Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91681 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Google redirects & spybot,hijack this problems


  • Please log in to reply
133 replies to this topic

#31 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 26 October 2009 - 03:10 PM

Hi there You are correct HKEY_LOCAL_MACHINE\REMOTE_SAM I wrote it down incorectly the last time the p.c booted up correctly was october 14th I will re attempt to run through your instructions as i probably did run with the hives open :smack: please be patient as im trying my best. thanks again

    Advertisements

Register to Remove


#32 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 26 October 2009 - 04:49 PM

I figured it was a typo, though I needed to be sure.
I have yet another exercise for you to do whilst in MiniXP.

Using the Opera browser to view this post, highlight and copy to text the contents of the code box below.

dir c:\system~1\_registry* /s>c:\restore.txt
notepad c:\restore.txt
exit
cls

Either click the command prompt icon on the taskbar or double click the Command Prompt icon on the desktop to open a command window.
Right click in the command window and Paste the copied text.
It should execute quickly and close, and a log should open.
Post the contents of that log here please.
Dave

#33 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 28 October 2009 - 12:15 PM

Hello i re ran the DDS bootcd.exe twice one before i pasted the 'reg query' into the command prompt box and one after. one thing i noticed i couldent get the user hive to open, it stated (ntuser.dat-file not found-please verify thr correct file name was given. only the HKEY_LOCAL as previousley noted opend I will run the next exercise in another post complete with log DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 17:42:16.06 on Wed 10/28/2009 Internet Explorer: 8.0.6001.18702 ============== Pseudo HJT Report =============== S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [RemoteControl] c:\windows\system32\rmctrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0) S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: rqRHxusp - rqRHxusp.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe AVG; [x] avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys fssfltr; system32\DRIVERS\fssfltr_tdi.sys fsssvc; "c:\program files\windows live\family safety\fsssvc.exe" gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc Lavasoft Ad-Aware Service; [x] PAC207; system32\DRIVERS\pfc027.sys PCTCore; system32\drivers\PCTCore.sys rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe" Winsock - Google Desktop Search Backup Before First Install; [x] Winsock - Google Desktop Search Backup Before Last Install; [x] Winsock2 - Google Desktop Search Backup Before First Install; [x] Winsock2 - Google Desktop Search Backup Before Last Install; [x] {017945CB-B466-4F10-96F8-EE9956E84EEE}; [x] {04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x] {AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x] =============== Created Last 30 ================ 2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll 2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll 2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar 2009-10-06 16:51 <DIR> --d----- c:\program files\AVG 2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys 2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS ==================== Find3M ==================== 2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat 2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll 2009-09-30 22:49 46 a------- C:\p2hhr.bat 2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com 2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com 2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat 2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif 2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys 2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg 2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com 2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs 2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl 2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat 2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat 2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg 2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db 2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr 2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif 2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg 2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com 2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr 2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl 2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll 2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll 2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old 2009-09-26 12:42 6,656 a------- C:\hxlqib.exe 2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp 2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT 2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe 2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys 2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe 2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT ==== Installed Programs ====================== 2600 2600_Help 2600Trb 4oD Adobe Flash Player 10 ActiveX Adobe Photoshop 7.0.1 Adobe Reader 7.0.9 Adobe® Photoshop® Album Starter Edition 3.0 AiO_Scan AiOSoftware APC PowerChute Business Edition Agent APC PowerChute Business Edition Console AVG Free 8.5 BufferChm Copy CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Destinations DiMAGE Viewer Director DocProc DocumentViewer Driveway and Patio Designer V9.5.22 Easy Price Pro NHE Cal Easy Price Pro NHE Estimator ERUNT 1.1j Fax Google Earth Google SketchUp 6 Google Toolbar for Internet Explorer Google Update Helper HighMAT Extension to Microsoft Windows XP CD Writing Wizard HMRC Employer CD-ROM 2009 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) hp deskjet 5550 series (Remove only) HP Diagnostic Assistant HP Discover Digital Photography HP Image Zone 4.2 hp print screen utility HP PSC & OfficeJet 4.2 HP Software Update HP Unload DLL Patch HPSystemDiagnostics InstantShare InterActual Player IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 11 Java™ 6 Update 3 Junk Mail filter update Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 6.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.3 Microsoft Office XP Professional with FrontPage Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Journal Viewer MSN MSN Music Assistant MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero - Burning Rom (Web installer) Network Play System (Patching) NHEEstimator Orange Search Toolbar OTiCardReader Overland PC Camer@ Personal License Update Wizard for Windows Media Player PhotoGallery Picasa 3 PowerDVD PrintScreen ProductContext QFolder QuickProjects QuickTime Readme RealPlayer RegCure 1.6.0.0 SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Scan Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Segoe UI SkinsHP1 Spybot - Search & Destroy Spyware Doctor 6.0 The Sims House Party TrayApp Unload upapp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) VIA Rhine-Family Fast Ethernet Adapter Viewpoint Media Player Virtual Earth 3D (Beta) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ============= FINISH: 17:42:23.14 =============== DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 18:01:20.31 on Wed 10/28/2009 Internet Explorer: 8.0.6001.18702 ============== Pseudo HJT Report =============== S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [RemoteControl] c:\windows\system32\rmctrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0) S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll Notify: rqRHxusp - rqRHxusp.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe AVG; [x] avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys fssfltr; system32\DRIVERS\fssfltr_tdi.sys fsssvc; "c:\program files\windows live\family safety\fsssvc.exe" gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc Lavasoft Ad-Aware Service; [x] PAC207; system32\DRIVERS\pfc027.sys PCTCore; system32\drivers\PCTCore.sys rpvnprpipoufniww; \systemroot\system32\drivers\rpvnprpipoufniww.sys sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe" Winsock - Google Desktop Search Backup Before First Install; [x] Winsock - Google Desktop Search Backup Before Last Install; [x] Winsock2 - Google Desktop Search Backup Before First Install; [x] Winsock2 - Google Desktop Search Backup Before Last Install; [x] {017945CB-B466-4F10-96F8-EE9956E84EEE}; [x] {04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x] {AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x] =============== Created Last 30 ================ 2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll 2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll 2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar 2009-10-06 16:51 <DIR> --d----- c:\program files\AVG 2009-10-01 20:26 <DIR> --d----- c:\program files\Spybot - Search & Destroy 2009-10-01 20:26 <DIR> --d----- c:\documents and settings\all users\application data\Spybot - Search & Destroy 2009-09-28 23:44 9,200 -------- c:\windows\system32\drivers\cdralw2k.sys 2009-09-28 23:44 9,072 -------- c:\windows\system32\drivers\cdr4_xp.sys 2009-09-28 23:43 <DIR> --d----- c:\windows\system32\IOSUBSYS ==================== Find3M ==================== 2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat 2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll 2009-09-30 22:49 46 a------- C:\p2hhr.bat 2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com 2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com 2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat 2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif 2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys 2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg 2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com 2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs 2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl 2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat 2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat 2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg 2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db 2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr 2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif 2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg 2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com 2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr 2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl 2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll 2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll 2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old 2009-09-26 12:42 6,656 a------- C:\hxlqib.exe 2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp 2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll 2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT 2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe 2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys 2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe 2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT ==== Installed Programs ====================== 2600 2600_Help 2600Trb 4oD Adobe Flash Player 10 ActiveX Adobe Photoshop 7.0.1 Adobe Reader 7.0.9 Adobe® Photoshop® Album Starter Edition 3.0 AiO_Scan AiOSoftware APC PowerChute Business Edition Agent APC PowerChute Business Edition Console AVG Free 8.5 BufferChm Copy CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Destinations DiMAGE Viewer Director DocProc DocumentViewer Driveway and Patio Designer V9.5.22 Easy Price Pro NHE Cal Easy Price Pro NHE Estimator ERUNT 1.1j Fax Google Earth Google SketchUp 6 Google Toolbar for Internet Explorer Google Update Helper HighMAT Extension to Microsoft Windows XP CD Writing Wizard HMRC Employer CD-ROM 2009 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) hp deskjet 5550 series (Remove only) HP Diagnostic Assistant HP Discover Digital Photography HP Image Zone 4.2 hp print screen utility HP PSC & OfficeJet 4.2 HP Software Update HP Unload DLL Patch HPSystemDiagnostics InstantShare InterActual Player IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 11 Java™ 6 Update 3 Junk Mail filter update Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 6.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.3 Microsoft Office XP Professional with FrontPage Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Journal Viewer MSN MSN Music Assistant MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero - Burning Rom (Web installer) Network Play System (Patching) NHEEstimator Orange Search Toolbar OTiCardReader Overland PC Camer@ Personal License Update Wizard for Windows Media Player PhotoGallery Picasa 3 PowerDVD PrintScreen ProductContext QFolder QuickProjects QuickTime Readme RealPlayer RegCure 1.6.0.0 SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Scan Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Segoe UI SkinsHP1 Spybot - Search & Destroy Spyware Doctor 6.0 The Sims House Party TrayApp Unload upapp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) VIA Rhine-Family Fast Ethernet Adapter Viewpoint Media Player Virtual Earth 3D (Beta) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ============= FINISH: 18:01:23.29 ===============

#34 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 28 October 2009 - 12:21 PM

Hello again Here is a log of your last exercise Volume in drive C is system Volume Serial Number is 4C24-1144 Again thank you

#35 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 28 October 2009 - 10:10 PM

The last exercise was done to see if any System Restore points existed that we might get a good working set of registry hives from. The results show there are none available. :(

It was not necessary to run dds twice, though no harm done. What I really need now is the log from the reg query done while having the hives loaded in Registry Editor PE. I will repeat those instructions below.

Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*

Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.

reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"

Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.


Now, click Start>Programs>Windows Explorer and expand then select C:\Windows
Look for the file ntbtlog.txt and delete it if present.
Restart the computer, select Boot the hard drive, then begin tapping the F8 key to enable the Advanced Start Menu.
Select Enable Boot Logging from the menu.
When the computer loads as far as it will, restart and go back to MiniXP.
Open Windows Explorer and locate the newly created C:\Windows\ntbtlog.txt file then post it's contents here.

Edited by noahdfear, 01 November 2009 - 06:35 PM.

Dave

#36 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 01 November 2009 - 03:42 PM

Here is my DDS log after your last instructions the hive paths were HKEY_LOCAL_MACHINE\_REMOTE_SAM \_REMOTE_SECURITY \_REMOTE_SOFTWARE \_REMOTE_SYSTEM I have deleated the ntbtlog.txt. i will re boot next and post the contents of the new ntbtlog DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 21:22:15.37 on Sun 11/01/2009 ============== Pseudo HJT Report =============== ============= SERVICES / DRIVERS =============== =============== Created Last 30 ================ 2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll 2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll 2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg ==================== Find3M ==================== 2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat 2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll 2009-09-30 22:49 46 a------- C:\p2hhr.bat 2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com 2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat 2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif 2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg 2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat 2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr 2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg 2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com 2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll 2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll 2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old 2009-09-26 12:42 6,656 a------- C:\hxlqib.exe 2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp 2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll 2009-08-05 09:01 204,800 a------- c:\windows\system32\mswebdvd.dll ==== Installed Programs ====================== ============= FINISH: 21:22:21.09 ===============

#37 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 01 November 2009 - 03:55 PM

here is my ntbtlog.txt Service Pack 311 1 2009 20:46:28.500 Loaded driver \WINDOWS\system32\ntkrnlpa.exe Loaded driver \WINDOWS\system32\hal.dll Loaded driver \WINDOWS\system32\KDCOM.DLL Loaded driver \WINDOWS\system32\BOOTVID.dll Loaded driver sptd.sys Loaded driver \WINDOWS\System32\Drivers\WMILIB.SYS Loaded driver \WINDOWS\System32\Drivers\SPTDDRV1.SYS Loaded driver ACPI.sys Loaded driver pci.sys Loaded driver isapnp.sys Loaded driver compbatt.sys Loaded driver \WINDOWS\system32\DRIVERS\BATTC.SYS Loaded driver pciide.sys Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS Loaded driver aliide.sys Loaded driver cmdide.sys Loaded driver toside.sys Loaded driver viaide.sys Loaded driver intelide.sys Loaded driver MountMgr.sys Loaded driver ftdisk.sys Loaded driver PartMgr.sys Loaded driver VolSnap.sys Loaded driver cpqarray.sys Loaded driver \WINDOWS\system32\DRIVERS\SCSIPORT.SYS Loaded driver atapi.sys Loaded driver aha154x.sys Loaded driver sparrow.sys Loaded driver symc810.sys Loaded driver aic78xx.sys Loaded driver dac960nt.sys Loaded driver ql10wnt.sys Loaded driver amsint.sys Loaded driver asc.sys Loaded driver asc3550.sys Loaded driver mraid35x.sys Loaded driver i2omp.sys Loaded driver ini910u.sys Loaded driver ql1240.sys Loaded driver aic78u2.sys Loaded driver symc8xx.sys Loaded driver sym_hi.sys Loaded driver sym_u3.sys Loaded driver ABP480N5.SYS Loaded driver asc3350p.sys Loaded driver cd20xrnt.sys Loaded driver ultra.sys Loaded driver adpu160m.sys Loaded driver dpti2o.sys Loaded driver ql1080.sys Loaded driver ql1280.sys Loaded driver ql12160.sys Loaded driver perc2.sys Loaded driver perc2hib.sys Loaded driver hpn.sys Loaded driver cbidf2k.sys Loaded driver dac2w2k.sys Loaded driver VIAMRAID.SYS Loaded driver disk.sys Loaded driver \WINDOWS\system32\DRIVERS\CLASSPNP.SYS Loaded driver fltmgr.sys Loaded driver PCTCore.sys Loaded driver PxHelp20.sys Loaded driver KSecDD.sys Loaded driver Ntfs.sys Loaded driver NDIS.sys Loaded driver sisagp.sys Loaded driver viaagp.sys Loaded driver viaagp1.sys Loaded driver ohci1394.sys Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS Loaded driver Mup.sys Loaded driver alim1541.sys Loaded driver amdagp.sys Loaded driver agp440.sys Loaded driver agpCPQ.sys Loaded driver \SystemRoot\system32\DRIVERS\nic1394.sys Loaded driver \SystemRoot\system32\DRIVERS\processr.sys Loaded driver \SystemRoot\system32\DRIVERS\nv4_mini.sys Loaded driver \SystemRoot\system32\DRIVERS\Intels51.sys Loaded driver \SystemRoot\System32\Drivers\Modem.SYS Loaded driver \SystemRoot\system32\DRIVERS\imapi.sys Loaded driver \SystemRoot\System32\Drivers\ElbyDelay.sys Loaded driver \SystemRoot\system32\DRIVERS\cdrom.sys Loaded driver \SystemRoot\system32\DRIVERS\redbook.sys Loaded driver \SystemRoot\SYSTEM32\DRIVERS\GEARAspiWDM.sys Loaded driver \SystemRoot\system32\DRIVERS\usbuhci.sys Loaded driver \SystemRoot\system32\DRIVERS\usbehci.sys Loaded driver \SystemRoot\system32\DRIVERS\i8042prt.sys Loaded driver \SystemRoot\system32\DRIVERS\point32.sys Loaded driver \SystemRoot\system32\DRIVERS\mouclass.sys Loaded driver \SystemRoot\system32\DRIVERS\kbdclass.sys Loaded driver \SystemRoot\system32\drivers\ALCXWDM.SYS Loaded driver \SystemRoot\system32\drivers\ALCXSENS.SYS Loaded driver \SystemRoot\system32\DRIVERS\fetnd5bv.sys Loaded driver \SystemRoot\system32\DRIVERS\fdc.sys Loaded driver \SystemRoot\system32\DRIVERS\serial.sys Loaded driver \SystemRoot\system32\DRIVERS\serenum.sys Loaded driver \SystemRoot\system32\DRIVERS\parport.sys Loaded driver \SystemRoot\system32\DRIVERS\audstub.sys Loaded driver \SystemRoot\system32\DRIVERS\rasl2tp.sys Loaded driver \SystemRoot\system32\DRIVERS\ndistapi.sys Loaded driver \SystemRoot\system32\DRIVERS\ndiswan.sys Loaded driver \SystemRoot\system32\DRIVERS\raspppoe.sys Loaded driver \SystemRoot\system32\DRIVERS\raspptp.sys Loaded driver \SystemRoot\system32\DRIVERS\msgpc.sys Loaded driver \SystemRoot\system32\DRIVERS\psched.sys Loaded driver \SystemRoot\system32\DRIVERS\ptilink.sys Loaded driver \SystemRoot\system32\DRIVERS\raspti.sys Loaded driver \SystemRoot\system32\DRIVERS\termdd.sys Loaded driver \SystemRoot\system32\DRIVERS\swenum.sys Loaded driver \SystemRoot\system32\DRIVERS\update.sys Loaded driver \SystemRoot\system32\DRIVERS\mssmbios.sys Loaded driver \SystemRoot\System32\Drivers\NDProxy.SYS Did not load driver \SystemRoot\System32\Drivers\NDProxy.SYS Loaded driver \SystemRoot\system32\drivers\MODEMCSA.sys Loaded driver \SystemRoot\system32\DRIVERS\usbhub.sys Did not load driver \SystemRoot\System32\Drivers\lbrtfdc.SYS Did not load driver \SystemRoot\System32\Drivers\Sfloppy.SYS Loaded driver \SystemRoot\System32\Drivers\i2omgmt.SYS Did not load driver \SystemRoot\System32\Drivers\Changer.SYS Did not load driver \SystemRoot\System32\Drivers\Cdaudio.SYS Loaded driver \SystemRoot\System32\Drivers\Fs_Rec.SYS Loaded driver \SystemRoot\System32\Drivers\Null.SYS Loaded driver \SystemRoot\System32\Drivers\Beep.SYS Loaded driver \SystemRoot\System32\drivers\vga.sys Loaded driver \SystemRoot\System32\Drivers\mnmdd.SYS Loaded driver \SystemRoot\System32\DRIVERS\RDPCDD.sys Did not load driver \systemroot\system32\drivers\gasfkybbgiujrw.sys Loaded driver \SystemRoot\System32\Drivers\Msfs.SYS Loaded driver \SystemRoot\System32\Drivers\Npfs.SYS Loaded driver \SystemRoot\system32\DRIVERS\rasacd.sys Loaded driver \SystemRoot\system32\DRIVERS\ipsec.sys Loaded driver \SystemRoot\system32\DRIVERS\tcpip.sys Loaded driver \SystemRoot\System32\Drivers\avgtdix.sys Loaded driver \SystemRoot\system32\DRIVERS\netbt.sys Loaded driver \SystemRoot\System32\drivers\afd.sys Loaded driver \SystemRoot\system32\DRIVERS\netbios.sys Did not load driver \SystemRoot\system32\DRIVERS\p3.sys Loaded driver \SystemRoot\System32\Drivers\StarOpen.SYS Did not load driver \SystemRoot\System32\Drivers\PCIDump.SYS Did not load driver \systemroot\system32\drivers\rpvnprpipoufniww.sys Loaded driver \SystemRoot\system32\DRIVERS\rdbss.sys Loaded driver \SystemRoot\system32\DRIVERS\mrxsmb.sys Loaded driver \SystemRoot\system32\DRIVERS\ipnat.sys Loaded driver \SystemRoot\system32\DRIVERS\wanarp.sys Loaded driver \SystemRoot\system32\DRIVERS\arp1394.sys Loaded driver \SystemRoot\System32\Drivers\Fips.SYS Loaded driver \SystemRoot\System32\Drivers\avgmfx86.sys Loaded driver \SystemRoot\System32\Drivers\avgldx86.sys Loaded driver \SystemRoot\System32\Drivers\Cdfs.SYS

#38 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 01 November 2009 - 06:35 PM

Another DDS log is NOT required. Again, what I do need is the results of the reg query, so I'll post those instructions yet again.


Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs in which you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens. *DO NOT CLOSE REGISTRY EDITOR PE AT THIS TIME*

Connect the network, then using the Opera browser, come back to this post and highlight then copy the following bolded command to text.

reg query HKLM\_REMOTE_SYSTEM\Select>"%userprofile%\desktop\log.txt"

Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the log.txt file on the desktop.
Post it's contents in a reply here along with the exact path to the user hive as previously noted.
Close the Registry Editor PE and wait for an 'All Finished' message.
Dave

#39 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 01 November 2009 - 06:47 PM

hi not sure if ive done it correctly but heres my log ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINE\_REMOTE_SYSTEM\Select Current REG_DWORD 0x5 Default REG_DWORD 0x5 Failed REG_DWORD 0x4 LastKnownGood REG_DWORD 0x6

#40 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 01 November 2009 - 07:03 PM

That's perfect! I'll post further instructions soon. Please double check the ntbtlog.txt and verify that it ends at exactly the place in your post above (just want to make sure the whole thing got posted).
Dave

    Advertisements

Register to Remove


#41 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 01 November 2009 - 07:10 PM

Hi Yes checked the ntbtlog.txt file and ends with cdfs.sys

#42 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 01 November 2009 - 07:39 PM

Lets see if we can remove some of the malware loading points in the registry and get a successful bootup.

Open the Hiren's BootCD WinTools and click Menu>Other>Registry Editor PE
When it loads, expand and select the C:\Windows folder in the Browse dialog that opens, then click OK.
Next you will be presented with a series of 4 Select file dialogs inwhich you need only click Open.
Next you will be asked if you want to open a User hive - click No.
Once the hives are loaded, you will get a message box confirming they are loaded and the relative paths in the Registry Editor.
Click OK then minimize the Registry Editor to the taskbar when it opens.

Connect the network, then using the Opera browser, come back to this post and copy the contents of the code box below to text.

reg delete "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRHxusp" /f
reg delete HKLM\_REMOTE_SYSTEM\ControlSet005\Services\rpvnprpipoufniww /f
reg query "HKLM\_REMOTE_SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\rqRHxusp">"%userprofile%\desktop\query.txt"
reg query HKLM\_REMOTE_SYSTEM\ControlSet005\Services\rpvnprpipoufniww /f>>"%userprofile%\desktop\query.txt"

Open the Command prompt window again then right click>Paste the command into the command window.
When complete, close the command window and open the new query.txt file on the desktop.
Post it's contents in a reply here and wait for further instructions before doing anything else.
Dave

#43 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 02 November 2009 - 03:35 PM

hello I ran the last instruction and opend the query.txt file on the desktop but there was nothing writen within.

#44 noahdfear

noahdfear

    Silver Member

  • Visiting Fellow
  • PipPipPip
  • 465 posts
  • MVP

Posted 02 November 2009 - 10:03 PM

An empty log suggests the registry editing from the batch was successful. Lets make sure. Boot back to MiniXP and run dds-bootcd again then post the log (do NOT open Registry Editor PE).
Dave

#45 arfon.jones

arfon.jones

    Authentic Member

  • Authentic Member
  • PipPip
  • 71 posts

Posted 03 November 2009 - 04:25 PM

Hello Here is my latest DDS log DDS_BootCD_Version (Ver_09-10-04.01) - NTFSx86 Run at 21:19:51.71 on Tue 11/03/2009 Internet Explorer: 8.0.6001.18702 ============== Pseudo HJT Report =============== S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_URLSearchHooks: H - No File BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - TB: Orange: {4e7bd74f-2b8d-469e-a1fb-f862b587b57d} - TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll S-1-5-21-1935681133-1597978318-240782882-1007_Run: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" S-1-5-21-1935681133-1597978318-240782882-1007_Run: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe S-1-5-21-1935681133-1597978318-240782882-1007_Run: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe mRun: [RemoteControl] c:\windows\system32\rmctrl.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k S-1-5-21-1935681133-1597978318-240782882-1007_Policies-explorer: NoWindowsUpdate = 0 (0x0) S-1-5-21-1935681133-1597978318-240782882-1007_Policies-system: EnableProfileQuota = 1 (0x1) IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-gb/4,0,0,84/mcinsctl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-gb/1,0,0,21/mcgdmgr.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Notify: avgrsstarter - avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ============= SERVICES / DRIVERS =============== APCPBEAgent; c:\progra~1\apc\powerc~1\agent\pbeagent.exe AVG; [x] avg8wd; c:\progra~1\avg\avg8\avgwdsvc.exe AvgLdx86; \SystemRoot\System32\Drivers\avgldx86.sys AvgTdiX; \SystemRoot\System32\Drivers\avgtdix.sys fssfltr; system32\DRIVERS\fssfltr_tdi.sys fsssvc; "c:\program files\windows live\family safety\fsssvc.exe" gupdate1c9b63b8cc7536e; "c:\program files\google\update\GoogleUpdate.exe" /svc Lavasoft Ad-Aware Service; [x] PAC207; system32\DRIVERS\pfc027.sys PCTCore; system32\drivers\PCTCore.sys sdAuxService; c:\program files\spyware doctor\pctsAuxs.exe SeaPort; "c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe" Winsock - Google Desktop Search Backup Before First Install; [x] Winsock - Google Desktop Search Backup Before Last Install; [x] Winsock2 - Google Desktop Search Backup Before First Install; [x] Winsock2 - Google Desktop Search Backup Before Last Install; [x] {017945CB-B466-4F10-96F8-EE9956E84EEE}; [x] {04D8EFFB-0568-4B5D-ABF5-862962188B58}; [x] {AACB5D92-5FF1-4F32-BA0D-D1825E165C1F}; [x] =============== Created Last 30 ================ 2009-10-10 19:32 13,824 a------- c:\windows\system32\gasfkynrerrnti.dll 2009-10-09 20:30 13,824 a------- c:\windows\system32\gasfkyxexbfjpi.dll 2009-10-06 16:52 11,952 a------- c:\windows\system32\avgrsstx.dll 2009-10-06 16:52 108,552 a------- c:\windows\system32\drivers\avgtdix.sys 2009-10-06 16:52 335,240 a------- c:\windows\system32\drivers\avgldx86.sys 2009-10-06 16:51 <DIR> --d----- c:\windows\system32\drivers\Avg 2009-10-06 16:51 <DIR> --d----- c:\documents and settings\all users\application data\AVG Security Toolbar 2009-10-06 16:51 <DIR> --d----- c:\program files\AVG ==================== Find3M ==================== 2009-10-13 16:24 94,253 a------- c:\windows\system32\gasfkyomudujwm.dat 2009-10-13 16:24 19,968 a------- c:\windows\system32\gasfkygwveirwk.dll 2009-09-30 22:49 46 a------- C:\p2hhr.bat 2009-09-27 15:53 18,176 a------- c:\documents and settings\all users\application data\ywij.com 2009-09-27 15:53 14,539 a------- c:\windows\osokobu.com 2009-09-27 15:53 12,169 a------- c:\windows\system32\odyfonem.bat 2009-09-27 15:53 10,437 a------- c:\windows\system32\icide.pif 2009-09-27 15:53 18,333 a------- c:\documents and settings\all users\application data\etujibyh.sys 2009-09-27 15:53 13,315 a------- c:\windows\myheq.reg 2009-09-27 15:53 11,890 a------- c:\documents and settings\all users\application data\qaha.com 2009-09-27 15:53 10,590 a------- c:\documents and settings\arfon jones\application data\aqynacehu.vbs 2009-09-27 15:53 11,399 a------- c:\program files\common files\niryvizuf.dl 2009-09-27 15:53 14,561 a------- c:\program files\common files\bogawi.dat 2009-09-26 12:49 19,755 a------- c:\windows\yxusujag.dat 2009-09-26 12:49 17,582 a------- c:\documents and settings\all users\application data\vegiz.reg 2009-09-26 12:49 17,248 a------- c:\program files\common files\adegyrut.db 2009-09-26 12:49 16,604 a------- c:\windows\system32\icolataf.scr 2009-09-26 12:49 12,103 a------- c:\program files\common files\ycisig.pif 2009-09-26 12:49 12,058 a------- c:\windows\oqevugoze.reg 2009-09-26 12:49 11,947 a------- c:\windows\ocimusavi.com 2009-09-26 12:49 10,731 a------- c:\documents and settings\all users\application data\ywah.scr 2009-09-26 12:49 16,602 a------- c:\program files\common files\ysirunuq._dl 2009-09-26 12:44 20,992 a------- c:\windows\system32\gasfkyrqpwqlta.dll 2009-09-26 12:43 45,568 a------- c:\windows\system32\gasfkytsnsnior.dll 2009-09-26 12:43 72,192 a------- c:\windows\system32\drivers\gasfkybbgiujrw.sys.old 2009-09-26 12:42 6,656 a------- C:\hxlqib.exe 2009-09-25 21:31 991,584 a------- c:\windows\system32\xa.tmp 2009-08-06 18:23 274,288 a------- c:\windows\system32\mucltui.dll 2009-08-06 18:23 215,920 a------- c:\windows\system32\muweb.dll 2008-09-23 21:28 31,320 a------- c:\documents and settings\arfon jones\application data\GDIPFONTCACHEV1.DAT 2008-09-17 21:59 87,608 a------- c:\documents and settings\arfon jones\application data\inst.exe 2008-09-17 21:59 47,360 a------- c:\documents and settings\arfon jones\application data\pcouffin.sys 2006-10-10 21:19 278,528 a------- c:\program files\common files\FDEUnInstaller.exe 2004-11-25 20:59 262,144 a------- c:\documents and settings\all users\NTUSER.DAT ==== Installed Programs ====================== 2600 2600_Help 2600Trb 4oD Adobe Flash Player 10 ActiveX Adobe Photoshop 7.0.1 Adobe Reader 7.0.9 Adobe® Photoshop® Album Starter Edition 3.0 AiO_Scan AiOSoftware APC PowerChute Business Edition Agent APC PowerChute Business Edition Console AVG Free 8.5 BufferChm Copy CreativeProjects CreativeProjectsTemplates Critical Update for Windows Media Player 11 (KB959772) CueTour Destinations DiMAGE Viewer Director DocProc DocumentViewer Driveway and Patio Designer V9.5.22 Easy Price Pro NHE Cal Easy Price Pro NHE Estimator ERUNT 1.1j Fax Google Earth Google SketchUp 6 Google Toolbar for Internet Explorer Google Update Helper HighMAT Extension to Microsoft Windows XP CD Writing Wizard HMRC Employer CD-ROM 2009 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB970653-v3) hp deskjet 5550 series (Remove only) HP Diagnostic Assistant HP Discover Digital Photography HP Image Zone 4.2 hp print screen utility HP PSC & OfficeJet 4.2 HP Software Update HP Unload DLL Patch HPSystemDiagnostics InstantShare InterActual Player IrfanView (remove only) J2SE Runtime Environment 5.0 Update 6 Java™ 6 Update 11 Java™ 6 Update 3 Junk Mail filter update Macromedia Extension Manager Macromedia Flash 8 Macromedia Flash 8 Video Encoder Macromedia Flash Player 8 Plugin Macromedia Shockwave Player Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft IntelliPoint 6.1 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Live Add-in 1.3 Microsoft Office XP Professional with FrontPage Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Sync Framework Services Native v1.0 (x86) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Windows Journal Viewer MSN MSN Music Assistant MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nero - Burning Rom (Web installer) Network Play System (Patching) NHEEstimator Orange Search Toolbar OTiCardReader Overland PC Camer@ Personal License Update Wizard for Windows Media Player PhotoGallery Picasa 3 PowerDVD PrintScreen ProductContext QFolder QuickProjects QuickTime Readme RealPlayer RegCure 1.6.0.0 SAMSUNG CDMA Modem Driver Set SAMSUNG Mobile Composite Device Software Samsung Mobile phone USB driver Software SAMSUNG Mobile USB Modem 1.0 Software SAMSUNG Mobile USB Modem Software Samsung PC Studio 3 Scan Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB969897) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB972260) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Segoe UI SkinsHP1 Spybot - Search & Destroy Spyware Doctor 6.0 The Sims House Party TrayApp Unload upapp Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB971180) Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB953356) Update for Windows XP (KB955839) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB973815) VIA Rhine-Family Fast Ethernet Adapter Viewpoint Media Player Virtual Earth 3D (Beta) Visual C++ 2008 x86 Runtime - (v9.0.30729) Visual C++ 2008 x86 Runtime - v9.0.30729.01 WebFldrs XP WebReg Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Mail Windows Live Messenger Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Toolbar Windows Live Upload Tool Windows Live Writer Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 ============= FINISH: 21:19:58.51 ===============

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users