Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Dr Watson Postmortem Debugger [RESOLVED]


  • This topic is locked This topic is locked

#1
Fidel Castro

Fidel Castro

    Member

  • Member
  • PipPipPip
  • 162 posts
Hello!

I haven't been here for a long time.. [thanks God] but now [unfortunately] I have to ask for help and I know this is the best place in the web for software issues because I have few problems solved by you a long time ago..

Ok, to the problem...

Today I experienced some slowness of the computer running and then I noticed the information about my Low Disk Memory...

Posted Image

Ok, I checked my System Disk and I noticed that 99% of my memory on the main partition was occupied even I didn't have idea with what... Even I was confused I tried to free some space on System Disk... I uninstalled some programs and deleted some files so in total I deleted about 3GB... [one fact that maybe is not important but I want to mention is that my Photoshop was opened all the time].

After 2 minutes when I continued to work in my Photoshop the "Low Disk Space" appeared again...

Posted Image

I couldn't believe and when I checked my System Disk I saw it was full again...

Posted Image

Than I run system scan with my NOD32 and the program found 1 threat...

Posted Image

After that I tried to free some space on System Disk again but when loading my computer crashed...

I restarted my PC and tried to do the same thing again [no other program have been opened] but this time I got this message:

Posted Image

When I clicked on "Close Message" a problem with Windows Explorer appeared and I got this message:

Posted Image

After reporting the error I got one more error...

Posted Image
[the photo was taken from the web because I was unable to take a screenshot due my system crash]

After that my computer crashed again and I had to restart my system again.

After restarting my PC, I searched my computer with the word "watson" to see who/what the [bleep] was that Dr Watson and I found a Folder named "Dr Watson" located in: "C:\Documents and Settings\All Users\Application Data\Microsoft" containing one strange file: "user.dmp" and one txt document: "drwtsn32".

I also found an application of Dr Watson that I started and the only thing I got was this message:

Posted Image

Then I searched on the web about "Dr Watson" and found many topics about that issue but I didn't want to try solving the problem by myself so I cam here to ask for help from the best software team on the web...

In addition, I'm sending the HijackThis log I made few minutes ago...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:08 PM, on 3/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\XAMPP\mysql\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Screenshot Pilot\ScrPlt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FF0CD5-F5EB-478A-B649-91F9D8B965CF}: NameServer = 85.255.116.68 85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{51E77137-E186-4D00-ADA7-2D22707DB398}: NameServer = 85.255.116.68,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{57C83982-4E5C-4D83-97C0-B238B47239DE}: NameServer = 85.255.116.68,85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{84A1A66A-2460-4ABB-BB04-565D04B45695}: NameServer = 85.255.116.68,85.255.112.100
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.68 85.255.112.100
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.68 85.255.112.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.68 85.255.112.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\korisnik\Desktop\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - C:\XAMPP\mysql\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/korisnik/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\korisnik\Desktop\desktop_0001.htm

--
End of file - 12234 bytes


Also I'm sending you the information about the programs I have listed by HijackThis in the "Uninstall Manager":

5star Free Lines
ACDSee 9 Photo Manager
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 9 ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoStudio 5.5
ArcSoft Software Suite
Audacity 1.2.2
AV Voice Changer Software DIAMOND 6.0
Canon MP Navigator 3.0
Canon MP160
Canon MP160 User Registration
Canon Utilities Easy-PhotoPrint
Children's Encyclopedia
Corel Graphics Suite 11
Customized Windows Logon v1.0
DivX
Easy Gif Animator Extension
Easy-WebPrint
EMUpgrade
Fake Webcam 3.9.0
Fallout
FileZilla (remove only)
Flash Banner Creator 1.00
Futuremark SystemInfo
Half-Life
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Intel® 536EP Modem
InterActual Player
InterVideo WinDVD 7
IRMIN SCRIPT 2.0
iTunes
J2SE Runtime Environment 5.0 Update 11
Jasc Animation Shop 3
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 2.27 Basic
Kodak DIGITAL GEM Airbrush Professional Plug-In 2.0.0
LimeWire 4.12.11
Logitech QuickCam
Macrogaming SweetIM 2.0
Megaupload Toolbar
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
mIRC
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
Mozilla Firefox (2.0.0.12)
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
MSXML4 Parser
MV2Player (remove only)
Neat Image v5 Demo (with plug-in)
Nero 7 Lite v7.5.1.1
NoAdware v4.0
NOD32 antivirus system
NOD32 FiX v2.1
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
NX VEGA 300
PC Connectivity Solution
Photomatix Pro version 2.2.3
POD-Bot 2.5
QuickTime
Quintessential Player
RadLight 4.0 FINAL
RealPlayer
Realtek AC'97 Audio
RocketDock 1.3.1b1
Screenshot Pilot version 1.46
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB944653)
Sierra Utilities
Swiff Player 1.1
ÜberIcon
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VirtualDrive
Vista Transformation Pack 8.0
Windows Communication Foundation
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Workflow Foundation
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
Xilisoft 3GP Video Converter
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger



Also this is a screenshot taken of the "Spybot - Search & Destroy" after the scan few minutes ago... [I didn't anything before you tell me what to do]

Posted Image

I think that's it... :)

Thank you very much in advance and I hope you'll solve this problem as soon as possible because with this problem my system crashes a lot and I also don't have any free space on my System Disk which is very important...

Daniel aka Fidel

Edited by Fidel Castro, 22 March 2008 - 07:45 PM.

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi, Fidel Castro :)

Welcome.

Please print these instructions for reference, as you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.
  • Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin; follow the prompts.
  • If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
  • You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  • Once the desktop loads a text file will open (report.txt).
    Please post the C:\fixwareout\report.txt ) on your next reply.
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

  • 0

#3
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts

Hi, Fidel Castro :)

Welcome.

Please print these instructions for reference, as you will have to restart your computer during the fix.

Please download FixWareout from Here or Here.

Note: You will need to run this tool while having an Internet Connection. The tool will download other files while running.

  • Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
  • The fix will begin; follow the prompts.
  • If your firewall gives an alert, (because this tool will download an additional files from the internet), please don't let your firewall block it, but allow it instead.
  • You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
  • Once the desktop loads a text file will open (report.txt).
    Please post the C:\fixwareout\report.txt ) on your next reply.


This part was totally ok and here is the report...

Username "korisnik" - 03/29/2008 1:43:19 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check
HKLM\SOFTWARE\~\Winlogon\ "System"="kdbmf.exe"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.116.68 85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{33FF0CD5-F5EB-478A-B649-91F9D8B965CF}
"nameserver"="85.255.116.68" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{51E77137-E186-4D00-ADA7-2D22707DB398}
"nameserver"="85.255.116.68,85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{57C83982-4E5C-4D83-97C0-B238B47239DE}
"nameserver"="85.255.116.68,85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{84A1A66A-2460-4ABB-BB04-565D04B45695}
"nameserver"="85.255.116.68,85.255.112.100" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{445C5C0A-BBC9-4EE4-BAF5-47D15912D1BD}
"DhcpNameServer"="85.255.116.68,85.255.112.100" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "system"="kdbmf.exe"
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"LVCOMS"="C:\\Program Files\\Common Files\\Logitech\\QCDriver\\LVCOMS.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"Viewbar"=""
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"STICAP"="C:\\WINDOWS\\Twain_32\\NX VEGA 300\\SnapTrap.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"vssms32"="C:\\WINDOWS\\system32\\vssms32.exe"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="\"C:\\Program Files\\UberIcon\\UberIcon Manager.exe\""
"RocketDock"="\"C:\\Program Files\\RocketDock\\RocketDock.exe\""
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe"
"LClock"="C:\\Program Files\\LClock\\LClock.exe"
"ViStart"="C:\\Program Files\\ViStart\\ViStart.exe"
"ViOrb"="C:\\Program Files\\ViOrb\\ViOrb.exe"
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


I couldn't do this part because I was unable to start my system in Safe Mode...

First time when I wanted to start Windows on Safe Mode a black screen appeared with the message :"We apologize for the inconvenience, but Windows did not start successfully. A recent hardware or software change might have caused this." [...]

Then I searched a little bit about this problem and I found some tips like UNchecking of "Automatically Restart" in the Control Panel => System => Advanced options, starting the chkdsk and other things... I did everything [nothing special or important] but nothing happened...

The only difference was that now when I try to start Windows in Safe Mode a blue screen appear with the message: "A problem has been detected and windows has been shut down to prevent damage to your computer. " [...]

I'm waiting for some hints to solve this problem to be able the run the system in Safe Mode and try to finish the main problem

Thanks,

Fidel

Edited by Fidel Castro, 28 March 2008 - 08:27 PM.

  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi, Fidel Castro :)

Download SafeBootKeyRepair.exe by sUBs and save it to your desktop. Double-click SafeBootKeyRepair.exe to run it. Follow all prompts.

Post the log will produce in your next reply.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
  • 0

#5
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Here is the SafeBoot log:

Reg export of SafeBoot key after repair:
========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]
"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\AFD]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Browser]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Dhcp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\DnsCache]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\ip6fw.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\ipnat.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\LanmanServer]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\LanmanWorkstation]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\LmHosts]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Messenger]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NDIS]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NDIS Wrapper]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Ndisuio]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetBIOS]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetBIOSGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetBT]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetDDEGroup]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetMan]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Network]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NetworkProvider]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\NtLmSsp]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\PNP_TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdpcdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdpdd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdpwd.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\rdsessmgr]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\SharedAccess]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Streams Drivers]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\Tcpip]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\TDI]
@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\tdpipe.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\tdtcp.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\termservice]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\WZCSVC]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E972-E325-11CE-BFC1-08002BE10318}]
@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E973-E325-11CE-BFC1-08002BE10318}]
@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E974-E325-11CE-BFC1-08002BE10318}]
@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E975-E325-11CE-BFC1-08002BE10318}]
@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

========================



here is the Combofix log:

ComboFix 08-03-29.1 - korisnik 2008-03-29 20:37:28.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.93 [GMT 1:00]
Running from: C:\Documents and Settings\korisnik\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\pskill.exe

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.

2008-03-29 20:42 . 2008-03-29 20:42 0 --a--c--- C:\2008-03-29 at 08
2008-03-29 01:40 . 2008-03-29 01:58 <DIR> d----c--- C:\fixwareout
2008-03-27 17:07 . 2008-03-27 17:07 0 --a--c--- C:\2008-03-27 at 05
2008-03-27 14:57 . 2008-03-27 14:57 <DIR> d-------- C:\Program Files\ReflexiveArcade
2008-03-23 22:50 . 2008-03-23 22:50 0 --a--c--- C:\2008-03-23 at 10
2008-03-23 02:14 . 2008-03-23 02:55 0 --a--c--- C:\2008-03-23 at 02
2008-03-23 02:11 . 2008-03-23 02:11 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-23 02:11 . 2008-03-23 02:12 2,553 --a------ C:\WINDOWS\unins000.dat
2008-03-23 02:06 . 2008-03-23 02:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-23 02:06 . 2008-03-23 02:16 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-22 16:53 . 2008-03-22 16:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-20 18:13 . 2008-03-20 18:13 0 --a--c--- C:\2008-03-20 at 06
2008-03-20 15:30 . 2008-03-20 15:30 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-19 01:54 . 2008-03-19 01:54 0 --a--c--- C:\2008-03-19 at 01
2008-03-17 23:03 . 2008-03-17 23:09 <DIR> d----c--- C:\xampp
2008-03-17 02:11 . 2008-03-17 02:11 0 --a--c--- C:\2008-03-17 at 02
2008-03-16 22:17 . 2008-03-16 22:17 0 --a--c--- C:\2008-03-16 at 10
2008-03-09 21:02 . 2008-03-09 21:02 0 --a--c--- C:\2008-03-09 at 09
2008-03-09 17:22 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-03-09 17:22 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-03-09 17:21 . 2004-08-03 23:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-03-09 17:21 . 2004-08-03 23:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-03-09 02:18 . 2008-03-09 02:18 0 --a--c--- C:\2008-03-09 at 02
2008-03-08 01:15 . 2008-03-08 01:15 0 --a--c--- C:\2008-03-08 at 01
2008-03-03 03:32 . 2008-03-03 03:32 0 --a--c--- C:\2008-03-03 at 03
2008-03-02 04:13 . 2008-03-02 04:13 0 --a--c--- C:\2008-03-02 at 04
2008-03-01 02:26 . 2008-03-01 02:26 0 --a--c--- C:\2008-03-01 at 02
2008-02-29 20:13 . 2008-02-29 20:13 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-02-29 20:13 . 2008-02-29 20:13 <DIR> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-02-29 20:13 . 2007-10-11 11:55 27,672 -ra------ C:\WINDOWS\system32\drivers\Entech.sys
2008-02-29 20:12 . 2008-02-29 20:12 <DIR> d----c--- C:\Documents and Settings\korisnik\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 19:44 --------- d-----w C:\Program Files\ViStart
2008-03-29 13:30 --------- d-----w C:\Program Files\Screenshot Pilot
2008-03-22 13:44 --------- d-----w C:\Program Files\Macrogaming
2008-03-20 11:31 --------- dc----w C:\Documents and Settings\korisnik\Application Data\Nokia Multimedia Player
2008-03-20 09:09 --------- d-----w C:\Program Files\Java
2008-03-19 17:51 --------- dc----w C:\Documents and Settings\korisnik\Application Data\MegauploadToolbar
2008-03-08 09:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-29 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 18:42 --------- dc----w C:\Documents and Settings\korisnik\Application Data\PowerChallenge
2008-02-25 17:43 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-24 13:55 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-23 20:53 --------- dc----w C:\Documents and Settings\korisnik\Application Data\Publish Providers
2008-02-23 20:52 --------- dc----w C:\Documents and Settings\korisnik\Application Data\Sony
2008-02-23 20:44 --------- d-----w C:\Program Files\MSBuild
2008-02-23 20:39 --------- d-----w C:\Program Files\Reference Assemblies
2008-02-23 19:52 --------- dc----w C:\Documents and Settings\korisnik\Application Data\Sony Setup
2008-02-21 02:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-21 02:19 --------- dc----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-21 02:19 --------- d-----w C:\Program Files\Windows Live
2008-02-15 02:59 --------- dc----w C:\Documents and Settings\korisnik\Application Data\Apple Computer
2008-02-15 02:59 --------- d-----w C:\Program Files\iTunes
2008-02-15 02:59 --------- d-----w C:\Program Files\iPod
2008-02-15 02:58 --------- dc----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-15 02:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-02-08 08:54 --------- d-----w C:\Program Files\ESET
2008-02-03 15:25 --------- d-----w C:\Program Files\Yahoo!
2008-02-02 02:15 --------- d-----w C:\Program Files\Vista Sidebar
2008-02-01 00:39 --------- dc----w C:\Documents and Settings\korisnik\Application Data\ViStart
2008-02-01 00:09 --------- dc----w C:\Documents and Settings\korisnik\Application Data\Styler
2008-02-01 00:08 --------- d-----w C:\Program Files\WinFlip
2008-02-01 00:08 --------- d-----w C:\Program Files\VisualTooltip
2008-02-01 00:08 --------- d-----w C:\Program Files\ViOrb
2008-02-01 00:08 --------- d-----w C:\Program Files\TrueTransparency
2008-02-01 00:08 --------- d-----w C:\Program Files\Styler
2008-02-01 00:08 --------- d-----w C:\Program Files\LClock
2008-01-31 03:09 --------- d-----w C:\Program Files\MagicDVDRipper
2008-01-31 03:09 --------- d-----w C:\Program Files\LimeWire
2008-01-31 02:59 --------- dc----w C:\Documents and Settings\korisnik\Application Data\LimeWire
2008-01-30 23:14 51 -c--a-w C:\tmp.bat
.

------- Sigcheck -------

2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 17:12 2059392 ba4b97c00a437c1cc3da365d93ee1e9d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2002-12-31 13:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 01:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB929338$\ntkrnlpa.exe
2006-12-19 13:55 2057600 1d659bfb788ed2ba45075624b748d249 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2069376 f5634e0897e63afc07132db68875bb25 C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\system32\VITrans\ntkrnlpa.exe

2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 17:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2002-12-31 13:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 01:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2006-12-19 15:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2192128 3f53c3192ba2186c1d536f3192fafeea C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\system32\VITrans\ntoskrnl.exe

2007-06-13 11:23 1423360 7159508eebb8e80de73a0a48d581ed50 C:\WINDOWS\explorer.exe
2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2002-12-31 13:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe
2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\VITrans\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20 180224]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-03-04 13:07 630784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"ViStart"="C:\Program Files\ViStart\ViStart.exe" [2007-11-26 19:27 593920]
"ViOrb"="C:\Program Files\ViOrb\ViOrb.exe" [2007-11-19 13:01 163840]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-02-12 10:10 950664]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 16:35 7110656]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-12 10:03 185896]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 09:39 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 15:53 73840]
"Viewbar"="" []
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"STICAP"="C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe" [2004-11-05 09:59 155648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"vssms32"="C:\WINDOWS\system32\vssms32.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

C:\Documents and Settings\korisnik\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-02-12 09:24:23 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= C:\Documents and Settings\korisnik\Desktop\desktop_0001.htm
FriendlyName=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-08-02 16:35 7110656 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-08-02 16:35 86016 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RAMDrive]
--a------ 2004-09-22 11:46 36864 C:\Program Files\FarStone\VirtualDrive\VHD\RDTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2005-06-14 11:36 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-02-12 10:03 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualDrive]
--a------ 2004-09-30 17:46 139264 C:\Program Files\FarStone\VirtualDrive\VDTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\irminscript\\mirc32.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"E:\\CINEMA 4D\\CINEMA 4D R10\\NET Render Client.exe"=
"E:\\CINEMA 4D\\CINEMA 4D R10\\NET Render Server.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\xampp\\mysql\\bin\\mysqld.exe"=
"C:\\xampp\\apache\\bin\\apache.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"E:\\WORMS 4\\Worms.4.Mayhem.Multi\\WORMS 4 MAYHEM.EXE"=
"C:\\Documents and Settings\\korisnik\\Desktop\\All in One\\HandyCache.exe"=

R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2004-09-08 05:37]
S2 Apache2.2;Apache2.2;"C:\Documents and Settings\korisnik\Desktop\xampp\apache\bin\apache.exe" -k runservice []
S3 SmartCd;SmartCd;C:\WINDOWS\system32\Drivers\SmartCd.sys [2003-07-30 01:19]
S3 SQTECH930B;NX VEGA 300;C:\WINDOWS\system32\Drivers\Capt930b.sys [2005-01-26 10:27]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05a4e473-e07c-11dc-acf0-0015f29c7d2f}]
\Shell\AutoRun\command - I:\ClickMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0fa1de20-b8e9-11db-952e-806d6172696f}]
\Shell\AutoRun\command - G:\ASUSACPI.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 06:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 20:44:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\RocketDock\RocketDock.dll
-> C:\Program Files\UberIcon\UberIcon.dll
-> C:\Program Files\ViStart\MainHook.Dll
-> C:\Program Files\LClock\LC.dll
-> C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\XAMPP\mysql\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-29 20:49:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 19:49:38
Pre-Run: 1,153,335,296 bytes free
Post-Run: 6,377,488,384 bytes free
.
2008-01-15 03:47:34 --- E O F ---

Edited by Fidel Castro, 29 March 2008 - 02:39 PM.

  • 0

#6
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
I'm writing another reply because there is a character limit so I can't post everything in 1 reply

Here is the SD Fix report:


SDFix: Version 1.163

Run by korisnik on Sat 03/29/2008 at 08:59 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\korisnik\Desktop\SDFix

Checking Services :


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-29 21:04:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services :



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"="C:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe:*:Enabled:WinDVD"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\irminscript\\mirc32.exe"="C:\\irminscript\\mirc32.exe:*:Enabled:mIRC"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\SIERRA\\Half-Life\\hl.exe"="C:\\SIERRA\\Half-Life\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe"="C:\\Program Files\\RadLight Company\\RadLight 4.0\\rlkernel.exe:*:Enabled:Kernel Executable"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"E:\\CINEMA 4D\\CINEMA 4D R10\\NET Render Client.exe"="E:\\CINEMA 4D\\CINEMA 4D R10\\NET Render Client.exe:*:Enabled:CINEMA 4D r"
"E:\\CINEMA 4D\\CINEMA 4D R10\\NET Render Server.exe"="E:\\CINEMA 4D\\CINEMA 4D R10\\NET Render Server.exe:*:Enabled:CINEMA 4D r"
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"="C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\xampp\\mysql\\bin\\mysqld.exe"="C:\\xampp\\mysql\\bin\\mysqld.exe:*:Enabled:mysqld"
"C:\\xampp\\apache\\bin\\apache.exe"="C:\\xampp\\apache\\bin\\apache.exe:*:Enabled:Apache HTTP Server"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"E:\\WORMS 4\\Worms.4.Mayhem.Multi\\WORMS 4 MAYHEM.EXE"="E:\\WORMS 4\\Worms.4.Mayhem.Multi\\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\\Documents and Settings\\korisnik\\Desktop\\All in One\\HandyCache.exe"="C:\\Documents and Settings\\korisnik\\Desktop\\All in One\\HandyCache.exe:*:Enabled:HTTP Proxy server with cache"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\DOCUME~1\korisnik\Desktop\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Wed 30 May 2007 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 7 Feb 2006 299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\Maint.exe"
Mon 19 Dec 2005 61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 3.0\uinstrsc.dll"
Mon 12 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!



And finally the HiJack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13:48 PM, on 3/29/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\XAMPP\mysql\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\ViStart\ViStart.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vssms32] C:\WINDOWS\system32\vssms32.exe
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FF0CD5-F5EB-478A-B649-91F9D8B965CF}: NameServer = 85.255.116.68 85.255.112.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\korisnik\Desktop\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - C:\XAMPP\mysql\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/korisnik/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\korisnik\Desktop\desktop_0001.htm

--
End of file - 11722 bytes

Edited by Fidel Castro, 29 March 2008 - 02:42 PM.

  • 0

#7
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi,Fidel Castro :)

Please insert all external drive (Flash, Pen) in the Computer

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • For information click Here
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh Hijackthis log.
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

  • Copy the entire contents of the Quote Box below to Notepad.
  • Name the file as CFScript.txt
  • Change the Save as Type to All Files
  • and Save it on the desktop

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Viewbar"=-
"vssms32"=-
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\network.xxx]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal.xxx]

File::
C:\WINDOWS\system32\vssms32.exe
C:\tmp.bat

DirLook::
C:\


Posted Image

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log..

Edited by JSntgRvr, 29 March 2008 - 05:26 PM.

  • 0

#8
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Before I start doing the second step I want to say that I was unable to run F-Secure Online Scanner.

It says : "Your browser is not supported. F-Secure Online Scanner requires Microsoft® Internet Explorer 5™ or later with ActiveX enabled. "

1. I tried to download new ActiveX add-ons
2. I enabled JavaScript and ActiveX in the Internet Options
3. I changed my Security Level to "Medium"
4. I also restarted IE
5. I restarted my PC too

... but nothing... I still get the same message that my browser is NOT supported...

Any help here, before I do other steps?

P.S. My default browser iz Mozilla, I rarely use IE...

Edited by Fidel Castro, 30 March 2008 - 02:59 AM.

  • 0

#9
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi, Fidel Castro :)

Before I start doing the second step I want to say that I was unable to run F-Secure Online Scanner.

It says : "Your browser is not supported. F-Secure Online Scanner requires Microsoft® Internet Explorer 5™ or later with ActiveX enabled. "

1. I tried to download new ActiveX add-ons
2. I enabled JavaScript and ActiveX in the Internet Options
3. I changed my Security Level to "Medium"
4. I also restarted IE
5. I restarted my PC too

... but nothing... I still get the same message that my browser is NOT supported...

Any help here, before I do other steps?

P.S. My default browser iz Mozilla, I rarely use IE...

Assuming you are using Microsoft Internet Explorer 7.0 (Not Firefox) to do this, Reset the Security on All Ranges to Default. and try again. Else, skip the process and continue with the rest.
  • 0

#10
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
I was unable to perform the F-Secure scan so I skipped that step...

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.09
Database version: 568

Scan type: Quick Scan
Objects scanned: 31919
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And finally the HiJack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:52:06 PM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\LClock\LClock.exe
C:\Program Files\ViOrb\ViOrb.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\XAMPP\mysql\bin\mysqld-nt.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Easy Gif Animator Toolbar Helper - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O2 - BHO: Me.dium IE Add-on - {D5E5C1E6-78DB-49F0-A137-8D594F342FD6} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Easy Gif Animator Toolbar - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.2.0.0\EasyGifAnimator_Toolbar.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [STICAP] C:\WINDOWS\Twain_32\NX VEGA 300\SnapTrap.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - HKCU\..\Run: [ViOrb] C:\Program Files\ViOrb\ViOrb.exe
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Me.dium - {47F8FF58-8C1E-4584-92CD-CE8B1FE1AF44} - "C:\Program Files\Me.dium\Me.dium IE Add-on\MediumIEAddOn.dll" (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\PartyPoker\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} (SkillGam Control) - http://www.worldwinn...am/skillgam.cab
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinn...GamesLoader.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} (Pool Control) - http://www.worldwinn...0/pool/pool.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {97438FE9-D361-4279-BA82-98CC0877A717} (Cubis Control) - http://www.worldwinn...cubis/cubis.cab
O16 - DPF: {A91FB93D-7561-4524-8484-5C27C8FA8D42} (WwLuxor Control) - http://www.worldwinn...luxor/luxor.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} (Paint Control) - http://www.worldwinn...paint/paint.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33FF0CD5-F5EB-478A-B649-91F9D8B965CF}: NameServer = 85.255.116.68 85.255.112.100
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apache2.2 - Unknown owner - C:\Documents and Settings\korisnik\Desktop\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: mysql - Unknown owner - C:\XAMPP\mysql\bin\mysqld-nt.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/korisnik/LOCALS~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\korisnik\Desktop\desktop_0001.htm

--
End of file - 11437 bytes


The ComboFix log is very, very large containing 2,588 pages with 1,808 kb size so I had to upload the log on RapidShare and here is the link you should download to seethe log:

http://rapidshare.com/files/103590398/ComboFix_LOG.docx.html

  • 0

Advertisements


#11
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi, Fidel Castro :)

The file was corrupted. Save it as a text document and upload the file as follows:

Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "Combofix.log"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:

    • The text document saved
  • Click Open.
  • Click Post.

You wont be able to see if the file was uploaded or not, but following the above instructions should. In any case, let me know when done and I will check for you.
  • 0

#12
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
Ok, I think I uploaded the document successfully.

I'm waiting for further instructions.
  • 0

#13
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi, Fidel Castro :)

The reason the file is so big is that I asked Combofix for the contents of the C:\ Folder and instead returned the entire contents of your computer.

There are files in your C:\ folder that, although are zero bites, look suspicious. I do not recognize these files.

They look as:

C:\2008-03-29 at 08
C:\2008-03-27 at 05
C:\2008-03-23 at 10
C:\2008-03-23 at 02
C:\2008-03-20 at 06
C:\2008-03-19 at 01
C:\2008-03-17 at 02
C:\2008-03-16 at 10
C:\2008-03-09 at 09
C:\2008-03-09 at 02
C:\2008-03-08 at 01
C:\2008-03-03 at 03
C:\2008-03-02 at 04
C:\2008-03-01 at 02


Do you recognize these files?

Please download the enclosed folder. [attachment=19549:Query.zip]Save and extract its contents to the desktop. It is a batch file, Query.bat. Once extracted doubleclick on it and post pack the report it will produce.

If too large to post, scroll down to attachments, browse to the Report.txt on your desktop and upload the file.

Edited by JSntgRvr, 30 March 2008 - 05:52 PM.

  • 0

#14
Fidel Castro

Fidel Castro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 162 posts
I have no idea about these files... I have exactly 118 similar (empty) files... Maybe I should delete them but I'm waiting for your instructions.

Here is the Query report:

Report
Mon 03/31/2008 2:02:33.23
.
Directories
Volume in drive C is System disk
Volume Serial Number is 08FD-7BB9

Directory of C:\

02/24/2007 03:08 AM <DIR> db67334cf1450746610afef4
03/29/2008 09:54 PM <DIR> Documents and Settings
03/29/2008 02:58 AM <DIR> fixwareout
02/17/2008 11:44 AM <DIR> irminscript
02/10/2007 12:06 PM <DIR> MSOCache
05/11/2007 05:04 PM <DIR> My Downloads
02/12/2007 10:53 AM <DIR> NVIDIA
03/30/2008 05:43 PM <DIR> Program Files
03/30/2008 06:42 PM <DIR> QooBox
02/12/2007 10:47 AM <DIR> RECYCLER
03/24/2007 02:17 AM <DIR> SAVE
03/23/2007 11:37 PM <DIR> SIERRA
02/10/2007 11:56 AM <DIR> System Volume Information
02/25/2008 08:48 PM <DIR> vcs5BGEffects
02/01/2008 02:38 AM <DIR> VTPFiles
03/30/2008 06:49 PM <DIR> WINDOWS
03/18/2008 12:09 AM <DIR> xampp
0 File(s) 0 bytes
17 Dir(s) 6,017,249,280 bytes free
.
Files
Volume in drive C is System disk
Volume Serial Number is 08FD-7BB9

Directory of C:\

02/16/2007 10:12 PM 0 2007-02-16 at 09
02/23/2007 04:44 PM 0 2007-02-23 at 03
02/24/2007 04:30 PM 0 2007-02-24 at 03
03/02/2007 05:24 PM 0 2007-03-02 at 04
03/03/2007 01:19 PM 0 2007-03-03 at 12
03/09/2007 04:52 PM 0 2007-03-09 at 03
03/09/2007 09:00 PM 0 2007-03-09 at 08
03/16/2007 05:06 PM 0 2007-03-16 at 04
03/16/2007 07:06 PM 0 2007-03-16 at 06
03/18/2007 02:13 AM 0 2007-03-18 at 01
03/22/2007 05:39 PM 0 2007-03-22 at 04
03/30/2007 04:26 PM 0 2007-03-30 at 04
04/01/2007 12:55 PM 0 2007-04-01 at 12
04/05/2007 06:49 PM 0 2007-04-05 at 06
04/09/2007 06:07 PM 0 2007-04-09 at 06
04/13/2007 04:26 PM 0 2007-04-13 at 04
04/14/2007 03:26 AM 0 2007-04-14 at 03
04/14/2007 08:34 PM 0 2007-04-14 at 08
05/06/2007 05:28 AM 0 2007-05-06 at 05
05/12/2007 03:10 AM 0 2007-05-12 at 03
05/19/2007 07:33 PM 0 2007-05-19 at 07
05/19/2007 09:51 PM 0 2007-05-19 at 09
05/20/2007 07:26 PM 0 2007-05-20 at 07
05/23/2007 04:23 AM 0 2007-05-23 at 04
05/26/2007 12:07 AM 0 2007-05-26 at 12
05/28/2007 01:24 AM 0 2007-05-28 at 01
05/29/2007 04:03 AM 0 2007-05-29 at 04
05/31/2007 01:43 AM 0 2007-05-31 at 01
06/01/2007 03:33 AM 0 2007-06-01 at 03
06/02/2007 03:46 AM 0 2007-06-02 at 03
06/03/2007 03:37 AM 0 2007-06-03 at 03
06/04/2007 02:21 AM 0 2007-06-04 at 02
06/04/2007 06:54 PM 0 2007-06-04 at 06
06/05/2007 03:07 AM 0 2007-06-05 at 03
06/07/2007 03:34 AM 0 2007-06-07 at 03
06/09/2007 02:47 AM 0 2007-06-09 at 02
06/11/2007 03:04 AM 0 2007-06-11 at 03
06/12/2007 03:38 AM 0 2007-06-12 at 03
06/14/2007 05:53 AM 0 2007-06-14 at 05
06/19/2007 09:28 PM 0 2007-06-19 at 09
06/20/2007 05:07 PM 0 2007-06-20 at 05
06/21/2007 03:55 PM 0 2007-06-21 at 03
06/21/2007 04:06 AM 0 2007-06-21 at 04
06/21/2007 08:05 PM 0 2007-06-21 at 08
06/23/2007 08:44 PM 0 2007-06-23 at 08
06/25/2007 04:02 AM 0 2007-06-25 at 04
06/25/2007 10:55 PM 0 2007-06-25 at 10
06/28/2007 07:11 PM 0 2007-06-28 at 07
06/28/2007 08:10 PM 0 2007-06-28 at 08
06/28/2007 11:57 PM 0 2007-06-28 at 11
06/29/2007 02:32 AM 0 2007-06-29 at 02
06/29/2007 07:19 PM 0 2007-06-29 at 07
07/01/2007 01:33 PM 0 2007-07-01 at 01
07/01/2007 03:56 AM 0 2007-07-01 at 03
07/03/2007 09:57 PM 0 2007-07-03 at 09
07/04/2007 05:57 PM 0 2007-07-04 at 05
07/05/2007 04:00 AM 0 2007-07-05 at 04
07/06/2007 04:14 AM 0 2007-07-06 at 04
07/07/2007 05:16 PM 0 2007-07-07 at 05
07/08/2007 01:14 AM 0 2007-07-08 at 01
07/11/2007 02:49 AM 0 2007-07-11 at 02
07/12/2007 09:01 PM 0 2007-07-12 at 09
07/14/2007 03:55 AM 0 2007-07-14 at 03
07/15/2007 03:06 AM 0 2007-07-15 at 03
07/16/2007 02:56 AM 0 2007-07-16 at 02
07/17/2007 02:34 AM 0 2007-07-17 at 02
07/25/2007 03:34 AM 0 2007-07-25 at 03
08/07/2007 04:44 AM 0 2007-08-07 at 04
08/08/2007 04:04 AM 0 2007-08-08 at 04
08/10/2007 03:17 AM 0 2007-08-10 at 03
08/12/2007 10:00 PM 0 2007-08-12 at 10
08/15/2007 12:55 PM 0 2007-08-15 at 12
08/18/2007 11:53 PM 0 2007-08-18 at 11
08/30/2007 04:10 AM 0 2007-08-30 at 04
09/02/2007 08:09 PM 0 2007-09-02 at 08
09/10/2007 11:22 PM 0 2007-09-10 at 11
09/25/2007 02:21 AM 0 2007-09-25 at 02
09/25/2007 04:48 AM 0 2007-09-25 at 04
10/07/2007 01:13 AM 0 2007-10-07 at 01
10/13/2007 08:33 PM 0 2007-10-13 at 08
10/15/2007 05:18 PM 0 2007-10-15 at 05
10/22/2007 04:33 AM 0 2007-10-22 at 04
11/26/2007 10:55 PM 0 2007-11-26 at 09
12/01/2007 04:53 AM 0 2007-12-01 at 03
12/04/2007 12:47 AM 0 2007-12-03 at 11
01/11/2008 01:19 AM 0 2008-01-11 at 12
01/17/2008 12:47 AM 0 2008-01-16 at 11
01/23/2008 03:59 AM 0 2008-01-23 at 02
01/25/2008 05:25 PM 0 2008-01-25 at 04
01/26/2008 06:26 AM 0 2008-01-26 at 05
01/27/2008 04:18 AM 0 2008-01-27 at 03
01/28/2008 03:43 AM 0 2008-01-28 at 02
01/28/2008 04:32 AM 0 2008-01-28 at 03
01/31/2008 05:32 AM 0 2008-01-31 at 04
02/02/2008 11:32 AM 0 2008-02-02 at 10
02/04/2008 04:53 AM 0 2008-02-04 at 03
02/10/2008 02:05 AM 0 2008-02-10 at 01
02/15/2008 12:30 AM 0 2008-02-14 at 11
02/16/2008 03:14 AM 0 2008-02-16 at 02
02/22/2008 02:27 AM 0 2008-02-22 at 01
02/23/2008 03:33 AM 0 2008-02-23 at 02
02/24/2008 05:16 AM 0 2008-02-24 at 04
02/25/2008 05:18 AM 0 2008-02-25 at 04
03/01/2008 03:26 AM 0 2008-03-01 at 02
03/02/2008 05:13 AM 0 2008-03-02 at 04
03/03/2008 04:32 AM 0 2008-03-03 at 03
03/08/2008 02:15 AM 0 2008-03-08 at 01
03/09/2008 03:18 AM 0 2008-03-09 at 02
03/09/2008 10:02 PM 0 2008-03-09 at 09
03/16/2008 11:17 PM 0 2008-03-16 at 10
03/17/2008 03:11 AM 0 2008-03-17 at 02
03/19/2008 02:54 AM 0 2008-03-19 at 01
03/20/2008 07:13 PM 0 2008-03-20 at 06
03/23/2008 03:55 AM 0 2008-03-23 at 02
03/23/2008 11:50 PM 0 2008-03-23 at 10
03/27/2008 06:07 PM 0 2008-03-27 at 05
03/29/2008 09:42 PM 0 2008-03-29 at 08
03/30/2008 02:22 AM 0 2008-03-30 at 01
02/10/2007 11:40 AM 0 AUTOEXEC.BAT
02/12/2007 11:12 AM 211 boot.ini
02/21/2008 06:05 PM 3,222 cheaters.log
03/30/2008 06:49 PM 8,840,133 ComboFix.txt
02/10/2007 11:40 AM 0 CONFIG.SYS
02/21/2008 12:04 PM 28,672 file.datastore
03/30/2008 06:54 PM 536,203,264 hiberfil.sys
02/18/2007 04:42 PM 160 INSTALL.LOG
02/10/2007 11:40 AM 0 IO.SYS
05/10/2000 06:46 PM 129,078 logo.syd
05/10/2000 06:46 PM 129,078 logo.sys
02/10/2007 11:40 AM 0 MSDOS.SYS
12/31/2002 02:00 PM 47,564 NTDETECT.COM
12/31/2002 02:00 PM 250,032 ntldr
03/30/2008 06:54 PM 805,306,368 pagefile.sys
03/29/2008 09:29 PM 27,165 SAFEBOOT_REPAIR.TXT
12/10/2007 09:04 PM 232 sqmdata00.sqm
01/11/2008 07:27 PM 268 sqmdata01.sqm
02/25/2008 08:59 PM 268 sqmdata02.sqm
09/13/2007 11:13 PM 268 sqmdata03.sqm
02/26/2008 09:26 PM 268 sqmdata04.sqm
03/13/2008 11:27 PM 268 sqmdata05.sqm
10/05/2007 11:02 PM 232 sqmdata06.sqm
10/05/2007 11:02 PM 136 sqmdata07.sqm
10/06/2007 11:25 AM 268 sqmdata08.sqm
09/05/2007 03:31 PM 172 sqmdata09.sqm
09/05/2007 03:32 PM 232 sqmdata10.sqm
09/05/2007 03:32 PM 232 sqmdata11.sqm
10/05/2007 11:02 PM 232 sqmdata12.sqm
10/05/2007 11:02 PM 232 sqmdata13.sqm
10/06/2007 02:34 PM 232 sqmdata14.sqm
10/06/2007 02:34 PM 232 sqmdata15.sqm
10/07/2007 09:59 AM 268 sqmdata16.sqm
10/04/2007 10:18 AM 268 sqmdata17.sqm
10/18/2007 09:52 PM 268 sqmdata18.sqm
11/23/2007 07:32 PM 232 sqmdata19.sqm
02/25/2008 08:59 PM 244 sqmnoopt00.sqm
02/26/2008 09:26 PM 244 sqmnoopt01.sqm
03/13/2008 11:27 PM 244 sqmnoopt02.sqm
09/13/2007 11:13 PM 244 sqmnoopt03.sqm
09/05/2007 03:30 PM 244 sqmnoopt04.sqm
09/05/2007 03:31 PM 244 sqmnoopt05.sqm
10/05/2007 11:02 PM 244 sqmnoopt06.sqm
10/06/2007 11:25 AM 244 sqmnoopt07.sqm
10/06/2007 02:34 PM 244 sqmnoopt08.sqm
09/05/2007 03:31 PM 172 sqmnoopt09.sqm
09/05/2007 03:32 PM 244 sqmnoopt10.sqm
09/05/2007 03:32 PM 244 sqmnoopt11.sqm
10/05/2007 11:02 PM 244 sqmnoopt12.sqm
10/05/2007 11:02 PM 244 sqmnoopt13.sqm
10/07/2007 09:59 AM 244 sqmnoopt14.sqm
10/04/2007 10:18 AM 244 sqmnoopt15.sqm
10/18/2007 09:52 PM 244 sqmnoopt16.sqm
11/23/2007 07:32 PM 244 sqmnoopt17.sqm
12/10/2007 09:04 PM 244 sqmnoopt18.sqm
01/11/2008 07:27 PM 244 sqmnoopt19.sqm
09/15/2005 07:54 PM 696,320 StubInstaller.exe
04/04/2007 09:47 PM 32,768 t24o
02/17/2007 06:32 PM 178 Yahoo! Music.url
02/17/2007 06:32 PM 179 Yahoo! Photos.url
02/17/2007 06:31 PM 146 YServer.txt
179 File(s) 1,351,704,154 bytes
0 Dir(s) 6,017,249,280 bytes free
.
Hidden
Volume in drive C is System disk
Volume Serial Number is 08FD-7BB9

Directory of C:\

02/12/2007 11:12 AM 211 boot.ini
03/30/2008 06:54 PM 536,203,264 hiberfil.sys
02/10/2007 11:40 AM 0 IO.SYS
02/10/2007 11:40 AM 0 MSDOS.SYS
02/10/2007 12:06 PM <DIR> MSOCache
12/31/2002 02:00 PM 47,564 NTDETECT.COM
12/31/2002 02:00 PM 250,032 ntldr
03/30/2008 06:54 PM 805,306,368 pagefile.sys
02/12/2007 10:47 AM <DIR> RECYCLER
12/10/2007 09:04 PM 232 sqmdata00.sqm
01/11/2008 07:27 PM 268 sqmdata01.sqm
02/25/2008 08:59 PM 268 sqmdata02.sqm
09/13/2007 11:13 PM 268 sqmdata03.sqm
02/26/2008 09:26 PM 268 sqmdata04.sqm
03/13/2008 11:27 PM 268 sqmdata05.sqm
10/05/2007 11:02 PM 232 sqmdata06.sqm
10/05/2007 11:02 PM 136 sqmdata07.sqm
10/06/2007 11:25 AM 268 sqmdata08.sqm
09/05/2007 03:31 PM 172 sqmdata09.sqm
09/05/2007 03:32 PM 232 sqmdata10.sqm
09/05/2007 03:32 PM 232 sqmdata11.sqm
10/05/2007 11:02 PM 232 sqmdata12.sqm
10/05/2007 11:02 PM 232 sqmdata13.sqm
10/06/2007 02:34 PM 232 sqmdata14.sqm
10/06/2007 02:34 PM 232 sqmdata15.sqm
10/07/2007 09:59 AM 268 sqmdata16.sqm
10/04/2007 10:18 AM 268 sqmdata17.sqm
10/18/2007 09:52 PM 268 sqmdata18.sqm
11/23/2007 07:32 PM 232 sqmdata19.sqm
02/25/2008 08:59 PM 244 sqmnoopt00.sqm
02/26/2008 09:26 PM 244 sqmnoopt01.sqm
03/13/2008 11:27 PM 244 sqmnoopt02.sqm
09/13/2007 11:13 PM 244 sqmnoopt03.sqm
09/05/2007 03:30 PM 244 sqmnoopt04.sqm
09/05/2007 03:31 PM 244 sqmnoopt05.sqm
10/05/2007 11:02 PM 244 sqmnoopt06.sqm
10/06/2007 11:25 AM 244 sqmnoopt07.sqm
10/06/2007 02:34 PM 244 sqmnoopt08.sqm
09/05/2007 03:31 PM 172 sqmnoopt09.sqm
09/05/2007 03:32 PM 244 sqmnoopt10.sqm
09/05/2007 03:32 PM 244 sqmnoopt11.sqm
10/05/2007 11:02 PM 244 sqmnoopt12.sqm
10/05/2007 11:02 PM 244 sqmnoopt13.sqm
10/07/2007 09:59 AM 244 sqmnoopt14.sqm
10/04/2007 10:18 AM 244 sqmnoopt15.sqm
10/18/2007 09:52 PM 244 sqmnoopt16.sqm
11/23/2007 07:32 PM 244 sqmnoopt17.sqm
12/10/2007 09:04 PM 244 sqmnoopt18.sqm
01/11/2008 07:27 PM 244 sqmnoopt19.sqm
02/10/2007 11:56 AM <DIR> System Volume Information
47 File(s) 1,341,817,055 bytes
3 Dir(s) 6,017,249,280 bytes free
.
2008 Files
Volume in drive C is System disk
Volume Serial Number is 08FD-7BB9

Directory of C:\

01/11/2008 01:19 AM 0 2008-01-11 at 12
01/17/2008 12:47 AM 0 2008-01-16 at 11
01/23/2008 03:59 AM 0 2008-01-23 at 02
01/25/2008 05:25 PM 0 2008-01-25 at 04
01/26/2008 06:26 AM 0 2008-01-26 at 05
01/27/2008 04:18 AM 0 2008-01-27 at 03
01/28/2008 03:43 AM 0 2008-01-28 at 02
01/28/2008 04:32 AM 0 2008-01-28 at 03
01/31/2008 05:32 AM 0 2008-01-31 at 04
02/02/2008 11:32 AM 0 2008-02-02 at 10
02/04/2008 04:53 AM 0 2008-02-04 at 03
02/10/2008 02:05 AM 0 2008-02-10 at 01
02/15/2008 12:30 AM 0 2008-02-14 at 11
02/16/2008 03:14 AM 0 2008-02-16 at 02
02/22/2008 02:27 AM 0 2008-02-22 at 01
02/23/2008 03:33 AM 0 2008-02-23 at 02
02/24/2008 05:16 AM 0 2008-02-24 at 04
02/25/2008 05:18 AM 0 2008-02-25 at 04
03/01/2008 03:26 AM 0 2008-03-01 at 02
03/02/2008 05:13 AM 0 2008-03-02 at 04
03/03/2008 04:32 AM 0 2008-03-03 at 03
03/08/2008 02:15 AM 0 2008-03-08 at 01
03/09/2008 03:18 AM 0 2008-03-09 at 02
03/09/2008 10:02 PM 0 2008-03-09 at 09
03/16/2008 11:17 PM 0 2008-03-16 at 10
03/17/2008 03:11 AM 0 2008-03-17 at 02
03/19/2008 02:54 AM 0 2008-03-19 at 01
03/20/2008 07:13 PM 0 2008-03-20 at 06
03/23/2008 03:55 AM 0 2008-03-23 at 02
03/23/2008 11:50 PM 0 2008-03-23 at 10
03/27/2008 06:07 PM 0 2008-03-27 at 05
03/29/2008 09:42 PM 0 2008-03-29 at 08
03/30/2008 02:22 AM 0 2008-03-30 at 01
33 File(s) 0 bytes
0 Dir(s) 6,017,249,280 bytes free

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot
AlternateShell REG_SZ cmd.exe

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys
<NO NAME> REG_SZ FSFilter System Recovery

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}
<NO NAME> REG_SZ Universal Serial Bus controllers

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ CD-ROM Drive

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ DiskDrive

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Standard floppy disk controller

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Hdc

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Keyboard

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Mouse

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ PCMCIA Adapters

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ SCSIAdapter

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ System

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Floppy disk drive

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
<NO NAME> REG_SZ Volume

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
<NO NAME> REG_SZ Human Interface Devices

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys
<NO NAME> REG_SZ FSFilter System Recovery

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI
<NO NAME> REG_SZ Driver Group

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys
<NO NAME> REG_SZ Driver

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt
<NO NAME> REG_SZ Service

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}
<NO NAME> REG_SZ Universal Serial Bus controllers

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ CD-ROM Drive

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ DiskDrive

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Standard floppy disk controller

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Hdc

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Keyboard

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Mouse

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Net

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ NetClient

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ NetService

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ NetTrans

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ PCMCIA Adapters

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ SCSIAdapter

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ System

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}
<NO NAME> REG_SZ Floppy disk drive

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}
<NO NAME> REG_SZ Volume

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}
<NO NAME> REG_SZ Human Interface Devices

  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,961 posts
Hi, Fidel Castro :)

I am going to remove those files from the C:\ folder. There are 0 bites files in the C:\ folder that need to be there. So do not delete those. Where in your computer the other 0 bites files are?

Please download the enclosed folder. [attachment=19552:RemFiles.zip]Save and extract its contents to the desktop. It is a batch file, RemFiles.bat. Once extracted doubleclick on it and post pack the report it will produce.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP