
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WideCharToMultiByte] 00F445C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!lstrcmpiW] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!WaitForSingleObject] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!DisableThreadLibraryCalls] 50F4458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!Sleep] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!ExitProcess] 7D832452
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!CompareStringW] 840F00F4
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindResourceExW] 000000F1
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!VirtualAlloc] 14DC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetTickCount] E9000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetSystemTimeAsFileTime] 000000D5
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!IsDebuggerPresent] E8F475FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!LoadResource] 00002B84
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!GetModuleFileNameW] E850CC45
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!lstrlenA] CC45C766
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [KERNEL32.DLL!FindClose] 458B0003
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!TranslateMessage] 00F045C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetWindowLongA] 8B000000
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!DialogBoxParamA] 128BF855
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!DispatchMessageW] 50F0458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!GetSysColorBrush] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!IsDlgButtonChecked] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetForegroundWindow] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!GetWindowTextW] FFD875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!RedrawWindow] 75FFD475
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetScrollInfo] CC75FFD0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!IsDialogMessageA] FFF875FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!MessageBoxA] 7D832C52
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!InvalidateRect] 7E7400F0
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!EnableWindow] 7A75C00B
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [USER32.DLL!SetRect] 00EC45C7
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!wcsrchr] 128BF055
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!_vsnwprintf] 50EC458D
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!_cexit] 4098E868
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!memcpy] F075FF00
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!??1type_info@@UAE@XZ] 7D8312FF
IAT C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe[1024] @ C:\DOCUME~1\Dave\LOCALS~1\Temp\svchost.exe [MSVCRT.DLL!_lock] 4F7400EC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A9719C8A
---- Processes - GMER 1.0.15 ----

Library C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe (*** hidden *** ) @ C:\DOCUME~1\Dave\LOCALS~1\Temp\winlogon.exe [476] 0x00400000
Library C:\DOCUME~1\Dave\LOCALS~1\Temp\taskmgr.exe (*** hidden *** ) @ C:\DOCUME~1\Dave\LOCALS~1\Temp\taskmgr.exe [480] 0x00400000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmubfdcdqp.sys (*** hidden *** ) [DISABLED] kbiwkmqowyrelt <-- ROOTKIT !!!
Service C:\WINDOWS\system32\drivers\UACyvyjhniyyj.sys (*** hidden *** ) [DISABLED] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt@imagepath \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main@aid 10002
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main@sid 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmuebhxgrk.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmdtppvyue.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmywsxvvmr.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmqowyrelt\modules@kbiwkm.dat \systemroot\system32\kbiwkmawyevdac.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 4
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyvyjhniyyj.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACsr
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt@imagepath \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main@aid 10002
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main@sid 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmubfdcdqp.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmuebhxgrk.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmdtppvyue.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmywsxvvmr.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmqowyrelt\modules@kbiwkm.dat \systemroot\system32\kbiwkmawyevdac.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACyvyjhniyyj.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACsr
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Windows System Recover! C:\DOCUME~1\Dave\LOCALS~1\Temp\install.exe

---- EOF - GMER 1.0.15 ----

**************************************

Blade81
2009-09-11, 19:33
Hello,

Download DDS and save it to your desktop from here (http://www.techsupportforum.com/sectools/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.forospyware.com/sUBs/dds).
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.

Anders61
2009-09-11, 20:23
I have been having some issue now with winlogon.exe so
many programs dont execute...
My cmd window pop-up and asked how do I want to run
DDS
I dont believe I have any blocking software...

... any suggestion here...

Blade81
2009-09-11, 22:28
Hi,

Did you try all those different three links?

Anders61
2009-09-11, 23:49
yes, I tried all three
I also tried to run it via a command window but unsuccessful.

not sure what else to try...

perhaps a bat?

thank you in advance

Blade81
2009-09-11, 23:57
Let's see if RSIT runs.

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized, if not you'll find it in c:\rsit folder)

Anders61
2009-09-12, 00:21
here is the log file:

*******************
Logfile of random's system information tool 1.06 (written by random/random)
Run by Dave at 2009-09-11 14:01:28
Microsoft Windows XP Professional Service Pack 2
System drive C: has 649 MB (6%) free of 10 GB
Total RAM: 503 MB (30% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF56A325-23F2-42AD-F4E4-00AAC39CAA53}]
C:\WINDOWS\system32\tajf83ikdmf.dll - C:\WINDOWS\system32\tajf83ikdmf.dll [2009-09-08 15000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll []
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-12 155648]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2005-02-14 155648]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-02-14 126976]
""= []
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-29 385024]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-03 606208]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2004-04-25 53248]
"UpdateManager"=C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [2004-01-06 110592]
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe [2004-12-05 127035]
"DataLayer"=C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe [2006-10-27 863744]
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"Logitech Utility"=C:\WINDOWS\Logi_MwX.Exe [2003-12-17 19968]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2006-11-08 222208]
"Adobe Reader Speed Launcher"=D:\Program Downloads\adobe 9\Reader\Reader_sl.exe [2009-02-27 35696]
"RecoverFromReboot"=C:\WINDOWS\Temp\RecoverFromReboot.exe []
"net"=C:\WINDOWS\system32\net.net []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe"=1&1 EasyLogin HIDE []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"Windows System Recover!"=C:\DOCUME~1\Dave\LOCALS~1\Temp\debug.exe [2009-09-11 23044]
"WIndows Rescue Disk"=C:\DOCUME~1\Dave\LOCALS~1\Temp\win.exe [2009-09-11 23044]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Picture Package Menu.lnk - D:\Program Downloads\Picture Package Menu\SonyTray.exe
Picture Package VCD Maker.lnk - D:\Program Downloads\Picture Package Applications\Residence.exe
SBC Self Support Tool.lnk - C:\Program Files\SBC Self Support Tool\bin\matcli.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-02-14 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ghya673gidh87we9inkff - {BF56A325-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\system32\tajf83ikdmf.dll [2009-09-08 15000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFolderOptions"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"c:\Program Files\Yahoo!\Messenger\YPager.exe"="c:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger"
"c:\Program Files\Yahoo!\Messenger\yserver.exe"="c:\Program Files\Yahoo!\Messenger\yserver.exe:*:Enabled:Yahoo! FT Server"
"C:\wamp\Vista emulator\VistA Emulator.exe"="C:\wamp\Vista emulator\VistA Emulator.exe:*:Enabled:VistA Emulator"
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE"="C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console"
"D:\Movies\VLC\vlc.exe"="D:\Movies\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"
"C:\Program Files\SolidWorks\SLDWORKS.exe"="C:\Program Files\SolidWorks\SLDWORKS.exe:*:Enabled:SldWorks"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Disabled:Mozilla Thunderbird"
"C:\wamp\Apache2\bin\Apache.exe"="C:\wamp\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"D:\Program Downloads\bittorent\BitTorrent\bittorrent.exe"="D:\Program Downloads\bittorent\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe


======File associations======

.exe - open - C:\WINDOWS\system32\desote.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-11 14:01:29 ----D---- C:\Program Files\trend micro
2009-09-11 14:01:28 ----D---- C:\rsit
2009-09-08 09:09:49 ----D---- C:\Program Files\Windows Police Pro
2009-09-08 09:04:20 ----A---- C:\WINDOWS\system32\tajf83ikdmf.dll
2009-08-31 14:57:59 ----D---- C:\Documents and Settings\Dave\Application Data\Auslogics
2009-08-31 14:57:54 ----D---- C:\Program Files\Auslogics
2009-08-31 14:01:58 ----D---- C:\Program Files\Avira
2009-08-31 14:01:58 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-08-31 12:09:46 ----D---- C:\Program Files\Wise Disk Cleaner
2009-08-27 10:25:24 ----D---- C:\Documents and Settings\Dave\Application Data\Uniblue
2009-08-26 12:47:26 ----D---- C:\WINDOWS\LastGood
2009-08-25 14:09:22 ----D---- C:\WINDOWS\LastGood.Tmp
2009-08-24 14:21:08 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-24 00:00:32 ----D---- C:\WINDOWS\ServicePackFiles
2009-08-23 23:46:15 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-08-20 15:25:42 ----A---- C:\WINDOWS\system32\msvcp70.dll
2009-08-20 15:25:41 ----D---- C:\Program Files\AML Products
2009-08-20 15:25:41 ----A---- C:\WINDOWS\system32\mfc70.dll
2009-08-20 14:08:35 ----A---- C:\avenger.txt
2009-08-19 15:27:22 ----SHD---- C:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 13:17:40 ----D---- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2009-08-18 15:40:52 ----A---- C:\WINDOWS\svchast.exe
2009-08-18 15:40:51 ----A---- C:\WINDOWS\system32\desot.exe
2009-08-18 15:35:20 ----SHD---- C:\WINDOWS\CSC
2009-08-17 15:15:00 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-17 15:08:40 ----D---- C:\WINDOWS\Minidump

======List of files/folders modified in the last 1 months======

2009-09-11 14:01:29 ----RD---- C:\Program Files
2009-09-11 12:02:29 ----D---- C:\Program Files\Mozilla Firefox
2009-09-11 12:02:03 ----D---- C:\WINDOWS\Temp
2009-09-11 11:22:27 ----D---- C:\WINDOWS\Help
2009-09-10 17:18:54 ----A---- C:\WINDOWS\wininit.ini
2009-09-10 11:11:27 ----D---- C:\Program Files\Mozilla Thunderbird
2009-09-09 19:25:04 ----D---- C:\WINDOWS\SYSTEM32
2009-09-08 22:42:44 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-08 17:33:52 ----D---- C:\Documents and Settings\Dave\Application Data\U3
2009-09-08 09:34:41 ----SHD---- C:\System Volume Information
2009-09-04 15:45:50 ----D---- C:\WINDOWS\system32\DRIVERS
2009-09-04 15:02:08 ----D---- C:\WINDOWS
2009-09-04 15:01:53 ----D---- C:\Program Files\HP
2009-08-31 12:30:51 ----D---- C:\Program Files\SolidWorks
2009-08-31 10:41:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-31 10:41:20 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 09:34:40 ----HD---- C:\WINDOWS\INF
2009-08-28 17:37:06 ----A---- C:\WINDOWS\imsins.BAK
2009-08-28 10:49:04 ----A---- C:\Program Files\SolidWorksswxJRNL.BAK
2009-08-25 14:15:42 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-25 14:09:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-25 14:09:23 ----D---- C:\WINDOWS\ADDINS
2009-08-25 13:50:25 ----D---- C:\Documents and Settings\Dave\Application Data\BitTorrent
2009-08-24 17:05:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-24 17:04:43 ----SHD---- C:\WINDOWS\Installer
2009-08-24 16:22:56 ----A---- C:\WINDOWS\ModemLog_Standard 33600 bps Modem.txt
2009-08-24 16:22:56 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.9x Modem.txt
2009-08-24 00:52:57 ----RSHD---- C:\WINDOWS\system32\DLLCACHE
2009-08-24 00:52:57 ----D---- C:\WINDOWS\system32\Setup
2009-08-24 00:52:57 ----D---- C:\WINDOWS\AppPatch
2009-08-24 00:50:10 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-24 00:49:53 ----D---- C:\Program Files\Messenger
2009-08-24 00:48:19 ----D---- C:\WINDOWS\WinSxS
2009-08-24 00:44:40 ----D---- C:\Program Files\Outlook Express
2009-08-24 00:04:08 ----D---- C:\WINDOWS\Prefetch
2009-08-23 23:56:46 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-23 23:46:15 ----D---- C:\WINDOWS\Debug
2009-08-20 20:31:41 ----D---- C:\I386
2009-08-20 20:31:40 ----D---- C:\WINDOWS\TWAIN_32
2009-08-20 16:35:03 ----SD---- C:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-17 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-12 17153]
R1 sscdbhk5;sscdbhk5; C:\WINDOWS\system32\drivers\sscdbhk5.sys [2004-07-13 5627]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 ssrtln;ssrtln; C:\WINDOWS\system32\drivers\ssrtln.sys [2004-07-13 23545]
R1 Tosrfcom;Bluetooth RFCOMM from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2004-10-04 62799]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-15 108791]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-09-02 121472]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 GTIPCI21;GTIPCI21; C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-03 80384]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-03-22 51088]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-03-22 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-03-22 21744]
R3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2004-06-17 200064]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-02-14 804317]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-11 234496]
R3 LHidFlt2;Logitech HID/USB Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys [2003-12-17 25505]
R3 LHidUsb;Logitech USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsb.Sys [2003-12-17 37887]
R3 LMouFlt2;Logitech Mouse Class Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys [2003-12-17 70801]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-16 12160]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-03 5888]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 tosporte;Bluetooth Port Driver from Toshiba; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2005-01-08 51582]
R3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\System32\Drivers\tosrfusb.sys [2004-12-21 34816]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2004-06-17 685056]
S1 rtfpxmxtycpcdgfn;rtfpxmxtycpcdgfn; C:\WINDOWS\system32\drivers\rtfpxmxtycpcdgfn.sys []
S2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-08-02 17056]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-07-28 55656]
S2 BASFND;BASFND; \??\C:\WINDOWS\system32\Drivers\BASFND.sys []
S2 DgivEcp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgivEcp.Sys [1999-01-29 38400]
S2 drvnddm;drvnddm; C:\WINDOWS\system32\drivers\drvnddm.sys [2004-11-22 40480]
S2 fpoojms;fpoojms; C:\WINDOWS\system32\drivers\cqfrkd.sys []
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-16 13059]
S2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-30 11354]
S2 tfsnboio;tfsnboio; C:\WINDOWS\system32\dla\tfsnboio.sys [2004-12-05 25883]
S2 tfsncofs;tfsncofs; C:\WINDOWS\system32\dla\tfsncofs.sys [2004-12-05 34843]
S2 tfsndrct;tfsndrct; C:\WINDOWS\system32\dla\tfsndrct.sys [2004-12-05 4123]
S2 tfsndres;tfsndres; C:\WINDOWS\system32\dla\tfsndres.sys [2004-12-05 2239]
S2 tfsnifs;tfsnifs; C:\WINDOWS\system32\dla\tfsnifs.sys [2004-12-05 86586]
S2 tfsnopio;tfsnopio; C:\WINDOWS\system32\dla\tfsnopio.sys [2004-12-05 15227]
S2 tfsnpool;tfsnpool; C:\WINDOWS\system32\dla\tfsnpool.sys [2004-12-05 6363]
S2 tfsnudf;tfsnudf; C:\WINDOWS\system32\dla\tfsnudf.sys [2004-12-05 98714]
S2 tfsnudfa;tfsnudfa; C:\WINDOWS\system32\dla\tfsnudfa.sys [2004-12-05 100603]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-16 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-16 9600]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 toshidpt;TOSHIBA Bluetooth HID port driver; C:\WINDOWS\system32\drivers\Toshidpt.sys [2002-10-16 2851]
S3 Tosrfbd;Bluetooth RFBUS from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbd.sys [2005-01-16 98304]
S3 Tosrfbnp;Bluetooth RFBNEP from TOSHIBA; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2004-07-08 36531]
S3 Tosrfhid;Bluetooth RFHID from TOSHIBA; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2004-11-16 50048]
S3 tosrfnds;Bluetooth Personal Area Network from TOSHIBA; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 TosRfSnd;Bluetooth Audio Device (WDM) from TOSHIBA; C:\WINDOWS\system32\drivers\TosRfSnd.sys [2004-12-15 50048]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-03 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
S2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.4; C:\WINDOWS\system32\basfipm.exe [2004-04-01 77824]
S2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe []
S2 Iap;Iap; C:\Program Files\Dell\OpenManage\Client\Iap.exe [2004-02-12 155648]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-03-19 335872]
S2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
S2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
S2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
S2 spupdsvc;Windows Service Pack Installer update service; C:\WINDOWS\system32\spupdsvc.exe [2007-07-27 26488]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-14 32768]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-06-20 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]

-----------------EOF-----------------


*******************

and the info file:

*******************
info.txt logfile of random's system information tool 1.06 2009-09-11 14:02:13

======Uninstall list======

-->"C:\Program Files\SBC Yahoo!\umuninst.exe" /S
-->C:\PROGRA~1\SBCSEL~1\CustomUninstall.exe SBC
-->C:\PROGRA~1\Yahoo!\browser\unyb.exe
-->C:\PROGRA~1\Yahoo!\common\unwise.exe /S C:\PROGRA~1\Yahoo!\common\install.log
-->C:\PROGRA~1\Yahoo!\common\unybase.exe
-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\yaddbook.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ylogin.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\common\ymmapi.dll
-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\MESSEN~1\yhexbmes.dll
-->regsvr32 /s /u C:\PROGRA~1\Yahoo!\common\YCOMP5~1.DLL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1&1 EasyLogin-->C:\Program Files\1&1\1&1 EasyLogin\Uninstall.exe
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AML Free Registry Cleaner 4.18-->"C:\Program Files\AML Products\Registry Cleaner\unins000.exe"
Auslogics Disk Defrag-->"C:\Program Files\Auslogics\Auslogics Disk Defrag\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Broadcom Advanced Control Suite 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Broadcom ASF Management Applications-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Canon Digital Camera USB WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\DC USB WIA\Uninst.isu" -c"C:\Program Files\Canon\DC USB WIA\SetupWia.dll"
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon Utilities ZoomBrowser EX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
CDBurnerXP Pro 3-->MsiExec.exe /I{896D642C-7125-44F0-AC49-A23ABF82209C}
Conexant D110 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
eDrawings 2004-->MsiExec.exe /I{B95432F2-D984-44A1-96B5-68F33AB51C63}
File Shredder 2.0-->"D:\Program Downloads\file schredd\File Shredder\unins000.exe"
FLV Player 2.0, build 23-->D:\Program Downloads\flv\FLV Player\uninst.exe
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP PSC & Officejet 4.2 Corporate Edition-->"C:\Program Files\HP\Digital Imaging\{AC1314E7-D28C-40A1-B322-80D2868D35CE}\setup\hpzscr01.exe" -datfile hposcr04.dat
ImageMixer VCD2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL
Intel(R) Graphics Media Accelerator Driver for Mobile-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_2792 PCI\VEN_8086&DEV_2592
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
Logitech MouseWare 9.79.1 -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\Setup.exe" -l0x9 -l0009 UNINSTALL
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\SYSTEM32\Macromed\SHOCKW~1\Install.log
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{ED903B25-C6E4-4C8D-855C-59FFC42BBF1F}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.22)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.23)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Nokia Connectivity Cable Driver-->MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite-->MsiExec.exe /I{D89AC4DF-7A00-4D0B-BA99-D582C7974A09}
OMCI-->MsiExec.exe /X{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PeaZip 1.10-->"C:\Program Files\PeaZip\unins000.exe"
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
PowerDVD 5.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SBC Self Support Tool-->C:\WINDOWS\Motive\SBC\MCCUninst.exe
SBC Yahoo! Applications-->C:\Program Files\SBC Yahoo!\UninstallManager.exe
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893066)-->"C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896688)-->"C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899588)-->"C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928090)-->"C:\WINDOWS\$NtUninstallKB928090$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971032)-->"C:\WINDOWS\$NtUninstallKB971032$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Shading Analyser-->C:\WINDOWS\st6unst.exe -n "d:\d\Sun\Dean\ST6UNST.LOG"
SolidWorks 2004 SP0-->MsiExec.exe /I{4E921E6B-CFF1-4901-B262-FD049AC8EF56}
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager-->MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SyncBack-->"C:\Program Files\2BrightSparks\SyncBack\unins000.exe"
TextPad 4.7-->MsiExec.exe /X{B510A987-487E-4C66-9F4F-D386AC275715}
TWAIN Driver Uninstaller-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\twain.isu
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB896727)-->"C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
VideoLAN VLC media player 0.8.5-->D:\Movies\VLC\uninstall.exe
Windows Antivirus Pro-->C:\Program Files\Windows Antivirus Pro\AntiSpyware_Uninstall.exe
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)-->C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Police Pro-->C:\Program Files\Windows Police Pro\AntiSpyware_Uninstall.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB890923-->"C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Windows XP Hotfix - KB893086-->"C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Wise Disk Cleaner 4.64-->"C:\Program Files\Wise Disk Cleaner\unins000.exe"
Xerox WC470cx Printer Driver-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\Deis470c.isu -c"C:\WINDOWS\ins470cx.dll"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: AntiVir Desktop (disabled) (outdated)

======System event log======

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43863
Source Name: DCOM
Time Written: 20090904150319.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43862
Source Name: DCOM
Time Written: 20090904150319.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43861
Source Name: DCOM
Time Written: 20090904150121.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43860
Source Name: DCOM
Time Written: 20090904145854.000000-420
Event Type: error
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 43859
Source Name: DCOM
Time Written: 20090904145713.000000-420
Event Type: error
User: D2N8VR1X\Dave

=====Application event log=====

Computer Name: D2N8VR1X
Event Code: 1015
Message: Failed to connect to server. Error: 0x8007043C

Record Number: 35
Source Name: MsiInstaller
Time Written: 20090819124542.000000-420
Event Type: warning
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 1001
Message: Detection of product '{0575C9C9-7B55-44C3-B81A-A0519F2CCCAB}', feature 'Data' failed during request for component '{247A0CD4-88E9-11D4-A755-00B0D0428C0C}'

Record Number: 9
Source Name: MsiInstaller
Time Written: 20090818092156.000000-420
Event Type: warning
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 1004
Message: Detection of product '{0575C9C9-7B55-44C3-B81A-A0519F2CCCAB}', feature 'Data', component '{9B4072CD-645C-4CDD-85EC-E39C24192808}' failed. The resource 'C:\Program Files\Rand McNally\RM Street Guide DE\Data\' does not exist.

Record Number: 8
Source Name: MsiInstaller
Time Written: 20090818092156.000000-420
Event Type: warning
User: D2N8VR1X\Dave

Computer Name: D2N8VR1X
Event Code: 2
Message: Disk free space has dropped below the minimum threshold. Free up space on your hard disk drive by:
1. Backing up your data to a tape backup, ZIP or network drive.
2. Delete unused files.

If you are unsure which files are safe to move or delete, contact your Help Desk or consult your software manuals.

Record Number: 7
Source Name: OMCI
Time Written: 20090818091819.000000-420
Event Type: warning
User:

Computer Name: D2N8VR1X
Event Code: 2
Message: Disk free space has dropped below the minimum threshold. Free up space on your hard disk drive by:
1. Backing up your data to a tape backup, ZIP or network drive.
2. Delete unused files.

If you are unsure which files are safe to move or delete, contact your Help Desk or consult your software manuals.

Record Number: 5
Source Name: OMCI
Time Written: 20090817160957.000000-420
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_REVISION"=0d08
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

*******************

Blade81
2009-09-12, 00:24
Hi,

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)

http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif


http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the C:\ComboFix.txt.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Anders61
2009-09-12, 00:35
do you run combo fix with all application shut down...
firefox and explore?

Blade81
2009-09-12, 00:58
Yes, please close those applications that are not needed to run (including browsers).

Anders61
2009-09-12, 01:23
Combo-fix worked as documented.
report log is:

*********************
ComboFix 09-09-11.01 - Dave 09/11/2009 15:02.1.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.291 [GMT -7:00]
Running from: c:\documents and settings\Dave\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Dave\LOCALS~1\Temp\lsass.exe
c:\docume~1\Dave\LOCALS~1\Temp\svchost.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\windows\AUTOLNCH.REG
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\run.log
c:\windows\svchast.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\desot.exe
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\kbiwkmubfdcdqp.sys
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\UACyvyjhniyyj.sys
c:\windows\system32\sonhelp.htm
c:\windows\system32\tajf83ikdmf.dll
c:\windows\system32\zip32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmqowyrelt
-------\Legacy_UACd.sys
-------\Service_kbiwkmqowyrelt
-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-11 to 2009-09-11 )))))))))))))))))))))))))))))))
.

2009-09-11 21:01 . 2009-09-11 21:01 -------- d-----w- c:\program files\trend micro
2009-09-11 21:01 . 2009-09-11 21:02 -------- d-----w- C:\rsit
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\documents and settings\Dave\Application Data\Auslogics
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\program files\Auslogics
2009-08-31 21:02 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 21:02 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-31 21:02 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\program files\Avira
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 19:09 . 2009-09-04 21:58 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-27 17:25 . 2009-08-27 17:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Uniblue
2009-08-26 19:47 . 2009-08-26 19:47 -------- d-----w- c:\windows\LastGood
2009-08-25 21:09 . 2009-08-25 21:09 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-24 07:00 . 2009-08-24 07:00 -------- d-----w- c:\windows\ServicePackFiles
2009-08-24 06:46 . 2009-08-24 06:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-20 23:47 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-08-20 23:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 23:44 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 22:49 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 22:25 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-20 22:25 . 2009-08-20 22:25 -------- d-----w- c:\program files\AML Products
2009-08-20 22:25 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-19 23:17 . 2009-08-19 23:17 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2009-08-19 22:27 . 2009-08-19 22:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 20:17 . 2009-08-19 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 18:11 . 2005-08-05 07:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-09 00:33 . 2007-02-05 01:23 -------- d-----w- c:\documents and settings\Dave\Application Data\U3
2009-09-04 22:01 . 2007-03-05 21:30 -------- d-----w- c:\program files\HP
2009-08-31 23:36 . 2005-08-05 13:57 78040 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 19:30 . 2005-08-05 13:49 -------- d-----w- c:\program files\SolidWorks
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 17:49 . 2005-08-07 14:31 91917 ----a-w- c:\program files\SolidWorksswxJRNL.BAK
2009-08-25 21:15 . 2005-08-02 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-25 20:50 . 2006-07-22 02:54 -------- d-----w- c:\documents and settings\Dave\Application Data\BitTorrent
2009-08-05 09:11 . 2004-08-03 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 21:22 . 2005-08-05 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 04:53 . 2004-08-03 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-03 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-03 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-03 21:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-03 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-03 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-03 21:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 21:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 21:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-03 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 21:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" [X]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-10-27 863744]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Reader Speed Launcher"="d:\program downloads\adobe 9\Reader\Reader_sl.exe" [2009-02-28 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-10 1634304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-8-5 49254]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576]
Picture Package Menu.lnk - d:\program downloads\Picture Package Menu\SonyTray.exe [2007-8-23 151552]
Picture Package VCD Maker.lnk - d:\program downloads\Picture Package Applications\Residence.exe [2007-8-23 106496]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-12-24 217088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"d:\\Movies\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\SYSTEM32\DRIVERS\gtipci21.sys [12/31/1979 9:00 AM 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/31/2009 2:02 PM 108289]
S2 fpoojms;fpoojms;c:\windows\system32\drivers\cqfrkd.sys --> c:\windows\system32\drivers\cqfrkd.sys [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [8/16/2005 7:00 AM 26488]
.
Contents of the 'Scheduled Tasks' folder

2007-05-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-08-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\mine.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\Reader\browser\nppdf32.dll
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
HKLM-Run-net - c:\windows\system32\net.net



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-11 15:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(280)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2009-09-11 15:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-11 22:14

Pre-Run: 583,081,984 bytes free
Post-Run: 435,761,152 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut

233 --- E O F --- 2009-08-24 07:50

*********************

Blade81
2009-09-12, 11:24
Good. Now please see if you are able to run DDS.

Anders61
2009-09-12, 19:37
here is the attach file from DDS

****************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2005 8:32:06 PM
System Uptime: 9/12/2009 9:01:39 AM (0 hours ago)

Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 10 GiB total, 0.423 GiB free.
D: is FIXED (NTFS) - 46 GiB total, 2.805 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP1: 9/11/2009 3:10:58 PM - System Checkpoint

==== Installed Programs ======================

1&1 EasyLogin
Adobe Acrobat 5.0
Adobe Flash Player Plugin
Adobe Photoshop 7.0
Adobe Reader 9.1
AiO_Scan
ALPS Touch Pad Driver
AML Free Registry Cleaner 4.18
Ask Toolbar
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
BitTorrent
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
Canon Digital Camera USB WIA Driver
Canon PhotoRecord
Canon Utilities ZoomBrowser EX
CDBurnerXP Pro 3
Conexant D110 MDC V.9x Modem
Digital Line Detect
DNA
eDrawings 2004
Enterprise
File Shredder 2.0
FLV Player 2.0, build 23
Hotfix for Windows XP (KB952287)
HP PSC & Officejet 4.2 Corporate Edition
ImageMixer VCD2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 6
Logitech MouseWare 9.79.1
Macromedia Flash Player
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft FrontPage Client - English
Microsoft Office Live Meeting 2005
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.13)
Mozilla Thunderbird (2.0.0.22)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
OMCI
PC Connectivity Solution
PeaZip 1.10
Picture Package
PowerDVD 5.1
QFolder
QuickSet
Rand Mc Nally Street Guide Bay Area Counties 2006
RealPlayer
RegCure 1.6.0.0
SBC Self Support Tool
SBC Yahoo! Applications
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shading Analyser
SolidWorks 2004 SP0
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SyncBack
TextPad 4.7
TWAIN Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.5
Visual Studio.NET Baseline - English
WebFldrs XP
Windows Antivirus Pro
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Police Pro
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Wise Disk Cleaner 4.64
Xerox WC470cx Printer Driver

==== Event Viewer Messages From Past Week ========

9/8/2009 9:38:58 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/8/2009 9:34:41 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
9/8/2009 7:22:37 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
9/8/2009 6:48:48 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/8/2009 5:24:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
9/8/2009 5:23:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/8/2009 10:58:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
9/8/2009 10:57:46 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
9/8/2009 10:55:57 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPDRV avgio avipbb Fips intelppm ssmdrv Tosrfcom
9/8/2009 10:53:12 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

==== End Of File ===========================

****************************

Anders61
2009-09-12, 20:36
thank you very much for your help, its a relief to have things coming back on line and see it develop...:thanks:

second file DDS:

******************************

DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
Run by Dave at 9:29:55.17 on Sat 09/12/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_06
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.186 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\system32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Ask Toolbar Quick View: {b0de3308-5d5a-470d-81b9-634fc078393b} - c:\windows\system32\shdocvw.dll
uRun: [c:\program files\1&1\1&1 easylogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "d:\program downloads\adobe 9\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - d:\program downloads\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - d:\program downloads\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program downloads\spybot\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\mine.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\dave\application data\mozilla\firefox\profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\reader\browser\nppdf32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-31 11608]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [1979-12-31 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-31 108289]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-31 185089]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-20 55656]
S2 fpoojms;fpoojms;c:\windows\system32\drivers\cqfrkd.sys --> c:\windows\system32\drivers\cqfrkd.sys [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-8-16 26488]

=============== Created Last 30 ================

2009-09-11 15:02 <DIR> a-dshr-- C:\cmdcons
2009-09-11 15:00 230,912 a------- c:\windows\PEV.exe
2009-09-11 15:00 161,792 a------- c:\windows\SWREG.exe
2009-09-11 15:00 98,816 a------- c:\windows\sed.exe
2009-09-11 14:01 <DIR> --d----- c:\program files\trend micro
2009-09-04 14:59 102,032 -------- c:\windows\hpoins04.dat.temp
2009-09-04 14:59 17,218 -------- c:\windows\hpomdl04.dat.temp
2009-08-31 14:57 <DIR> --d----- c:\docume~1\dave\applic~1\Auslogics
2009-08-31 14:57 <DIR> --d----- c:\program files\Auslogics
2009-08-31 14:01 <DIR> --d----- c:\program files\Avira
2009-08-31 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-31 12:09 <DIR> --d----- c:\program files\Wise Disk Cleaner
2009-08-27 10:25 <DIR> --d----- c:\docume~1\dave\applic~1\Uniblue
2009-08-25 14:09 <DIR> --d----- c:\windows\LastGood.Tmp
2009-08-24 00:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 23:46 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-08-20 16:52 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-20 16:52 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-08-20 16:49 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-20 16:47 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-08-20 16:45 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 16:44 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-08-20 16:44 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 15:49 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 15:25 487,424 a------- c:\windows\system32\msvcp70.dll
2009-08-20 15:25 974,848 a------- c:\windows\system32\mfc70.dll
2009-08-20 15:25 <DIR> --d----- c:\program files\AML Products
2009-08-19 16:17 <DIR> --d----- c:\documents and settings\dave\DoctorWeb
2009-08-19 15:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 13:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations

==================== Find3M ====================

2009-08-28 10:49 91,917 a------- c:\program files\SolidWorksswxJRNL.BAK
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 01:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 01:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 01:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 04:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 04:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 04:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2008-01-22 09:44 560 a------- c:\docume~1\dave\applic~1\ViewerApp.dat

============= FINISH: 9:30:21.00 ===============

******************************

Blade81
2009-09-13, 10:56
IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BitTorrent
DNA


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Uninstall also these:
Ask Toolbar
Macromedia Flash Player
Macromedia Shockwave Player

After that:

Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:
Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode

On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer



Open notepad and copy/paste the text in the quotebox below into it:



Driver::
fpoojms
File::
c:\windows\system32\drivers\cqfrkd.sys
Folder::
C:\Documents and Settings\Dave\Application Data\BitTorrent
D:\Program Downloads\bittorent
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"=-



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into Combo-Fix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Get updates 9.1.2 and 9.1.3 for Adobe Reader here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).


Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 16 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.



Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/virusscanner) as instructed in the screenshot here (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Anders61
2009-09-14, 20:27
Hi Blade
thank you again for the outstanding support !!! I greatly appreciate it.

I ran into an issue where I cannot drag and drop the CFScript.txt file to Combo-fix it doesnt launch...
is there another way to do this?

Blade81
2009-09-14, 20:42
Hi,

Please delete Combo-Fix.exe and then download a fresh one from the same location you did earlier. Then try to drag'n'drop CFScript file to it.

Anders61
2009-09-14, 20:53
I had a quick note: I had deleted most if not all of the files you noted earlier using the add/remove on the control panel.
but they were still registered in the registry as installed. I then removed them using regit but was never able to locate
DNA however bitorrent and ask toolbars were and deleted them from the registry that way... I ran dds again and saw everything was removed except the dds which I cannot find anywhere... is this a problem at this point?

Anders61
2009-09-14, 21:03
... correction: DNA is still listed on the dds report log but I am not able to locate by means of using the:

"regedt32" run command and searching for it in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Do you believe this would this be a problem?

Blade81
2009-09-14, 21:22
Hi,

You don't have to do anything in registry if not asked. Uninstalling those programs from add/remove programs is enough. Just follow the instructions I post :)

Anders61
2009-09-14, 21:26
Hi Blade,
I have downloaded a fresh copy of combo-fix and am still not able to have the CFScript launch combo-fix...
any suggestion?

Blade81
2009-09-14, 21:33
Did you try with non renamed version? Let me know what happens if you try to drag cfscript file to non renamed combofix.exe.

Anders61
2009-09-14, 21:38
Hi,
Just tried both the combofix and combo-fix as well as
CFScript.txt and cfscript.txt
none of them launched... ?
any suggestion?

Blade81
2009-09-15, 07:41
I assume you have both ComboFix.exe and CFScript.txt file in c:\documents and settings\Dave\Desktop folder.

Let's see if you're able to make ComboFix run with following batch.

Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.

@echo off
"c:\documents and settings\Dave\Desktop\ComboFix.exe" "c:\documents and settings\Dave\Desktop\CFScript.txt" >>c:\LogIt.txt

Double-click on fixes.bat file to execute it.

If not, post contents of c:\LogIt.txt file.

Anders61
2009-09-15, 10:40
Hi Blade,
The Bat was successful. :thanks:
Combofix ran and noted a down level program. I selected yes to download the most current version. It then proceeded to run the 1-50 stage scan.
The report generated is below with a dds to follow behind this.

I will now go back and complete the updates for:
java, adobe, flash as described in the earlier thread.


**************************
ComboFix 09-09-14.02 - Dave 09/15/2009 0:07.2.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.186 [GMT -7:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\windows\system32\drivers\cqfrkd.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave\Application Data\BitTorrent
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\174e8f3cf95081c31bc748615f07f62b5819326c
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\33adcfbe9566d10684bbe1dbf399867375184c19
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\3f1211e799140b8bfc7a7b9236b7f034dbcc5c4e
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\6f524a978bc96f8751411f0183d72a845b301fe5
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\a7a0349aec970727f72bfa6208daa59947ef4109
c:\documents and settings\Dave\Application Data\BitTorrent\data\metainfo\cdaa21f0b6b9e0c899286104da44bd4cf0391607
c:\documents and settings\Dave\Application Data\BitTorrent\data\routing_table
c:\documents and settings\Dave\Application Data\BitTorrent\data\ui_config
c:\documents and settings\Dave\Application Data\BitTorrent\data\ui_state
d:\program downloads\bittorent
d:\program downloads\bittorent\BitTorrent-6.1.2.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FPOOJMS
-------\Service_fpoojms


((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.

2009-09-11 21:01 . 2009-09-11 21:01 -------- d-----w- c:\program files\trend micro
2009-09-11 21:01 . 2009-09-11 21:02 -------- d-----w- C:\rsit
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\documents and settings\Dave\Application Data\Auslogics
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\program files\Auslogics
2009-08-31 21:02 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 21:02 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-31 21:02 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\program files\Avira
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 19:09 . 2009-09-04 21:58 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-27 17:25 . 2009-08-27 17:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Uniblue
2009-08-26 19:47 . 2009-08-26 19:47 -------- d-----w- c:\windows\LastGood
2009-08-25 21:09 . 2009-08-25 21:09 -------- d-----w- c:\windows\LastGood.Tmp
2009-08-24 07:00 . 2009-08-24 07:00 -------- d-----w- c:\windows\ServicePackFiles
2009-08-24 06:46 . 2009-08-24 06:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-20 23:47 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-08-20 23:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 23:44 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 22:49 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 22:25 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-20 22:25 . 2009-08-20 22:25 -------- d-----w- c:\program files\AML Products
2009-08-20 22:25 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-19 23:17 . 2009-08-19 23:17 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2009-08-19 22:27 . 2009-08-19 22:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 20:17 . 2009-08-19 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-12 00:20 . 2005-08-05 07:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-09 00:33 . 2007-02-05 01:23 -------- d-----w- c:\documents and settings\Dave\Application Data\U3
2009-09-04 22:01 . 2007-03-05 21:30 -------- d-----w- c:\program files\HP
2009-08-31 23:36 . 2005-08-05 13:57 78040 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 19:30 . 2005-08-05 13:49 -------- d-----w- c:\program files\SolidWorks
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-28 17:49 . 2005-08-07 14:31 91917 ----a-w- c:\program files\SolidWorksswxJRNL.BAK
2009-08-25 21:15 . 2005-08-02 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:11 . 2004-08-03 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 21:22 . 2005-08-05 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 04:53 . 2004-08-03 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-03 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-03 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-03 21:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-03 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-03 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-03 21:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 21:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 21:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-03 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 21:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-10-27 863744]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Reader Speed Launcher"="d:\program downloads\adobe 9\Reader\Reader_sl.exe" [2009-02-28 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-10 1634304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-8-5 49254]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576]
Picture Package Menu.lnk - d:\program downloads\Picture Package Menu\SonyTray.exe [2007-8-23 151552]
Picture Package VCD Maker.lnk - d:\program downloads\Picture Package Applications\Residence.exe [2007-8-23 106496]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-12-24 217088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"d:\\Movies\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

R3 GTIPCI21;GTIPCI21;c:\windows\SYSTEM32\DRIVERS\gtipci21.sys [12/31/1979 9:00 AM 80384]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/31/2009 2:02 PM 108289]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [8/16/2005 7:00 AM 26488]
.
Contents of the 'Scheduled Tasks' folder

2007-05-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-08-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\i8wujhmy.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\i8wujhmy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\Reader\browser\nppdf32.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-1&1 EasyLogin - c:\program files\1&1\1&1 EasyLogin\Uninstall.exe
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUNINST.EXE -fc:\program files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu
AddRemove-Adobe Photoshop 7.0 - c:\windows\ISUNINST.EXE -fc:\program files\Adobe\Photoshop 7.0\Uninst.isu
AddRemove-Canon Digital Camera USB WIA Driver - c:\windows\IsUninst.exe -fc:\program files\Canon\DC USB WIA\Uninst.isu
AddRemove-FLV Player - d:\program downloads\flv\FLV Player\uninst.exe
AddRemove-PhotoRecord - c:\windows\IsUninst.exe -fc:\program files\Canon\PhotoRecord\Uninst.isu
AddRemove-Xerox WC470cx Print - c:\windows\IsUninst.exe -fc:\windows\Deis470c.isu
AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUninst.exe -fc:\program files\Canon\ZoomBrowser EX\Uninst.isu



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-15 00:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(280)
c:\program files\Logitech\MouseWare\System\LgWndHk.dll
c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\ZCfgSvc.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
.
**************************************************************************
.
Completion time: 2009-09-15 0:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 07:18
ComboFix2.txt 2009-09-11 22:14

Pre-Run: 363,565,056 bytes free
Post-Run: 328,155,136 bytes free

222 --- E O F --- 2009-08-24 07:50


**************************

Anders61
2009-09-15, 19:04
Hi Blade,
I am having some problems removing java from my computer. There seems to be some issues with my windows installer that prevents this to execute. I am also unable to update to the latest version of Adobe. Good news is I have 9.1.0.

I have not run the Kaspersky Online Scanner because of the above...

any suggestions?

Again, Thank You.

Blade81
2009-09-15, 19:08
I am having some problems removing java from my computer. There seems to be some issues with my windows installer that prevents this to execute.
Are you getting any error message? Is the same problem preventing you from updating Adobe Reader?

Anders61
2009-09-15, 19:24
Yes, Adobe has an installation problem that prevents the update. and a partial installation didnt work ie language wasnt able to install either.

Blade81
2009-09-15, 20:15
Hi,

Please post exact error messages you get. It's impossible to find out install preventing culprit without exact info.

Anders61
2009-09-15, 20:15
I am not sure if the two problems are linked, but being one is installing and the other is uninstalling it could be.

Anders61
2009-09-15, 20:31
Hi Blade,
Here is what I have encounted:

Java message:
Add or remove programs (pop-up window)
The Windows installer service could not be accessed. This can occur if you are running Windows in safe mode, or if Windows installer is not correctly installed.
contact your support personnel for assistance.


Adobe message: when using double clicking the update.
Windows installer program (pop-up window)
The Windows installer service could not be accessed. This can occur if you are running Windows in safe mode, or if Windows installer is not correctly installed.
contact your support personnel for assistance.

when using Adobe updater link:
The installation process has encounted a problem. Please choose from the following options:
cancel the current update and continue installing the remaining updates.
Stop installing and continue later

Blade81
2009-09-15, 21:05
Registry Search by Bobbi Flekman

Download & extract this file to it's own folder - Registry Search (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip)

Launch Registry Search
In the search box, enter (on separate lines)

OptionValue
SAFEBOOT_OPTION


Under Search, make sure only the Value box is checked in the first row of checkboxes. All other checkboxes should be checked.
& click Ok.
Notepad will open with some text in it (the file will also be saved in the program's folder as well). Save it as a text file and attach the file to your reply.

Anders61
2009-09-15, 21:16
Here is the registry search result:
:thanks:
**************************

Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 9/15/2009 11:11:49 AM for strings:
; 'optionvalue'
; 'safeboot_option'
; Strings excluded from search:
; (None)
; Search in:
; Registry Values
; HKEY_LOCAL_MACHINE HKEY_USERS


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Option]
"OptionValue"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"="NETWORK"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]
"OptionValue"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"="NETWORK"

; End Of The Log...

*******************************

Blade81
2009-09-15, 21:23
Hi,

Save text below as fix.reg on Notepad (save it as all files (*.*)) on the Desktop.


REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment]
"SAFEBOOT_OPTION"=-


It should look like this -> http://users.telenet.be/bluepatchy/miekiemoes/images/reg.gif

Doubleclick fix.reg, press Yes and ok.

Reboot and see if you're able to remove Java and install Adobe Reader updates.

Anders61
2009-09-16, 02:11
Hi Blade,
The registry fix worked perfectly, :bigthumb:
Everything on my laptop came back as it was a month ago.

I uninstalled and then ran the updates for both Java and Adobe (no problems encountered during this :))

I was then able to run all of the reports requested. Please see attachment:


KAS
***************************
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 15, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 15, 2009 20:56:54
Records in database: 2827310
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 98090
Threats found: 6
Infected objects found: 13
Suspicious objects found: 0
Scan duration: 03:04:47


File name / Threat / Threats count
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-17cc9737 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-67463fc4 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-3f5a9be9 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-4aa1c742 Infected: Trojan-Downloader.Java.OpenConnection.at 1
C:\Qoobox\Quarantine\C\WINDOWS\svchast.exe.vir Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.iv 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\kbiwkmubfdcdqp.sys.vir Infected: Packed.Win32.TDSS.z 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\UACyvyjhniyyj.sys.vir Infected: Rootkit.Win32.Agent.oxr 1
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\tajf83ikdmf.dll.vir Infected: Trojan-Downloader.Win32.Agent.cpql 1
D:\Current Mail\Profiles\a0yub1zwh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Current Mail\Thunderbird Mail\Thunderbird\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Dem\test for active mail profile\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Dem\working mail profile 900\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1
D:\Local Folders-www\Outlook Express Mail.sbd\Inbox - history Infected: Email-Worm.Win32.Swen 1

Selected area has been scanned.


DDS Attached
***************************

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/4/2005 8:32:06 PM
System Uptime: 9/15/2009 11:39:33 AM (4 hours ago)

Motherboard: Dell Inc. | | 0D4571
Processor: Intel(R) Pentium(R) M processor 1.86GHz | Microprocessor | 1861/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 10 GiB total, 0.313 GiB free.
D: is FIXED (NTFS) - 46 GiB total, 2.802 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27228086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP1: 9/11/2009 3:10:58 PM - System Checkpoint
RP2: 9/15/2009 12:06:03 AM - ComboFix created restore point
RP3: 9/15/2009 11:34:37 AM - Removed Java(TM) 6 Update 6
RP4: 9/15/2009 11:35:26 AM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP5: 9/15/2009 11:44:34 AM - Installed Java(TM) 6 Update 16

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 9.1.2
AiO_Scan
ALPS Touch Pad Driver
AML Free Registry Cleaner 4.18
Auslogics Disk Defrag
Avira AntiVir Personal - Free Antivirus
Bluetooth Stack for Windows by Toshiba
Broadcom Advanced Control Suite 2
Broadcom ASF Management Applications
CDBurnerXP Pro 3
Conexant D110 MDC V.9x Modem
Digital Line Detect
DNA
eDrawings 2004
Enterprise
File Shredder 2.0
Hotfix for Windows XP (KB952287)
HP PSC & Officejet 4.2 Corporate Edition
ImageMixer VCD2
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Java(TM) 6 Update 16
Logitech MouseWare 9.79.1
Malwarebytes' Anti-Malware
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft FrontPage Client - English
Microsoft Office Live Meeting 2005
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual J# .NET Redistributable Package 1.1
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.0.14)
Mozilla Thunderbird (2.0.0.22)
Mozilla Thunderbird (2.0.0.23)
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
mZConfig
NetWaiting
Nokia Connectivity Cable Driver
Nokia PC Suite
OMCI
PC Connectivity Solution
PeaZip 1.10
Picture Package
PowerDVD 5.1
QFolder
QuickSet
RealPlayer
RegCure 1.6.0.0
SBC Self Support Tool
SBC Yahoo! Applications
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Shading Analyser
SolidWorks 2004 SP0
Sonic DLA
Sonic RecordNow! Plus
Sonic Update Manager
Sony USB Driver
Spybot - Search & Destroy
Spybot - Search & Destroy 1.5.2.20
SyncBack
TextPad 4.7
TWAIN Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VideoLAN VLC media player 0.8.5
Visual Studio.NET Baseline - English
WebFldrs XP
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Wise Disk Cleaner 4.64

==== Event Viewer Messages From Past Week ========

9/8/2009 7:33:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Iap with arguments "-Service" in order to run the server: {B0C61A79-0870-4BE4-9153-9CCAF422E31F}
9/8/2009 5:24:18 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
9/8/2009 5:23:43 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/11/2009 9:34:06 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
9/11/2009 9:31:30 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B}
9/10/2009 9:13:24 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

==== End Of File ===========================

***************************


DDS
***************************

DDS (Ver_09-07-30.01) - NTFSx86
Run by Dave at 15:23:50.63 on Tue 09/15/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.345 [GMT -7:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
D:\Program Downloads\Picture Package Menu\SonyTray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Downloads\Picture Package Applications\Residence.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Dave\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes.dll
EB: Ask Toolbar Quick View: {b0de3308-5d5a-470d-81b9-634fc078393b} - c:\windows\system32\shdocvw.dll
uRun: [c:\program files\1&1\1&1 easylogin\EasyLogin.exe] "1&1 EasyLogin" HIDE
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [DataLayer] c:\program files\common files\pcsuite\datalayer\DataLayer.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "d:\program downloads\adobe 9\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~2.lnk - d:\program downloads\picture package menu\SonyTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pictur~1.lnk - d:\program downloads\picture package applications\Residence.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sbcsel~1.lnk - c:\program files\sbc self support tool\bin\matcli.exe
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program downloads\spybot\spybot - search & destroy\SDHelper.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxsrvc.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dave\applic~1\mozilla\firefox\profiles\i8wujhmy.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\dave\application data\mozilla\firefox\profiles\mine.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\reader\browser\nppdf32.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-31 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-31 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-31 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-20 55656]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [1979-12-31 80384]

=============== Created Last 30 ================

2009-09-15 11:44 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-15 11:44 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-15 11:34 0 a------- c:\windows\system32\REN12.tmp
2009-09-15 11:34 0 a------- c:\windows\system32\REN11.tmp
2009-09-15 11:27 <DIR> --d----- c:\program files\msn gaming zone
2009-09-11 15:02 <DIR> a-dshr-- C:\cmdcons
2009-09-11 15:00 229,888 a------- c:\windows\PEV.exe
2009-09-11 15:00 161,792 a------- c:\windows\SWREG.exe
2009-09-11 15:00 98,816 a------- c:\windows\sed.exe
2009-09-11 14:01 <DIR> --d----- c:\program files\trend micro
2009-09-04 14:59 102,032 -------- c:\windows\hpoins04.dat.temp
2009-09-04 14:59 17,218 -------- c:\windows\hpomdl04.dat.temp
2009-08-31 14:57 <DIR> --d----- c:\docume~1\dave\applic~1\Auslogics
2009-08-31 14:57 <DIR> --d----- c:\program files\Auslogics
2009-08-31 14:01 <DIR> --d----- c:\program files\Avira
2009-08-31 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-08-31 12:09 <DIR> --d----- c:\program files\Wise Disk Cleaner
2009-08-27 10:25 <DIR> --d----- c:\docume~1\dave\applic~1\Uniblue
2009-08-24 00:00 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-23 23:46 <DIR> --d----- c:\windows\system32\CatRoot_bak
2009-08-20 16:52 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-08-20 16:52 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-08-20 16:49 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx
2009-08-20 16:47 331,776 -------- c:\windows\system32\dllcache\msadce.dll
2009-08-20 16:45 655,872 -------- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 16:44 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-08-20 16:44 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 15:49 55,656 a------- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 15:25 487,424 a------- c:\windows\system32\msvcp70.dll
2009-08-20 15:25 974,848 a------- c:\windows\system32\mfc70.dll
2009-08-20 15:25 <DIR> --d----- c:\program files\AML Products
2009-08-19 16:17 <DIR> --d----- c:\documents and settings\dave\DoctorWeb
2009-08-19 15:27 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 13:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Downloaded Installations

==================== Find3M ====================

2009-08-28 10:49 91,917 a------- c:\program files\SolidWorksswxJRNL.BAK
2009-08-05 02:11 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-05 02:11 204,800 -------- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 21:53 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-28 21:53 82,432 a------- c:\windows\system32\fontsub.dll
2009-07-28 21:53 119,808 -------- c:\windows\system32\dllcache\t2embed.dll
2009-07-28 21:53 82,432 -------- c:\windows\system32\dllcache\fontsub.dll
2009-07-17 11:55 58,880 a------- c:\windows\system32\atl.dll
2009-07-17 11:55 58,880 -------- c:\windows\system32\dllcache\atl.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-07-13 10:08 286,720 a------- c:\windows\system32\dllcache\wmpdxm.dll
2009-07-13 10:08 5,537,792 a------- c:\windows\system32\dllcache\wmp.dll
2009-07-10 06:42 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll
2009-06-25 01:44 724,480 a------- c:\windows\system32\lsasrv.dll
2009-06-25 01:44 298,496 a------- c:\windows\system32\kerberos.dll
2009-06-25 01:44 168,448 a------- c:\windows\system32\schannel.dll
2009-06-25 01:44 133,632 a------- c:\windows\system32\msv1_0.dll
2009-06-25 01:44 59,392 a------- c:\windows\system32\wdigest.dll
2009-06-25 01:44 56,320 a------- c:\windows\system32\secur32.dll
2009-06-25 01:44 724,480 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-06-25 01:44 298,496 -------- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 01:44 168,448 -------- c:\windows\system32\dllcache\schannel.dll
2009-06-25 01:44 133,632 -------- c:\windows\system32\dllcache\msv1_0.dll
2009-06-25 01:44 59,392 -------- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 01:44 56,320 -------- c:\windows\system32\dllcache\secur32.dll
2009-06-22 04:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 04:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 04:49 117,248 -------- c:\windows\system32\dllcache\mqtgsvc.exe
2009-06-22 04:49 19,968 -------- c:\windows\system32\dllcache\mqbkup.exe
2009-06-22 04:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-22 04:49 4,608 -------- c:\windows\system32\dllcache\mqsvc.exe
2009-06-22 04:48 91,776 -------- c:\windows\system32\dllcache\mqac.sys
2009-06-22 04:34 92,544 -------- c:\windows\system32\dllcache\ksecdd.sys
2008-01-22 09:44 560 a------- c:\docume~1\dave\applic~1\ViewerApp.dat

============= FINISH: 15:24:43.52 ===============

***************************

thank you....!!!

Blade81
2009-09-16, 08:09
Glad to hear that registry fix worked :)


Uninstall DNA thru add/remove programs.


Go through email messages in following mail boxes and delete suspicious looking messages:
D:\Current Mail\Profiles\a0yub1zwh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Current Mail\Thunderbird Mail\Thunderbird\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Dem\test for active mail profile\Profiles\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Dem\working mail profile 900\a0yub1zh.default\Mail\Local Folders\Outlook Express Mail.sbd\Inbox - history
D:\Local Folders-www\Outlook Express Mail.sbd\Inbox


Open notepad and copy/paste the text in the quotebox below into it:



File::
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-17cc9737
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-67463fc4
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-3f5a9be9
C:\Documents and Settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-4aa1c742



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & fresh dds.txt log. How's the system running?

Anders61
2009-09-16, 23:46
Hi Blade,
I am not able to locate DNA via add/remove control panel.
I am also not able to locate any DNA file on my system other than a file called DNA.syn located within the "textpad 4" "samples" program folder.

I could delete this folder but I dont believe this is what we are looking for...

any suggestions in locating and removing this...?

thanks again :thanks:

Anders61
2009-09-17, 01:26
Hi Blade,
I found the email worm and removed it from the few the duplicate locations. :)

I at this point cannot run Combofix or Combo-fix, with the drag and drop of "CFScript". Last time we used the bat file but wanted I wanted to confirm with you first.

Still no DNA found

thank you for the great support.

dave

Blade81
2009-09-17, 11:17
Hi,

If you can't locate DNA entry then skip that part. Use that same batch file for running ComboFix.

Anders61
2009-09-17, 13:42
Hi Blade,
I was able to run combofix using the .bat file, excellent :bigthumb:
It cleared out the java files and generated the following report.

*******************************************
ComboFix 09-09-16.02 - Dave 09/17/2009 3:14.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.503.237 [GMT -7:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point

FILE ::
"c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-17cc9737"
"c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-67463fc4"
"c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-3f5a9be9"
"c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-4aa1c742"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\16\78fcee10-17cc9737
c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\38\67df4166-67463fc4
c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\49\6b800f31-3f5a9be9
c:\documents and settings\Dave\Application Data\Sun\Java\Deployment\cache\6.0\60\59af077c-4aa1c742

.
((((((((((((((((((((((((( Files Created from 2009-08-17 to 2009-09-17 )))))))))))))))))))))))))))))))
.

2009-09-15 18:44 . 2009-09-15 18:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-15 18:44 . 2009-09-15 18:44 -------- d-----w- c:\program files\Java
2009-09-11 21:01 . 2009-09-11 21:01 -------- d-----w- c:\program files\trend micro
2009-09-11 21:01 . 2009-09-11 21:02 -------- d-----w- C:\rsit
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\documents and settings\Dave\Application Data\Auslogics
2009-08-31 21:57 . 2009-08-31 21:57 -------- d-----w- c:\program files\Auslogics
2009-08-31 21:02 . 2009-03-30 17:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-08-31 21:02 . 2009-02-13 19:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-08-31 21:02 . 2009-02-13 19:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\program files\Avira
2009-08-31 21:01 . 2009-08-31 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-31 19:09 . 2009-09-17 00:07 -------- d-----w- c:\program files\Wise Disk Cleaner
2009-08-27 17:25 . 2009-08-27 17:25 -------- d-----w- c:\documents and settings\Dave\Application Data\Uniblue
2009-08-24 07:00 . 2009-08-24 07:00 -------- d-----w- c:\windows\ServicePackFiles
2009-08-24 06:46 . 2009-08-24 06:56 -------- d-----w- c:\windows\system32\CatRoot_bak
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-08-20 23:52 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-08-20 23:47 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-08-20 23:45 . 2009-06-05 07:42 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-08-20 23:44 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-08-20 22:49 . 2009-07-28 23:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-20 22:25 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2009-08-20 22:25 . 2009-08-20 22:25 -------- d-----w- c:\program files\AML Products
2009-08-20 22:25 . 2002-01-05 13:48 974848 ----a-w- c:\windows\system32\mfc70.dll
2009-08-19 23:17 . 2009-08-19 23:17 -------- d-----w- c:\documents and settings\Dave\DoctorWeb
2009-08-19 22:27 . 2009-08-19 22:27 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-08-19 20:17 . 2009-08-19 20:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-17 01:16 . 2005-08-05 13:49 -------- d-----w- c:\program files\SolidWorks
2009-09-17 01:16 . 2005-08-07 14:31 34817 ----a-w- c:\program files\SolidWorksswxJRNL.BAK
2009-09-17 01:09 . 2005-08-05 07:21 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-15 18:34 . 2009-09-15 18:34 0 ----a-w- c:\windows\system32\REN12.tmp
2009-09-15 18:34 . 2009-09-15 18:34 0 ----a-w- c:\windows\system32\REN11.tmp
2009-09-09 00:33 . 2007-02-05 01:23 -------- d-----w- c:\documents and settings\Dave\Application Data\U3
2009-09-04 22:01 . 2007-03-05 21:30 -------- d-----w- c:\program files\HP
2009-08-31 23:36 . 2005-08-05 13:57 78040 ----a-w- c:\documents and settings\Dave\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-31 17:41 . 2005-08-07 01:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-25 21:15 . 2005-08-02 10:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:11 . 2004-08-03 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-30 21:22 . 2005-08-05 08:59 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-29 04:53 . 2004-08-03 21:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-03 21:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-03 21:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-03 21:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 18:36 . 2004-08-03 21:00 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-03 21:00 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-03 21:00 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-03 21:00 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-03 21:00 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-03 21:00 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-03 21:00 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-03 21:00 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-03 21:00 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-03 21:00 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-03 21:00 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-03 21:00 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:44 . 2004-08-03 21:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2004-08-03 21:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2004-08-03 21:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2004-08-03 21:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2004-08-03 21:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2004-08-03 21:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-22 11:49 . 2004-08-03 21:00 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-03 21:00 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-03 21:00 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-03 21:00 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-22 11:34 . 2004-08-03 21:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-11_22.11.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-15 08:02 . 2009-09-15 08:02 84661 c:\windows\SYSTEM32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2009-09-15 18:44 . 2009-09-15 18:44 149280 c:\windows\SYSTEM32\javaws.exe
+ 2009-09-15 18:44 . 2009-09-15 18:44 145184 c:\windows\SYSTEM32\javaw.exe
+ 2009-09-15 18:44 . 2009-09-15 18:44 145184 c:\windows\SYSTEM32\java.exe
+ 2009-01-18 23:05 . 2009-01-18 23:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\SYSTEM32\Macromed\Flash\NPSWF32.dll
+ 2009-09-15 07:45 . 2009-09-15 07:45 6653952 c:\windows\Installer\689eb.msp
+ 2009-09-15 18:44 . 2009-09-15 18:44 1757696 c:\windows\Installer\47cc1.msi
+ 2008-12-18 23:48 . 2008-12-18 23:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 23:37 . 2009-02-27 23:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe"="1&1 EasyLogin HIDE" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-06 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-05 127035]
"DataLayer"="c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe" [2006-10-27 863744]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"Adobe Reader Speed Launcher"="d:\program downloads\adobe 9\Reader\Reader_sl.exe" [2009-02-28 35696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-15 149280]
"Logitech Utility"="Logi_MwX.Exe" - c:\windows\LOGI_MWX.EXE [2003-12-17 19968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-10 1634304]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2005-8-5 49254]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-1-14 479232]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-8-2 24576]
Picture Package Menu.lnk - d:\program downloads\Picture Package Menu\SonyTray.exe [2007-8-23 151552]
Picture Package VCD Maker.lnk - d:\program downloads\Picture Package Applications\Residence.exe [2007-8-23 106496]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2005-12-24 217088]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 08:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"YBrowser"=c:\program files\Yahoo!\browser\ybrwicon.exe
"BJCFD"=c:\program files\BroadJump\Client Foundation\CFD.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\yserver.exe"=
"d:\\Movies\\VLC\\vlc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\SolidWorks\\SLDWORKS.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/31/2009 2:02 PM 108289]
R3 GTIPCI21;GTIPCI21;c:\windows\SYSTEM32\DRIVERS\gtipci21.sys [12/31/1979 9:00 AM 80384]
.
Contents of the 'Scheduled Tasks' folder

2007-05-17 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2005-08-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
mStart Page = hxxp://www.dell.com/ap/china/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\i8wujhmy.default\
FF - prefs.js: browser.startup.homepage - hxxps://ssl.scroogle.org/
FF - prefs.js: network.proxy.http - proxy.starhub.net.sg
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\i8wujhmy.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: d:\program downloads\adobe 9\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-17 03:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(676)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-09-17 3:23
ComboFix-quarantined-files.txt 2009-09-17 10:22
ComboFix2.txt 2009-09-15 07:19
ComboFix3.txt 2009-09-11 22:14

Pre-Run: 296,857,600 bytes free
Post-Run: 356,835,328 bytes free

210 --- E O F --- 2009-08-24 07:50

*******************************************

I checked the system performance and run many of the programs check for connectivity and operation. Everything appears to be operating normally. :bigthumb:
Which is hugely successful!!!!!

Greatfully thankful :thanks:

Blade81
2009-09-17, 17:04
Good. Guess we're ready for the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis




Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /u in the runbox and click OK


Next we remove all used tools.

Please download OTC (http://oldtimer.geekstogo.com/OTC.exe) and save it to desktop.

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.




UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free (http://www.tallemu.com/free-firewall-protection-software.html) or Comodo Firewall Pro (http://www.personalfirewall.comodo.com/download_firewall.html#fw3.0) (If you choose Comodo: Uncheck during installation "Install Comodo HopSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Anders61
2009-09-17, 19:44
Hi Blade,
I had one quick question before a create a new starting point, I hadn't noticed this until now but I don't have any sound. How can I recover this function...


any thoughts on this

thanks

Anders61
2009-09-17, 19:52
I found I had the sound card on mute... got it :bigthumb:

Blade81
2009-09-17, 20:44
Glad to hear the solution was that simple :D: Any other problems?

Anders61
2009-09-18, 22:30
Hi Blade,
Things are operating very well but am not able to update to service pack 3 due to lack of disc space.... Common problem I have had so I am looking to uninstall an older program that does not uninstall from the add/remove control panel....
and found an uninstall command on "bleepingcomputer.com"
that provided a command line....

I am debating if this is the correct way to for removing
program - imageMixer VCD2 using:

RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F8C6BABF-0837-4EA0-AD6C-8E5A392A7538}\setup.exe" -l0x9 UNINSTALL

by pasting the above into the run command location.

Any thoughts...

Thank you again :thanks:

Blade81
2009-09-19, 01:01
Hi,

I haven't usually uninstalled any software that isn't visible in add/remove programs list. So, don't have experience to guide you here, unfortunately. However, if you picked that file path from some example then it won't work. Those guid values (like that folder name between {}) are unique ones.

Anders61
2009-09-23, 22:48
Hi Blade,
I finally was able to install service pack-3... It really takes up a lot of room and swap space...
I believe I have completed all of the update except for IE. I dont use IE and wondered if you recommend I have the updated version ... ?
I was also curious if you recommend using Norton Ghost or another full recovery package ... any suggestions...

thank you very much for the outstanding report and effort.

:thanks: :thanks:

Blade81
2009-09-24, 17:10
I believe I have completed all of the update except for IE. I dont use IE and wondered if you recommend I have the updated version ... ?
I still recommend that you keep IE up-to-date. Some other programs use its components too.


I was also curious if you recommend using Norton Ghost or another full recovery package ... any suggestions...Yes, having clean backup handy is recommended. Among mentioned Norton Ghost you may want to check Paragon Drive Backup (http://www.paragon-software.com/home/) and Acronis TrueImage (http://www.acronis.com/homecomputing/products/trueimage/).

Blade81
2009-10-02, 07:49
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.