Jump to content

mbam unable to install


Recommended Posts

hello all

hopefully i have found the right place for help!

i had the super anti virus thing on my pc, i used various software to remove it i also removed various entries in the registry manually, my hijackthis log is fine and shows no problems

but i have a browser hijack of some sort,

i can open firefox and search for a topic in google but if i click a link it will open a new tab that takes me off to some search site

i also am unable to update any virus software or download any .EXE .RAR .ZIP and so on

so that basically means, spybot avg kaspersky and a few others cant be installed as they need an update when they are installed on my pc, if they cant contact their server for an update they then undo the installation process,

i managed to install avast, and i have used adaware, superantivirus, smitfraudfix

when i come to try to install mbam-setup.exe i double click the installer icon and nothing happens, i opened task manager and then watched running processes to see if the installer does actually open and it does for a second then it disappears

i am also unable to to access any safe mode's so here is my dilemna!

i need the program to run as i cannot find this hijack anywhere ive even resorted to looking at my hosts file just to see if anything is in there

please any help is much appreciated

Steve

Link to post
Share on other sites

heres an idea, can anone tell me all the locations that malwarebytes installs to, registry temp files user data etc, and i will install it on my laptop, take all the files from the locations and i will transfer it all to a memory stick and then manually install it on the pc that has the problem?

Link to post
Share on other sites

Edit added to include uploaded files that the forum software was arguing with me about...for whatever reason, it seems to work now. Back to business:

Please download the attached files. Double click on the notSDFix.exe and the files will be extracted to %systemdrive%

(Drive that contains the Windows Directory, typically C:\SDFix)

Reboot the computer into Safe mode.

  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • Any Trojan Services and Registry Entries that it finds will be removed then you will be prompted to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open and a copy of the report will be saved in the SDFix folder as Report.txt
    (Report.txt will also be copied automatically to your Clipboard and ready for posting back in the forum).

When the system comes back up Double click on the notHJTInstall.exe then click "Install". It will be installed by default here:

C:\Program Files\Trend Micro\HijackThis

...and A shortcut to the application will also be placed on your Desktop.

The program will open automatically after installation.

You can double click the icon that was placed on the Desktop to run subsequent hijackthis scans or you can use the icon inside the folder.

The folder HijackThis is where you will find the HJT logs that you save. When you use the application to remove anything, you will also find the backup copies made by HJT inside this folder.

Click Do a system scan and save a logfile. Copy and paste the contents of that log back here on your next reply along with the Report.txt from your notSDFix scan. Thanks!

Link to post
Share on other sites

As we are trying to consider a way to help you with this new infection, I notice a few conflicting statements you've made that add to the confusion regarding a set of fix instructions for you. As you've said you can't download any .zip, .rar or .exe file you've also said that you nevertheless managed to install "Avast" which of course would require that you download their executable file.

If you can manage to download the zipped files I've uploaded for you, try the instructions that I've posted. If your system won't cooperate and boot to safe mode, just use the tool in your normal user mode instead.

Please post back and let us know if you are unable to perform any of the steps I've posted previously, and exactly what step you are unable to perform. Good luck...and thanks for your patience!

Link to post
Share on other sites

hey. sorry if i confused,

i am working off a laptop, so i was downloading the tools to a memory stick then transfering them to the infected pc, that is how i came to install avast,

i cant access safe mode in any form, due to a video driver not loading, i tried updating the drivers also reinstalling them but that didnt help so it seems i am without safe mode for some strange reason, i will post a hijackthis log tomorrow as im not with the pc at the moment, but it shows nothing out of the ordinary ive used hijackthis for years now but nothing is showing in there unfortunately

its almost like an internet plug-in/add-on that kind of thing

i know i definately had brastk.exe i used smitfraud to remove that, as far as i can see the pc is clean, nothing is showing in scans but it does seem to be some kind of altered file/registry entry/add on that the scans dont pick up, the pc runs fine now it just wont download files update definition files and if you click a link on any website it opens a new tab/window and shows a random webpage so annoying!

ill post the logs tomorrow thanks for your help!

steve

Link to post
Share on other sites

Until you can get back with us to post the requested logs, can you name for us one of these random web pages you mention? Also, I would like to know how is it that you are certain the HijackThis logs have not shown you anything untoward...and what video driver is it that you say is keeping you from reaching safe mode. Thanks!

Link to post
Share on other sites

ok so heres my scoop!

my hijckthis log shows two new entries since i last scanned, one being the browser start page, and the other appinit with the random file name

my computer wouldnt save a log file so i took a screen shot:

84028748pe8.jpg

alo here is the names of some of the websites im redirected to:

(all .com at the end)

frazoo, speedgear, aicse, moviesunlimited, searchfinder, 12finder, abcjmp, elitecompare, bargaincounter

and here is the log from that sdfix:

System Report

*************

Run on 14/10/2008 at 12:52

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [560]

\??\C:\WINDOWS\system32\csrss.exe [632]

\??\C:\WINDOWS\system32\winlogon.exe [656]

C:\WINDOWS\system32\services.exe [700]

C:\WINDOWS\system32\lsass.exe [712]

C:\WINDOWS\system32\svchost.exe [896]

C:\WINDOWS\system32\svchost.exe [1088]

C:\WINDOWS\System32\svchost.exe [1184]

C:\WINDOWS\system32\svchost.exe [1276]

C:\WINDOWS\system32\svchost.exe [1348]

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [1536]

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1588]

C:\Program Files\Alwil Software\Avast4\ashServ.exe [1640]

C:\WINDOWS\system32\spoolsv.exe [1884]

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2004]

C:\WINDOWS\system32\svchost.exe [2044]

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [628]

C:\WINDOWS\System32\svchost.exe [968]

C:\WINDOWS\System32\svchost.exe [1384]

C:\WINDOWS\Explorer.EXE [208]

C:\WINDOWS\system32\svchost.exe [584]

C:\WINDOWS\system32\wdfmgr.exe [1056]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [432]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [1060]

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [716]

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1544]

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [1456]

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [1564]

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2148]

C:\WINDOWS\system32\wscntfy.exe [2700]

C:\WINDOWS\System32\alg.exe [2960]

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [3116]

C:\WINDOWS\system32\rundll32.exe [3416]

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [3720]

C:\WINDOWS\system32\ctfmon.exe [272]

Drivers - Running:

Aavmker4

ACPI

AFD

agp440

aswFsBlk

aswMon2

aswRdr

aswSP

aswTdi

atapi

audstub

AvgLdx86

AvgTdiX

Cdfs

Cdrom

Disk

dmio

dmload

es1371

Fastfat

Fdc

Fips

Flpydisk

FltMgr

Ftdisk

gameenum

Gpc

HSFHWBS2

HSF_DP

HTTP

i8042prt

Imapi

IntelIde

intelppm

IpNat

IPSec

isapnp

Kbdclass

kmixer

KSecDD

mdmxsdk

mnmdd

Modem

Mouclass

MountMgr

MRxDAV

MRxSmb

Msfs

mssmbios

Mup

NDIS

NdisTapi

Ndisuio

NdisWan

NDProxy

NetBIOS

NetBT

Npfs

Ntfs

Null

nv

Parport

PartMgr

ParVdm

PCI

PCIIde

PptpMiniport

PSched

Ptilink

PxHelp20

RasAcd

Rasl2tp

RasPppoe

Raspti

Rdbss

RDPCDD

rdpdr

redbook

RTL8023xp

SASDIFSV

SASKUTIL

serenum

Serial

sr

Srv

swenum

sysaudio

Tcpip

TermDD

Update

usbehci

usbhub

USBSTOR

usbuhci

VgaSave

VolSnap

Wanarp

wdmaud

winachsf

Drivers - Stopped:

Abiosdsk

abp480n5

ACPIEC

adpu160m

aec

Aha154x

aic78u2

aic78xx

AliIde

amsint

asc

asc3350p

asc3550

AsyncMac

Atdisk

Atmarpc

AvgMfx86

cbidf2k

cd20xrnt

Cdaudio

Changer

CmdIde

Cpqarray

dac960nt

dmboot

DMusic

dpti2o

drmkaud

hpn

HPZid412

HPZipr12

HPZius12

i2omgmt

i2omp

IKFileSec

IKSysFlt

IKSysSec

ini910u

Ip6Fw

IpFilterDriver

IpInIp

IRENUM

lbrtfdc

mraid35x

MSKSSRV

MSPCLOCK

MSPQM

NwlnkFlt

NwlnkFwd

PCIDump

Pcmcia

PDCOMP

PDFRAME

PDRELI

PDRFRAME

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

RDPWD

rtl8139

SASENUM

Secdrv

Sfloppy

Simbad

Sparrow

splitter

swmidi

symc810

symc8xx

sym_hi

sym_u3

TDPIPE

TDTCP

TosIde

Udfs

ultra

usbccgp

usbprint

usbscan

ViaIde

WDICA

Services - Running:

aawservice

Alerter

ALG

aswUpdSv

AudioSrv

avast!

avast!

avast!

avg8wd

BITS

CryptSvc

DcomLaunch

Dhcp

dmserver

Dnscache

ERSvc

Eventlog

EventSystem

FastUserSwitchingCompatibility

helpsvc

hpqcxs08

hpqddsvc

lanmanserver

lanmanworkstation

LmHosts

MDM

Net

Netman

Nla

NMIndexingService

PlugPlay

Pml

PolicyAgent

ProtectedStorage

RemoteRegistry

RpcSs

SamSs

Schedule

seclogon

SENS

SharedAccess

ShellHWDetection

Spooler

srservice

SSDPSRV

stisvc

TermService

Themes

TrkWks

UMWdf

W32Time

WebClient

winmgmt

wscsvc

WZCSVC

Services - Stopped:

Adobe

AppMgmt

Browser

CiSvc

ClipSrv

COMSysApp

dmadmin

gusvc

HidServ

HTTPFilter

ImapiService

Messenger

mnmsrvc

MSDTC

MSIServer

NBService

NetDDE

NetDDEdsdm

Netlogon

NtLmSsp

NtmsSvc

ose

RasAuto

RasMan

RDSessMgr

RemoteAccess

RpcLocator

RSVP

SCardSvr

sdAuxService

sdCoreService

SwPrv

SysmonLog

TapiSrv

TlntSvr

upnphost

UPS

VSS

WmdmPmSN

Wmi

WmiApSrv

wuauserv

xmlprov

Files Created/Modified - 60 Days:

C:\

14 Oct 2008 12:17:24 1,608 A.... "C:\avenger.txt"

14 Oct 2008 12:27:02 536,399,872 A.SH. "C:\hiberfil.sys"

14 Oct 2008 12:27:00 805,306,368 A.SH. "C:\pagefile.sys"

13 Oct 2008 14:57:12 2,581 A.... "C:\rapport.txt"

28 Aug 2008 10:36:28 268 A..H. "C:\sqmdata02.sqm"

28 Aug 2008 10:46:28 232 A..H. "C:\sqmdata03.sqm"

28 Aug 2008 10:36:28 244 A..H. "C:\sqmnoopt02.sqm"

28 Aug 2008 10:46:28 244 A..H. "C:\sqmnoopt03.sqm"

C:\WINDOWS\

14 Oct 2008 12:29:46 0 A.... "C:\WINDOWS\0.log"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\base64.tmp"

14 Oct 2008 12:27:02 2,048 A.S.. "C:\WINDOWS\bootstat.dat"

11 Oct 2008 13:10:24 90,112 A.... "C:\WINDOWS\DUMP3bc0.tmp"

11 Oct 2008 10:38:04 98,304 A.... "C:\WINDOWS\eear.exe"

7 Oct 2008 15:04:02 130,362 A.... "C:\WINDOWS\hpoins13.dat"

13 Oct 2008 15:17:50 69 A.... "C:\WINDOWS\NeroDigital.ini"

13 Oct 2008 15:47:52 345 A.... "C:\WINDOWS\OEWABLog.txt"

13 Oct 2008 15:53:22 32,546 A.... "C:\WINDOWS\SchedLgU.Txt"

5 Oct 2008 14:59:44 24 A.SH. "C:\WINDOWS\SE6A3AF6C.tmp"

13 Oct 2008 14:52:36 60 A.... "C:\WINDOWS\setupact.log"

14 Oct 2008 12:29:46 1,047 A.... "C:\WINDOWS\setupapi.log"

13 Oct 2008 14:52:36 0 A.... "C:\WINDOWS\setuperr.log"

13 Oct 2008 15:17:52 7,680 A.SH. "C:\WINDOWS\Thumbs.db"

14 Oct 2008 12:28:56 159 A.... "C:\WINDOWS\wiadebug.log"

14 Oct 2008 12:28:20 50 A.... "C:\WINDOWS\wiaservc.log"

7 Oct 2008 15:03:16 638 A.... "C:\WINDOWS\win.ini"

13 Oct 2008 15:52:58 161 A.... "C:\WINDOWS\WindowsUpdate.log"

13 Oct 2008 15:47:50 171 A.... "C:\WINDOWS\wmsetup.log"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\zip1.tmp"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\zip2.tmp"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\zip3.tmp"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\zipped.tmp"

14 Oct 2008 12:27:02 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"

28 Aug 2008 0:58:48 62,236 A.... "C:\WINDOWS\inf\font.PNF"

12 Oct 2008 22:32:52 424,000 A.... "C:\WINDOWS\inf\intl.PNF"

13 Oct 2008 12:42:58 53,292 A.... "C:\WINDOWS\inf\nv4_disp.PNF"

13 Oct 2008 12:43:50 10,580 A.... "C:\WINDOWS\inf\wave.PNF"

18 Aug 2008 12:19:04 82,432 A.... "C:\WINDOWS\system32\404Fix.exe"

14 Oct 2008 12:30:48 0 A.... "C:\WINDOWS\system32\6771307b-.txt"

11 Oct 2008 12:47:04 136,704 A.... "C:\WINDOWS\system32\afvadbak.dll"

8 Sep 2008 23:38:56 88,576 A.... "C:\WINDOWS\system32\AntiXPVSTFix.exe"

5 Oct 2008 14:58:50 49,152 A.... "C:\WINDOWS\system32\brwsvc.dll"

11 Oct 2008 1:25:00 34,816 A.... "C:\WINDOWS\system32\cbXPffCV.dll"

13 Oct 2008 12:39:28 2,626 A.... "C:\WINDOWS\system32\CONFIG.NT"

11 Oct 2008 13:28:28 37,376 A.... "C:\WINDOWS\system32\ddcBQgDt.dll"

14 Oct 2008 12:31:06 111,616 A.... "C:\WINDOWS\system32\ephcbxpt.dll"

11 Oct 2008 1:25:00 34,816 A.... "C:\WINDOWS\system32\fccyWOfC.dll"

30 Sep 2008 17:39:18 246,312 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"

14 Oct 2008 12:31:28 1,075,700 ..SH. "C:\WINDOWS\system32\frgejdyu.ini"

10 Oct 2008 8:58:08 82,944 A.... "C:\WINDOWS\system32\IEDFix.C.exe"

12 Oct 2008 20:13:16 137,216 A.... "C:\WINDOWS\system32\iiibswtf.dll"

12 Oct 2008 20:11:44 80,000 A.... "C:\WINDOWS\system32\jvgqcmtq.dll"

12 Oct 2008 20:09:24 1,071,448 ..SH. "C:\WINDOWS\system32\lpvustop.ini"

11 Oct 2008 13:38:40 37,376 A.... "C:\WINDOWS\system32\mlJYspQG.dll"

10 Oct 2008 8:58:08 82,944 A.... "C:\WINDOWS\system32\o4Patch.exe"

11 Oct 2008 13:28:28 37,376 A.... "C:\WINDOWS\system32\opnnnnKB.dll"

13 Oct 2008 0:43:56 48,074 A.... "C:\WINDOWS\system32\perfc009.dat"

13 Oct 2008 0:43:56 334,504 A.... "C:\WINDOWS\system32\perfh009.dat"

13 Oct 2008 0:43:56 1,606 A.... "C:\WINDOWS\system32\PerfStringBackup.TMP"

12 Oct 2008 23:24:40 718,588 A.SH. "C:\WINDOWS\system32\PXHRYyay.ini"

12 Oct 2008 23:23:04 718,588 A.SH. "C:\WINDOWS\system32\PXHRYyay.ini2"

12 Oct 2008 20:12:08 1,071,448 ..SH. "C:\WINDOWS\system32\qtmcqgvj.ini"

12 Oct 2008 23:33:18 1,071,448 ..SH. "C:\WINDOWS\system32\rilqkgqw.ini"

11 Oct 2008 12:47:04 136,704 A.... "C:\WINDOWS\system32\rstbkt.dll"

11 Oct 2008 13:37:14 4,096 A.... "C:\WINDOWS\system32\temp#01.exe"

11 Oct 2008 13:37:12 4,096 A.... "C:\WINDOWS\system32\thun.dll"

11 Oct 2008 13:37:12 4,096 A.... "C:\WINDOWS\system32\thun32.dll"

12 Oct 2008 20:13:16 137,216 A.... "C:\WINDOWS\system32\tmkhge.dll"

13 Oct 2008 14:50:34 1,768 A.... "C:\WINDOWS\system32\tmp.reg"

13 Oct 2008 14:50:34 0 A.... "C:\WINDOWS\system32\tmp.txt"

14 Oct 2008 12:30:58 73,216 A.... "C:\WINDOWS\system32\uydjegrf.dll"

1 Oct 2008 15:51:40 87,552 A.... "C:\WINDOWS\system32\VACFix.exe"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\system32\VBIEWER.OCX"

11 Oct 2008 13:37:10 4,096 A.... "C:\WINDOWS\system32\vbsys2.dll"

11 Oct 2008 13:37:12 4,096 A.... "C:\WINDOWS\system32\vcatchpi.dll"

12 Oct 2008 23:31:44 265,728 A.... "C:\WINDOWS\system32\vtUnnOEw.dll"

14 Oct 2008 12:52:22 717,890 A.SH. "C:\WINDOWS\system32\wEOnnUtv.ini"

14 Oct 2008 12:49:32 717,874 A.SH. "C:\WINDOWS\system32\wEOnnUtv.ini2"

12 Oct 2008 21:06:46 65,428 A.... "C:\WINDOWS\system32\wini104552664.exe"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\system32\winlogonpc.exe"

12 Oct 2008 23:34:48 111,104 A.... "C:\WINDOWS\system32\winpyigx.dll"

11 Oct 2008 13:37:12 4,096 A.... "C:\WINDOWS\system32\winsystem.exe"

11 Oct 2008 13:37:10 4,096 A.... "C:\WINDOWS\system32\WINWGPX.EXE"

12 Oct 2008 19:52:54 2,206 A.... "C:\WINDOWS\system32\wpa.dbl"

12 Oct 2008 23:32:56 73,728 A.... "C:\WINDOWS\system32\wqgkqlir.dll"

11 Oct 2008 13:38:40 37,376 A.... "C:\WINDOWS\system32\wvUnLEtR.dll"

12 Oct 2008 23:34:48 111,104 A.... "C:\WINDOWS\system32\xncfkd.dll"

14 Oct 2008 12:31:06 111,616 A.... "C:\WINDOWS\system32\ynbxtb.dll"

14 Oct 2008 12:27:38 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"

14 Oct 2008 12:47:28 57,075 A.... "C:\WINDOWS\Temp\hpqddsvc.log"

14 Oct 2008 12:44:08 1,050 A.... "C:\WINDOWS\Temp\scsA.tmp"

14 Oct 2008 12:52:28 0 A.... "C:\WINDOWS\Temp\scsE.tmp"

12 Oct 2008 20:59:04 616,448 A.SH. "C:\WINDOWS\Temp\sxmlirhe.TMP"

14 Oct 2008 12:27:02 2,942 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"

11 Oct 2008 14:03:36 96,520 A.... "C:\WINDOWS\system32\drivers\avgldx86.sys"

11 Oct 2008 14:03:30 26,184 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys"

11 Oct 2008 14:03:42 75,272 A.... "C:\WINDOWS\system32\drivers\avgtdix.sys"

25 Aug 2008 11:36:28 40,840 A.... "C:\WINDOWS\system32\drivers\ikfilesec.sys"

25 Aug 2008 11:36:28 66,952 A.... "C:\WINDOWS\system32\drivers\iksysflt.sys"

25 Aug 2008 11:36:30 81,288 A.... "C:\WINDOWS\system32\drivers\iksyssec.sys"

11 Oct 2008 13:39:26 184 A.... "C:\WINDOWS\system32\GroupPolicy\gpt.ini"

14 Oct 2008 12:29:40 0 A.... "C:\WINDOWS\Temp\_avast4_\Webshlock.txt"

12 Oct 2008 20:36:06 34,787 A.... "C:\WINDOWS\srchasst\mui\0409\balloon.xsl"

12 Oct 2008 20:36:10 6,261 A.... "C:\WINDOWS\srchasst\mui\0409\lclAdv.xml"

12 Oct 2008 20:36:36 414 A.... "C:\WINDOWS\srchasst\mui\0409\lcllook.xml"

12 Oct 2008 20:36:16 2,173 A.... "C:\WINDOWS\srchasst\mui\0409\lclprog.xml"

12 Oct 2008 20:36:28 6,584 A.... "C:\WINDOWS\srchasst\mui\0409\lclrfine.xml"

12 Oct 2008 20:36:06 1,531 A.... "C:\WINDOWS\srchasst\mui\0409\lclsrch.xml"

11 Oct 2008 14:03:24 5,618,689 A.... "C:\WINDOWS\system32\drivers\Avg\avi7.avg"

11 Oct 2008 14:03:28 21,694,994 A.... "C:\WINDOWS\system32\drivers\Avg\incavi.avm"

11 Oct 2008 14:03:24 161,331 A.... "C:\WINDOWS\system32\drivers\Avg\microavi.avg"

11 Oct 2008 14:03:24 703,889 A.... "C:\WINDOWS\system32\drivers\Avg\miniavi.avg"

13 Oct 2008 14:50:12 734 A.... "C:\WINDOWS\system32\drivers\etc\hosts"

11 Oct 2008 13:39:26 216 A.... "C:\WINDOWS\system32\GroupPolicy\User\Registry.pol"

28 Aug 2008 1:59:20 41,980 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"

28 Aug 2008 1:57:54 70,264 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"

C:\Program Files\

29 Sep 2008 16:11:54 1,279,216 A.... "C:\Program Files\CCleaner\CCleaner.exe"

13 Oct 2008 14:00:26 114,605 A.... "C:\Program Files\CCleaner\uninst.exe"

29 Aug 2008 0:35:30 124,258 A.... "C:\Program Files\DivX\DivXBundleUninstall.exe"

29 Aug 2008 0:35:08 124,258 A.... "C:\Program Files\DivX\DivXCodecUninstall.exe"

29 Aug 2008 0:35:28 124,258 A.... "C:\Program Files\DivX\DivXPlayerUninstall.exe"

13 Oct 2008 15:24:50 7,552 A.... "C:\Program Files\Inno Setup 5\unins000.dat"

13 Oct 2008 15:24:22 695,583 A.... "C:\Program Files\Inno Setup 5\unins000.exe"

10 Sep 2008 0:03:54 380,080 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"

10 Sep 2008 0:03:52 61,104 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"

10 Sep 2008 0:03:54 1,253,040 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

10 Sep 2008 0:03:56 73,392 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"

10 Sep 2008 0:03:58 110,256 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"

10 Sep 2008 0:03:58 372,400 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe"

10 Sep 2008 0:03:58 44,720 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"

10 Sep 2008 0:04:00 78,000 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"

2 Oct 2008 16:10:54 17,408 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"

2 Oct 2008 16:11:30 185,856 A.... "C:\Program Files\Mozilla Firefox\crashreporter.exe"

2 Oct 2008 16:11:32 307,712 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"

2 Oct 2008 16:11:32 233,472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"

2 Oct 2008 16:11:34 697,344 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"

2 Oct 2008 16:11:36 710,144 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"

2 Oct 2008 16:11:36 198,144 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"

2 Oct 2008 16:11:36 697,856 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"

2 Oct 2008 16:11:38 304,640 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"

2 Oct 2008 16:11:38 103,936 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"

2 Oct 2008 16:11:38 87,552 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"

2 Oct 2008 16:11:38 20,480 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"

2 Oct 2008 16:11:38 17,408 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"

2 Oct 2008 16:11:46 103,936 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"

2 Oct 2008 16:11:46 151,552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"

2 Oct 2008 16:11:46 395,776 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"

2 Oct 2008 16:11:48 136,704 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"

2 Oct 2008 16:11:50 242,176 A.... "C:\Program Files\Mozilla Firefox\updater.exe"

2 Oct 2008 16:11:50 17,920 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"

2 Oct 2008 16:11:56 9,728,512 A.... "C:\Program Files\Mozilla Firefox\xul.dll"

25 Aug 2008 11:36:20 428,936 A.... "C:\Program Files\Spyware Doctor\BH.dll"

25 Aug 2008 11:36:22 670,088 A.... "C:\Program Files\Spyware Doctor\cdialogs.dll"

25 Aug 2008 11:36:22 298,888 A.... "C:\Program Files\Spyware Doctor\commhlpr.dll"

19 Sep 2008 15:27:40 1,021,832 A.... "C:\Program Files\Spyware Doctor\commom.dll"

26 Aug 2008 14:55:22 320,392 A.... "C:\Program Files\Spyware Doctor\filehlpr.dll"

25 Aug 2008 11:36:26 119,688 A.... "C:\Program Files\Spyware Doctor\ikdll.dll"

25 Aug 2008 11:36:26 379,272 A.... "C:\Program Files\Spyware Doctor\inethlpr.dll"

2 Sep 2008 9:51:32 241,664 A.... "C:\Program Files\Spyware Doctor\InnoHelpers.dll"

2 Sep 2008 9:51:32 626,688 A.... "C:\Program Files\Spyware Doctor\msvcr80.dll"

19 Sep 2008 15:27:16 2,873,224 A.... "C:\Program Files\Spyware Doctor\pctsGui.exe"

22 Sep 2008 14:42:06 1,079,176 A.... "C:\Program Files\Spyware Doctor\pctsSvc.exe"

25 Aug 2008 11:36:36 1,168,264 A.... "C:\Program Files\Spyware Doctor\pctsTray.exe"

19 Sep 2008 15:27:18 194,440 A.... "C:\Program Files\Spyware Doctor\PWindow.dll"

25 Aug 2008 11:36:46 146,312 A.... "C:\Program Files\Spyware Doctor\smumhook.dll"

25 Aug 2008 11:36:50 478,600 A.... "C:\Program Files\Spyware Doctor\Sqlite3DB.dll"

25 Aug 2008 11:36:52 135,560 A.... "C:\Program Files\Spyware Doctor\SysAccess.dll"

13 Oct 2008 0:39:22 249,092 A.... "C:\Program Files\Spyware Doctor\unins000.dat"

13 Oct 2008 0:38:28 707,976 A.... "C:\Program Files\Spyware Doctor\unins000.exe"

19 Sep 2008 15:28:04 1,857,416 A.... "C:\Program Files\Spyware Doctor\Update.exe"

3 Sep 2008 14:07:14 8,944 A.... "C:\Program Files\SUPERAntiSpyware\sasdifsv.sys"

3 Sep 2008 14:07:16 7,408 A...R "C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"

3 Sep 2008 14:07:12 55,024 A.... "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"

3 Sep 2008 14:07:10 158,960 A.... "C:\Program Files\SUPERAntiSpyware\SSUpdate.exe"

3 Sep 2008 14:07:12 1,576,176 A.... "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

16 Sep 2008 20:17:18 323,072 A.... "C:\Program Files\WinRAR\Rar.exe"

16 Sep 2008 20:18:06 132,608 A.... "C:\Program Files\WinRAR\RarExt.dll"

5 Oct 2008 14:57:56 20 A.... "C:\Program Files\WinRAR\rarnew.dat"

16 Sep 2008 20:18:08 100,864 A.... "C:\Program Files\WinRAR\Uninstall.exe"

16 Sep 2008 20:17:22 204,800 A.... "C:\Program Files\WinRAR\UnRAR.exe"

16 Sep 2008 20:17:12 968,704 A.... "C:\Program Files\WinRAR\WinRAR.exe"

5 Oct 2008 14:57:56 22 A.... "C:\Program Files\WinRAR\zipnew.dat"

11 Oct 2008 14:02:50 658,200 A.... "C:\Program Files\AVG\AVG8\avgam.exe"

11 Oct 2008 14:02:50 327,448 A.... "C:\Program Files\AVG\AVG8\avgameh.dll"

11 Oct 2008 14:02:48 557,336 A.... "C:\Program Files\AVG\AVG8\avgcfgx.dll"

11 Oct 2008 14:02:52 1,295,640 A.... "C:\Program Files\AVG\AVG8\avgcorex.dll"

11 Oct 2008 14:02:52 72,984 A.... "C:\Program Files\AVG\AVG8\avgcrlpx.dll"

11 Oct 2008 14:02:50 697,088 A.... "C:\Program Files\AVG\AVG8\avginet.dll"

11 Oct 2008 14:02:50 488,728 A.... "C:\Program Files\AVG\AVG8\avgiproxy.exe"

11 Oct 2008 14:02:48 164,120 A.... "C:\Program Files\AVG\AVG8\avglngx.dll"

11 Oct 2008 14:02:52 214,296 A.... "C:\Program Files\AVG\AVG8\avglogx.dll"

11 Oct 2008 14:02:50 320,280 A.... "C:\Program Files\AVG\AVG8\avgmvflx.dll"

11 Oct 2008 14:02:52 431,896 A.... "C:\Program Files\AVG\AVG8\avgnsx.exe"

11 Oct 2008 14:02:52 311,576 A.... "C:\Program Files\AVG\AVG8\avgrsx.exe"

11 Oct 2008 14:02:48 333,056 A.... "C:\Program Files\AVG\AVG8\avgscanx.dll"

11 Oct 2008 14:02:48 349,976 A.... "C:\Program Files\AVG\AVG8\avgsched.dll"

11 Oct 2008 14:02:48 365,848 A.... "C:\Program Files\AVG\AVG8\avgsrmax.exe"

11 Oct 2008 14:02:50 1,017,600 A.... "C:\Program Files\AVG\AVG8\avgupd.dll"

11 Oct 2008 14:02:50 796,440 A.... "C:\Program Files\AVG\AVG8\avgupd.exe"

11 Oct 2008 14:02:48 155,928 A.... "C:\Program Files\AVG\AVG8\avgvvx.dll"

11 Oct 2008 14:02:48 834,816 A.... "C:\Program Files\AVG\AVG8\avgwd.dll"

11 Oct 2008 14:02:48 282,904 A.... "C:\Program Files\AVG\AVG8\avgwdsvc.exe"

11 Oct 2008 14:02:50 264,984 A.... "C:\Program Files\AVG\AVG8\avgwdwsc.dll"

11 Oct 2008 14:02:58 185,624 A.... "C:\Program Files\AVG\AVG8\avgxpl.dll"

11 Oct 2008 14:02:52 50,708 A.... "C:\Program Files\AVG\AVG8\dfncfg.dat"

11 Oct 2008 14:03:24 349,464 A.... "C:\Program Files\AVG\AVG8\imsdk32.dll"

11 Oct 2008 14:03:24 476,440 A.... "C:\Program Files\AVG\AVG8\lua51132.dll"

16 Aug 2008 23:58:16 68,856 A.... "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

13 Oct 2008 14:00:06 13,732 A.... "C:\Program Files\HP\HP Software Update\Contents.dat"

2 Oct 2008 16:11:12 23,040 A.... "C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll"

2 Oct 2008 16:11:12 134,656 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"

5 Oct 2008 14:48:06 142,878 A.... "C:\Program Files\Mozilla Firefox\components\compreg.dat"

5 Oct 2008 14:47:56 96,107 A.... "C:\Program Files\Mozilla Firefox\components\xpti.dat"

2 Oct 2008 16:11:38 65,536 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"

2 Oct 2008 16:11:42 117 A.... "C:\Program Files\Mozilla Firefox\res\hiddenWindow.html"

2 Oct 2008 16:11:50 509,536 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

25 Aug 2008 11:36:20 186,248 A.... "C:\Program Files\Spyware Doctor\avengine\SDAVgate.dll"

12 Oct 2008 20:25:56 396,288 A.... "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"

14 Oct 2008 12:27:36 192,696 A.... "C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll"

13 Oct 2008 12:49:38 0 A.... "C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat"

14 Oct 2008 12:27:36 391,216 A.... "C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll"

14 Oct 2008 12:27:36 273,592 A.... "C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat"

14 Oct 2008 12:27:36 9,080 A.... "C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll"

13 Oct 2008 12:38:06 70,766 A.... "C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm"

13 Oct 2008 12:37:12 127,024 A.... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"

16 Aug 2008 23:58:18 10,736 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\gth.dll"

16 Aug 2008 23:58:16 130,544 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\gtn.dll"

16 Aug 2008 23:58:16 734,704 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll"

2 Oct 2008 16:11:30 7,139 A.... "C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html"

16 Aug 2008 23:58:14 1,079,792 A.... "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"

Files with hidden attributes:

Sun 5 Oct 2008 24 A.SH. --- "C:\WINDOWS\SE6A3AF6C.tmp"

Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Sun 12 Oct 2008 616,448 A.SH. --- "C:\WINDOWS\Temp\sxmlirhe.TMP"

Thu 1 Jun 2006 4,348 A..H. --- "C:\ling\My Music\License Backup\drmv1key.bak"

Sun 18 Jun 2006 20 A..H. --- "C:\ling\My Music\License Backup\drmv1lic.bak"

Sun 14 May 2006 312 A.SH. --- "C:\ling\My Music\License Backup\drmv2key.bak"

Sat 9 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 8 Oct 2008 1 A..H. --- "C:\Documents and Settings\ST\Application Data\Adobe\BIT206.tmp"

Program Folders:

C:\Program Files\

Adobe

Alwil Software

AVG

Avi2Dvd

AviSynth 2.5

CCleaner

Common Files

ComPlus Applications

CyberLink

DivX

Google

Hewlett-Packard

HP

Inno Setup 5

InstallShield Installation Information

Intel

Internet Explorer

Lavasoft

MagicISO

Malwarebytes' Anti-Malware

Messenger

Microsoft ActiveSync

Microsoft CAPICOM 2.1.0.2

microsoft frontpage

Microsoft Office

Microsoft Visual Studio

Microsoft Works

Microsoft.NET

Movie Maker

Mozilla Firefox

MSECache

MSI

MSN

MSN Gaming Zone

MSN Messenger

Nero

NetMeeting

Online Services

Outlook Express

Setup Files

Spyware Doctor

SUPERAntiSpyware

Trend Micro

Uninstall Information

uTorrent

Windows Desktop Search

Windows Media Connect 2

Windows Media Player

Windows NT

WindowsUpdate

WinRAR

xerox

C:\Program Files\Common Files\

Adobe

Adobe Systems Shared

Ahead

DESIGNER

Hewlett-Packard

HP

InstallShield

L&H

Microsoft Shared

MSSoap

ODBC

Services

SpeechEngines

System

Wise Installation Wizard

Add/Remove Programs:

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Photoshop CS2

avast! Antivirus

Avi2Dvd 0.4.5 beta

AviSynth 2.5

CCleaner (remove only)

HijackThis 2.0.2

HP Imaging Device Functions 8.0

HP Solution Center 8.0

HP Customer Participation Program 8.0

HP OCR Software 8.0

Inno Setup version 5.2.3

Magic ISO Maker v5.4 (build 0239)

Mozilla Firefox (3.0.3)

Spyware Doctor 6.0

Windows Media Format Runtime

WinRAR archiver

AIO_Scan

Scan

WebReg

AutoUpdate

Google Toolbar for Internet Explorer

Adobe Photoshop CS2

C4200

DocProc

PS_AIO_Software

eSupportQFolder

HPProductAssistant

CustomerResearchQFolder

Microsoft Visual C++ 2005 Redistributable

Adobe Stock Photos 1.0

DivX Codec

Nero 7 Essentials

HP Photosmart All-In-One Software 8.0

DocProcQFolder

DivX Player

HP Update

Adobe Common File Installer

Microsoft Office Professional Edition 2003

Microsoft Office FrontPage 2003

MarketResearch

Status

Destinations

SolutionCenter

Copy

DeviceManagementQFolder

Adobe Reader 9

PS_AIO_Software_min

Adobe Bridge 1.0

BufferChm

Toolbox

SUPERAntiSpyware Free Edition

Ad-Aware

UnloadSupport

HP Smart Web Printing 1.0

c4200_Help

Adobe Help Center 1.0

HP Photosmart Essential

HPSSupply

32 Bit HP CIO Components Installer

PS_AIO_ProductContext

TrayApp

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

Bot Check:

SERVICE_NAME: wscsvc

DISPLAY_NAME : Security Center

START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess

DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)

START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv

DISPLAY_NAME : Automatic Updates

START_TYPE : 4 DISABLED

SERVICE_NAME: srservice

DISPLAY_NAME : System Restore Service

START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"WaitToKillServiceTimeout"="20000 (0x4e20)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

"Shell"="Explorer.exe"

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

"{998DAE3E-7D4F-4952-A71F-467D8FE64407}"=""

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment

ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL

windir REG_EXPAND_SZ %SystemRoot%

OS REG_SZ Windows_NT

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\vtUnnOEw\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midi"="wdmaud.drv"

Non-Default IFEO Debugger:

Non-Default Installed Components:

Non-Default Safeboot Minimal:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]

@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]

@="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]

@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]

@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]

@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]

@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

Link to post
Share on other sites

i did say hijackthis wouldnt create a log file, no matter how many times i tried to it just wouldnt do it

You said that? Where? What I read is that your computer wouldn't save a log file but the file is saved automatically in the hjt folder...

You said this system runs fine ? Among other things, I see you had been infected with W32/Netsky.q@MM and also have lots of vundo files...You've run a several different tools huh?

None of these are malicious but were left on the system by running the SmitFraudFix tool and are no longer necessary so deleting them or leaving them does no harm...you just don't need them:

C:\WINDOWS\system32\tmp.reg

C:\WINDOWS\system32\VCCLSID.exe

C:\WINDOWS\system32\SrchSTS.exe

C:\WINDOWS\system32\VACFix.exe

C:\WINDOWS\system32\IEDFix.exe

C:\WINDOWS\system32\IEDFix.C.exe

C:\WINDOWS\system32\404Fix.exe

C:\WINDOWS\system32\Process.exe

C:\WINDOWS\system32\dumphive.exe

C:\WINDOWS\system32\WS2Fix.exe

Copy the data in the code box below into notepad and save it as deletereg.reg

Set File type to "all files"

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{998DAE3E-7D4F-4952-A71F-467D8FE64407}"=""

Double-click that file and confirm you want to merge it with the registry.

Reboot the computer.

Download the SafeBootKeyRepair.exe...then try to boot to safe mode. If you are successful, use the instructions I posted previously and run the SDFix tool in safe mode (SDFix would have nuked tons of those files you posted). Post back THAT log.

If unsuccessful, we can take a different approach:

Please download the KILLBOX. Save it to your desktop.

Open killbox.exe...First click on Tools-->Delete Temp Files.

A box will open with a list of all user profiles.

Check the following boxes at a minimum for each profile by clicking on the drop down and checking the boxes that are enabled. Some will not apply and those boxes will not be available to check. Make sure you do this for all the profiles listed.

Temporary Internet Files

Temp Files

XP Prefetch

If you want to clean your cookies, history, and list of recent files run you may check those boxes as well...next, click on the Button titled Delete Selected Temp Files.

Exit by clicking the Button titled Exit(Save Settings).

Once back into the main killbox program, check the box Delete on Reboot. Now, highlight all the entries below in Bold text and then copy them.

C:\WINDOWS\0.log

C:\WINDOWS\base64.tmp

C:\WINDOWS\DUMP3bc0.tmp

C:\WINDOWS\eear.exe

C:\WINDOWS\SE6A3AF6C.tmp

C:\WINDOWS\zip1.tmp

C:\WINDOWS\zip2.tmp

C:\WINDOWS\zip3.tmp

C:\WINDOWS\zipped.tmp

C:\WINDOWS\system32\6771307b-.txt

C:\WINDOWS\system32\afvadbak.dll

C:\WINDOWS\system32\AntiXPVSTFix.exe

C:\WINDOWS\system32\brwsvc.dll

C:\WINDOWS\system32\cbXPffCV.dll

C:\WINDOWS\system32\ddcBQgDt.dll

C:\WINDOWS\system32\ephcbxpt.dll

C:\WINDOWS\system32\fccyWOfC.dll

C:\WINDOWS\system32\frgejdyu.ini

C:\WINDOWS\system32\iiibswtf.dll

C:\WINDOWS\system32\jvgqcmtq.dll

C:\WINDOWS\system32\lpvustop.ini

C:\WINDOWS\system32\mlJYspQG.dll

C:\WINDOWS\system32\o4Patch.exe

C:\WINDOWS\system32\opnnnnKB.dll

C:\WINDOWS\system32\PXHRYyay.ini

C:\WINDOWS\system32\PXHRYyay.ini2

C:\WINDOWS\system32\qtmcqgvj.ini

C:\WINDOWS\system32\rilqkgqw.ini

C:\WINDOWS\system32\rstbkt.dll

C:\WINDOWS\system32\temp#01.exe

C:\WINDOWS\system32\thun.dll

C:\WINDOWS\system32\thun32.dll

C:\WINDOWS\system32\tmkhge.dll

C:\WINDOWS\system32\tmp.txt

C:\WINDOWS\system32\uydjegrf.dll

C:\WINDOWS\system32\vbsys2.dll

C:\WINDOWS\system32\vcatchpi.dll

C:\WINDOWS\system32\vtUnnOEw.dll

C:\WINDOWS\system32\wEOnnUtv.ini

C:\WINDOWS\system32\wEOnnUtv.ini2

C:\WINDOWS\system32\wini104552664.exe

C:\WINDOWS\system32\winlogonpc.exe

C:\WINDOWS\system32\winpyigx.dll

C:\WINDOWS\system32\winsystem.exe

C:\WINDOWS\system32\WINWGPX.EXE

C:\WINDOWS\system32\wqgkqlir.dll

C:\WINDOWS\system32\wvUnLEtR.dll

C:\WINDOWS\system32\xncfkd.dll

C:\WINDOWS\system32\ynbxtb.dll

C:\WINDOWS\Temp\scsA.tmp

C:\WINDOWS\Temp\scsE.tmp

C:\WINDOWS\Temp\sxmlirhe.TMP

Then in killbox click File-->Paste from Clipboard...Now, Click the All Files button.

Next, click the Red X ...and for the confirmation message that will appear, you will need to click Yes.

A second message will ask to Reboot now? you will need to click Yes and allow the computer to reboot.

Note: Killbox will let you know if a file does not exist.

If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X ...and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? You will need to click No until you've entered each line...then on the last entry go ahead and click Yes to allow the system to reboot.

Post back your results...and please remember, post the text content and not a screen shot. Thanks!

Link to post
Share on other sites

hey

thanks for your time, im away from the bloody computer again now but im considering going back to it just to try this,

with hijackthis i do a scan i press save log

i go to hijackthis directory but nothing is there apart from an inf file and various backup files,

also safe mode defo doesnt work, i get BSOD saying a video driver has failed to load etc etc

but is that some kind of possible fix for safe mode above? safebootkeyrepair.exe?

if that dont work ill go straight on with killbox and do as the above says

and also create the registry entry

thanks ill get back to you soon :blink:

also going back to my first post, is this malicious file known to disable the malwarebytes software? im still stumped as to why the installer never worked

speak soon!

s

Link to post
Share on other sites

...also safe mode defo doesnt work, i get BSOD saying a video driver has failed to load etc etc

I'd like to know the driver that is causing this. If you should get another blue screen, take note of exactly what is on the screen. Write down exactly what the stop code message says and more specifically, take note of the driver name listed at the bottom of the screen. Post that back here if you can.

but is that some kind of possible fix for safe mode above? safebootkeyrepair.exe?

Yes...if your safe boot registry keys were removed by this new malicious software then that reg file should restore those keys for you. However, if your bsod is caused by some other driver then you'll still have problems.

if that dont work ill go straight on with killbox and do as the above says

and also create the registry entry

If you are referring to the reg fix I provided for you in that code box, then the registry entry will be removed, not created.

thanks ill get back to you soon

Sure, take what time you need. We'll be here. :blink:

Link to post
Share on other sites

i tried the safebootkey thing and tried rebooting to safe mode but i got the same error

agp440.sys was the last file to load, and the blue screen said all the usual text garbage,

the video driver failed to initialize

and the only thing that i could see that you would want was maybe this line:

Technical Information:

*** STOP: 0x000000b4 (0x821f60a8, 0x8220e000, 0x8222c000, 0x00050000)

the rest was just telling me how to boot back in safe mode

there was no message about what file at the bottom of the screen either

i added the reg key that was fine

i done exactly as asked wih killbox and got this error message after the countdown to reboot:

pendingfilenameoperations registry data has been removed by external process!

then an ok button i press the ok and the computer didnt reboot, bummer :| i dont think killbox worked i tried this a few times but all with the same results

i have a hijackthis log it finally showed in the root directory i ave no idea hy it didnt all the times before maybe something was stopping it:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:30:01, on 15/10/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Documents and Settings\steve\Desktop\KillBox.exe

C:\Program Files\Trend Micro\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O20 - AppInit_DLLs: yqjojd.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--

End of file - 3900 bytes

------------------------------------------------------------------------------------------------------------------------------------------------------------------------

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O20 - AppInit_DLLs: yqjojd.dll

these are the only ones that stand out for me,

top one dont seem to be correct url but its only a start page,

second is something about ms office but i have no office software installed or have i ever,

and the last one is of course the problem!

thanks

Steve

Link to post
Share on other sites

and heres a sdfix log:

System Report

*************

Run on 15/10/2008 at 15:48

Microsoft Windows XP [Version 5.1.2600]

Current user is an administrator

Running Processes:

\SystemRoot\System32\smss.exe [564]

\??\C:\WINDOWS\system32\csrss.exe [636]

\??\C:\WINDOWS\system32\winlogon.exe [660]

C:\WINDOWS\system32\services.exe [704]

C:\WINDOWS\system32\lsass.exe [728]

C:\WINDOWS\system32\svchost.exe [908]

C:\WINDOWS\system32\svchost.exe [1092]

C:\WINDOWS\System32\svchost.exe [1184]

C:\WINDOWS\system32\svchost.exe [1280]

C:\WINDOWS\system32\svchost.exe [1376]

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [1560]

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [1600]

C:\Program Files\Alwil Software\Avast4\ashServ.exe [1660]

C:\WINDOWS\system32\spoolsv.exe [1880]

C:\WINDOWS\Explorer.EXE [304]

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [336]

C:\WINDOWS\system32\svchost.exe [1960]

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [272]

C:\WINDOWS\System32\svchost.exe [584]

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [612]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [124]

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [940]

C:\WINDOWS\system32\ctfmon.exe [992]

C:\WINDOWS\System32\svchost.exe [1036]

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [1172]

C:\WINDOWS\system32\svchost.exe [1392]

C:\WINDOWS\system32\wdfmgr.exe [1948]

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe [200]

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2692]

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2864]

C:\WINDOWS\system32\wscntfy.exe [3244]

C:\WINDOWS\System32\alg.exe [3560]

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [3588]

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe [2136]

Drivers - Running:

Aavmker4

ACPI

AFD

agp440

aswFsBlk

aswMon2

aswRdr

aswSP

aswTdi

atapi

audstub

AvgLdx86

AvgTdiX

Cdfs

Cdrom

Disk

dmio

dmload

es1371

Fastfat

Fdc

Fips

Flpydisk

FltMgr

Ftdisk

gameenum

Gpc

HSFHWBS2

HSF_DP

HTTP

i8042prt

Imapi

IntelIde

intelppm

IpNat

IPSec

isapnp

Kbdclass

kmixer

KSecDD

mdmxsdk

mnmdd

Modem

Mouclass

MountMgr

MRxDAV

MRxSmb

Msfs

mssmbios

Mup

NDIS

NdisTapi

Ndisuio

NdisWan

NDProxy

NetBIOS

NetBT

Npfs

Ntfs

Null

nv

Parport

PartMgr

ParVdm

PCI

PCIIde

PptpMiniport

PSched

Ptilink

PxHelp20

RasAcd

Rasl2tp

RasPppoe

Raspti

Rdbss

RDPCDD

rdpdr

redbook

RTL8023xp

SASDIFSV

SASKUTIL

serenum

Serial

sr

Srv

swenum

sysaudio

Tcpip

TermDD

Update

usbehci

usbhub

USBSTOR

usbuhci

VgaSave

VolSnap

Wanarp

wdmaud

winachsf

Drivers - Stopped:

Abiosdsk

abp480n5

ACPIEC

adpu160m

aec

Aha154x

aic78u2

aic78xx

AliIde

amsint

asc

asc3350p

asc3550

AsyncMac

Atdisk

Atmarpc

AvgMfx86

cbidf2k

cd20xrnt

Cdaudio

Changer

CmdIde

Cpqarray

dac960nt

dmboot

DMusic

dpti2o

drmkaud

hpn

HPZid412

HPZipr12

HPZius12

i2omgmt

i2omp

IKFileSec

IKSysFlt

IKSysSec

ini910u

Ip6Fw

IpFilterDriver

IpInIp

IRENUM

lbrtfdc

mraid35x

MSKSSRV

MSPCLOCK

MSPQM

NwlnkFlt

NwlnkFwd

PCIDump

Pcmcia

PDCOMP

PDFRAME

PDRELI

PDRFRAME

perc2

perc2hib

ql1080

Ql10wnt

ql12160

ql1240

ql1280

RDPWD

rtl8139

SASENUM

Secdrv

Sfloppy

Simbad

Sparrow

splitter

swmidi

symc810

symc8xx

sym_hi

sym_u3

TDPIPE

TDTCP

TosIde

Udfs

ultra

usbccgp

usbprint

usbscan

ViaIde

WDICA

Services - Running:

aawservice

Alerter

ALG

aswUpdSv

AudioSrv

avast!

avast!

avast!

avg8wd

BITS

CryptSvc

DcomLaunch

Dhcp

dmserver

Dnscache

ERSvc

Eventlog

EventSystem

FastUserSwitchingCompatibility

helpsvc

hpqcxs08

hpqddsvc

lanmanserver

lanmanworkstation

LmHosts

MDM

Net

Netman

Nla

NMIndexingService

PlugPlay

Pml

PolicyAgent

ProtectedStorage

RemoteRegistry

RpcSs

SamSs

Schedule

seclogon

SENS

SharedAccess

ShellHWDetection

Spooler

srservice

SSDPSRV

stisvc

TermService

Themes

TrkWks

UMWdf

W32Time

WebClient

winmgmt

wscsvc

WZCSVC

Services - Stopped:

Adobe

AppMgmt

Browser

CiSvc

ClipSrv

COMSysApp

dmadmin

gusvc

HidServ

HTTPFilter

ImapiService

Messenger

mnmsrvc

MSDTC

MSIServer

NBService

NetDDE

NetDDEdsdm

Netlogon

NtLmSsp

NtmsSvc

ose

RasAuto

RasMan

RDSessMgr

RemoteAccess

RpcLocator

RSVP

SCardSvr

sdAuxService

sdCoreService

SwPrv

SysmonLog

TapiSrv

TlntSvr

upnphost

UPS

VSS

WmdmPmSN

Wmi

WmiApSrv

wuauserv

xmlprov

Files Created/Modified - 60 Days:

C:\

14 Oct 2008 12:17:24 1,608 A.... "C:\avenger.txt"

15 Oct 2008 15:17:46 536,399,872 A.SH. "C:\hiberfil.sys"

15 Oct 2008 15:17:44 805,306,368 A.SH. "C:\pagefile.sys"

13 Oct 2008 14:57:12 2,581 A.... "C:\rapport.txt"

15 Oct 2008 15:11:10 14,721 A.... "C:\SAFEBOOT_REPAIR.TXT"

28 Aug 2008 10:36:28 268 A..H. "C:\sqmdata02.sqm"

28 Aug 2008 10:46:28 232 A..H. "C:\sqmdata03.sqm"

28 Aug 2008 10:36:28 244 A..H. "C:\sqmnoopt02.sqm"

28 Aug 2008 10:46:28 244 A..H. "C:\sqmnoopt03.sqm"

C:\WINDOWS\

15 Oct 2008 15:20:40 0 ..... "C:\WINDOWS\0.log"

11 Oct 2008 13:37:20 4,096 ..... "C:\WINDOWS\base64.tmp"

15 Oct 2008 15:17:48 2,048 A.S.. "C:\WINDOWS\bootstat.dat"

11 Oct 2008 13:10:24 90,112 ..... "C:\WINDOWS\DUMP3bc0.tmp"

11 Oct 2008 10:38:04 98,304 ..... "C:\WINDOWS\eear.exe"

7 Oct 2008 15:04:02 130,362 A.... "C:\WINDOWS\hpoins13.dat"

13 Oct 2008 15:17:50 69 A.... "C:\WINDOWS\NeroDigital.ini"

15 Oct 2008 15:13:08 79,560 A.... "C:\WINDOWS\ntbtlog.txt"

13 Oct 2008 15:47:52 345 A.... "C:\WINDOWS\OEWABLog.txt"

15 Oct 2008 15:12:24 32,546 A.... "C:\WINDOWS\SchedLgU.Txt"

5 Oct 2008 14:59:44 24 ..... "C:\WINDOWS\SE6A3AF6C.tmp"

13 Oct 2008 14:52:36 60 A.... "C:\WINDOWS\setupact.log"

15 Oct 2008 15:20:42 4,118 A.... "C:\WINDOWS\setupapi.log"

13 Oct 2008 14:52:36 0 A.... "C:\WINDOWS\setuperr.log"

13 Oct 2008 15:17:52 7,680 A.SH. "C:\WINDOWS\Thumbs.db"

15 Oct 2008 15:19:58 159 A.... "C:\WINDOWS\wiadebug.log"

15 Oct 2008 15:19:40 50 A.... "C:\WINDOWS\wiaservc.log"

7 Oct 2008 15:03:16 638 A.... "C:\WINDOWS\win.ini"

15 Oct 2008 15:12:18 483 A.... "C:\WINDOWS\WindowsUpdate.log"

13 Oct 2008 15:47:50 171 A.... "C:\WINDOWS\wmsetup.log"

11 Oct 2008 13:37:20 4,096 ..... "C:\WINDOWS\zip1.tmp"

11 Oct 2008 13:37:20 4,096 ..... "C:\WINDOWS\zip2.tmp"

11 Oct 2008 13:37:20 4,096 ..... "C:\WINDOWS\zip3.tmp"

11 Oct 2008 13:37:20 4,096 ..... "C:\WINDOWS\zipped.tmp"

15 Oct 2008 15:17:48 0 A.... "C:\WINDOWS\Debug\PASSWD.LOG"

28 Aug 2008 0:58:48 62,236 A.... "C:\WINDOWS\inf\font.PNF"

12 Oct 2008 22:32:52 424,000 A.... "C:\WINDOWS\inf\intl.PNF"

13 Oct 2008 12:42:58 53,292 A.... "C:\WINDOWS\inf\nv4_disp.PNF"

13 Oct 2008 12:43:50 10,580 A.... "C:\WINDOWS\inf\wave.PNF"

15 Oct 2008 15:17:44 90,112 A.... "C:\WINDOWS\Minidump\Mini101508-01.dmp"

15 Oct 2008 15:10:12 1,024 A..H. "C:\WINDOWS\repair\system.LOG"

18 Aug 2008 12:19:04 82,432 A.... "C:\WINDOWS\system32\404Fix.exe"

15 Oct 2008 15:01:54 0 ..... "C:\WINDOWS\system32\6771307b-.txt"

11 Oct 2008 12:47:04 136,704 ..... "C:\WINDOWS\system32\afvadbak.dll"

8 Sep 2008 23:38:56 88,576 ..... "C:\WINDOWS\system32\AntiXPVSTFix.exe"

15 Oct 2008 15:02:34 109,056 A.... "C:\WINDOWS\system32\blwcvieg.dll"

5 Oct 2008 14:58:50 49,152 ..... "C:\WINDOWS\system32\brwsvc.dll"

11 Oct 2008 1:25:00 34,816 ..... "C:\WINDOWS\system32\cbXPffCV.dll"

13 Oct 2008 12:39:28 2,626 A.... "C:\WINDOWS\system32\CONFIG.NT"

11 Oct 2008 13:28:28 37,376 ..... "C:\WINDOWS\system32\ddcBQgDt.dll"

14 Oct 2008 12:31:06 111,616 ..... "C:\WINDOWS\system32\ephcbxpt.dll"

11 Oct 2008 1:25:00 34,816 ..... "C:\WINDOWS\system32\fccyWOfC.dll"

30 Sep 2008 17:39:18 246,312 A.... "C:\WINDOWS\system32\FNTCACHE.DAT"

14 Oct 2008 12:31:28 1,075,700 ..... "C:\WINDOWS\system32\frgejdyu.ini"

10 Oct 2008 8:58:08 82,944 A.... "C:\WINDOWS\system32\IEDFix.C.exe"

12 Oct 2008 20:13:16 137,216 ..... "C:\WINDOWS\system32\iiibswtf.dll"

12 Oct 2008 20:11:44 80,000 ..... "C:\WINDOWS\system32\jvgqcmtq.dll"

12 Oct 2008 20:09:24 1,071,448 ..... "C:\WINDOWS\system32\lpvustop.ini"

11 Oct 2008 13:38:40 37,376 ..... "C:\WINDOWS\system32\mlJYspQG.dll"

10 Oct 2008 8:58:08 82,944 ..... "C:\WINDOWS\system32\o4Patch.exe"

11 Oct 2008 13:28:28 37,376 ..... "C:\WINDOWS\system32\opnnnnKB.dll"

13 Oct 2008 0:43:56 48,074 A.... "C:\WINDOWS\system32\perfc009.dat"

13 Oct 2008 0:43:56 334,504 A.... "C:\WINDOWS\system32\perfh009.dat"

13 Oct 2008 0:43:56 1,606 A.... "C:\WINDOWS\system32\PerfStringBackup.TMP"

12 Oct 2008 23:24:40 718,588 ..... "C:\WINDOWS\system32\PXHRYyay.ini"

12 Oct 2008 23:23:04 718,588 ..... "C:\WINDOWS\system32\PXHRYyay.ini2"

12 Oct 2008 20:12:08 1,071,448 ..... "C:\WINDOWS\system32\qtmcqgvj.ini"

12 Oct 2008 23:33:18 1,071,448 ..... "C:\WINDOWS\system32\rilqkgqw.ini"

15 Oct 2008 15:02:42 71,168 A.... "C:\WINDOWS\system32\rjpnykss.dll"

11 Oct 2008 12:47:04 136,704 ..... "C:\WINDOWS\system32\rstbkt.dll"

15 Oct 2008 15:03:00 1,341,643 ..SH. "C:\WINDOWS\system32\sskynpjr.ini"

11 Oct 2008 13:37:14 4,096 ..... "C:\WINDOWS\system32\temp#01.exe"

11 Oct 2008 13:37:12 4,096 ..... "C:\WINDOWS\system32\thun.dll"

11 Oct 2008 13:37:12 4,096 ..... "C:\WINDOWS\system32\thun32.dll"

12 Oct 2008 20:13:16 137,216 ..... "C:\WINDOWS\system32\tmkhge.dll"

13 Oct 2008 14:50:34 1,768 A.... "C:\WINDOWS\system32\tmp.reg"

13 Oct 2008 14:50:34 0 ..... "C:\WINDOWS\system32\tmp.txt"

14 Oct 2008 12:30:58 73,216 ..... "C:\WINDOWS\system32\uydjegrf.dll"

1 Oct 2008 15:51:40 87,552 A.... "C:\WINDOWS\system32\VACFix.exe"

11 Oct 2008 13:37:20 4,096 A.... "C:\WINDOWS\system32\VBIEWER.OCX"

11 Oct 2008 13:37:10 4,096 ..... "C:\WINDOWS\system32\vbsys2.dll"

11 Oct 2008 13:37:12 4,096 ..... "C:\WINDOWS\system32\vcatchpi.dll"

12 Oct 2008 23:31:44 265,728 ..... "C:\WINDOWS\system32\vtUnnOEw.dll"

15 Oct 2008 15:46:36 724,696 A.SH. "C:\WINDOWS\system32\wEOnnUtv.ini"

15 Oct 2008 15:46:14 724,696 A.SH. "C:\WINDOWS\system32\wEOnnUtv.ini2"

12 Oct 2008 21:06:46 65,428 ..... "C:\WINDOWS\system32\wini104552664.exe"

11 Oct 2008 13:37:20 4,096 ..... "C:\WINDOWS\system32\winlogonpc.exe"

12 Oct 2008 23:34:48 111,104 ..... "C:\WINDOWS\system32\winpyigx.dll"

11 Oct 2008 13:37:12 4,096 ..... "C:\WINDOWS\system32\winsystem.exe"

11 Oct 2008 13:37:10 4,096 ..... "C:\WINDOWS\system32\WINWGPX.EXE"

12 Oct 2008 19:52:54 2,206 A.... "C:\WINDOWS\system32\wpa.dbl"

12 Oct 2008 23:32:56 73,728 ..... "C:\WINDOWS\system32\wqgkqlir.dll"

11 Oct 2008 13:38:40 37,376 ..... "C:\WINDOWS\system32\wvUnLEtR.dll"

12 Oct 2008 23:34:48 111,104 ..... "C:\WINDOWS\system32\xncfkd.dll"

14 Oct 2008 12:31:06 111,616 ..... "C:\WINDOWS\system32\ynbxtb.dll"

15 Oct 2008 15:02:34 109,056 A.... "C:\WINDOWS\system32\yqjojd.dll"

15 Oct 2008 15:18:26 6 A..H. "C:\WINDOWS\Tasks\SA.DAT"

15 Oct 2008 15:45:28 8,175 A.... "C:\WINDOWS\Temp\hpqddsvc.log"

15 Oct 2008 15:46:38 3,693 A.... "C:\WINDOWS\Temp\scsE.tmp"

15 Oct 2008 15:17:48 9,672 A.... "C:\WINDOWS\Debug\UserMode\userenv.log"

11 Oct 2008 14:03:36 96,520 A.... "C:\WINDOWS\system32\drivers\avgldx86.sys"

11 Oct 2008 14:03:30 26,184 A.... "C:\WINDOWS\system32\drivers\avgmfx86.sys"

11 Oct 2008 14:03:42 75,272 A.... "C:\WINDOWS\system32\drivers\avgtdix.sys"

25 Aug 2008 11:36:28 40,840 A.... "C:\WINDOWS\system32\drivers\ikfilesec.sys"

25 Aug 2008 11:36:28 66,952 A.... "C:\WINDOWS\system32\drivers\iksysflt.sys"

25 Aug 2008 11:36:30 81,288 A.... "C:\WINDOWS\system32\drivers\iksyssec.sys"

11 Oct 2008 13:39:26 184 A.... "C:\WINDOWS\system32\GroupPolicy\gpt.ini"

15 Oct 2008 15:20:36 0 ..... "C:\WINDOWS\Temp\_avast4_\Webshlock.txt"

12 Oct 2008 20:36:06 34,787 A.... "C:\WINDOWS\srchasst\mui\0409\balloon.xsl"

12 Oct 2008 20:36:10 6,261 A.... "C:\WINDOWS\srchasst\mui\0409\lclAdv.xml"

12 Oct 2008 20:36:36 414 A.... "C:\WINDOWS\srchasst\mui\0409\lcllook.xml"

12 Oct 2008 20:36:16 2,173 A.... "C:\WINDOWS\srchasst\mui\0409\lclprog.xml"

12 Oct 2008 20:36:28 6,584 A.... "C:\WINDOWS\srchasst\mui\0409\lclrfine.xml"

12 Oct 2008 20:36:06 1,531 A.... "C:\WINDOWS\srchasst\mui\0409\lclsrch.xml"

11 Oct 2008 14:03:24 5,618,689 A.... "C:\WINDOWS\system32\drivers\Avg\avi7.avg"

11 Oct 2008 14:03:28 21,694,994 A.... "C:\WINDOWS\system32\drivers\Avg\incavi.avm"

11 Oct 2008 14:03:24 161,331 A.... "C:\WINDOWS\system32\drivers\Avg\microavi.avg"

11 Oct 2008 14:03:24 703,889 A.... "C:\WINDOWS\system32\drivers\Avg\miniavi.avg"

13 Oct 2008 14:50:12 734 A.... "C:\WINDOWS\system32\drivers\etc\hosts"

11 Oct 2008 13:39:26 216 A.... "C:\WINDOWS\system32\GroupPolicy\User\Registry.pol"

28 Aug 2008 1:59:20 41,980 A.... "C:\WINDOWS\system32\Macromed\Flash\install.log"

28 Aug 2008 1:57:54 70,264 A.... "C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe"

C:\Program Files\

29 Sep 2008 16:11:54 1,279,216 A.... "C:\Program Files\CCleaner\CCleaner.exe"

13 Oct 2008 14:00:26 114,605 A.... "C:\Program Files\CCleaner\uninst.exe"

29 Aug 2008 0:35:30 124,258 A.... "C:\Program Files\DivX\DivXBundleUninstall.exe"

29 Aug 2008 0:35:08 124,258 A.... "C:\Program Files\DivX\DivXCodecUninstall.exe"

29 Aug 2008 0:35:28 124,258 A.... "C:\Program Files\DivX\DivXPlayerUninstall.exe"

13 Oct 2008 15:24:50 7,552 A.... "C:\Program Files\Inno Setup 5\unins000.dat"

13 Oct 2008 15:24:22 695,583 A.... "C:\Program Files\Inno Setup 5\unins000.exe"

10 Sep 2008 0:03:54 380,080 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam-dor.exe"

10 Sep 2008 0:03:52 61,104 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll"

10 Sep 2008 0:03:54 1,253,040 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

10 Sep 2008 0:03:56 73,392 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"

10 Sep 2008 0:03:58 110,256 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe"

10 Sep 2008 0:03:58 372,400 A.... "C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe"

10 Sep 2008 0:03:58 44,720 A.... "C:\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll"

10 Sep 2008 0:04:00 78,000 A.... "C:\Program Files\Malwarebytes' Anti-Malware\zlib.dll"

2 Oct 2008 16:10:54 17,408 A.... "C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll"

2 Oct 2008 16:11:30 185,856 A.... "C:\Program Files\Mozilla Firefox\crashreporter.exe"

2 Oct 2008 16:11:32 307,712 A.... "C:\Program Files\Mozilla Firefox\firefox.exe"

2 Oct 2008 16:11:32 233,472 A.... "C:\Program Files\Mozilla Firefox\freebl3.dll"

2 Oct 2008 16:11:34 697,344 A.... "C:\Program Files\Mozilla Firefox\js3250.dll"

2 Oct 2008 16:11:36 710,144 A.... "C:\Program Files\Mozilla Firefox\mozcrt19.dll"

2 Oct 2008 16:11:36 198,144 A.... "C:\Program Files\Mozilla Firefox\nspr4.dll"

2 Oct 2008 16:11:36 697,856 A.... "C:\Program Files\Mozilla Firefox\nss3.dll"

2 Oct 2008 16:11:38 304,640 A.... "C:\Program Files\Mozilla Firefox\nssckbi.dll"

2 Oct 2008 16:11:38 103,936 A.... "C:\Program Files\Mozilla Firefox\nssdbm3.dll"

2 Oct 2008 16:11:38 87,552 A.... "C:\Program Files\Mozilla Firefox\nssutil3.dll"

2 Oct 2008 16:11:38 20,480 A.... "C:\Program Files\Mozilla Firefox\plc4.dll"

2 Oct 2008 16:11:38 17,408 A.... "C:\Program Files\Mozilla Firefox\plds4.dll"

2 Oct 2008 16:11:46 103,936 A.... "C:\Program Files\Mozilla Firefox\smime3.dll"

2 Oct 2008 16:11:46 151,552 A.... "C:\Program Files\Mozilla Firefox\softokn3.dll"

2 Oct 2008 16:11:46 395,776 A.... "C:\Program Files\Mozilla Firefox\sqlite3.dll"

2 Oct 2008 16:11:48 136,704 A.... "C:\Program Files\Mozilla Firefox\ssl3.dll"

2 Oct 2008 16:11:50 242,176 A.... "C:\Program Files\Mozilla Firefox\updater.exe"

2 Oct 2008 16:11:50 17,920 A.... "C:\Program Files\Mozilla Firefox\xpcom.dll"

2 Oct 2008 16:11:56 9,728,512 A.... "C:\Program Files\Mozilla Firefox\xul.dll"

25 Aug 2008 11:36:20 428,936 A.... "C:\Program Files\Spyware Doctor\BH.dll"

25 Aug 2008 11:36:22 670,088 A.... "C:\Program Files\Spyware Doctor\cdialogs.dll"

25 Aug 2008 11:36:22 298,888 A.... "C:\Program Files\Spyware Doctor\commhlpr.dll"

19 Sep 2008 15:27:40 1,021,832 A.... "C:\Program Files\Spyware Doctor\commom.dll"

26 Aug 2008 14:55:22 320,392 A.... "C:\Program Files\Spyware Doctor\filehlpr.dll"

25 Aug 2008 11:36:26 119,688 A.... "C:\Program Files\Spyware Doctor\ikdll.dll"

25 Aug 2008 11:36:26 379,272 A.... "C:\Program Files\Spyware Doctor\inethlpr.dll"

2 Sep 2008 9:51:32 241,664 A.... "C:\Program Files\Spyware Doctor\InnoHelpers.dll"

2 Sep 2008 9:51:32 626,688 A.... "C:\Program Files\Spyware Doctor\msvcr80.dll"

19 Sep 2008 15:27:16 2,873,224 A.... "C:\Program Files\Spyware Doctor\pctsGui.exe"

22 Sep 2008 14:42:06 1,079,176 A.... "C:\Program Files\Spyware Doctor\pctsSvc.exe"

25 Aug 2008 11:36:36 1,168,264 A.... "C:\Program Files\Spyware Doctor\pctsTray.exe"

19 Sep 2008 15:27:18 194,440 A.... "C:\Program Files\Spyware Doctor\PWindow.dll"

25 Aug 2008 11:36:46 146,312 A.... "C:\Program Files\Spyware Doctor\smumhook.dll"

25 Aug 2008 11:36:50 478,600 A.... "C:\Program Files\Spyware Doctor\Sqlite3DB.dll"

25 Aug 2008 11:36:52 135,560 A.... "C:\Program Files\Spyware Doctor\SysAccess.dll"

13 Oct 2008 0:39:22 249,092 A.... "C:\Program Files\Spyware Doctor\unins000.dat"

13 Oct 2008 0:38:28 707,976 A.... "C:\Program Files\Spyware Doctor\unins000.exe"

19 Sep 2008 15:28:04 1,857,416 A.... "C:\Program Files\Spyware Doctor\Update.exe"

3 Sep 2008 14:07:14 8,944 A.... "C:\Program Files\SUPERAntiSpyware\sasdifsv.sys"

3 Sep 2008 14:07:16 7,408 A...R "C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"

3 Sep 2008 14:07:12 55,024 A.... "C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS"

3 Sep 2008 14:07:10 158,960 A.... "C:\Program Files\SUPERAntiSpyware\SSUpdate.exe"

3 Sep 2008 14:07:12 1,576,176 A.... "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

12 Oct 2008 20:25:56 396,288 A.... "C:\Program Files\Trend Micro\HijackThis.exe"

16 Sep 2008 20:17:18 323,072 A.... "C:\Program Files\WinRAR\Rar.exe"

16 Sep 2008 20:18:06 132,608 A.... "C:\Program Files\WinRAR\RarExt.dll"

5 Oct 2008 14:57:56 20 A.... "C:\Program Files\WinRAR\rarnew.dat"

16 Sep 2008 20:18:08 100,864 A.... "C:\Program Files\WinRAR\Uninstall.exe"

16 Sep 2008 20:17:22 204,800 A.... "C:\Program Files\WinRAR\UnRAR.exe"

16 Sep 2008 20:17:12 968,704 A.... "C:\Program Files\WinRAR\WinRAR.exe"

5 Oct 2008 14:57:56 22 A.... "C:\Program Files\WinRAR\zipnew.dat"

11 Oct 2008 14:02:50 658,200 A.... "C:\Program Files\AVG\AVG8\avgam.exe"

11 Oct 2008 14:02:50 327,448 A.... "C:\Program Files\AVG\AVG8\avgameh.dll"

11 Oct 2008 14:02:48 557,336 A.... "C:\Program Files\AVG\AVG8\avgcfgx.dll"

11 Oct 2008 14:02:52 1,295,640 A.... "C:\Program Files\AVG\AVG8\avgcorex.dll"

11 Oct 2008 14:02:52 72,984 A.... "C:\Program Files\AVG\AVG8\avgcrlpx.dll"

11 Oct 2008 14:02:50 697,088 A.... "C:\Program Files\AVG\AVG8\avginet.dll"

11 Oct 2008 14:02:50 488,728 A.... "C:\Program Files\AVG\AVG8\avgiproxy.exe"

11 Oct 2008 14:02:48 164,120 A.... "C:\Program Files\AVG\AVG8\avglngx.dll"

11 Oct 2008 14:02:52 214,296 A.... "C:\Program Files\AVG\AVG8\avglogx.dll"

11 Oct 2008 14:02:50 320,280 A.... "C:\Program Files\AVG\AVG8\avgmvflx.dll"

11 Oct 2008 14:02:52 431,896 A.... "C:\Program Files\AVG\AVG8\avgnsx.exe"

11 Oct 2008 14:02:52 311,576 A.... "C:\Program Files\AVG\AVG8\avgrsx.exe"

11 Oct 2008 14:02:48 333,056 A.... "C:\Program Files\AVG\AVG8\avgscanx.dll"

11 Oct 2008 14:02:48 349,976 A.... "C:\Program Files\AVG\AVG8\avgsched.dll"

11 Oct 2008 14:02:48 365,848 A.... "C:\Program Files\AVG\AVG8\avgsrmax.exe"

11 Oct 2008 14:02:50 1,017,600 A.... "C:\Program Files\AVG\AVG8\avgupd.dll"

11 Oct 2008 14:02:50 796,440 A.... "C:\Program Files\AVG\AVG8\avgupd.exe"

11 Oct 2008 14:02:48 155,928 A.... "C:\Program Files\AVG\AVG8\avgvvx.dll"

11 Oct 2008 14:02:48 834,816 A.... "C:\Program Files\AVG\AVG8\avgwd.dll"

11 Oct 2008 14:02:48 282,904 A.... "C:\Program Files\AVG\AVG8\avgwdsvc.exe"

11 Oct 2008 14:02:50 264,984 A.... "C:\Program Files\AVG\AVG8\avgwdwsc.dll"

11 Oct 2008 14:02:58 185,624 A.... "C:\Program Files\AVG\AVG8\avgxpl.dll"

11 Oct 2008 14:02:52 50,708 A.... "C:\Program Files\AVG\AVG8\dfncfg.dat"

11 Oct 2008 14:03:24 349,464 A.... "C:\Program Files\AVG\AVG8\imsdk32.dll"

11 Oct 2008 14:03:24 476,440 A.... "C:\Program Files\AVG\AVG8\lua51132.dll"

16 Aug 2008 23:58:16 68,856 A.... "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

13 Oct 2008 14:00:06 13,732 A.... "C:\Program Files\HP\HP Software Update\Contents.dat"

2 Oct 2008 16:11:12 23,040 A.... "C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll"

2 Oct 2008 16:11:12 134,656 A.... "C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll"

5 Oct 2008 14:48:06 142,878 A.... "C:\Program Files\Mozilla Firefox\components\compreg.dat"

5 Oct 2008 14:47:56 96,107 A.... "C:\Program Files\Mozilla Firefox\components\xpti.dat"

2 Oct 2008 16:11:38 65,536 A.... "C:\Program Files\Mozilla Firefox\plugins\npnul32.dll"

2 Oct 2008 16:11:42 117 A.... "C:\Program Files\Mozilla Firefox\res\hiddenWindow.html"

2 Oct 2008 16:11:50 509,536 A.... "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"

25 Aug 2008 11:36:20 186,248 A.... "C:\Program Files\Spyware Doctor\avengine\SDAVgate.dll"

15 Oct 2008 15:18:24 192,696 A.... "C:\Program Files\Alwil Software\Avast4\DATA\aswar0.dll"

13 Oct 2008 12:49:38 0 A.... "C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat"

15 Oct 2008 15:18:24 391,216 A.... "C:\Program Files\Alwil Software\Avast4\DATA\clnr0.dll"

15 Oct 2008 15:18:24 273,592 A.... "C:\Program Files\Alwil Software\Avast4\DATA\dllcc0.dat"

15 Oct 2008 15:18:24 9,080 A.... "C:\Program Files\Alwil Software\Avast4\DATA\exts0.dll"

13 Oct 2008 12:38:06 70,766 A.... "C:\Program Files\Alwil Software\Avast4\DATA\iNews.htm"

13 Oct 2008 12:37:12 127,024 A.... "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll"

16 Aug 2008 23:58:18 10,736 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\gth.dll"

16 Aug 2008 23:58:16 130,544 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\gtn.dll"

16 Aug 2008 23:58:16 734,704 A.... "C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll"

2 Oct 2008 16:11:30 7,139 A.... "C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html"

16 Aug 2008 23:58:14 1,079,792 A.... "C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg-3.0.1225.9868\SearchWithGoogleUpdate.exe"

Files with hidden attributes:

Wed 4 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\IEXPLORE.EXE"

Thu 1 Jun 2006 4,348 A..H. --- "C:\ling\My Music\License Backup\drmv1key.bak"

Sun 18 Jun 2006 20 A..H. --- "C:\ling\My Music\License Backup\drmv1lic.bak"

Sun 14 May 2006 312 A.SH. --- "C:\ling\My Music\License Backup\drmv2key.bak"

Sat 9 Aug 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Wed 8 Oct 2008 1 A..H. --- "C:\Documents and Settings\ST\Application Data\Adobe\BIT206.tmp"

Program Folders:

C:\Program Files\

Adobe

Alwil Software

AVG

Avi2Dvd

AviSynth 2.5

CCleaner

Common Files

ComPlus Applications

CyberLink

DivX

Google

Hewlett-Packard

HP

Inno Setup 5

InstallShield Installation Information

Intel

Internet Explorer

Lavasoft

MagicISO

Malwarebytes' Anti-Malware

Messenger

Microsoft ActiveSync

Microsoft CAPICOM 2.1.0.2

microsoft frontpage

Microsoft Office

Microsoft Visual Studio

Microsoft Works

Microsoft.NET

Movie Maker

Mozilla Firefox

MSECache

MSI

MSN

MSN Gaming Zone

MSN Messenger

Nero

NetMeeting

Online Services

Outlook Express

Setup Files

Spyware Doctor

SUPERAntiSpyware

Trend Micro

Uninstall Information

uTorrent

Windows Desktop Search

Windows Media Connect 2

Windows Media Player

Windows NT

WindowsUpdate

WinRAR

xerox

C:\Program Files\Common Files\

Adobe

Adobe Systems Shared

Ahead

DESIGNER

Hewlett-Packard

HP

InstallShield

L&H

Microsoft Shared

MSSoap

ODBC

Services

SpeechEngines

System

Wise Installation Wizard

Add/Remove Programs:

Adobe Flash Player ActiveX

Adobe Flash Player Plugin

Adobe Photoshop CS2

avast! Antivirus

Avi2Dvd 0.4.5 beta

AviSynth 2.5

CCleaner (remove only)

HijackThis 2.0.2

HP Imaging Device Functions 8.0

HP Solution Center 8.0

HP Customer Participation Program 8.0

HP OCR Software 8.0

Inno Setup version 5.2.3

Magic ISO Maker v5.4 (build 0239)

Mozilla Firefox (3.0.3)

Spyware Doctor 6.0

Windows Media Format Runtime

WinRAR archiver

AIO_Scan

Scan

WebReg

AutoUpdate

Google Toolbar for Internet Explorer

Adobe Photoshop CS2

C4200

DocProc

PS_AIO_Software

eSupportQFolder

HPProductAssistant

CustomerResearchQFolder

Microsoft Visual C++ 2005 Redistributable

Adobe Stock Photos 1.0

DivX Codec

Nero 7 Essentials

HP Photosmart All-In-One Software 8.0

DocProcQFolder

DivX Player

HP Update

Adobe Common File Installer

Microsoft Office Professional Edition 2003

Microsoft Office FrontPage 2003

MarketResearch

Status

Destinations

SolutionCenter

Copy

DeviceManagementQFolder

Adobe Reader 9

PS_AIO_Software_min

Adobe Bridge 1.0

BufferChm

Toolbox

SUPERAntiSpyware Free Edition

Ad-Aware

UnloadSupport

HP Smart Web Printing 1.0

c4200_Help

Adobe Help Center 1.0

HP Photosmart Essential

HPSSupply

32 Bit HP CIO Components Installer

PS_AIO_ProductContext

TrayApp

Run Values:

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"

"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"

"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]

"Installed"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]

"Installed"="1"

"NoChange"="1"

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]

"Installed"="1"

@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

Bot Check:

SERVICE_NAME: wscsvc

DISPLAY_NAME : Security Center

START_TYPE : 2 AUTO_START

SERVICE_NAME: sharedaccess

DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)

START_TYPE : 2 AUTO_START

SERVICE_NAME: wuauserv

DISPLAY_NAME : Automatic Updates

START_TYPE : 4 DISABLED

SERVICE_NAME: srservice

DISPLAY_NAME : System Restore Service

START_TYPE : 2 AUTO_START

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]

"EnableDCOM"="Y"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"restrictanonymous"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update]

"AUOptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"WaitToKillServiceTimeout"="20000 (0x4e20)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"SFCDisable"=dword:00000000

"Shell"="Explorer.exe"

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBT\Parameters]

"TransportBindName"="\\Device\\"

ShellExecuteHooks:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{998DAE3E-7D4F-4952-A71F-467D8FE64407}"=""

Environment:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\environment

ComSpec REG_EXPAND_SZ %SystemRoot%\system32\cmd.exe

Path REG_EXPAND_SZ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL

windir REG_EXPAND_SZ %SystemRoot%

OS REG_SZ Windows_NT

PATHEXT REG_SZ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

TEMP REG_EXPAND_SZ %SystemRoot%\TEMP

TMP REG_EXPAND_SZ %SystemRoot%\TEMP

SecurityProviders:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders

SecurityProviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Authentication Packages:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Authentication Packages REG_MULTI_SZ msv1_0\0C:\WINDOWS\system32\vtUnnOEw\0\0

Subsystem Startup:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems]

"Windows"="%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"

Midi Drivers:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"midi"="wdmaud.drv"

Non-Default IFEO Debugger:

Non-Default Installed Components:

Non-Default Safeboot Minimal:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\aawservice

<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

File Associations:

[HKEY_CLASSES_ROOT\batfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\cmdfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\comfile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\exefile\shell\open\command]

@="\"%1\" %*"

[HKEY_CLASSES_ROOT\htafile\shell\open\command]

@="C:\\WINDOWS\\system32\\mshta.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\http\shell\open\command]

@="\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\htmlfile\shell\open\command]

@="\"C:\\Program Files\\Internet Explorer\\iexplore.exe\" -nohome"

[HKEY_CLASSES_ROOT\regedit\shell\open\command]

@="regedit.exe %1"

[HKEY_CLASSES_ROOT\regfile\shell\open\command]

@="regedit.exe \"%1\""

[HKEY_CLASSES_ROOT\scrfile\shell\open\command]

@="\"%1\" /S"

[HKEY_CLASSES_ROOT\txtfile\shell\open\command]

@="%SystemRoot%\system32\NOTEPAD.EXE %1"

Finished!

Link to post
Share on other sites

Go back over the instructions I posted in my last reply regarding the killbox...only this time please reboot the computer manually upon receiving the warning you mentioned if indeed you still get this warning message.

As it stands now, you may very well experience blue screen issues from running two antivirus scanners on board in real time. This creates conflict and instability...which will only add to your already existing problems. Decide which to keep and uninstall the other.

Your blue screen issues that remain may be the result of an incompatible Motherboard Chipset video driver. Try following the guidance outlined Here to see if that clears your bsod issues for you.

Lastly, run HijackThis again and check the box next to these two entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.net-studio.org

O20 - AppInit_DLLs: yqjojd.dll

Don't forget to close all windows (including this browser window) before clicking Fix Checked.

Navigate to and delete the following file indicated in Bold text:

C:\Windows\System32\yqjojd.dll

Reboot the system again to properly record the changes to the hard disk.

Find your mbam installer and rename it to Steve101.exe...double-click the file and see if it installs. If so, run a manual update then run a quick scan. Post back your results.

Link to post
Share on other sites

hey mate!

right killbox worked and rebooted my computer automatically, but im sitting here looking at a black screen with my curser for company!

no welcome screen etc just plain black

no shortcuts work ctrl alt del etc

i think its the end?

ha ha

edit* it just turnt to an hourglass about 8 or so minutes of black screen

edit** ive just hard rebooted and pressed f8 and entered via vga mode, im back on the computer so im going to try to finish the steps

Link to post
Share on other sites

Due to the lack of feedback this Topic is closed to prevent others

from posting here. If you need this topic reopened, please send a

Private Message to any one of the moderating team members. Please

include a link to this thread with your request. This applies only

to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for

this machine only. Do not apply the instructions from this thread to

your own machine. Please start a new thread describing your issue

and someone will be along to assist you.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.