Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: 1 [2] 3  All   Go Down

Author Topic: Can't install or delete programs  (Read 20570 times)

0 Members and 1 Guest are viewing this topic.

indy777

  • Guest
Re: Can't install or delete programs
« Reply #15 on: June 05, 2009, 07:25:21 PM »
I ran the bitdefender on line scan and saved the file. Went to the file dropper site paid the monthly fee and then rebooted to get out of safe mode.  The computer did not start up right. I was given the option to repair or go to a restore point. Tried the repair option but didn't work and had to restore from a previous point. So I've lost all the programs I installed and of course the files and logs. Back to square one. I am going to start in the morning, I've had enough for one day. I really appreciate all the help you have given me, just bare with me I'll get back to this point again. :(
Thanks
Logged

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: Can't install or delete programs
« Reply #16 on: June 05, 2009, 08:13:19 PM »
Quote
Went to the file dropper site paid the monthly fee

What? It's a free service with a paid option for more space. Anything I suggest will always be 100% free.

Did you get the file uploaded to FileDropper so I can see it? I really need to get some names and locations of the malware to know what to do next. Do you remember if anything was called Virut or Sality?
Logged

indy777

  • Guest
Re: Can't install or delete programs
« Reply #17 on: June 06, 2009, 08:38:47 AM »
Maybe I read it wrong but File dropper wouldn't let me proceed with out making a payment of some kind. The cheapest option was .99 a month so I went with that. Not that much and I can drop it at any time.
 I had saved the file from Bitdefender on my desk top so it was lost when I rebooted. I do remember it was a Trojan virus but don't remember the name. There was a total of two. Can I proceed to the Bitdefender on line scan again without going through all the other programs as before?

You are right, I went back and found that you can upload 2 G free, more than that cost extra. Sorry, my mistake  ;D
« Last Edit: June 06, 2009, 11:03:01 AM by indy777 »
Logged

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: Can't install or delete programs
« Reply #18 on: June 06, 2009, 11:53:10 AM »
Yes try BitDefender again and post the results.
Logged

indy777

  • Guest
Re: Can't install or delete programs
« Reply #19 on: June 06, 2009, 07:56:26 PM »
I finally got combo fix downloaded and tried to run the program. Got a message saying "comodo antivirus and comodo defense +"  is running and needs to be shut down first. I have no idea where this is at, it never showed up in uninstall manager or in programs list. Now we have to find a way to shut them down.
Logged

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: Can't install or delete programs
« Reply #20 on: June 06, 2009, 08:05:05 PM »
Is Comodo what you use for your antivirus or is it Avast?

Just continue on with ComboFix. It should still run.
Logged

indy777

  • Guest
Re: Can't install or delete programs
« Reply #21 on: June 06, 2009, 08:47:39 PM »
I run Avast.  The comodo shouldn't be there, it is from one I used and didn't like it and deleted it, I thought.
I will continue on with the Combo fix
Logged

indy777

  • Guest
Re: Can't install or delete programs
« Reply #22 on: June 06, 2009, 09:24:21 PM »
ComboFix 09-06-05.09 - William Michels 06/06/2009 23:07.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00]
Running from: c:\users\William Michels\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\cluster 119497.PIF
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
D:\Desktop.ini

.
(((((((((((((((((((((((((   Files Created from 2009-05-07 to 2009-06-07  )))))))))))))))))))))))))))))))
.

2009-06-07 03:15 . 2009-06-07 03:15   --------   d-----w-   c:\users\William Michels\AppData\Local\temp
2009-06-06 20:27 . 2009-06-07 03:11   --------   d---a-w-   \Qoobox
2009-06-06 19:19 . 2009-06-06 19:19   --------   d-----w-   c:\users\William Michels\AppData\Local\COMODO
2009-06-06 19:19 . 2009-06-06 19:19   --------   d-----w-   c:\users\WILLIA~1\AppData\Local\COMODO
2009-06-06 17:16 . 2009-05-26 17:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:16 . 2009-05-26 17:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-06 15:40 . 2009-02-05 20:07   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-06-06 15:40 . 2009-02-05 20:07   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-06-06 15:40 . 2009-02-05 20:06   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-06-06 15:40 . 2009-02-05 20:06   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-06-06 15:40 . 2009-02-05 20:04   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-06-06 15:40 . 2009-02-05 20:11   1256296   ----a-w-   c:\windows\system32\aswBoot.exe
2009-06-06 15:40 . 2009-02-05 20:06   51792   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-06-06 02:42 . 2009-06-07 02:59   117760   ----a-w-   c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 02:15 . 2009-06-06 02:15   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-06 02:09 . 2009-06-06 02:13   --------   d-----w-   c:\program files\CCleaner
2009-06-05 22:50 . 2009-06-06 18:57   --------   d-----w-   c:\windows\BDOSCAN8
2009-06-04 21:36 . 2009-06-06 15:30   680   ----a-w-   c:\users\William Michels\AppData\Local\d3d9caps.dat
2009-06-04 21:36 . 2009-06-06 15:30   680   ----a-w-   c:\users\WILLIA~1\AppData\Local\d3d9caps.dat
2009-06-04 21:32 . 2009-06-04 21:32   --------   d-----w-   c:\users\William Michels\AppData\Roaming\Malwarebytes
2009-06-04 21:32 . 2009-06-04 21:32   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\Malwarebytes
2009-06-04 21:32 . 2009-06-06 17:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-04 21:32 . 2009-06-04 21:32   --------   d-----w-   c:\progra~2\Malwarebytes
2009-06-04 17:35 . 2009-06-04 17:35   --------   d-----w-   c:\progra~2\SUPERAntiSpyware.com
2009-06-04 17:31 . 2009-06-06 02:36   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-06-04 17:31 . 2009-06-04 17:31   --------   d-----w-   c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com
2009-06-04 17:31 . 2009-06-04 17:31   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\SUPERAntiSpyware.com
2009-06-03 01:33 . 2009-06-03 01:33   --------   d-----w-   c:\program files\Alwil Software
2009-05-31 23:31 . 2009-06-01 00:33   --------   d-----w-   c:\program files\SpywareBlaster
2009-05-28 21:20 . 2009-05-30 23:58   --------   d-----w-   c:\users\William Michels\AppData\Roaming\System Tweaker
2009-05-28 21:20 . 2009-05-30 23:58   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\System Tweaker
2009-05-27 19:29 . 2009-06-06 04:53   --------   d-----w-   c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5}
2009-05-27 19:07 . 2009-06-07 02:49   408464   ----a-w-   c:\windows\system32\drivers\sfi.dat
2009-05-27 16:25 . 2009-05-27 19:28   28704   ----a-w-   c:\windows\system32\drivers\cmdhlp.sys
2009-05-27 16:25 . 2009-05-27 19:28   168208   ----a-w-   c:\windows\system32\guard32.dll
2009-05-27 16:25 . 2009-05-27 19:28   130080   ----a-w-   c:\windows\system32\drivers\cmdguard.sys
2009-05-24 23:26 . 2009-06-06 04:52   --------   d-----w-   c:\program files\tinySpell
2009-05-24 23:26 . 2009-05-24 23:26   --------   d-----w-   c:\users\William Michels\AppData\Roaming\tinySpell
2009-05-24 23:26 . 2009-05-24 23:26   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\tinySpell
2009-05-10 22:04 . 2009-05-10 22:04   10769104   ----a-w-   c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 03:03 . 2008-02-15 22:37   2325553152   --sha-w-   \pagefile.sys
2009-06-06 15:27 . 2008-08-15 02:27   --------   d-----w-   c:\program files\Uniblue
2009-06-06 04:53 . 2009-04-22 21:51   --------   d-----w-   c:\users\William Michels\AppData\Roaming\uTorrent
2009-06-06 04:53 . 2009-04-22 21:51   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\uTorrent
2009-06-06 04:52 . 2008-11-20 19:31   --------   d-----w-   c:\program files\searchandwintoolbar
2009-06-06 04:52 . 2008-09-04 23:41   --------   d-----w-   c:\program files\LimeWire
2009-06-06 04:52 . 2008-02-02 02:58   --------   d-----w-   c:\program files\PC-Doctor 5 for Windows
2009-06-06 04:52 . 2008-02-02 02:47   --------   d---a-w-   c:\program files\Common Files\LightScribe
2009-06-06 04:52 . 2008-02-02 02:47   --------   d-----w-   c:\program files\Common Files\SureThing Shared
2009-06-06 04:52 . 2009-05-07 22:21   --------   d-----w-   c:\program files\TouchStoneSoftware
2009-06-02 03:10 . 2008-08-23 19:49   --------   d-----w-   c:\program files\Coupons
2009-05-31 19:53 . 2008-09-05 23:38   20   ---h--w-   c:\progra~2\PKP_DLec.DAT
2009-05-31 19:53 . 2008-09-05 23:28   20   ---h--w-   c:\progra~2\PKP_DLds.DAT
2009-05-30 20:40 . 2008-08-14 01:53   --------   d-----w-   c:\program files\google
2009-05-30 19:55 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8
2009-05-29 23:42 . 2009-04-01 16:51   --------   d-----w-   c:\users\William Michels\AppData\Roaming\Comodo
2009-05-29 23:42 . 2009-04-01 16:51   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\Comodo
2009-05-29 23:42 . 2009-04-01 16:51   --------   d-----w-   c:\progra~2\comodo
2009-05-29 23:42 . 2009-04-01 16:51   --------   d-----w-   c:\program files\COMODO
2009-05-29 21:48 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8(61)
2009-05-29 00:05 . 2008-09-04 23:41   --------   d-----w-   c:\users\William Michels\AppData\Roaming\LimeWire
2009-05-29 00:05 . 2008-09-04 23:41   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\LimeWire
2009-05-28 21:17 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8(62)
2009-05-28 20:31 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8(54)
2009-05-17 15:26 . 2009-04-01 16:51   68640   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-05-14 14:45 . 2008-02-02 02:54   --------   d-----w-   c:\progra~2\Microsoft Help
2009-05-14 14:41 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-05-09 23:18 . 2008-08-23 18:41   --------   d-----w-   c:\users\William Michels\AppData\Roaming\GoodSync
2009-05-09 23:18 . 2008-08-23 18:41   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\GoodSync
2009-05-07 22:46 . 2009-04-11 03:35   --------   d-----w-   c:\users\William Michels\AppData\Roaming\Azureus
2009-05-07 22:46 . 2009-04-11 03:35   --------   d-----w-   c:\users\WILLIA~1\AppData\Roaming\Azureus
2009-05-07 18:13 . 2009-05-07 18:13   --------   d-----w-   c:\progra~2\Azureus
2009-04-26 15:08 . 2009-03-21 17:41   541696   ----a-w-   c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-04-23 23:49 . 2008-12-10 05:00   350   ----a-w-   c:\users\William Michels\AppData\Roaming\wklnhst.dat
2009-04-23 23:49 . 2008-12-10 05:00   350   ----a-w-   c:\users\WILLIA~1\AppData\Roaming\wklnhst.dat
2009-04-22 21:52 . 2009-04-22 21:52   --------   d-----w-   c:\program files\uTorrent
2009-04-11 03:39 . 2009-04-11 03:35   --------   d-----w-   c:\program files\Vuze
2009-04-02 03:56 . 2009-03-21 17:41   79872   ----a-w-   c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-04-01 16:57 . 2009-04-01 16:57   249592   ----a-w-   c:\windows\system32\cssdll32.dll
2009-03-21 17:41 . 2009-03-21 17:41   349184   ----a-w-   c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-03-17 03:38 . 2009-04-17 00:42   13824   ----a-w-   c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:42   24064   ----a-w-   c:\windows\system32\amxread.dll
2009-03-09 18:51 . 2009-03-09 18:51   10134   ----a-r-   c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-03-09 09:19 . 2008-12-06 16:07   410984   ----a-w-   c:\windows\system32\deploytk.dll
2008-09-04 18:15 . 2008-09-04 18:15   22   --sha-w-   c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592]
"tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784]

c:\users\WILLIA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [5/27/2009 12:25 PM 28704]
S1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [5/27/2009 12:25 PM 130080]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
S2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - ECACHE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Software Update - c:\program files\Hp\HP Software Update\HPWuSchd2.exe
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-06 23:15
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  SansaDispatch = c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe?????E??h????`??????????????????????????type????????????????????????????????????P?

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-06-07 23:17
ComboFix-quarantined-files.txt  2009-06-07 03:17

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 224,851,353,600 bytes free

236   --- E O F ---   2009-06-06 04:38
Logged

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: Can't install or delete programs
« Reply #23 on: June 07, 2009, 06:39:23 AM »

Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

Driver::
cmdHlp
cmdGuard

File::
c:\windows\System32\drivers\cmdhlp.sys
c:\windows\System32\drivers\cmdguard.sys

Folder::
c:\users\William Michels\AppData\Local\COMODO
c:\users\WILLIA~1\AppData\Local\COMODO

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Now look in C:\Program Files for the Comodo folder and delete the entire folder.

Next go to this post and follow the instructions for running the removal tool to get rid of the rest of Comodo.

----------

Download Registry Search by Bobbi Flekman
(see the link titled RegSearch Download Link)
  • Extract the files from Regsearch.zip into a folder.
  • Doubleclick regsearch.exe to start the program.
  • Enter comodo in the top area of the form and then click "OK".
  • Notepad will be opened with text in it (the file named RegSearch.txt will be saved in the program's folder as well).
  • Add the contents of the Notepad file to your next reply.
Logged

indy777

  • Guest
Re: Can't install or delete programs
« Reply #24 on: June 07, 2009, 11:03:59 AM »
I have got to the part where I go to the post for running the removal tool for Comodo and I clicked on the link for non registered user and found the zip file, BUT it will not let me download it. I don't get the hand indicating there is anything there to download. What am I doing wrong?
Logged

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: Can't install or delete programs
« Reply #25 on: June 07, 2009, 11:33:40 AM »
Here ya go.

[attachment deleted by admin]
Logged

indy777

  • Guest
Re: Can't install or delete programs
« Reply #26 on: June 07, 2009, 12:03:47 PM »
I still can't delete the Comodo file from Program Files




ComboFix 09-06-05.09 - William Michels 06/07/2009 12:03.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1918.1484 [GMT -4:00]
Running from: c:\users\William Michels\Desktop\ComboFix.exe
Command switches used :: c:\users\William Michels\Desktop\CFScript.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\System32\drivers\cmdguard.sys"
"c:\windows\System32\drivers\cmdhlp.sys"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\WILLIA~1\AppData\Local\COMODO
c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx0.tmp
c:\users\WILLIA~1\AppData\Local\COMODO\.tmp\ctx1.tmp
c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx0.tmp
c:\users\William Michels\AppData\Local\COMODO\.tmp\ctx1.tmp
c:\windows\System32\drivers\cmdguard.sys
c:\windows\System32\drivers\cmdhlp.sys

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDGUARD
-------\Legacy_CMDHLP
-------\Service_cmdGuard
-------\Service_cmdHlp


(((((((((((((((((((((((((   Files Created from 2009-05-07 to 2009-06-07  )))))))))))))))))))))))))))))))
.

2009-06-07 16:10 . 2009-06-07 16:10   --------   d-sh--w-   \$RECYCLE.BIN
2009-06-07 16:10 . 2009-06-07 16:10   2011750400   --sha-w-   \hiberfil.sys
2009-06-07 16:09 . 2009-06-07 16:10   --------   d-----w-   c:\users\William Michels\AppData\Local\temp
2009-06-07 16:09 . 2009-06-07 16:09   --------   d-----w-   C:\temp
2009-06-07 16:09 . 2009-06-07 16:09   --------   d-----w-   \temp
2009-06-07 16:01 . 2009-06-07 16:10   --------   d-s---w-   \ComboFix
2009-06-06 20:27 . 2009-06-07 16:03   --------   d---a-w-   \Qoobox
2009-06-06 17:16 . 2009-05-26 17:20   40160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:16 . 2009-05-26 17:19   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-06-06 15:40 . 2009-02-05 20:07   114768   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2009-06-06 15:40 . 2009-02-05 20:07   20560   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2009-06-06 15:40 . 2009-02-05 20:06   51376   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2009-06-06 15:40 . 2009-02-05 20:06   23152   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2009-06-06 15:40 . 2009-02-05 20:04   97480   ----a-w-   c:\windows\system32\AvastSS.scr
2009-06-06 15:40 . 2009-02-05 20:11   1256296   ----a-w-   c:\windows\system32\aswBoot.exe
2009-06-06 15:40 . 2009-02-05 20:06   51792   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2009-06-06 02:42 . 2009-06-07 15:35   117760   ----a-w-   c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 02:15 . 2009-06-06 02:15   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-06-06 02:09 . 2009-06-06 02:13   --------   d-----w-   c:\program files\CCleaner
2009-06-05 22:50 . 2009-06-06 18:57   --------   d-----w-   c:\windows\BDOSCAN8
2009-06-04 21:36 . 2009-06-06 15:30   680   ----a-w-   c:\users\William Michels\AppData\Local\d3d9caps.dat
2009-06-04 21:32 . 2009-06-04 21:32   --------   d-----w-   c:\users\William Michels\AppData\Roaming\Malwarebytes
2009-06-04 21:32 . 2009-06-06 17:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-06-04 21:32 . 2009-06-04 21:32   --------   d-----w-   c:\progra~2\Malwarebytes
2009-06-04 17:35 . 2009-06-04 17:35   --------   d-----w-   c:\progra~2\SUPERAntiSpyware.com
2009-06-04 17:31 . 2009-06-06 02:36   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-06-04 17:31 . 2009-06-04 17:31   --------   d-----w-   c:\users\William Michels\AppData\Roaming\SUPERAntiSpyware.com
2009-06-03 01:33 . 2009-06-03 01:33   --------   d-----w-   c:\program files\Alwil Software
2009-05-31 23:31 . 2009-06-01 00:33   --------   d-----w-   c:\program files\SpywareBlaster
2009-05-28 21:20 . 2009-05-30 23:58   --------   d-----w-   c:\users\William Michels\AppData\Roaming\System Tweaker
2009-05-27 19:29 . 2009-06-06 04:53   --------   d-----w-   c:\users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5}
2009-05-27 19:07 . 2009-06-07 15:54   408464   ----a-w-   c:\windows\system32\drivers\sfi.dat
2009-05-27 16:25 . 2009-05-27 19:28   168208   ----a-w-   c:\windows\system32\guard32.dll
2009-05-24 23:26 . 2009-06-06 04:52   --------   d-----w-   c:\program files\tinySpell
2009-05-24 23:26 . 2009-05-24 23:26   --------   d-----w-   c:\users\William Michels\AppData\Roaming\tinySpell
2009-05-10 22:04 . 2009-05-10 22:04   10769104   ----a-w-   c:\users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 16:10 . 2008-02-15 22:37   2325553152   --sha-w-   \pagefile.sys
2009-06-06 15:27 . 2008-08-15 02:27   --------   d-----w-   c:\program files\Uniblue
2009-06-06 04:53 . 2009-04-22 21:51   --------   d-----w-   c:\users\William Michels\AppData\Roaming\uTorrent
2009-06-06 04:52 . 2008-11-20 19:31   --------   d-----w-   c:\program files\searchandwintoolbar
2009-06-06 04:52 . 2008-09-04 23:41   --------   d-----w-   c:\program files\LimeWire
2009-06-06 04:52 . 2008-02-02 02:58   --------   d-----w-   c:\program files\PC-Doctor 5 for Windows
2009-06-06 04:52 . 2008-02-02 02:47   --------   d---a-w-   c:\program files\Common Files\LightScribe
2009-06-06 04:52 . 2008-02-02 02:47   --------   d-----w-   c:\program files\Common Files\SureThing Shared
2009-06-06 04:52 . 2009-05-07 22:21   --------   d-----w-   c:\program files\TouchStoneSoftware
2009-06-02 03:10 . 2008-08-23 19:49   --------   d-----w-   c:\program files\Coupons
2009-05-31 19:53 . 2008-09-05 23:38   20   ---h--w-   c:\progra~2\PKP_DLec.DAT
2009-05-31 19:53 . 2008-09-05 23:28   20   ---h--w-   c:\progra~2\PKP_DLds.DAT
2009-05-30 20:40 . 2008-08-14 01:53   --------   d-----w-   c:\program files\google
2009-05-30 19:55 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8
2009-05-29 23:42 . 2009-04-01 16:51   --------   d-----w-   c:\users\William Michels\AppData\Roaming\Comodo
2009-05-29 23:42 . 2009-04-01 16:51   --------   d-----w-   c:\progra~2\comodo
2009-05-29 23:42 . 2009-04-01 16:51   --------   d-----w-   c:\program files\COMODO
2009-05-29 21:48 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8(61)
2009-05-29 00:05 . 2008-09-04 23:41   --------   d-----w-   c:\users\William Michels\AppData\Roaming\LimeWire
2009-05-28 21:17 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8(62)
2009-05-28 20:31 . 2008-08-31 16:58   --------   d-----w-   c:\progra~2\Avg8(54)
2009-05-17 15:26 . 2009-04-01 16:51   68640   ----a-w-   c:\windows\system32\drivers\inspect.sys
2009-05-14 14:45 . 2008-02-02 02:54   --------   d-----w-   c:\progra~2\Microsoft Help
2009-05-14 14:41 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2009-05-09 23:18 . 2008-08-23 18:41   --------   d-----w-   c:\users\William Michels\AppData\Roaming\GoodSync
2009-05-07 22:46 . 2009-04-11 03:35   --------   d-----w-   c:\users\William Michels\AppData\Roaming\Azureus
2009-05-07 18:13 . 2009-05-07 18:13   --------   d-----w-   c:\progra~2\Azureus
2009-04-26 15:08 . 2009-03-21 17:41   541696   ----a-w-   c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-04-23 23:49 . 2008-12-10 05:00   350   ----a-w-   c:\users\William Michels\AppData\Roaming\wklnhst.dat
2009-04-22 21:52 . 2009-04-22 21:52   --------   d-----w-   c:\program files\uTorrent
2009-04-11 03:39 . 2009-04-11 03:35   --------   d-----w-   c:\program files\Vuze
2009-04-02 03:56 . 2009-03-21 17:41   79872   ----a-w-   c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-04-01 16:57 . 2009-04-01 16:57   249592   ----a-w-   c:\windows\system32\cssdll32.dll
2009-03-21 17:41 . 2009-03-21 17:41   349184   ----a-w-   c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-03-17 03:38 . 2009-04-17 00:42   13824   ----a-w-   c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-17 00:42   24064   ----a-w-   c:\windows\system32\amxread.dll
2009-03-09 18:51 . 2009-03-09 18:51   10134   ----a-r-   c:\users\William Michels\AppData\Roaming\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2008-09-04 18:15 . 2008-09-04 18:15   22   --sha-w-   c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 801904]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SansaDispatch"="c:\users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 79872]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 160592]
"tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2008-03-26 200704]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 73728]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-8-22 157000]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}c:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}c:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:c:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [6/6/2009 11:40 AM 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [6/6/2009 11:40 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [6/6/2009 11:40 AM 51792]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 12:10
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Webshots\Webshots.scr
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-06-07 12:14 - machine was rebooted
ComboFix-quarantined-files.txt  2009-06-07 16:14
ComboFix2.txt  2009-06-07 03:17

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 222,641,451,008 bytes free

246   --- E O F ---   2009-06-06 04:38




Windows Registry Editor Version 5.00

; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0

; Results at 6/7/2009 1:45:29 PM for strings:
;  'comodo'
; Strings excluded from search:
;  (None)
; Search in:
; Registry Keys  Registry Values  Registry Data 
; HKEY_LOCAL_MACHINE  HKEY_USERS 


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu]
@="Comodo Antivirus Context Menu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1]
@="Comodo Antivirus Context Menu Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}]
@="Comodo AntiVirus"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32]
@="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0]
@="Comodo Antivirus Shell Menu"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64]
@="C:\\Program Files\\COMODO\\COMODO Internet Security\\cavshell.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]
"LocDescription"="@oem48.inf,%inspect_desc%;COMODO Internet Security Firewall Driver"
"Description"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]
"HelpText"="COMODO Internet Security Firewall Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"="COMODO Internet Security Firewall Driver"

[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup]

[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security]

[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog]

[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security"

[HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\William Michels\\Desktop\\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"="COMODO Internet Security Installer"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cfpconfg.exe"="COMODO Internet Security"
"C:\\Program Files\\COMODO\\COMODO Internet Security\\cavscan.exe"="COMODO Internet Security"

; End Of The Log...
Logged

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: Can't install or delete programs
« Reply #27 on: June 07, 2009, 12:31:35 PM »
Delete these files/folders, as follows:

1. Go to Start > Run > type Notepad.exe and click OK to open Notepad.
It must be Notepad, not Wordpad.
2. Copy the text in the below code box by highlighting all the text and pressing Ctrl+C

Code: [Select]
KillAll::

File::
C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe

Folder::
C:\Program Files\COMODO

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Comodo Antivirus]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CavShell.CntMenu.1]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4255A182-CAD9-4214-A19B-7BA7FB633BBD}\InprocServer32]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\Comodo Antivirus]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\file\ShellEx\ContextMenuHandlers\Comodo Antivirus]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Comodo Antivirus]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{96D27592-5FAA-4B65-AE65-C41AA290ABCD}\1.0\0\win64]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4255A182-CAD9-4214-A19B-7BA7FB633BBD}"="Comodo Antivirus"

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"=-

[-HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{208D67BB-EF7E-4183-8341-580548FB2E4D}\Ndi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INSPECT\0000]
"DeviceDesc"=-

[-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup]

[-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security]

[-HKEY_USERS\S-1-5-21-4280910030-2114780719-3168784256-1000\Software\ComodoGroup\COMODO Internet Security\CisMainDialog]


3. Go to the Notepad window and click Edit > Paste
4. Then click File > Save
5. Name the file CFScript.txt - Save the file to your Desktop
6. Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!



ComboFix will begin to execute, just follow the prompts.
After reboot (in case it asks to reboot), it will produce a log for you.
Post that log (Combofix.txt) in your next reply.

Note: Do not mouseclick ComboFix's window while it is running. That may cause your system to freeze

----------

Go to Start > Run and type Notepad.exe then click OK.

Copy and paste the following text within the code box into the new Notepad file.

Code: [Select]
@ECHO OFF
net stop winmgmt
cd /d %windir%\system32\wbem
ren repository repository.old
net start winmgmt
exit
In Notepad select File and Save as
Choose the Save to location to be the Desktop and for the File name: type in fixme.bat making sure that the Save as type field says All files.

Next double click fixservice.bat to run it.
A black box should open and close after a short time, this is normal.
Do not continue until the black box has closed
Delete fixservice.bat from the Desktop.

----------

Also let me know how the computer is running now.
Logged

indy777

  • Guest
Re: Can't install or delete programs
« Reply #28 on: June 07, 2009, 01:46:51 PM »
Computer is running much faster, but still have a couple more issues. I haven't mentioned it but everytime I have to reboot or shut down I get a message, "Configuring updates" It will stay there for hours if I let it but I have been doing a hard shut down. I have went to Windows update and there are some updates that are trying to download, when I hit Install, the screen freezes and have to go to task manager to shut down Windows update screen. They won't install and I can't make them go away.
Also there is a program that I deleted about the time all these problems started that keeps trying to initialize but the program is not there anymore. It trys to start on every startup. As of now this is all I can find wrong. Program is called "tiny spell"

Here is the Combofix from the last run:

ComboFix 09-06-05.09 - William Michels 06/07/2009 14:54:52.1 - NTFSx86 NETWORK
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.1918.1486 [GMT -4:00]
Running from: C:\Users\William Michels\Desktop\ComboFix.exe
Command switches used :: C:\Users\William Michels\Desktop\CFScript7.txt
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"C:\Users\William Michels\Desktop\CIS_Setup_3.9.95478.509_XP_Vista_x32.exe"
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\COMODO
C:\Program Files\COMODO\COMODO Internet Security\cavscan.dll
C:\Program Files\COMODO\COMODO Internet Security\cavscan.exe
C:\Program Files\COMODO\COMODO Internet Security\cavshell.dll
C:\Program Files\COMODO\COMODO Internet Security\cfp.chinese.chm
C:\Program Files\COMODO\COMODO Internet Security\cfp.chm
C:\Program Files\COMODO\COMODO Internet Security\cfp.dll
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.russian.chm
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.dll
C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.dll
C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.dll
C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
C:\Program Files\COMODO\COMODO Internet Security\cfpver.dat
C:\Program Files\COMODO\COMODO Internet Security\cisinfo.ini
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Antivirus Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Firewall Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Internet Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\COMODO - Proactive Security.cfg
C:\Program Files\COMODO\COMODO Internet Security\crashrep.exe
C:\Program Files\COMODO\COMODO Internet Security\database\pending.hse
C:\Program Files\COMODO\COMODO Internet Security\database\pending.nme
C:\Program Files\COMODO\COMODO Internet Security\database\safe.hse
C:\Program Files\COMODO\COMODO Internet Security\database\safe.nme
C:\Program Files\COMODO\COMODO Internet Security\database\vendor.nme
C:\Program Files\COMODO\COMODO Internet Security\EULA.txt
C:\Program Files\COMODO\COMODO Internet Security\framework.dll
C:\Program Files\COMODO\COMODO Internet Security\incompatsw.ini
C:\Program Files\COMODO\COMODO Internet Security\inspect.cat
C:\Program Files\COMODO\COMODO Internet Security\inspect.inf
C:\Program Files\COMODO\COMODO Internet Security\inspect.sys
C:\Program Files\COMODO\COMODO Internet Security\LPSSetup.exe
C:\Program Files\COMODO\COMODO Internet Security\registration.txt
C:\Program Files\COMODO\COMODO Internet Security\s1.tmp
C:\Program Files\COMODO\COMODO Internet Security\s2.tmp
C:\Program Files\COMODO\COMODO Internet Security\scanners\bases.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\common.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\dosmz.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\first.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\gunpack.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\heur.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\mach32.dll
C:\Program Files\COMODO\COMODO Internet Security\scanners\mem.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\pe32.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\pkann.dll
C:\Program Files\COMODO\COMODO Internet Security\scanners\unarch.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\unpack.cav
C:\Program Files\COMODO\COMODO Internet Security\scanners\white.cav
C:\Program Files\COMODO\COMODO Internet Security\Themes\cfp.theme
C:\Program Files\COMODO\COMODO Internet Security\tlicense.txt
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cavscan.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfp.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpconfg.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfplogvw.swedish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.arabic.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.brazilian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.Chinese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.chinesetraditional.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.czech.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.danish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.dutch.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.english.lang.template
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.estonian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.finnish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.french.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.german.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.italian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.japanese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.polish.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.portuguese.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.romanian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.russian.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.slovak.lang
C:\Program Files\COMODO\COMODO Internet Security\Translations\cfpupdat.swedish.lang

.
(((((((((((((((((((((((((   Files Created from 2009-05-07 to 2009-06-07  )))))))))))))))))))))))))))))))
.

2009-06-07 19:02:41 . 2009-06-07 19:02:41   0   d-sh--w-   \$RECYCLE.BIN
2009-06-07 19:01:57 . 2009-06-07 19:01:57   2009694208   --sha-w-   \hiberfil.sys
2009-06-07 19:00:38 . 2009-06-07 19:02:47   0   d-----w-   C:\Users\William Michels\AppData\Local\temp
2009-06-07 19:00:38 . 2009-06-07 19:00:38   0   d-----w-   C:\temp
2009-06-07 19:00:38 . 2009-06-07 19:00:38   0   d-----w-   \temp
2009-06-07 18:53:09 . 2009-06-07 19:02:48   0   d-s---w-   \ComboFix
2009-06-07 16:28:25 . 2009-06-07 16:28:25   0   d-----w-   C:\Users\William Michels\AppData\Local\COMODO
2009-06-06 20:27:25 . 2009-06-07 18:54:33   0   d---a-w-   \Qoobox
2009-06-06 17:16:29 . 2009-05-26 17:20:08   40160   ----a-w-   C:\Windows\system32\drivers\mbamswissarmy.sys
2009-06-06 17:16:28 . 2009-05-26 17:19:56   19096   ----a-w-   C:\Windows\system32\drivers\mbam.sys
2009-06-06 15:40:39 . 2009-02-05 20:07:23   114768   ----a-w-   C:\Windows\system32\drivers\aswSP.sys
2009-06-06 15:40:39 . 2009-02-05 20:07:12   20560   ----a-w-   C:\Windows\system32\drivers\aswFsBlk.sys
2009-06-06 15:40:39 . 2009-02-05 20:06:20   51376   ----a-w-   C:\Windows\system32\drivers\aswTdi.sys
2009-06-06 15:40:39 . 2009-02-05 20:06:10   23152   ----a-w-   C:\Windows\system32\drivers\aswRdr.sys
2009-06-06 15:40:39 . 2009-02-05 20:04:45   97480   ----a-w-   C:\Windows\system32\AvastSS.scr
2009-06-06 15:40:30 . 2009-02-05 20:11:35   1256296   ----a-w-   C:\Windows\system32\aswBoot.exe
2009-06-06 15:40:30 . 2009-02-05 20:06:59   51792   ----a-w-   C:\Windows\system32\drivers\aswMonFlt.sys
2009-06-06 02:42:32 . 2009-06-07 16:42:01   117760   ----a-w-   C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-06 02:15:51 . 2009-06-06 02:15:51   0   d-----w-   C:\Program Files\Common Files\Wise Installation Wizard
2009-06-06 02:09:11 . 2009-06-06 02:13:12   0   d-----w-   C:\Program Files\CCleaner
2009-06-05 22:50:18 . 2009-06-06 18:57:44   0   d-----w-   C:\Windows\BDOSCAN8
2009-06-04 21:36:13 . 2009-06-06 15:30:58   680   ----a-w-   C:\Users\William Michels\AppData\Local\d3d9caps.dat
2009-06-04 21:32:08 . 2009-06-04 21:32:08   0   d-----w-   C:\Users\William Michels\AppData\Roaming\Malwarebytes
2009-06-04 21:32:03 . 2009-06-06 17:18:32   0   d-----w-   C:\Program Files\Malwarebytes' Anti-Malware
2009-06-04 21:32:03 . 2009-06-04 21:32:03   0   d-----w-   C:\PROGRA~2\Malwarebytes
2009-06-04 17:35:40 . 2009-06-04 17:35:40   0   d-----w-   C:\PROGRA~2\SUPERAntiSpyware.com
2009-06-04 17:31:43 . 2009-06-06 02:36:37   0   d-----w-   C:\Program Files\SUPERAntiSpyware
2009-06-04 17:31:43 . 2009-06-04 17:31:43   0   d-----w-   C:\Users\William Michels\AppData\Roaming\SUPERAntiSpyware.com
2009-06-03 01:33:08 . 2009-06-03 01:33:08   0   d-----w-   C:\Program Files\Alwil Software
2009-05-31 23:31:04 . 2009-06-01 00:33:50   0   d-----w-   C:\Program Files\SpywareBlaster
2009-05-28 21:20:35 . 2009-05-30 23:58:08   0   d-----w-   C:\Users\William Michels\AppData\Roaming\System Tweaker
2009-05-27 19:29:15 . 2009-06-06 04:53:30   0   d-----w-   C:\Users\William Michels\{2be83168-6029-4d46-b0f6-10bbc66433b5}
2009-05-27 19:07:57 . 2009-06-07 15:54:17   408464   ----a-w-   C:\Windows\system32\drivers\sfi.dat
2009-05-27 16:25:05 . 2009-05-27 19:28:34   168208   ----a-w-   C:\Windows\system32\guard32.dll
2009-05-24 23:26:22 . 2009-06-06 04:52:27   0   d-----w-   C:\Program Files\tinySpell
2009-05-24 23:26:22 . 2009-05-24 23:26:49   0   d-----w-   C:\Users\William Michels\AppData\Roaming\tinySpell
2009-05-10 22:04:53 . 2009-05-10 22:04:53   10769104   ----a-w-   C:\Users\William Michels\AppData\Roaming\Nikon\Message Center\DOWNLOAD_LOG\13213\S-P2____-176WU-NSAEN.exe

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 19:01:55 . 2008-02-15 22:37:35   2325553152   --sha-w-   \pagefile.sys
2009-06-06 15:27:19 . 2008-08-15 02:27:49   0   d-----w-   C:\Program Files\Uniblue
2009-06-06 04:53:27 . 2009-04-22 21:51:52   0   d-----w-   C:\Users\William Michels\AppData\Roaming\uTorrent
2009-06-06 04:52:27 . 2008-11-20 19:31:49   0   d-----w-   C:\Program Files\searchandwintoolbar
2009-06-06 04:52:26 . 2008-09-04 23:41:30   0   d-----w-   C:\Program Files\LimeWire
2009-06-06 04:52:26 . 2008-02-02 02:58:22   0   d-----w-   C:\Program Files\PC-Doctor 5 for Windows
2009-06-06 04:52:18 . 2008-02-02 02:47:26   0   d---a-w-   C:\Program Files\Common Files\LightScribe
2009-06-06 04:52:18 . 2008-02-02 02:47:18   0   d-----w-   C:\Program Files\Common Files\SureThing Shared
2009-06-06 04:52:08 . 2009-05-07 22:21:48   0   d-----w-   C:\Program Files\TouchStoneSoftware
2009-06-02 03:10:55 . 2008-08-23 19:49:04   0   d-----w-   C:\Program Files\Coupons
2009-05-31 19:53:05 . 2008-09-05 23:38:36   20   ---h--w-   C:\PROGRA~2\PKP_DLec.DAT
2009-05-31 19:53:05 . 2008-09-05 23:28:43   20   ---h--w-   C:\PROGRA~2\PKP_DLds.DAT
2009-05-30 20:40:50 . 2008-08-14 01:53:27   0   d-----w-   C:\Program Files\google
2009-05-30 19:55:43 . 2008-08-31 16:58:33   0   d-----w-   C:\PROGRA~2\Avg8
2009-05-29 23:42:41 . 2009-04-01 16:51:52   0   d-----w-   C:\Users\William Michels\AppData\Roaming\Comodo
2009-05-29 23:42:41 . 2009-04-01 16:51:49   0   d-----w-   C:\PROGRA~2\comodo
2009-05-29 21:48:33 . 2008-08-31 16:58:33   0   d-----w-   C:\PROGRA~2\Avg8(61)
2009-05-29 00:05:41 . 2008-09-04 23:41:44   0   d-----w-   C:\Users\William Michels\AppData\Roaming\LimeWire
2009-05-28 21:17:45 . 2008-08-31 16:58:33   0   d-----w-   C:\PROGRA~2\Avg8(62)
2009-05-28 20:31:18 . 2008-08-31 16:58:33   0   d-----w-   C:\PROGRA~2\Avg8(54)
2009-05-17 15:26:21 . 2009-04-01 16:51:49   68640   ----a-w-   C:\Windows\system32\drivers\inspect.sys
2009-05-14 14:45:51 . 2008-02-02 02:54:31   0   d-----w-   C:\PROGRA~2\Microsoft Help
2009-05-14 14:41:57 . 2006-11-02 11:18:33   0   d-----w-   C:\Program Files\Windows Mail
2009-05-09 23:18:25 . 2008-08-23 18:41:26   0   d-----w-   C:\Users\William Michels\AppData\Roaming\GoodSync
2009-05-07 22:46:37 . 2009-04-11 03:35:45   0   d-----w-   C:\Users\William Michels\AppData\Roaming\Azureus
2009-05-07 18:13:57 . 2009-05-07 18:13:57   0   d-----w-   C:\PROGRA~2\Azureus
2009-04-26 15:08:55 . 2009-03-21 17:41:14   541696   ----a-w-   C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdater.exe
2009-04-23 23:49:40 . 2008-12-10 05:00:34   350   ----a-w-   C:\Users\William Michels\AppData\Roaming\wklnhst.dat
2009-04-22 21:52:31 . 2009-04-22 21:52:31   0   d-----w-   C:\Program Files\uTorrent
2009-04-11 03:39:41 . 2009-04-11 03:35:09   0   d-----w-   C:\Program Files\Vuze
2009-04-02 03:56:11 . 2009-03-21 17:41:14   79872   ----a-w-   C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
2009-04-01 16:57:56 . 2009-04-01 16:57:56   249592   ----a-w-   C:\Windows\system32\cssdll32.dll
2009-03-21 17:41:15 . 2009-03-21 17:41:15   349184   ----a-w-   C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2009-03-17 03:38:46 . 2009-04-17 00:42:27   13824   ----a-w-   C:\Windows\system32\apilogen.dll
2009-03-17 03:38:44 . 2009-04-17 00:42:27   24064   ----a-w-   C:\Windows\system32\amxread.dll
2008-09-04 18:15:54 . 2008-09-04 18:15:54   22   --sha-w-   C:\Windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((   SnapShot@2009-06-07_16.10.53   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-02-02 03:17:43 . 2009-06-07 16:43:15   47880              C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05:11 . 2009-06-07 16:43:16   71032              C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-08-13 21:13:17 . 2009-06-07 15:36:16   16384              C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-13 21:13:17 . 2009-06-07 16:42:52   16384              C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-13 21:13:17 . 2009-06-07 15:36:16   32768              C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-13 21:13:17 . 2009-06-07 16:42:52   32768              C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-13 21:13:17 . 2009-06-07 15:36:16   16384              C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-13 21:13:17 . 2009-06-07 16:42:52   16384              C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-13 23:01:39 . 2009-06-07 16:43:16   9870              C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4280910030-2114780719-3168784256-1000_UserData.bin
- 2006-11-02 10:33:01 . 2009-06-07 15:42:24   595446              C:\Windows\System32\perfh009.dat
+ 2006-11-02 10:33:01 . 2009-06-07 16:48:58   595446              C:\Windows\System32\perfh009.dat
- 2006-11-02 10:33:01 . 2009-06-07 15:42:24   101144              C:\Windows\System32\perfc009.dat
+ 2006-11-02 10:33:01 . 2009-06-07 16:48:58   101144              C:\Windows\System32\perfc009.dat
- 2006-11-02 10:22:39 . 2009-06-07 15:38:02   6553600              C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22:39 . 2009-06-07 16:44:42   6553600              C:\Windows\System32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DW6"="C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-02-11 12:35:14 801904]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-15 05:15:24 39408]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 07:33:39 202240]
"SansaDispatch"="C:\Users\William Michels\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-04-02 03:56:11 79872]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-12 11:56:35 160592]
"tinySpell"="C:\Program Files\tinySpell\tinyspell.exe" [2008-03-26 18:09:38 200704]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 14:05:52 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 13:42:24 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 10:59:00 118784]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-23 02:49:00 13539872]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-23 02:49:00 92704]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 11:00:48 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 06:04:34 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-03-09 09:19:17 148888]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 20:08:45 81000]
"RtHDVCpl"="RtHDVCpl.exe" - C:\WINDOWS\RtHDVCpl.exe [2008-01-15 16:26:18 4874240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="C:\Program Files\PC-Doctor 5 for Windows\RunProfiler.exe" [2007-02-08 22:27:12 73728]
"Launcher"="C:\Windows\SMINST\launcher.exe" [2007-03-07 19:09:52 44168]

C:\Users\William Michels\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2008-8-22 157000]

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-9-5 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 14:13:36 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05:34   356352   ----a-w-   C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4280910030-2114780719-3168784256-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A4199458-5782-4B3E-8E51-C8E56A91E286}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4C0A85EA-D703-46FB-AB37-357A1813E6BC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B9030142-4060-4EE9-B4F8-0C73A6835873}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{57A41350-B9F7-42AB-9FC5-DE393A284472}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D26B0CD2-729F-4B50-9CBE-3762030EF607}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5DE4593B-9552-4936-A64F-55757A067408}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BC1D0FF5-4079-459E-81B6-CB7C1EDA7EF6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{31C95077-9A24-41A8-A42F-25CF4B8FEB82}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{FD3048A1-CE40-4EF4-9CC2-05561BC6DD03}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5128A22C-DC98-4B20-A29A-275D996B414F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{463A1A22-E433-4394-8209-CB30B84EDAAA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{2DFE46E2-93D8-47E2-BAFE-552A2C64F8F1}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{CCD2AB17-D386-4349-B092-1CD31CB63173}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{467D2113-BD2A-4402-95EA-0217AEFCDA9D}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C3CDCAA3-B3C7-4A15-9205-88E312385017}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FAD5518F-43BD-4EE5-BDE0-B1C3035638EA}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0B06C9F2-B837-4B77-9077-CC481F3461AD}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"TCP Query User{BC0EF3F1-0E26-4568-88A0-2424648FC647}C:\\program files\\laplink\\pcsync\\sfthost.exe"= UDP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"UDP Query User{25326B8B-07FA-41EA-971A-F4B9C292E1C4}C:\\program files\\laplink\\pcsync\\sfthost.exe"= TCP:C:\program files\laplink\pcsync\sfthost.exe:PCsync Host Module
"{B58F19EE-652E-4A6C-B426-BD2AA1980B3C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EC1E1CE4-7B8F-4D7B-8CF8-767D4C80D898}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{7E8BD5A2-4812-434B-9740-EC75B68C3336}C:\\program files\\vuze\\azureus.exe"= UDP:C:\program files\vuze\azureus.exe:Azureus
"UDP Query User{4C1EA7AC-F5FF-4CBF-8009-68AA163EC9A4}C:\\program files\\vuze\\azureus.exe"= TCP:C:\program files\vuze\azureus.exe:Azureus

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 aswSP;avast! Self Protection;C:\WINDOWS\System32\drivers\aswSP.sys [6/6/2009 11:40:39 AM 114768]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05:54 AM 9968]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05:52 AM 72944]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\System32\drivers\aswFsBlk.sys [6/6/2009 11:40:39 AM 20560]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [6/6/2009 11:40:30 AM 51792]
R3 SASENUM;SASENUM;C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05:56 AM 7408]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
.


Logged

evilfantasy

  • Malware Removal Specialist
  • Moderator


    • Genius
  • Calm like a bomb
    • Thanked: 493
  • Experience: Experienced
  • OS: Windows 11
Re: Can't install or delete programs
« Reply #29 on: June 07, 2009, 02:23:28 PM »
Try reinstalling tiny spell and then uninstall it through Add or Remove Programs (programs and features)

Shut down IE.

Open it up by right clicking the IE icon and choose 'Run as Administrator' and then try the Windows Updates.

Let me know...
Logged
Pages: 1 [2] 3  All   Go Up
« previous next »