Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: SkaterGirl91 on June 07, 2010, 12:19:15 PM
-
Hello, Right now I'm having trouble installing new Java (errors but I just uninstalled another version and will reboot and try again).
The problem I had long ago was a fake anti-virus program thing that took over the computer and it would reboot as soon as you logged in etc. After allot of different things ended up being able to get everything back by using a boot-cd and manually removing things and using a maleware bytes program. This is a family computer used by myself, parents and siblings. Here are my problems right now, how ever the comp is used everyday without many problems..
1) I can not boot into safe mode. I will try and it acts like its going to go and all the stuff starts scrolling across the screen (like the blah/blah/blah/ file looking stuff) then it just reboots. I know this started with that old attack.
2) System Restore does not work, You click on it the mouse will flash a hourglass for a sec like its going to try and bring it up but it just never comes. I also know this started with the old attack
3) Every time the computer loads up to everyones usernames a error comes up nmsrv.exe application error. I just exit it, it doesn't seem to effect anything?
4) Everytime I log in I get a Pure Platform Networks service, program is needs to close error where it says you can send a report. I just exit it too now. I believe its tied in with my Linksys Easylink advisor because its no longer working and when I try to open Linksys its says its not running, so I try to connect it tries than that same pure platform error pops up and it exits.
Its possible these things are not all related but I was thinking they where...
I'm about to reboot and try to install the new Java again.
If you need other information just let me know, I'm not sure what to provide? If anyone can help me with all this it would be very helpful and Id really appreciate it.
*Edit* woo hoo I just successfully installed java! Just wanted to let you know. :D
-
Hello, and welcome to Computer Hope.
Please note the following information about the malware forum:
- Only the Malware Specialist Team is allowed to give advice on removing malware from your computer.
- From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by the staff I noted above.
- Please do not attach logs or post them in Quote/Code boxes unless requested.
- Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
- If you have already asked for help somewhere, please post the link to the topic you were helped.
- We try our best to reply quickly, but for any reason we do not reply in two days, reply to this topic with the word BUMP
- Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.
Please visit this webpage for a tutorial on downloading and running ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
See the area: Using ComboFix, and when done, post the log back here.
-
Thank you for helping me!
Ok, here is the log. I did have an error message that kept popping up. Mostly in the beginning and then it came back up at the end it said
CSCRIPT.cfxxe - Bad Image
The application or DLL C:\WINDOWS\system32\wbem\wbemdisp.dll is not a valid Windows Image. Please check this against your installation diskette.
I just kept clicking ok and the log combofix kept going.
Edit: Didn't realize I need to POST it. I'm doing it now, Sorry.
ComboFix 10-06-07.03 - Rachell 06/07/2010 18:22:04.1.1 - x86
Running from: c:\documents and settings\Rachell\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
c:\documents and settings\HP_Owner\g2mdlhlpx.exe
c:\documents and settings\Rachell\g2mdlhlpx.exe
C:\Thumbs.db
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.0.8.inf
c:\windows\system32\11478.exe
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\twain.dll
c:\windows\Tasks\blsvxkyx.job
c:\windows\Tasks\ghnzgksu.job
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.
2010-06-07 18:51 . 2010-06-07 18:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 13:46 . 2010-06-05 21:51 -------- d-----w- c:\documents and settings\Rachell\Local Settings\Application Data\Panda3D
2010-06-03 15:32 . 2010-06-03 15:33 -------- d-----w- c:\program files\CCleaner
2010-05-13 17:41 . 2010-05-13 17:42 -------- d-----w- c:\documents and settings\Rachell\Application Data\Ace
2010-05-13 17:41 . 2010-05-13 17:41 -------- d-----w- c:\documents and settings\Rachell\Local Settings\Application Data\Asobo Studio
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 18:29 . 2010-03-21 16:24 627304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-06-07 17:58 . 2004-08-07 19:36 -------- d-----w- c:\program files\Java
2010-06-07 17:08 . 2010-03-20 21:57 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-06-07 15:54 . 2009-04-26 12:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-10 22:43 . 2006-02-24 13:59 163712 ----a-w- c:\windows\system32\drivers\vidstub.sys
2010-05-10 22:40 . 2004-08-07 18:46 4140544 ----a-w- c:\windows\system32\logonuiX.exe
2010-05-03 12:28 . 2009-11-29 04:31 -------- d-----w- c:\program files\Opera
2010-04-20 16:27 . 2009-12-06 17:46 -------- d-----w- c:\program files\Rhapsody
2010-04-19 23:49 . 2004-12-17 23:37 -------- d-----w- c:\program files\GetSmile
2010-04-09 15:50 . 2008-07-08 14:54 -------- d-----w- c:\documents and settings\Rachell\Application Data\OpenOffice.org2
2010-03-31 23:42 . 2009-12-16 02:35 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2010-03-22 16:21 . 2006-02-26 16:11 382792 -c--a-w- c:\documents and settings\Rachell\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2004-08-07 18:47 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-12-11 06:36 . 2006-10-08 17:40 7168 -csha-w- c:\program files\Thumbs.db
2009-01-21 23:38 . 2009-01-21 23:38 0 -c--a-w- c:\program files\temp01
2006-07-04 20:26 . 2006-07-04 20:26 16125224 -c--a-w- c:\program files\Install_Messenger.exe
2006-07-01 17:35 . 2006-07-01 17:35 774144 -c--a-w- c:\program files\RngInterstitial.dll
2005-03-08 04:28 . 2005-03-08 04:28 685709 -c--a-w- c:\program files\ascgen_b13.zip
2004-06-08 20:51 . 2004-06-08 20:51 278528 ----a-w- c:\program files\internet explorer\plugins\PanoViewer.dll
2004-06-08 20:51 . 2004-06-08 20:51 143360 ----a-w- c:\program files\internet explorer\plugins\UPjpeg.dll
2004-12-13 19:57 . 2004-12-13 17:57 0 -csha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b4fec876-9bb2-4397-83f8-f25875933559}]
2010-05-23 18:41 2515552 -c--a-w- c:\program files\MillBar\tbMil0.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2008-10-01 07:40 192960 ----a-w- c:\program files\Yontoo Layers Client for Internet Explorer\YontooIEClient.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b4fec876-9bb2-4397-83f8-f25875933559}"= "c:\program files\MillBar\tbMil0.dll" [2010-05-23 2515552]
[HKEY_CLASSES_ROOT\clsid\{b4fec876-9bb2-4397-83f8-f25875933559}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B4FEC876-9BB2-4397-83F8-F25875933559}"= "c:\program files\MillBar\tbMil0.dll" [2010-05-23 2515552]
[HKEY_CLASSES_ROOT\clsid\{b4fec876-9bb2-4397-83f8-f25875933559}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-04-28 353736]
"CursorXP"="c:\program files\CursorXP\CursorXP.exe" [2005-01-19 140288]
"wben"="c:\program files\Starfield\Desktop Notifier\wben.exe" [2009-06-25 338456]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-28 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 180269]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-15 233472]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"LogonStudio"="c:\program files\WinCustomize\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-20 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-08-20 483328]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"nwiz"="nwiz.exe" [2008-09-18 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-04-09 648504]
"F-Secure Manager"="c:\program files\F-Secure PC Protection\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\F-Secure PC Protection\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"LELA"="c:\program files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" [2008-05-01 131072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-28 160592]
c:\documents and settings\Rachell\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2003-3-17 299008]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-6-18 110592]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Monitor.lnk - c:\program files\ArcSoft\Media Card Companion\MCC Monitor.exe [2005-6-18 110592]
Photags AutoDetect.lnk - c:\program files\PhoTags Express\Photags AutoDetect.exe [2007-10-29 368640]
Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2004-1-29 57344]
Updates from HP.lnk - c:\program files\Updates from HP\309731\Program\Updates from HP.exe [2004-8-7 16423]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient]
2005-01-31 19:13 49152 ----a-w- c:\progra~1\COMMON~1\Stardock\MCPStub.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-03-13 14:57 226992 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MP3 Rocket (silent).lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MP3 Rocket (silent).lnk
backup=c:\windows\pss\MP3 Rocket (silent).lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^HP_Owner^Start Menu^Programs^Startup^MP3Rocket (silent).lnk]
path=c:\documents and settings\HP_Owner\Start Menu\Programs\Startup\MP3Rocket (silent).lnk
backup=c:\windows\pss\MP3Rocket (silent).lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\magentic_install.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\HP_Owner\\Desktop\\incredimail_install.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImSc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncrediMail_Install.exe"=
"c:\\Program Files\\Disney\\Disney Online\\Toontown\\Toontown.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImPackr.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Keyword Country\\Keyword Country 5.0.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Cosmi\\3D Frog Frenzy\\3D Frog Frenzy.exe"=
"c:\\Program Files\\MP3 Rocket\\MP3Rocket.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\CursorXP\\CursorXP.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\logonuiX.exe"=
"c:\\WINDOWS\\system32\\verclsid.exe"=
"c:\\Program Files\\Common Files\\Stardock\\SDMCP.exe"=
"c:\\hp\\KBD\\kbd.exe"=
"c:\\WINDOWS\\system\\hpsysdrv.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Best Buy Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Rhapsody\\rhapsody.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6667:TCP"= 6667:TCP:Port 6667
"443:TCP"= 443:TCP:Port 443
"67:UDP"= 67:UDP:DHCP Discovery Service
R2 gupdate1ca067e846332e0;Google Update Service (gupdate1ca067e846332e0);c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 133104]
R2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [2008-04-18 204800]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure PC Protection\ORSP Client\fsorsp.exe [2010-05-17 55992]
R3 XIRLINK;Veo PC Camera;c:\windows\system32\DRIVERS\ucdnt.sys [2001-08-01 805808]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure PC Protection\Anti-Virus\Win2K\FSfilter.sys [2009-08-05 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure PC Protection\Anti-Virus\Win2K\FSrec.sys [2009-08-05 25184]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2010-03-31 33920]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-08-05 80000]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure PC Protection\HIPS\drivers\fshs.sys [2009-08-05 68064]
S2 litsgt;litsgt;c:\windows\system32\DRIVERS\litsgt.sys [2005-12-25 137344]
S2 tansgt;tansgt;c:\windows\system32\DRIVERS\tansgt.sys [2005-12-25 12032]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure PC Protection\Anti-Virus\minifilter\fsgk.sys [2010-06-02 113864]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 01:32]
2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-17 01:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredimail.com/
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
LSP: c:\program files\F-Secure PC Protection\FSPS\program\FSLSP.DLL
Trusted Zone: dishmail.net\myaccount
Trusted Zone: dishmail.net\www
Trusted Zone: google.com
Trusted Zone: google.com\partnerpage
Trusted Zone: google.com\www
Trusted Zone: wildblue.net\myaccount
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: Starfield Technologies - hxxp://video.secureserver.net/WSTPlugins/starfield_technologies.CAB
DPF: {0645D7F3-C20E-4E0B-A545-557527497C0B} - hxxp://a14.g.akamai.net/f/14/7141/1d/www.nielsennetpanel.com/netmeter4_6/NetMeter_preinstaller_activex_en_4.70.19.0_MEGAPANEL_USA.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {C915801D-6F00-49CD-8A9A-8DE5C11ADDC1} - hxxp://www.photoworks.com/pixami/DragDropUploader.cab
FF - ProfilePath - c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_im2_test_v2&search=
FF - component: c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\Rachell\Application Data\Mozilla\Firefox\Profiles\1kzyaqmf.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\nppanda3d.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwbe.dll
FF - plugin: c:\program files\Opera\program\plugins\npjpi160_17.dll
FF - plugin: c:\program files\Opera\program\plugins\npoji610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_ everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\WildBlue.js - pref("network.proxy.type", 2);
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-07 18:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5 977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,04,95,f2,19,a0,02,41,aa,dd,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839 E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c0,04,95,f2,19,a0,02,41,aa,dd,f0,\
[HKEY_USERS\S-1-5-21-1273659944-3790613762-3211983470-1010\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1273659944-3790613762-3211983470-1010\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
@SACL=
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(684)
c:\progra~1\COMMON~1\Stardock\mcpstub.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
c:\program files\f-secure pc protection\hips\fshook32.dll
- - - - - - - > 'lsass.exe'(744)
c:\program files\F-Secure PC Protection\FSPS\program\FSLSP.DLL
c:\program files\f-secure pc protection\hips\fshook32.dll
.
Completion time: 2010-06-07 18:59:29
ComboFix-quarantined-files.txt 2010-06-07 22:59
Pre-Run: 50,108,706,816 bytes free
Post-Run: 50,225,590,272 bytes free
- - End Of File - - EDA42AFB7E94668EBDC5F0E7CB98BA7D
[recovering disk space - old attachment deleted by admin]
-
Please download MySystem-Search from one of the following links:
Download mirror (http://www.drivehq.com/file/df.aspx/publish/GPuser/DragonMasterJay/mss.exe)- Save the file to your Desktop.
- Double-click on mss.exe
- Allow it to run, and follow the prompts.
- Once done, it will launch a log.
- Post it in your next reply.
Note: the logs are long. Please use more than one post, if necessary.
-
Ok, Thankyou! Here is the other log.
MySystem-Search
Run on 06/07/2010 at 19:16:53
MSS v1.3
Basic System Information
CD Emulation Drivers running?
Peer-to-Peer applications?
File associations
.exe=exefile
.scr=scrfile
.pif=piffile
.com=ComFile
.bat=batfile
.cmd=cmdfile
.log=txtfile
.txt=txtfile
.reg=regfile
.sys=sysfile
.dll=dllfile
Running processes
Hidden objects
PATH: C:\windows
$hf_mig$
$MSI31Uninstall_KB893803$
$MSI31Uninstall_KB893803v2$
$NtServicePackUninstall$
$NtServicePackUninstallIDNMitigationAPIs$
$NtServicePackUninstallNLSDownlevelMapping$
$NtUninstallKB834707$
$NtUninstallKB835221WXP$
$NtUninstallKB867282$
$NtUninstallKB873333$
$NtUninstallKB873339$
$NtUninstallKB883667$
$NtUninstallKB883939$
$NtUninstallKB885250$
$NtUninstallKB885835$
$NtUninstallKB885836$
$NtUninstallKB886185$
$NtUninstallKB887472$
$NtUninstallKB887742$
$NtUninstallKB888113$
$NtUninstallKB888302$
$NtUninstallKB890046$
$NtUninstallKB890047$
$NtUninstallKB890175$
$NtUninstallKB890859$
$NtUninstallKB890923$
$NtUninstallKB891781$
$NtUninstallKB893066$
$NtUninstallKB893086$
$NtUninstallKB893756$
$NtUninstallKB894391$
$NtUninstallKB896358$
$NtUninstallKB896422$
$NtUninstallKB896423$
$NtUninstallKB896424$
$NtUninstallKB896428$
$NtUninstallKB898458$
$NtUninstallKB898461$
$NtUninstallKB899587$
$NtUninstallKB899591$
$NtUninstallKB900485$
$NtUninstallKB900725$
$NtUninstallKB901017$
$NtUninstallKB901214$
$NtUninstallKB902400$
$NtUninstallKB903235$
$NtUninstallKB904706$
$NtUninstallKB904942$
$NtUninstallKB905414$
$NtUninstallKB905749$
$NtUninstallKB905915$
$NtUninstallKB908519$
$NtUninstallKB908531$
$NtUninstallKB910437$
$NtUninstallKB911280$
$NtUninstallKB911562$
$NtUninstallKB911564$
$NtUninstallKB911565$
$NtUninstallKB911567$
$NtUninstallKB911927$
$NtUninstallKB912812$
$NtUninstallKB912919$
$NtUninstallKB913446$
$NtUninstallKB913580$
$NtUninstallKB914388$
$NtUninstallKB914389$
$NtUninstallKB914440$
$NtUninstallKB915865$
$NtUninstallKB916281$
$NtUninstallKB916595$
$NtUninstallKB917159$
$NtUninstallKB917344$
$NtUninstallKB917422$
$NtUninstallKB917734_WMP9$
$NtUninstallKB917953$
$NtUninstallKB918118$
$NtUninstallKB918439$
$NtUninstallKB918899$
$NtUninstallKB919007$
$NtUninstallKB920213$
$NtUninstallKB920213_0$
$NtUninstallKB920214$
$NtUninstallKB920670$
$NtUninstallKB920683$
$NtUninstallKB920685$
$NtUninstallKB920872$
$NtUninstallKB921398$
$NtUninstallKB921503$
$NtUninstallKB921883$
$NtUninstallKB922582$
$NtUninstallKB922616$
$NtUninstallKB922760$
$NtUninstallKB922819$
$NtUninstallKB923191$
$NtUninstallKB923414$
$NtUninstallKB923561$
$NtUninstallKB923689$
$NtUninstallKB923694$
$NtUninstallKB923723$
$NtUninstallKB923980$
$NtUninstallKB924191$
$NtUninstallKB924270$
$NtUninstallKB924496$
$NtUninstallKB924667$
$NtUninstallKB925398_WMP64$
$NtUninstallKB925486$
$NtUninstallKB925902$
$NtUninstallKB926239$
$NtUninstallKB926255$
$NtUninstallKB926436$
$NtUninstallKB927779$
$NtUninstallKB927802$
$NtUninstallKB927891$
$NtUninstallKB928255$
$NtUninstallKB928843$
$NtUninstallKB929123$
$NtUninstallKB929338$
$NtUninstallKB929399$
$NtUninstallKB930178$
$NtUninstallKB930916$
$NtUninstallKB931261$
$NtUninstallKB931784$
$NtUninstallKB931836$
$NtUninstallKB932168$
$NtUninstallKB932823-v3$
$NtUninstallKB933360$
$NtUninstallKB933729$
$NtUninstallKB935839$
$NtUninstallKB935840$
$NtUninstallKB936021$
$NtUninstallKB936782_WMP11$
$NtUninstallKB936782_WMP9$
$NtUninstallKB938464$
$NtUninstallKB938464-v2$
$NtUninstallKB938464_0$
$NtUninstallKB938828$
$NtUninstallKB938829$
$NtUninstallKB939683$
$NtUninstallKB941202$
$NtUninstallKB941568$
$NtUninstallKB941569$
$NtUninstallKB941644$
$NtUninstallKB941693$
$NtUninstallKB942763$
$NtUninstallKB943055$
$NtUninstallKB943460$
$NtUninstallKB943485$
$NtUninstallKB944653$
$NtUninstallKB945553$
$NtUninstallKB946026$
$NtUninstallKB946648$
$NtUninstallKB946648_0$
$NtUninstallKB948590$
$NtUninstallKB948881$
$NtUninstallKB950749$
$NtUninstallKB950760$
$NtUninstallKB950762$
$NtUninstallKB950762_0$
$NtUninstallKB950974$
$NtUninstallKB950974_0$
$NtUninstallKB951066$
$NtUninstallKB951066_0$
$NtUninstallKB951072-v2$
$NtUninstallKB951376$
$NtUninstallKB951376-v2$
$NtUninstallKB951376-v2_0$
$NtUninstallKB951376_0$
$NtUninstallKB951698$
$NtUninstallKB951698_0$
$NtUninstallKB951748$
$NtUninstallKB951748_0$
$NtUninstallKB951978$
$NtUninstallKB952004$
$NtUninstallKB952069_WM9$
$NtUninstallKB952287$
$NtUninstallKB952287_0$
$NtUninstallKB952954$
$NtUninstallKB952954_0$
$NtUninstallKB953839$
$NtUninstallKB954154_WM11$
$NtUninstallKB954155_WM9$
$NtUninstallKB954211$
$NtUninstallKB954211_0$
$NtUninstallKB954459$
$NtUninstallKB954600$
$NtUninstallKB955069$
$NtUninstallKB955759$
$NtUninstallKB955839$
$NtUninstallKB956391$
$NtUninstallKB956572$
$NtUninstallKB956744$
$NtUninstallKB956802$
$NtUninstallKB956803$
$NtUninstallKB956803_0$
$NtUninstallKB956841$
$NtUninstallKB956841_0$
$NtUninstallKB956844$
$NtUninstallKB957095$
$NtUninstallKB957095_0$
$NtUninstallKB957097$
$NtUninstallKB958644$
$NtUninstallKB958687$
$NtUninstallKB958690$
$NtUninstallKB958869$
$NtUninstallKB959426$
$NtUninstallKB959772_WM11$
$NtUninstallKB960225$
$NtUninstallKB960715$
$NtUninstallKB960803$
$NtUninstallKB960859$
$NtUninstallKB961118$
$NtUninstallKB961371$
$NtUninstallKB961373$
$NtUninstallKB961501$
$NtUninstallKB961503$
$NtUninstallKB967715$
$NtUninstallKB968389$
$NtUninstallKB968537$
$NtUninstallKB968816_WM9$
$NtUninstallKB969059$
$NtUninstallKB969898$
$NtUninstallKB969947$
$NtUninstallKB970238$
$NtUninstallKB970430$
$NtUninstallKB970653-v3$
$NtUninstallKB971468$
$NtUninstallKB971486$
$NtUninstallKB971557$
$NtUninstallKB971633$
$NtUninstallKB971657$
$NtUninstallKB971737$
$NtUninstallKB972270$
$NtUninstallKB973346$
$NtUninstallKB973354$
$NtUninstallKB973507$
$NtUninstallKB973525$
$NtUninstallKB973540_WM9$
$NtUninstallKB973687$
$NtUninstallKB973815$
$NtUninstallKB973869$
$NtUninstallKB973904$
$NtUninstallKB974112$
$NtUninstallKB974318$
$NtUninstallKB974392$
$NtUninstallKB974571$
$NtUninstallKB975025$
$NtUninstallKB975467$
$NtUninstallKB975560$
$NtUninstallKB975561$
$NtUninstallKB975713$
$NtUninstallKB976098-v2$
$NtUninstallKB977165$
$NtUninstallKB977816$
$NtUninstallKB977914$
$NtUninstallKB978037$
$NtUninstallKB978251$
$NtUninstallKB978262$
$NtUninstallKB978338$
$NtUninstallKB978542$
$NtUninstallKB978601$
$NtUninstallKB978706$
$NtUninstallKB979306$
$NtUninstallKB979309$
$NtUninstallKB979683$
$NtUninstallKB980232$
$NtUninstallKB981793$
$NtUninstallMSCompPackV1$
$NtUninstallWMFDist11$
$NtUninstallwmp11$
$NtUninstallWudf01000$
ftpcache
ie7
ie8
inf
Installer
msdownld.tmp
PIF
Thumbs.db
uccspecb.sys
WindowsShell.Manifest
WindowsShellOld.Manifest
winnt.bmp
winnt256.bmp
PATH: C:\windows\system32
cdplayer.exe.manifest
dllcache
gapakula
logonui.exe.manifest
ncpa.cpl.manifest
nwc.cpl.manifest
sapi.cpl.manifest
WindowsLogon.manifest
wuaucpl.cpl.manifest
PATH: C:\windows\system32\drivers
HP_PL382AA-ABA A706N_YC_Pavi_QMXK439_E44NAheBLU5_4_IKe lut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M448 _J160_7AMD_8Athlon XP 3000+_92.1_111063044_N11063065_P_Z_K_A11063059_U11063038_G11067205.MRK
PATH: C:\
BOOT.BAK
boot.ini
BOOTNXX.BAK
cmdcons
cmldr
hiberfil.sys
IO.SYS
IPH.PH
MSDOS.SYS
NTDETECT.COM
ntldr
pagefile.sys
sqmdata00.sqm
sqmdata01.sqm
sqmdata02.sqm
sqmdata03.sqm
sqmdata04.sqm
sqmdata05.sqm
sqmdata06.sqm
sqmdata07.sqm
sqmdata08.sqm
sqmdata09.sqm
sqmdata10.sqm
sqmdata11.sqm
sqmdata12.sqm
sqmdata13.sqm
sqmdata14.sqm
sqmdata15.sqm
sqmdata16.sqm
sqmdata17.sqm
sqmdata18.sqm
sqmdata19.sqm
sqmnoopt00.sqm
sqmnoopt01.sqm
sqmnoopt02.sqm
sqmnoopt03.sqm
sqmnoopt04.sqm
sqmnoopt05.sqm
sqmnoopt06.sqm
sqmnoopt07.sqm
sqmnoopt08.sqm
sqmnoopt09.sqm
sqmnoopt10.sqm
sqmnoopt11.sqm
sqmnoopt12.sqm
sqmnoopt13.sqm
sqmnoopt14.sqm
sqmnoopt15.sqm
sqmnoopt16.sqm
sqmnoopt17.sqm
sqmnoopt18.sqm
sqmnoopt19.sqm
System Volume Information
T4Metrics.log
User Profile check
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
ProfilesDirectory REG_EXPAND_SZ %SystemDrive%\Documents and Settings
DefaultUserProfile REG_SZ Default User
AllUsersProfile REG_SZ All Users
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18
Flags REG_DWORD 0xc
State REG_DWORD 0x0
RefCount REG_DWORD 0x1
Sid REG_BINARY 010100000000000512000000
ProfileImagePath REG_EXPAND_SZ %systemroot%\system32\config\systemprofile
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\LocalService
Sid REG_BINARY 010100000000000513000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x8fb52fc6
ProfileLoadTimeHigh REG_DWORD 0x1cb066f
RefCount REG_DWORD 0x3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\NetworkService
Sid REG_BINARY 010100000000000514000000
Flags REG_DWORD 0x9
State REG_DWORD 0x0
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x8e0ccd32
ProfileLoadTimeHigh REG_DWORD 0x1cb066f
RefCount REG_DWORD 0x4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-1009
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\HP_Owner
Sid REG_BINARY 0105000000000005150000002882EA4B022DF0E 16EFA72BFF1030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xe0a32600
ProfileLoadTimeHigh REG_DWORD 0x1cafef5
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-1010
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Rachell
Sid REG_BINARY 0105000000000005150000002882EA4B022DF0E 16EFA72BFF2030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xa0da7900
ProfileLoadTimeHigh REG_DWORD 0x1cb066f
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-1011
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Deejer
Sid REG_BINARY 0105000000000005150000002882EA4B022DF0E 16EFA72BFF3030000
Flags REG_DWORD 0x0
State REG_DWORD 0x100
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xb5e212cc
ProfileLoadTimeHigh REG_DWORD 0x1cb059d
RefCount REG_DWORD 0x1
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-500
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Administrator
Sid REG_BINARY 0105000000000005150000002882EA4B022DF0E 16EFA72BFF4010000
Flags REG_DWORD 0x0
State REG_DWORD 0x104
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0x6997e17c
ProfileLoadTimeHigh REG_DWORD 0x1c9d663
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1273659944-3790613762-3211983470-501
ProfileImagePath REG_EXPAND_SZ %SystemDrive%\Documents and Settings\Guest
Sid REG_BINARY 0105000000000005150000002882EA4B022DF0E 16EFA72BFF5010000
Flags REG_DWORD 0x0
State REG_DWORD 0x80
CentralProfile REG_SZ
ProfileLoadTimeLow REG_DWORD 0xc393c28a
ProfileLoadTimeHigh REG_DWORD 0x1c7dc74
RefCount REG_DWORD 0x0
RunLogonScriptSync REG_DWORD 0x0
OptimizedLogonStatus REG_DWORD 0xb
Current Scheduled Tasks
PATH: C:\Windows\Tasks
AppleSoftwareUpdate.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
desktop.ini
SA.DAT
Windows Drivers and NT-Services
Volume in drive C is HP_PAVILION
Volume Serial Number is B4FE-4312
Directory of C:\Windows\System32\Drivers
07/30/2005 11:10 PM 4,722 HP_PL382AA-ABA A706N_YC_Pavi_QMXK439_E44NAheBLU5_4_IKe lut_SASUSTek Computer INC._V2.02_B3.11_T040902_WXH2_L409_M448 _J160_7AMD_8Athlon XP 3000+_92.1_111063044_N11063065_P_Z_K_A11063059_U11063038_G11067205.MRK
1 File(s) 4,722 bytes
0 Dir(s) 50,262,261,760 bytes free
Volume in drive C is HP_PAVILION
Volume Serial Number is B4FE-4312
Directory of C:\Windows\System32\Drivers
06/04/2001 05:00 PM 14,112 PS2.sys
08/01/2001 04:49 PM 805,808 ucdnt.sys
08/17/2001 01:57 PM 16,128 MODEMCSA.sys
08/17/2001 02:48 PM 12,160 mouhid.sys
08/17/2001 04:46 PM 6,400 enum1394.sys
08/17/2001 04:59 PM 3,072 audstub.sys
10/04/2002 08:04 PM 46,976 R8139n51.sys
10/25/2002 05:59 PM 642,958 Intels51.sys
03/17/2003 06:50 PM 16,509 PalmUSBD.sys
07/02/2003 02:42 PM 27,904 VIAAGP1.SYS
07/18/2003 07:58 PM 36,992 SISAGPX.SYS
08/01/2003 10:37 PM 1,040 alcxinit.dat
09/10/2003 11:36 PM 21,060 iviaspi.sys
09/19/2003 01:47 AM 10,368 pfc.sys
11/12/2003 04:41 AM 41,984 fetnd5b.sys
12/02/2003 09:23 PM 142,336 Fasttx2k.sys
12/12/2003 09:54 AM 391,424 ALCXSENS.SYS
03/18/2004 02:10 AM 113,664 Hdaudio.sys
03/19/2004 03:51 AM 21,744 HPZius12.sys
03/19/2004 03:52 AM 16,496 HPZipr12.sys
03/19/2004 03:52 AM 51,088 hpzid412.sys
04/16/2004 06:30 AM 21,024 pcdrsrvc.pkms
04/22/2004 12:02 PM 20,368 pxhelp20.sys
07/09/2004 05:26 AM 15,104 mpe.sys
07/09/2004 05:26 AM 11,392 bdasup.sys
07/09/2004 05:26 AM 52,096 msdv.sys
07/17/2004 07:20 AM 12,160 srvkp.sys
07/17/2004 11:35 AM 67,866 netwlan5.img
07/17/2004 11:36 AM 64,352 ativmc20.cod
07/17/2004 10:55 PM 129,045 cxthsfs2.cty
07/19/2004 08:33 PM 218,112 sisgrp.sys
08/03/2004 10:10 PM 730,653 ialmnt5.sys
08/03/2004 10:29 PM 57,856 atinbtxx.sys
08/03/2004 10:29 PM 701,440 ati2mtag.sys
08/03/2004 10:29 PM 327,040 ati2mtaa.sys
08/03/2004 10:29 PM 13,824 atinmdxx.sys
08/03/2004 10:29 PM 12,047 ati1pdxx.sys
08/03/2004 10:29 PM 11,615 ati1mdxx.sys
08/03/2004 10:29 PM 52,224 atinraxx.sys
08/03/2004 10:29 PM 14,336 atinpdxx.sys
08/03/2004 10:29 PM 56,623 ati1btxx.sys
08/03/2004 10:29 PM 29,455 ati1xbxx.sys
08/03/2004 10:29 PM 21,343 ati1ttxx.sys
08/03/2004 10:29 PM 104,960 atinrvxx.sys
08/03/2004 10:29 PM 28,672 atinsnxx.sys
08/03/2004 10:29 PM 13,824 atinttxx.sys
08/03/2004 10:29 PM 73,216 atintuxx.sys
08/03/2004 10:29 PM 31,744 atinxbxx.sys
08/03/2004 10:29 PM 63,488 atinxsxx.sys
08/03/2004 10:29 PM 26,367 ati1snxx.sys
08/03/2004 10:29 PM 63,663 ati1rvxx.sys
08/03/2004 10:29 PM 30,671 ati1raxx.sys
08/03/2004 10:29 PM 34,735 ati1xsxx.sys
08/03/2004 10:29 PM 36,463 ati1tuxx.sys
08/03/2004 10:29 PM 452,736 mtxparhm.sys
08/03/2004 10:29 PM 11,295 wadv08nt.sys
08/03/2004 10:29 PM 11,807 wadv07nt.sys
08/03/2004 10:29 PM 11,871 wadv09nt.sys
08/03/2004 10:29 PM 11,935 wadv11nt.sys
08/03/2004 10:29 PM 22,271 watv06nt.sys
08/03/2004 10:29 PM 25,471 watv10nt.sys
08/03/2004 10:29 PM 166,912 s3gnbm.sys
08/03/2004 10:41 PM 1,309,184 mtlstrm.sys
08/03/2004 10:41 PM 13,776 recagent.sys
08/03/2004 10:41 PM 126,686 mtlmnt5.sys
08/03/2004 10:41 PM 180,360 ntmtlfax.sys
08/03/2004 10:41 PM 129,535 slnt7554.sys
08/03/2004 10:41 PM 404,990 slntamr.sys
08/03/2004 10:41 PM 95,424 slnthal.sys
08/03/2004 10:41 PM 13,240 slwdmsup.sys
08/03/2004 10:41 PM 220,032 hsfbs2s2.sys
08/03/2004 10:41 PM 685,056 hsfcxts2.sys
08/03/2004 10:41 PM 1,041,536 hsfdpsp2.sys
08/03/2004 10:41 PM 11,868 mdmxsdk.sys
08/04/2004 01:31 AM 20,992 RTL8139.sys
08/04/2004 08:00 AM 11,648 acpiec.sys
08/04/2004 08:00 AM 4,224 beep.sys
08/04/2004 08:00 AM 63,232 nwlnknb.sys
08/04/2004 08:00 AM 32,512 nwlnkfwd.sys
08/04/2004 08:00 AM 12,032 ws2ifsl.sys
08/04/2004 08:00 AM 12,416 nwlnkflt.sys
08/04/2004 08:00 AM 13,952 cbidf2k.sys
08/04/2004 08:00 AM 4,352 wmilib.sys
08/04/2004 08:00 AM 17,792 ptilink.sys
08/04/2004 08:00 AM 32,896 ipfltdrv.sys
08/04/2004 08:00 AM 2,944 null.sys
08/04/2004 08:00 AM 8,832 rasacd.sys
08/04/2004 08:00 AM 3,456 oprghdlr.sys
08/04/2004 08:00 AM 4,736 usbd.sys
08/04/2004 08:00 AM 5,888 dmload.sys
08/04/2004 08:00 AM 646 gmreadme.txt
08/04/2004 08:00 AM 3,440,660 gm.dls
08/04/2004 08:00 AM 352,256 atmuni.sys
08/04/2004 08:00 AM 10,496 dxapi.sys
08/04/2004 08:00 AM 16,512 raspti.sys
08/04/2004 08:00 AM 3,328 dxgthk.sys
08/04/2004 08:00 AM 31,360 atmepvc.sys
08/04/2004 08:00 AM 7,680 mcd.sys
08/04/2004 08:00 AM 34,432 rawwan.sys
08/04/2004 08:00 AM 4,224 rdpcdd.sys
08/04/2004 08:00 AM 3,328 pciide.sys
08/04/2004 08:00 AM 125,056 ftdisk.sys
08/04/2004 08:00 AM 7,936 fs_rec.sys
08/04/2004 08:00 AM 14,592 smclib.sys
08/04/2004 08:00 AM 5,888 rootmdm.sys
08/04/2004 08:00 AM 4,224 mnmdd.sys
08/04/2004 08:00 AM 55,936 nwlnkspx.sys
08/04/2004 08:00 AM 6,784 parvdm.sys
08/04/2004 03:00 PM 12,160 fsvga.sys
08/04/2004 03:00 PM 18,688 cdaudio.sys
08/04/2004 03:00 PM 12,032 riodrv.sys
08/04/2004 03:00 PM 12,032 rio8drv.sys
08/04/2004 03:00 PM 58,112 vdmindvd.sys
08/04/2004 03:00 PM 21,376 tsbvcap.sys
08/04/2004 03:00 PM 51,712 tosdvd.sys
08/04/2004 03:00 PM 262,528 cinemst2.sys
08/04/2004 03:00 PM 11,776 cpqdap01.sys
08/04/2004 03:00 PM 12,032 nikedrv.sys
08/07/2004 07:48 AM <DIR> disdn
10/01/2004 11:24 AM 2,279,424 ALCXWDM.SYS
10/07/2004 09:16 PM 35,840 AFS2K.SYS
12/07/2004 08:08 PM 172,672 vtmini.sys
12/16/2004 02:36 PM 42,496 fetnd5bv.sys
12/18/2004 03:00 AM 24,101 Camd9080.sys
12/25/2005 12:09 AM 12,032 tansgt.sys
12/25/2005 12:09 AM 137,344 litsgt.sys
06/21/2006 06:33 PM 62,698 Capt9080.sys
09/28/2006 07:55 PM 77,568 WudfPf.sys
09/28/2006 08:00 PM 82,944 WudfRd.sys
10/18/2006 09:00 PM 38,528 wpdusb.sys
04/13/2007 01:30 PM 25,136 atwpkt2.sys
04/13/2007 01:30 PM 33,592 atwpkt264.sys
11/13/2007 06:25 AM 20,480 secdrv.sys
12/24/2007 10:27 PM 8,413 mcstrm.sys
12/25/2007 11:17 AM <DIR> UMDF
04/09/2008 12:14 AM 25,272 purendis.sys
04/09/2008 12:14 AM 23,992 pnarp.sys
04/13/2008 12:36 PM 144,384 hdaudbus.sys
04/13/2008 01:39 PM 142,592 aec.sys
04/13/2008 02:31 PM 35,840 processr.sys
04/13/2008 02:31 PM 42,752 p3.sys
04/13/2008 02:31 PM 36,352 intelppm.sys
04/13/2008 02:31 PM 37,376 amdk6.sys
04/13/2008 02:31 PM 36,736 crusoe.sys
04/13/2008 02:31 PM 37,760 amdk7.sys
04/13/2008 02:32 PM 66,048 udfs.sys
04/13/2008 02:32 PM 30,848 npfs.sys
04/13/2008 02:32 PM 19,072 msfs.sys
04/13/2008 02:32 PM 180,608 mrxdav.sys
04/13/2008 02:32 PM 196,224 rdpdr.sys
04/13/2008 02:32 PM 129,792 fltmgr.sys
04/13/2008 02:33 PM 44,544 fips.sys
04/13/2008 02:36 PM 5,888 smbali.sys
04/13/2008 02:36 PM 187,776 acpi.sys
04/13/2008 02:36 PM 42,368 agp440.sys
04/13/2008 02:36 PM 42,752 alim1541.sys
04/13/2008 02:36 PM 44,928 agpcpq.sys
04/13/2008 02:36 PM 40,960 sisagp.sys
04/13/2008 02:36 PM 43,008 amdagp.sys
04/13/2008 02:36 PM 42,240 viaagp.sys
04/13/2008 02:36 PM 44,672 uagp35.sys
04/13/2008 02:36 PM 46,464 gagp30kx.sys
04/13/2008 02:36 PM 37,248 isapnp.sys
04/13/2008 02:36 PM 63,744 mf.sys
04/13/2008 02:36 PM 120,192 pcmcia.sys
04/13/2008 02:36 PM 79,232 sdbus.sys
04/13/2008 02:36 PM 68,224 pci.sys
04/13/2008 02:36 PM 15,488 mssmbios.sys
04/13/2008 02:36 PM 73,472 sr.sys
04/13/2008 02:38 PM 71,168 dxg.sys
04/13/2008 02:39 PM 42,368 mountmgr.sys
04/13/2008 02:39 PM 384,768 update.sys
04/13/2008 02:39 PM 24,576 kbdclass.sys
04/13/2008 02:39 PM 23,040 mouclass.sys
04/13/2008 02:39 PM 5,504 mstee.sys
04/13/2008 02:39 PM 5,376 mspclock.sys
04/13/2008 02:39 PM 4,992 mspqm.sys
04/13/2008 02:39 PM 7,552 mskssrv.sys
04/13/2008 02:39 PM 4,352 swenum.sys
04/13/2008 02:40 PM 80,128 parport.sys
04/13/2008 02:40 PM 15,744 serenum.sys
04/13/2008 02:40 PM 20,480 flpydisk.sys
04/13/2008 02:40 PM 27,392 fdc.sys
04/13/2008 02:40 PM 57,600 redbook.sys
04/13/2008 02:40 PM 5,504 intelide.sys
04/13/2008 02:40 PM 24,960 pciidex.sys
04/13/2008 02:40 PM 96,512 atapi.sys
04/13/2008 02:40 PM 96,384 scsiport.sys
04/13/2008 02:40 PM 5,376 viaide.sys
04/13/2008 02:40 PM 14,208 diskdump.sys
04/13/2008 02:40 PM 62,976 cdrom.sys
04/13/2008 02:40 PM 36,352 disk.sys
04/13/2008 02:40 PM 11,904 sffdisk.sys
04/13/2008 02:40 PM 11,008 sffp_sd.sys
04/13/2008 02:40 PM 10,240 sffp_mmc.sys
04/13/2008 02:40 PM 11,392 sfloppy.sys
04/13/2008 02:40 PM 19,712 partmgr.sys
04/13/2008 02:40 PM 14,976 tape.sys
04/13/2008 02:40 PM 42,112 imapi.sys
04/13/2008 02:41 PM 52,352 volsnap.sys
04/13/2008 02:43 PM 14,208 wacompen.sys
04/13/2008 02:43 PM 12,672 mutohpen.sys
04/13/2008 02:44 PM 20,992 vga.sys
04/13/2008 02:44 PM 81,664 videoprt.sys
04/13/2008 02:44 PM 153,344 dmio.sys
04/13/2008 02:44 PM 799,744 dmboot.sys
04/13/2008 02:45 PM 52,864 dmusic.sys
04/13/2008 02:45 PM 6,272 splitter.sys
04/13/2008 02:45 PM 172,416 kmixer.sys
04/13/2008 02:45 PM 56,576 swmidi.sys
04/13/2008 02:45 PM 2,944 drmkaud.sys
04/13/2008 02:45 PM 60,160 drmk.sys
04/13/2008 02:45 PM 49,408 stream.sys
04/13/2008 02:45 PM 24,960 hidparse.sys
04/13/2008 02:45 PM 36,864 hidclass.sys
04/13/2008 02:45 PM 19,200 hidir.sys
04/13/2008 02:45 PM 10,368 hidusb.sys
04/13/2008 02:45 PM 20,608 usbuhci.sys
04/13/2008 02:45 PM 30,208 usbehci.sys
04/13/2008 02:45 PM 17,152 usbohci.sys
04/13/2008 02:45 PM 143,872 usbport.sys
04/13/2008 02:45 PM 59,520 usbhub.sys
04/13/2008 02:45 PM 26,368 usbstor.sys
04/13/2008 02:45 PM 32,128 usbccgp.sys
04/13/2008 02:45 PM 25,600 usbcamd.sys
04/13/2008 02:45 PM 25,728 usbcamd2.sys
04/13/2008 02:45 PM 15,872 usbintel.sys
04/13/2008 02:46 PM 25,344 sonydcam.sys
04/13/2008 02:46 PM 61,696 ohci1394.sys
04/13/2008 02:46 PM 53,376 1394bus.sys
04/13/2008 02:46 PM 121,984 usbvideo.sys
04/13/2008 02:46 PM 15,232 streamip.sys
04/13/2008 02:46 PM 10,880 ndisip.sys
04/13/2008 02:46 PM 17,024 ccdecode.sys
04/13/2008 02:46 PM 11,136 slip.sys
04/13/2008 02:46 PM 19,200 wstcodec.sys
04/13/2008 02:46 PM 85,248 nabtsfec.sys
04/13/2008 02:46 PM 18,944 bthusb.sys
04/13/2008 02:46 PM 25,600 hidbth.sys
04/13/2008 02:46 PM 36,480 bthprint.sys
04/13/2008 02:46 PM 59,136 rfcomm.sys
04/13/2008 02:46 PM 37,888 bthmodem.sys
04/13/2008 02:46 PM 17,024 bthenum.sys
04/13/2008 02:47 PM 25,856 usbprint.sys
04/13/2008 02:51 PM 59,904 atmarpc.sys
04/13/2008 02:51 PM 60,800 arp1394.sys
04/13/2008 02:51 PM 61,824 nic1394.sys
04/13/2008 02:51 PM 55,808 atmlane.sys
04/13/2008 02:51 PM 101,120 bthpan.sys
04/13/2008 02:53 PM 40,320 nmnt.sys
04/13/2008 02:53 PM 71,552 bridge.sys
04/13/2008 02:53 PM 36,608 ip6fw.sys
04/13/2008 02:54 PM 11,264 irenum.sys
04/13/2008 02:55 PM 14,592 ndisuio.sys
04/13/2008 02:56 PM 12,288 tunmp.sys
04/13/2008 02:56 PM 34,688 netbios.sys
04/13/2008 02:56 PM 88,320 nwlnkipx.sys
04/13/2008 02:56 PM 35,072 msgpc.sys
04/13/2008 02:56 PM 69,120 psched.sys
04/13/2008 02:56 PM 12,800 usb8023.sys
04/13/2008 02:56 PM 30,592 rndismpx.sys
04/13/2008 02:56 PM 30,592 rndismp.sys
04/13/2008 02:56 PM 12,800 usb8023x.sys
04/13/2008 02:57 PM 20,864 ipinip.sys
04/13/2008 02:57 PM 152,832 ipnat.sys
04/13/2008 02:57 PM 34,560 wanarp.sys
04/13/2008 02:57 PM 10,112 ndistapi.sys
04/13/2008 02:57 PM 14,336 asyncmac.sys
04/13/2008 02:57 PM 40,576 ndproxy.sys
04/13/2008 02:57 PM 41,472 raspppoe.sys
04/13/2008 03:00 PM 19,072 tdi.sys
04/13/2008 03:00 PM 30,080 modem.sys
04/13/2008 03:14 PM 63,744 cdfs.sys
04/13/2008 03:14 PM 143,744 fastfat.sys
04/13/2008 03:15 PM 64,512 serial.sys
04/13/2008 03:15 PM 574,976 ntfs.sys
04/13/2008 03:15 PM 60,800 sysaudio.sys
04/13/2008 03:16 PM 49,536 classpnp.sys
04/13/2008 03:16 PM 141,056 ks.sys
04/13/2008 03:17 PM 105,344 mup.sys
04/13/2008 03:17 PM 83,072 wdmaud.sys
04/13/2008 03:18 PM 52,480 i8042prt.sys
04/13/2008 03:19 PM 146,048 portcls.sys
04/13/2008 03:19 PM 75,264 ipsec.sys
04/13/2008 03:19 PM 51,328 rasl2tp.sys
04/13/2008 03:19 PM 48,384 raspptp.sys
04/13/2008 03:20 PM 182,656 ndis.sys
04/13/2008 03:20 PM 91,520 ndiswan.sys
04/13/2008 03:21 PM 162,816 netbt.sys
04/13/2008 03:28 PM 175,744 rdbss.sys
04/13/2008 03:45 PM 15,104 usbscan.sys
04/13/2008 08:11 PM 3,711 adv09nt5.dll
04/13/2008 08:11 PM 3,775 adv11nt5.dll
04/13/2008 08:11 PM 3,647 adv07nt5.dll
04/13/2008 08:11 PM 3,135 adv08nt5.dll
04/13/2008 08:11 PM 3,615 adv05nt5.dll
04/13/2008 08:11 PM 3,967 adv02nt5.dll
04/13/2008 08:11 PM 4,255 adv01nt5.dll
04/13/2008 08:11 PM 17,279 atv10nt5.dll
04/13/2008 08:11 PM 11,359 atv02nt5.dll
04/13/2008 08:11 PM 25,471 atv04nt5.dll
04/13/2008 08:11 PM 21,183 atv01nt5.dll
04/13/2008 08:11 PM 15,423 ch7xxnt5.dll
04/13/2008 08:11 PM 14,143 atv06nt5.dll
04/13/2008 08:12 PM 3,901 siint5.dll
04/13/2008 08:12 PM 11,325 vchnt5.dll
04/13/2008 08:13 PM 40,840 termdd.sys
04/13/2008 08:13 PM 12,040 tdpipe.sys
04/13/2008 08:13 PM 21,896 tdtcp.sys
04/13/2008 08:13 PM 139,656 rdpwd.sys
05/08/2008 10:02 AM 203,136 rmcast.sys
06/13/2008 07:05 AM 272,128 bthport.sys
06/20/2008 07:51 AM 361,600 tcpip.sys
08/14/2008 06:04 AM 138,496 afd.sys
09/17/2008 11:55 PM 6,132,576 nv4_mini.sys
05/18/2009 03:17 PM 26,600 GEARAspiWDM.sys
06/24/2009 07:18 AM 92,928 ksecdd.sys
08/05/2009 11:57 AM 80,000 fsdfw.sys
08/28/2009 08:42 PM 40,448 usbaapl.sys
10/20/2009 12:20 PM 265,728 http.sys
12/03/2009 05:13 PM 19,160 mbam.sys
12/03/2009 05:14 PM 38,224 mbamswissarmy.sys
12/31/2009 12:50 PM 353,792 srv.sys
02/11/2010 08:02 AM 226,880 tcpip6.sys
02/24/2010 09:11 AM 455,680 mrxsmb.sys
03/31/2010 07:42 PM 33,920 fsbts.sys
05/10/2010 06:43 PM 163,712 vidstub.sys
06/07/2010 06:32 PM <DIR> ..
06/07/2010 06:32 PM <DIR> .
06/07/2010 06:42 PM <DIR> etc
325 File(s) 37,328,285 bytes
5 Dir(s) 50,262,245,376 bytes free
Virtual drives found?
Environment variables
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Rachell\Application Data
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JESUS
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Rachell
LOGONSERVER=\\JESUS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\PC-Doctor for Windows\services;C:\Program Files\Common Files\Ulead Systems\MPEG;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
SESSIONNAME=Console
sfxcmd="C:\Documents and Settings\Rachell\Desktop\ComboFix.exe"
sfxname=C:\Documents and Settings\Rachell\Desktop\ComboFix.exe
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Rachell\LOCALS~1\Temp
TMP=C:\DOCUME~1\Rachell\LOCALS~1\Temp
USERDOMAIN=JESUS
USERNAME=Rachell
USERPROFILE=C:\Documents and Settings\Rachell
windir=C:\WINDOWS
Stealth malware?
Internet Explorer
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Search Page REG_SZ http://go.microsoft.com/fwlink/?LinkId=54896
Enable_Disk_Cache REG_SZ yes
Cache_Percent_of_Disk REG_BINARY 0A000000
Delete_Temp_Files_On_Exit REG_SZ yes
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Anchor_Visitation_Horizon REG_BINARY 01000000
Use_Async_DNS REG_SZ yes
Placeholder_Width REG_BINARY 1A000000
Placeholder_Height REG_BINARY 1A000000
CompanyName REG_SZ Microsoft Corporation
Custom_Key REG_SZ MICROSO
Wizard_Version REG_SZ 6.00.2800.1017
Search Bar REG_SZ http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
FullScreen REG_SZ no
Check_Associations REG_SZ no
Default_Secondary_Page_URL REG_MULTI_SZ \0
Extensions Off Page REG_SZ about:NoAdd-ons
Security Risk Page REG_SZ about:SecurityRisk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ErrorThresholds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\ins
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\uni
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\UrlTemplate
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
User Agent REG_SZ Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag REG_SZ 5.0
NoNetAutodial REG_DWORD 0x1
MigrateProxy REG_DWORD 0x1
EnableNegotiate REG_DWORD 0x1
EmailName REG_SZ IEUser@
AutoConfigProxy REG_SZ wininet.dll
MimeExclusionListForCache REG_SZ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges
WarnOnPost REG_BINARY 01000000
UseSchannelDirectly REG_BINARY 01000000
PrivacyAdvanced REG_DWORD 0x0
ProxyEnable REG_DWORD 0x0
SyncMode5 REG_DWORD 0x3
PrivDiscUiShown REG_DWORD 0x1
GlobalUserOffline REG_DWORD 0x0
WarnOnZoneCrossing REG_DWORD 0x1
SyncMode REG_DWORD 0x3
EnableAutodial REG_DWORD 0x1
UrlEncoding REG_DWORD 0x0
SecureProtocols REG_DWORD 0xa0
DisableCachingOfSSLPages REG_DWORD 0x0
CertificateRevocation REG_DWORD 0x0
ShowPunycode REG_DWORD 0x0
EnablePunycode REG_DWORD 0x1
DisableIDNPrompt REG_DWORD 0x0
WarnonBadCertRecving REG_DWORD 0x1
WarnOnPostRedirect REG_DWORD 0x0
DnsCacheEnabled REG_DWORD 0x0
AllowCookies REG_DWORD 0x1
ZonesSecurityUpgradeDone REG_DWORD 0x1
WarnOnIntranet REG_DWORD 0x0
ZonesSecurityUpgrade REG_BINARY 558ED326AD16CA01
ProxyOverride REG_SZ *.local
EnableHttp1_1 REG_DWORD 0x1
ProxyHttp1.1 REG_DWORD 0x1
WarnOnHTTPSToHTTPRedirect REG_DWORD 0x1
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Digest
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Protocols
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\TemplatePolicies
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Url History
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main
NoUpdateCheck REG_DWORD 0x1
NoJITSetup REG_DWORD 0x1
Disable Script Debugger REG_SZ no
Show_ChannelBand REG_SZ No
Anchor Underline REG_SZ yes
Cache_Update_Frequency REG_SZ Once_Per_Session
Display Inline Images REG_SZ yes
Do404Search REG_BINARY 01000000
Local Page REG_SZ C:\WINDOWS\system32\blank.htm
Save_Session_History_On_Exit REG_SZ no
Show_FullURL REG_SZ no
Show_StatusBar REG_SZ yes
Show_ToolBar REG_SZ yes
Show_URLinStatusBar REG_SZ yes
Show_URLToolBar REG_SZ yes
Use_DlgBox_Colors REG_SZ yes
Search Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Window_Placement REG_BINARY 2C0000000200000003000000FFFFFFFFFFFFFFF FFFFFFFFFFFFFFFFF0300000001000000EF0300 00DC020000
NotifyDownloadComplete REG_SZ yes
FullScreen REG_SZ no
Use FormSuggest REG_SZ no
AddToFavoritesExpanded REG_DWORD 0x0
StatusBarWeb REG_DWORD 0x0
AutoSearch REG_DWORD 0x5
Print_Background REG_SZ no
XMLHTTP REG_DWORD 0x1
UseClearType REG_SZ yes
Enable Browser Extensions REG_SZ yes
Play_Background_Sounds REG_SZ yes
Play_Animations REG_SZ yes
CompatibilityFlags REG_DWORD 0x0
SearchMigrated REG_DWORD 0x1
Expand Alt Text REG_SZ no
Move System Caret REG_SZ no
NscSingleExpand REG_DWORD 0x0
DisableScriptDebuggerIE REG_SZ yes
Error Dlg Displayed On Every Error REG_SZ no
Page_Transitions REG_DWORD 0x1
UseThemes REG_DWORD 0x1
EnableSearchPane REG_DWORD 0x0
Force Offscreen Composition REG_DWORD 0x0
AllowWindowReuse REG_DWORD 0x1
Friendly http errors REG_SZ yes
SmoothScroll REG_DWORD 0x1
Enable AutoImageResize REG_SZ yes
Show image placeholders REG_DWORD 0x0
AlwaysShowMenus REG_DWORD 0x1
ShowedCheckBrowser REG_SZ Yes
Check_Associations REG_SZ no
HistoryViewType REG_BINARY 0000
HistoryTopNSitesView REG_DWORD 0x14
FavoritesExportFile REG_SZ C:\Documents and Settings\Rachell\My Documents\My Downloads\bookmarks.html
FavoritesImportFolder REG_SZ C:\Documents and Settings\Rachell\Favorites\AOL Favs
AutoHide REG_SZ yes
IE8RunOnceLastShown REG_DWORD 0x1
IE8RunOnceLastShown_TIMESTAMP REG_BINARY 827C54F34458CA01
IE8TourShown REG_DWORD 0x1
IE8TourShownTime REG_BINARY 72FA84242B1ACA01
Start Page REG_SZ http://mystart.incredimail.com/
RunOnceHasShown REG_DWORD 0x1
RunOnceComplete REG_DWORD 0x1
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default Feeds
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search
SearchAssistant REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
CustomizeSearch REG_SZ http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} REG_SZ
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
<NO NAME> REG_SZ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b4fec876-9bb2-4397-83f8-f25875933559}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
{724d43a0-0d85-11d4-9908-00400523e39a} REG_BINARY 00
{b4fec876-9bb2-4397-83f8-f25875933559} REG_SZ MillBar Toolbar
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} REG_SZ
{EF99BD32-C1FB-11D2-892F-0090271D4F88} REG_BINARY 00
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&ieSpell Options
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Check &Spelling
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Merriam Webster
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Lookup on Wikipedia
Security Center
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
FirstRunDisabled REG_DWORD 0x1
AntiVirusDisableNotify REG_DWORD 0x0
FirewallDisableNotify REG_DWORD 0x0
UpdatesDisableNotify REG_DWORD 0x0
AntiVirusOverride REG_DWORD 0x0
FirewallOverride REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
%windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe REG_SZ C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion
C:\Program Files\IncrediMail\bin\IncMail.exe REG_SZ C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IMApp.exe REG_SZ C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\ImpCnt.exe REG_SZ C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Program Files\Common Files\AOL\System Information\sinf.exe REG_SZ C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
C:\Documents and Settings\HP_Owner\Desktop\magentic_install.exe REG_SZ C:\Documents and Settings\HP_Owner\Desktop\magentic_install.exe:*:Enabled:IncrediMail Installer
%windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Documents and Settings\HP_Owner\Desktop\incredimail_install.exe REG_SZ C:\Documents and Settings\HP_Owner\Desktop\incredimail_install.exe:*:Enabled:IncrediMail Installer
C:\Program Files\IncrediMail\bin\ImSc.exe REG_SZ C:\Program Files\IncrediMail\bin\ImSc.exe:*:Enabled:IncrediMail
C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe REG_SZ C:\Program Files\IncrediMail\bin\IncrediMail_Install.exe:*:Enabled:IncrediMail Installer
C:\Program Files\Disney\Disney Online\Toontown\Toontown.exe REG_SZ C:\Program Files\Disney\Disney Online\Toontown\Toontown.exe:*:Enabled:Toontown
C:\Program Files\IncrediMail\bin\ImLc.exe RE
-
Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
-
Ok, Done. Here it is..
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c7770f25280784ca8a70ce538a43a27
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-08 10:26:08
# local_time=2010-06-08 06:26:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=353068
# found=10
# cleaned=10
# scan_time=28345
C:\Documents and Settings\All Users\Documents\Believer\its by grace of god yolonda.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Deejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-54f26534-20ed0c4f.class a variant of Java/TrojanDownloader.OpenStream trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli my paper.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Owner\My Documents\My Music\Unknown Artist\we all need esterlyn.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Kath\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli my paper.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\its by grace of god yolonda.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
(http://www.malwarebytes.org/forums/style_images/1/bf_new.gif) Please download Malwarebytes Anti-Malware from Malwarebytes.org (http://www.malwarebytes.org/mbam/program/mbam-setup.exe).
Alternate link: BleepingComputer.com (http://download.bleepingcomputer.com/malwarebytes/mbam-setup.exe).
(Note: if you already have the program installed, just follow the directions. No need to re-download or re-install!)
Double Click mbam-setup.exe to install the application.
(Note: if you already have the program installed, open Malwarebytes from the Start Menu or Desktop shortcut, click the Update tab, and click Check for Updates, before doing the scan as instructed below!)
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Full Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
- Please save the log to a location you will remember.
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
- Copy and paste the entire report in your next reply.
-
Yes, I have that. Its what helped me last time allot. It did require an update and after that I did the scan here is the log. Thanks!
**Edit** Wanted to add that I clicked on system restore just to see if it would work and a window popped up that said...
System Restore
System Restore is not able to protect your computer. Please restart your computer, and then run system restore again.
???
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4052
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/8/2010 9:09:49 PM
mbam-log-2010-06-08 (21-09-49).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 539784
Time elapsed: 6 hour(s), 38 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 148
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1823122.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1823127.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1823132.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1824137.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1824143.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825137.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825143.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825149.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1825155.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1828155.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1828160.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1830160.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1832167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1832172.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1833167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1834167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1835167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1836167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1837167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1838167.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1838175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1839175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1839179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1840175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1840181.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1841175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1841181.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1842175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1842180.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1843175.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1843179.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1843185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1844185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1845185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1846185.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1846196.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1847195.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1847200.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1848195.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1848201.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1849201.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1849207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850207.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850210.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850224.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850225.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1850248.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1852271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1854271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1854277.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1855271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1856271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1856285.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1857285.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1384\A1853271.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1857288.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1857295.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1857299.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1859295.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1859298.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1860295.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1860298.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1863537.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1385\A1863809.exe (Trojan.Zbot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1387\A1863846.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1336\A1774371.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1336\A1775374.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1337\A1776759.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1347\A1787000.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1348\A1789000.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1349\A1789033.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1349\A1789034.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1349\A1789035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1794001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1793001.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1793002.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1351\A1794000.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1353\A1794105.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1353\A1794106.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1353\A1794107.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1358\A1799033.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1358\A1799049.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1358\A1799050.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800060.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800076.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800080.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800126.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800050.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800119.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800155.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800369.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800152.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800153.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800156.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800157.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800158.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800159.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800160.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800226.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800227.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800249.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800250.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800256.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800263.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800266.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800308.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800375.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1360\A1800433.exe (Worm.Emold) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801846.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801856.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801861.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801865.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801901.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801907.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801932.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801933.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801935.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801936.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801937.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801938.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801939.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801940.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1801941.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802002.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802003.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802026.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802031.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802038.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802039.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802040.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802041.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802080.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802141.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802147.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1363\A1802256.exe (Worm.Emold) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E7B21304-9105-4D9D-AFAC-E7088FDCC6A0}\RP1392\A1863864.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Start Menu\Internet Security 2010.lnk (Rogue.InternetSecurity2010) -> Quarantined and deleted successfully.
-
Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)
- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats and the option Scan unwanted applications is checked
- Click Scan (This scan can take several hours, so please be patient)
- Once the scan is completed, you may close the window
- Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
- Copy and paste that log as a reply to this topic
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c7770f25280784ca8a70ce538a43a27
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-08 10:26:08
# local_time=2010-06-08 06:26:08 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=353068
# found=10
# cleaned=10
# scan_time=28345
C:\Documents and Settings\All Users\Documents\Believer\its by grace of god yolonda.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Deejer\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-54f26534-20ed0c4f.class a variant of Java/TrojanDownloader.OpenStream trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Owner\My Documents\My Music\francesca battistelli my paper.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\HP_Owner\My Documents\My Music\Unknown Artist\we all need esterlyn.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Kath\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe probably a variant of Win32/TrojanDownloader.Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli - best track ever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\francesca battistelli my paper.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Rachell\My Documents\My Music\Believer\its by grace of god yolonda.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1c7770f25280784ca8a70ce538a43a27
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-06-09 07:51:52
# local_time=2010-06-09 03:51:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2304 16777175 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=353934
# found=1
# cleaned=1
# scan_time=23197
C:\Documents and Settings\Rachell\Desktop\MP3Rocket-Win(2).exe.part a variant of Win32/AdInstaller application (deleted - quarantined) 00000000000000000000000000000000 C
-
Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.
-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4184
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
6/9/2010 5:26:44 PM
mbam-log-2010-06-09 (17-26-44).txt
Scan type: Quick scan
Objects scanned: 191248
Time elapsed: 20 minute(s), 33 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
- Select Start > All Programs > Accessories > System tools > System Restore.
- On the dialogue box that appears select Create a Restore Point
- Click NEXT
- Enter a name e.g. Clean
- Click CREATE
You now have a clean restore point, to get rid of the bad ones:
- Select Start > All Programs > Accessories > System tools > Disk Cleanup.
- In the Drop down box that appears select your main drive e.g. C
- Click OK
- The System will do some calculation and the display a dialogue box with TABS
- Select the More Options Tab.
- At the bottom will be a system restore box with a CLEANUP button click this
- Accept the Warning and select OK again, the program will close and you are done
To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe (http://oldtimer.geekstogo.com/OTC.exe) by OldTimer:
- Save it to your Desktop.
- Double click OTC.exe.
- Click the CleanUp! button.
- If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes.
Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
==
Please download TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
- Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- It will close all programs when run, so make sure you have saved all your work before you begin.
- Click the Start
button to begin the process. Depending on how often you clean temp
files, execution time should be anywhere from a few seconds to a minute
or two. Let it run uninterrupted to completion.
- Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
==
Download Security Check by screen317 from SpywareInfoforum.org (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or Changelog.fr (http://screen317.changelog.fr/SecurityCheck.exe).- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-
Ok, I tried but when I click system restore a window pops up and says..
System Restore
System Restore is not able to protect your computer. Please restart your computer, and then run system restore again.
I restarted several times but always get the same thing. :-\
-
1. Right-click the My Computer icon on the Desktop and click Properties.
2. Click the Performance tab.
3. Click the File System button.
4. Click the Troubleshooting tab.
5. Remove the check mark next to Disable System Restore.
6. Click OK.
7. Click Yes when prompted to restart.
Then, please try the process above again.
-
Sorry, but I don't see a Performance tab.. :-[ I see General, Computer Name, Hardware, Advanced, Automatic Updates, Remote? I'm right clicking My Computer, than properties than I'm missing something?
-
1. Right-click the My Computer icon on the Desktop and click Properties.
2. On the System Restore tab, uncheck Disable System Restore.
See if that helps
-
There isn't a system restore tab, I'm logged in as an Administrator. I don't know why its not there?
-
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind
rstrui.exe
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
ok, here it is.
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:43 on 11/06/2010 by Rachell (Administrator - Elevation successful)
========== filefind ==========
Searching for "rstrui.exe"
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe --a--c 380416 bytes [08:02 16/10/2008] [19:00 04/08/2004] 4375CD59161C0A033DF68D9510D1F8CF
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe --a--c 380416 bytes [17:31 29/08/2008] [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD
C:\WINDOWS\system32\dllcache\rstrui.exe --a--c 380416 bytes [19:01 07/08/2004] [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD
C:\WINDOWS\system32\Restore\rstrui.exe --a--- 380416 bytes [19:01 07/08/2004] [00:12 14/04/2008] BD6C1488F63D64DEA8EE514802FC2CDD
-=End Of File=-
-
Please open Notepad and enter in the following:
Windows Registry Editor Version 5.00
[HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR"=-
Then, click File > Save as...
Save as enableSR.reg to your Desktop.
Choose Save as type... All Files.
Click Save.
Then, exit Notepad.
Double-click on enableSR.reg.
Then, restart your computer.
Then, look in the System Properties window again for the System Restore tab.
-
Sorry for just now writing back, long weekend... I did what you said and it asked if I wanted to add it to my registry I said yes and it said it had. I restarted and still no system restore tab. Also I get the same message still if I try to open System restore.
-
We Need to Diagnose a Possible Problem with WGA
- Please download MGADiag (http://go.microsoft.com/fwlink/?linkid=52012) and save it to your desktop.
- Double click the (http://img69.imageshack.us/img69/4829/dmjdiag.png) icon on your desktop.
- Push (http://img109.imageshack.us/img109/3610/dmjcontinue.png)
- Push (http://img85.imageshack.us/img85/1953/dmjcopy.png)
- Go to Start -> Run and type in "Notepad"
- Go to Edit -> Paste in notepad.
- x out all of the numbers and letters in the line beginning with "Windows Product Key:"
- Copy and paste that log here.
[/list]
-
Ok, here it is
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-XXXXX-XXXXX-XXXXX
Windows Product Key Hash: 2V2VyxlfhiaCt/JkDzYQfiNOHMA=
Windows Product ID: 76477-OEM-2111907-00106
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {16CCC64D-E3B3-4DA7-B4CA-7D6BBD0ECCAE}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1
Resolution Status: N/A
Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A
Windows XP Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.17.0
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft
OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002
OGA Data-->
Office Status: 102
Microsoft Office Standard Edition 2003 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed
File Scan Data-->
Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{16CCC64D-E3B3-4DA7-B4CA-7D6BBD0ECCAE}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-3PMFT</PKey><PID>76477-OEM-2111907-00106</PID><PIDType>2</PIDType><SID>S-1-5-21-1273659944-3790613762-3211983470</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>PL382AA-ABA A706N</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.11</Version><SMBIOSVersion major="2" minor="3"/><Date>20040902000000.000000+000</Date><SLPBIOS>HP PAVILION</SLPBIOS></BIOS><HWID>21DD39AF0184205F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>Pavilion</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.7.17.0"/><File Name="WgaLogon.dll" Version="1.7.17.0"/></GANotification></MachineData><Software><Office><Result>102</Result><Products><Product GUID="{91120409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Standard Edition 2003</Name><Ver>11</Ver><Val>606A581CC1FD930</Val><Hash>FEOgdhbkAmkHjihJ9UWrNxearM4=</Hash><Pid>70141-152-3817414-56318</Pid><PidType>10</PidType></Product></Products><Applications><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>
Licensing Data-->
N/A
Windows Activation Technologies-->
N/A
HWID Data-->
N/A
OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 106DD:Compaq Computer Corporation|106DD:Compaq Computer Corporation|106DD:Hewlett-Packard Company|10859:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: HP PAVILION
OEM Activation 2.0 Data-->
N/A
-
-Click Start, and then click My Computer.
-On the Tools menu, click Folder Options.
-On the View tab, click Show hidden files and folders.
-Clear the Hide protected operating system files (Recommended) check box. Click Yes when you are prompted to confirm the change.
-Clear the Use simple file sharing (Recommended) check box.
-Click OK.
-Right-click the System Volume Information folder in the root folder, and then click Properties.
-Click the Security tab.
-Click Add, and then type the name of the user to whom you want to give access to the folder. Typically, this is the account with which you are logged on. Click OK, and then click OK again.
-Then, navigate to C:\SystemVolumeInformation right click on it, and click on Rename.
-Rename it to SystemVolumeBAK
-Restart your computer.
Tell me if you can see the Restore tab.
-
Ok, Can you explain ''-Right-click the System Volume Information folder in the root folder'' I don't know where/what those are exactly? Sorry when I got to that step I was unsure of what to do. I did the first stuff already though. Clicked Show hidden files and folders already, Hide protected operating system files (Recommended) was already unchecked and there is no Use simple file sharing (Recommended) check box.
-
c:\SystemVolumeInformation
-
It's not there and if I try to RUN it says Windows can not find 'c:\SystemVolumeInformation'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click search.
-
Do you have a Windows XP CD??
We need to do a system in-place upgrade, which is a data-safe process to fully repair Windows.
However, if you do not feel comfortable with this, there are alternative routes to be able to take to backup your system configuration, like ERUNT program.
-
Yes, I have the CD Windows XP Home Edition. Since you say it is Data Safe does that mean I won't like lose or mess up any my programs, photographs and everything? Is there a major difference between doing that and ERUNT? Do you think one way better than the other?
Thanks!
-
The repair will restore functionality for System Restore, which can be easier down the road.
ERUNT is a little more difficult for beginner users.
If you feel comfortable using ERUNT, then see if this will work:
Install ERUNT (http://"http://www.larshederer.homepage.t-online.de/erunt/").
Let it add an entry to your Start menu during the install process. That
will allow ERUNT to backup your registry each time you boot. It only
takes a few seconds and has no real impact on boot time. Run ERUNT
immediately after installing it to create a full registry backup.
Then if something is deleted that shouldn't have been, simply go to the C:\Windows\erdnt
folder and pick the erdnt.exe wanted to restore the registry to it's
state when it was backed up. This can even be done from the Recovery
Console if needed.
-
Ok, I did the ERUNT thing.
-
Good. Now, do you know what to do to restore your computer, in case something happens?
Go to the C:\Windows\erdnt folder and pick the erdnt.exe wanted to restore the registry to it's state when it was backed up. This can even be done from the Recovery Console if needed.
If you need help from an expert, please post a new topic, then PM me. I will help you get it restored from the Recovery Console in case your computer cannot boot. :)
-
Ok, Thanks! :D what if I want to fix system restore though? Do you know what happened to it ? Was it deleted or did the fake virus thing just mess it up? Also, I checked and I can boot into safe mode now!
-
It must be damaged.
If you want to fix it, you will need to do an in-place data-safe upgrade.
http://support.microsoft.com/kb/978788
-
Ok, Thank you. Maybe I will do that, I will have to read about it first though. Do you know where I can get help for the other problems because they are still happening...They started after all that but what we did didn't fix them. Thanks for helping me!! ;D
*Also I don't know if the windows XP CD we have was used to install windows on this specific computer or not so IDK (I think its pretty old and we have a separate SP 3 cd.) IDK If that would mess it up....maybe theres some way to just reinstall the system restore...IDK
Thanks again for helping!!
-
Please list any other problems, so I may help or point you in the right direction.
-
Every time the computer loads up to everyones usernames a error comes up nmsrv.exe application error. I just exit it, it doesn't seem to effect anything....
Everytime we log in we get a Pure Platform Networks service error, program needs to close error where it says you can send a report. I just exit it too now.... I believe its tied in with my Linksys Easylink advisor because Linksys Easylink advisor is no longer working as when I try to open Linksys el Advisor its says its not running, so I click connect it tries than that same pure platform error pops up and it exits. Iv tried uninstalling it reinstalling but it hasn't worked since.
-
I will help with the application error there.
However, the network issue is much more complicated. I would recommend to post for help in this section: http://www.computerhope.com/forum/index.php/board,12.0.html
============
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:filefind
nmsrv.exe
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
Ok, Thanks. Sorry for delay in reply.
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:15 on 21/06/2010 by Rachell (Administrator - Elevation successful)
========== filefind ==========
Searching for "nmsrv.exe"
No files found.
-=End Of File=-
-
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:regfind
nmsrv.exe
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 08:52 on 22/06/2010 by Rachell (Administrator - Elevation successful)
========== regfind ==========
Searching for "nmsrv.exe"
No data found.
-=End Of File=-
-
Ok once more here.
- Double-click SystemLook.exe to run it.
- Copy the content of the following codebox into the main textfield:
:regfind
nmsrv
- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
-
Opps, I thought I did copy all of that... I think i missed a letter too nmsrvc not nmsrv...... ::) sorry. I redid it if it matters...
here ya go...
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:16 on 22/06/2010 by Rachell (Administrator - Elevation successful)
========== regfind ==========
Searching for "nmsrv"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\nmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Pure Networks Platform Service]
"EventMessageFile"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
-=End Of File=-
------------------------------------------
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:19 on 22/06/2010 by Rachell (Administrator - Elevation successful)
========== filefind ==========
Searching for "nmsrvc.exe"
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe --a--- 648504 bytes [04:15 09/04/2008] [04:15 09/04/2008] 82C5A813E8EA7E94DC1AFA24CD803B80
-=End Of File=-
------------------------------------------
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 19:32 on 22/06/2010 by Rachell (Administrator - Elevation successful)
========== regfind ==========
Searching for "nmsrvc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\nmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Nls\MUILanguages\RCV2\mnmsrvc.exe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nmservice]
"ImagePath"=""C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe""
-=End Of File=-
-
Please open Notepad and enter in the following:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmsrvc]
"Start"="0x4"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mnmsrvc]
"Start"="0x4"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\mnmsrvc]
"Start"="0x4"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmsrvc]
"Start"="0x4"
Then, click File > Save as...
Save as disablePure.reg to your Desktop.
Choose Save as type... All Files.
Click Save.
Then, exit Notepad.
Double-click on disablePure.reg, and confirm the prompt.
Then, reboot your computer and see if it gives any more issues at Winlogon.
-
I did what you said but the same thing happened. I don't know if it will help but here is a shot of the exact message that pops up on the Log On Screen....
(my other thread is here but no one has answered yet http://www.computerhope.com/forum/index.php/topic,106340.0.html )
[recovering disk space - old attachment deleted by admin]
-
Can you remove the program without anything happening to your Internet connection?
-
Linksys no I can't, because is my family router. I did hesitantly uninstall and reinstall it when no one else was using it though..didn't work....As for Pure Networks Platform Service I honestly don't know what it is or if it has to do with my internet. ???
-
Try to remove the Pure Networks program, and see if that helps anything.
-
Do you know how to do that? It's not in add/remove programs and if I try to just delete C:\Program Files\Common Files\Pure Networks Shared\ its says Access denied to files there.
Edit: This is unrelated to the other thing but
I just got my system restore tab back and system restore opens up!!!! :D It currently doesn't have any points saved...I followed these instructions...
http://forum.soft32.com/windows/System-Restore-Tab-Missing-ftopict318903.html
-
How did you uninstall it before?
-
I didn't unistall Pure Networks Platform Service before. I uninstalled my Linksys Easylink Advisor/Router cd because its not working (well the actual router so other people can be the net is but the advisor isn't) and that same Pure Networks Platform Service pops up so I just unistalled the Linksys advisor and reinstalled it but I got the same errors....I don't ever remember installing anything called Pure Networks Platform Service but I thought maybe it was something to do with my Linksys.
-
I see. So have you reinstalled the Pure Networks Platform Service?
If not, try to reinstall the Pure Networks Platform Service, as this may resolve the error.
-
Iv never done any thing with Pure Networks Platform Service. I don't know how to unistall it. I did uninstall and reinstall my Linksys.
-
Right. But are you able to install the Pure Networks...?
-
No :-[
-
Please go here: http://homesupport.cisco.com/en-us/wireless/linksys/
Enter your model number and try to find the download for Pure Networks.
Let me know if you see it or not.