Several malware and virus removed, Windows doesn't work well in normal mode

Solved
By evilcaterpillar
Feb 9, 2012
  1. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    duplicate......
  2. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    Extras:

    OTL Extras logfile created on: 14/02/2012 15:50:14 - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\carlos\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000080A | Country: Mexico | Language: ESM | Date Format: dd/MM/yyyy

    894.17 Mb Total Physical Memory | 235.75 Mb Available Physical Memory | 26.36% Memory free
    2.12 Gb Paging File | 1.32 Gb Available in Paging File | 62.23% Paging File free
    Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 67.11 Gb Total Space | 13.92 Gb Free Space | 20.74% Space Free | Partition Type: NTFS
    Drive D: | 7.39 Gb Total Space | 0.83 Gb Free Space | 11.24% Space Free | Partition Type: FAT32

    Computer Name: YOUR-4105E587B6 | User Name: carlos | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Adobe\Adobe GoLive CS2\GoLive.exe" "%1" ()
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "ANTIVIRUSDISABLENOTIFY" = 0
    "FIREWALLDISABLENOTIFY" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22002

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
    "C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
    "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
    "C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
    "{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
    "{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
    "{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Panel de Control de ATI
    "{10133CDD-50B9-4783-B336-8B48F3653715}" = Star Wars Galactic Battlegrounds: Saga
    "{117E076F-5EB0-408D-B7A9-D94511FE834D}" = Macromedia Dreamweaver 8
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
    "{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0C0A-1E257A25E34D}" = Adobe Photoshop CS2
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
    "{25F6A201-C40C-4669-936D-473877CFEB4C}" = Galería fotográfica de Windows Live
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 22
    "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006
    "{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
    "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
    "{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
    "{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
    "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
    "{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
    "{38A0481D-544D-4C01-BB32-39332391D012}" = Windows Live Call
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
    "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
    "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 C1
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
    "{46548E80-040A-0000-7E8A-45000F855001}" = Adobe GoLive CS2
    "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
    "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
    "{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
    "{52AE81CB-B786-490E-93CF-240A9891B392}" = HP User Guides 0025
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{54DC27A1-2708-421E-8915-119955DB3B92}" = PC Camera (6029 CIF)
    "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
    "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE
    "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
    "{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
    "{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
    "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
    "{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
    "{8EDBA74D-0686-4C99-BFDD-F894678E5103}" = Adobe Common File Installer
    "{8F94D5AC-C1C6-432D-8924-2F5EEBC28446}" = Windows Live Essentials
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{953D4586-9A16-495E-BA1F-EE5AA66604DB}" = Windows Live Sync
    "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
    "{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
    "{ABB2901A-3D0A-4F21-8324-2F13C3EFE163}" = LightScribe 1.4.62.1
    "{AC76BA86-1034-4700-7760-100000000002}" = Adobe Acrobat 7.0 Professional - Español, Italiano, Português
    "{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
    "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
    "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
    "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
    "{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{B8583CB3-8ABE-407E-8BC6-F9A83EAC9133}" = Windows Live Writer
    "{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon v1.4 Patch
    "{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
    "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
    "{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
    "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
    "{BEC001F9-0451-4396-92D7-E1A4E7854BF3}" = Windows Live Mail
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
    "{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
    "{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
    "{CA9A3609-3ECC-4574-8824-A8161A71A603}" = Canon MP150
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
    "{E9787678-551D-4478-9682-DBB587257110}" = Adobe Help Center 1.0
    "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
    "{F2FFEEAA-0B48-4342-9B67-12ABB0B58F24}" = Windows Live Messenger
    "{F443F171-B49B-4645-915C-580E7ED79992}" = Macromedia Extension Manager
    "{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
    "9D32C79E-4A8C-47A7-899A-411A898605A9" = Polar Bowler from Big Fish Games (remove only)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player
    "Adobe SVG Viewer" = Adobe SVG Viewer 3.0
    "ATI Display Driver" = ATI Display Driver
    "Audio MP3 Editor_is1" = Audio MP3 Editor 2.20
    "CNXT_AUDIO" = Conexant AC-Link Audio
    "CNXT_MODEM_PCI_VEN_1002&DEV_4378" = Soft Data Fax Modem with SmartCP
    "DivX Setup.divx.com" = DivX Setup
    "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
    "FlashGet" = FlashGet 1.9.2.1028
    "HP Imaging Device Functions" = HP Imaging Device Functions 6.0
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.0
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
    "InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
    "Knots3D" = Knots3D
    "Lemonade Tycoon 2_is1" = Lemonade Tycoon 2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Monopoly Tycoon" = Monopoly Tycoon
    "Mozilla Firefox 9.0.1 (x86 es-AR)" = Mozilla Firefox 9.0.1 (x86 es-AR)
    "MP Navigator 2.0" = Canon MP Navigator 2.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "Music Rescue_is1" = Music Rescue 3.1
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office8.0" = Microsoft Office 97 Professional
    "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
    "RealAlt_is1" = Real Alternative 1.9.0
    "SubtitleWorkshop" = Subtitle Workshop 2.51
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Toshiba AutoTask" = Toshiba AutoTask
    "Veetle TV" = Veetle TV 0.9.18
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Extras" = Yahoo! Browser Services
    "Yahoo! IE Suggest" = Yahoo! IE Search Suggest
    "Yahoo! Mail" = Yahoo! Internet Mail
    "Yahoo! Messenger" = Yahoo! Messenger
    "YInstHelper" = Yahoo! Install Manager

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "EA SPORTS Game Face Browser Plugin" = EA SPORTS Game Face Browser Plugin 1.5.2.0
    "EA SPORTS Gameface Browser Plugin" = EA SPORTS Gameface Browser Plugin 1.3.1.0
    "Facebook Plug-In" = Facebook Plug-In
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 13/02/2012 19:48:55 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.2.3:5353 25 3.2.168.192.in-addr.arpa.
    PTR your-4105e587b6-2.local.

    Error - 13/02/2012 19:48:55 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 3.2.168.192.in-addr.arpa.
    PTR your-4105e587b6.local.

    Error - 14/02/2012 01:52:04 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.0.4:5353 25 4.0.168.192.in-addr.arpa.
    PTR your-4105e587b6-2.local.

    Error - 14/02/2012 01:52:04 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 4.0.168.192.in-addr.arpa.
    PTR your-4105e587b6.local.

    Error - 14/02/2012 02:44:17 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.0.4:5353 25 4.0.168.192.in-addr.arpa.
    PTR your-4105e587b6-2.local.

    Error - 14/02/2012 02:44:17 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 4.0.168.192.in-addr.arpa.
    PTR your-4105e587b6.local.

    Error - 14/02/2012 16:10:57 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 192.168.2.3:5353 25 3.2.168.192.in-addr.arpa.
    PTR your-4105e587b6-2.local.

    Error - 14/02/2012 16:10:58 | Computer Name = YOUR-4105E587B6 | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Unexpected conflict discarding 23 3.2.168.192.in-addr.arpa.
    PTR your-4105e587b6.local.

    Error - 14/02/2012 16:24:30 | Computer Name = YOUR-4105E587B6 | Source = Automatic LiveUpdate Scheduler | ID = 101
    Description = Nivel de información: error Falló la inicialización del subsistema
    COM. Código de error: 0x8007041D.

    Error - 14/02/2012 17:16:15 | Computer Name = YOUR-4105E587B6 | Source = MsiInstaller | ID = 1013
    Description = Product: Nokia PC Connectivity Solution -- Nokia PC Suite requires
    Nokia PC Connectivity Solution in order to function properly. Are you sure you
    want to continue uninstalling Nokia PC Connectivity Solution?

    [ System Events ]
    Error - 14/02/2012 17:12:54 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:54 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:54 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:54 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:54 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:54 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:55 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:55 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:55 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 14/02/2012 17:12:55 | Computer Name = YOUR-4105E587B6 | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126


    < End of report >
  3. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    You didn't say:
    [​IMG]

    ===============================================================

    You have some Norton's leftovers.
    Run this tool to remove them: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    ==========================================================

    OTL log looks perfectly clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ===========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  4. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    How is computer doing?

    Sorry, I forgot to write it down...

    Now is running normal, no messages from windows, pop ups or any other symptoms, the start up is faster than a few weeks ago, so far, so good.
    I'll do the last scans and let you know how is it going.

    Thanks
  5. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Cool :)............
  6. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    Something odd happened after the Norton remover ended, when the computer restarted the windows installer appeared and configured Adobe Acrobat Professional, any clue?
  7. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Not really.
    Go on with other steps.
  8. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    Security Check Log

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    McAfee VirusScan Enterprise
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 31
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (x86 es-AR..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    McAfee VirusScan Enterprise Mcshield.exe
    McAfee VirusScan Enterprise VsTskMgr.exe
    ``````````End of Log````````````
  9. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    Farbar Log:

    Farbar Service Scanner Version: 14-02-2012
    Ran by carlos (administrator) on 15-02-2012 at 22:48:59
    Running from "C:\Files\New files"
    Microsoft Windows XP Home Edition Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(7) IPSec(5) mfetdik(9) NetBT(6) PEEK5(10) PSched(8) Tcpip(4)
    0x0A0000000500000001000000020000000300000004000000090000000600000007000000080000000A000000
    IpSec Tag value is correct.

    **** End of log ****
  10. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    ...and Eset....
  11. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    ESET

    C:\Programas Varios\aTube10265.exe Win32/Adware.ADON application
    C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Patched.NBG.Gen trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\svchost.exe.vir Win32/Patched.NBG.Gen trojan
    C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Win32/Patched.NBG.Gen trojan
    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0007686.exe Win32/Patched.NBG.Gen trojan
    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP11\A0007688.exe Win32/Patched.NBG.Gen trojan
    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP12\A0008992.exe Win32/Patched.NBG.Gen trojan
    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP12\A0008993.exe Win32/Patched.NBG.Gen trojan
    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP12\A0008994.exe Win32/Patched.NBG.Gen trojan
    C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP12\A0009051.exe Win32/Patched.NBG.Gen trojan

    I had an error with Java: jusched.exe - windows has encountered a problem.
    Should I install Java again?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

    Uninstall:
    Java(TM) SE Runtime Environment 6 Update 1
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7

    ===================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  13. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: carlos
    ->Temp folder emptied: 938516035 bytes
    ->Temporary Internet Files folder emptied: 564924 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 46449634 bytes
    ->Flash cache emptied: 456 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 115194491 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 14295584 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 127046 bytes

    Total Files Cleaned = 1,064.00 mb


    [EMPTYFLASH]

    User: All Users

    User: carlos
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: All Users

    User: carlos
    ->Java cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner

    Total Java Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 02162012_174547

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
  14. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Whenever ready....
  15. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    Thanks Broni,

    I already intalled WOT and Secunia and checking the programs outdated. The computer is working great, no signs of infection, the only issue is the windows installer trying to find a driver for an inexistent hardware, I googled it and is something about a wireless modem that my wife installed some time ago.
    About uninstalling some Java programs, I still have:
    - J2SE Runtime Environment 5.0 Update 10
    - J2SE Runtime Environment 5.0 Update 11
    - J2SE Runtime Environment 5.0 Update 6
    - Java(tm)6 Update 31

    Any actions whit these?

    Thanks
  16. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Uninstall first three.
    Leave Java(tm)6 Update 31 alone.

    I need more detailed info.
  17. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

  18. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    That's fine but I'd like to know what exactly happens.
    Getting some pop-up when Windows starts or....?
  19. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
    No installation required.
    Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
    Go File>Save, and save it as AutoRuns.txt file to know location.
    You must select Text from drop-down menu as a file type:

    [​IMG]

    Attach the file to your next reply.
  20. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    Sorry, I have been busy...
    This is the log...

    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
    + "Acrobat Assistant 7.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\adobe acrobat 7.0\distillr\acrotray.exe"
    + "Adobe Version Cue CS2" "Adobe Version Cue CS2" "Adobe Sytems Incorporated" "c:\program files\adobe\adobe version cue cs2\controlpanel\versioncuecs2tray.exe"
    + "APSDaemon" "Apple Push" "Apple Inc." "c:\program files\common files\apple\apple application support\apsdaemon.exe"
    + "ATIPTA" "ATI Desktop Control Panel" "ATI Technologies, Inc." "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
    + "AutoTask" "AutoTask Application" "Dura Micro, Inc" "c:\program files\autotask\autotask.exe"
    + "Cpqset" "" "" "c:\program files\hpq\default settings\cpqset.exe"
    + "DivXUpdate" "DivX Update" "" "c:\program files\divx\divx update\divxupdate.exe"
    + "eabconfg.cpl" "Quick Launch Buttons" "Hewlett-Packard " "c:\program files\hpq\quick launch buttons\eabservr.exe"
    + "HP Software Update" "Hewlett-Packard Product Assistant" "Hewlett-Packard Co." "c:\program files\hp\hp software update\hpwuschd2.exe"
    + "hpWirelessAssistant" "hp Wireless Assistant Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hpq\hp wireless assistant\hp wireless assistant.exe"
    + "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files\itunes\ituneshelper.exe"
    + "McAfeeUpdaterUI" "Common User Interface" "McAfee, Inc." "c:\program files\mcafee\common framework\udaterui.exe"
    + "OpwareSE2" "OCR Aware (32-bit)" "ScanSoft, Inc." "c:\program files\scansoft\omnipagese2.0\opwarese2.exe"
    + "QPService" "HP QuickPlay Resident Program" "CyberLink Corp." "c:\program files\hp\quickplay\qpservice.exe"
    + "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
    + "RecGuard" "Recguard Application" "" "c:\windows\sminst\recguard.exe"
    + "ShStatEXE" "VirusScan tray icon" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shstat.exe"
    + "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
    + "SynTPStart" "Synaptics Pointing Device starter" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpstart.exe"
    "C:\Documents and Settings\All Users\Start Menu\Programs\Startup" "" "" ""
    + "Adobe Gamma.lnk" "Adobe Gamma Loader" "Adobe Systems, Inc." "c:\program files\common files\adobe\calibration\adobe gamma loader.exe"
    + "Inicio rápido de Adobe Acrobat.lnk" "" "" "c:\windows\installer\{ac76ba86-1034-4700-7760-100000000002}\sc_acrobat.exe"
    + "Secunia PSI Tray.lnk" "Secunia PSI Tray" "Secunia" "c:\program files\secunia\psi\psi_tray.exe"
    + "Windows Search.lnk" "Windows Search System Tray" "Microsoft Corporation" "c:\program files\windows desktop search\windowssearch.exe"
    "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
    + "Address Book 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
    + "Microsoft Outlook Express 6" "Outlook Express Setup Library" "Microsoft Corporation" "c:\program files\outlook express\setup50.exe"
    "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
    + "swg" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe"
    + "updateMgr" "Adobe Update Manager" "Adobe Systems Incorporated" "c:\program files\adobe\adobe acrobat 7.0\acrobat\adobeupdatemanager.exe"
    "HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
    + "livecall" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
    + "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
    + "msnim" "Windows Live Messenger Protocol Handler Module" "Microsoft Corporation" "c:\program files\windows live\messenger\msgrapp.14.0.8089.0726.dll"
    + "wlmailhtml" "Windows Live Mail" "Microsoft Corporation" "c:\program files\windows live\mail\mailcomm.dll"
    "HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components" "" "" ""
    + "0" "" "" "File not found: About:Home"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
    + "Windows Desktop Search Namespace Manager" "Windows Search Namespace Manager" "Microsoft Corporation" "c:\program files\windows desktop search\msnlnamespacemgr.dll"
    "HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
    + "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\adobe acrobat 7.0\acrobat elements\contextmenu.dll"
    + "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    + "Yahoo! Mail" "Yahoo! Mail" "Yahoo! Inc." "c:\program files\yahoo!\common\ymmapi.dll"
    "HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
    + "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
    "HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
    + "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
    + "Nokia" "" "" "File not found: C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll"
    "HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
    + "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\adobe\adobe acrobat 7.0\activex\pdfshell.dll"
    "HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
    + "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
    + "VirusScan" "Shell Extension" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\shext.dll"
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
    + "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
    + "Adobe PDF Conversion Toolbar Helper" "Adobe IE plugin" "Adobe Systems Incorporated" "c:\program files\adobe\adobe acrobat 7.0\acrobat\acroiefavclient.dll"
    + "Adobe PDF Reader Link Helper" "Adobe Acrobat IE Helper Version 7.0 for ActiveX" "Adobe Systems Incorporated" "c:\program files\adobe\adobe acrobat 7.0\activex\acroiehelper.dll"
    + "Bing Bar Helper" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
    + "DivX HiQ" "DivX Web Player version 2.1.1.94" "DivX, LLC" "c:\program files\divx\divx plus web player\npdivx32.dll"
    + "DivX Plus Web Player HTML5 <video>" "DivX Web Player version 2.1.1.94" "DivX, LLC" "c:\program files\divx\divx plus web player\npdivx32.dll"
    + "FGCatchUrl" "Flashget CatchUrl Module" "www.flashget.com" "c:\program files\flashget\jccatch.dll"
    + "FlashGet GetFlash Class" "Flashget GetFlash Module" "www.flashget.com" "c:\program files\flashget\getflash.dll"
    + "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
    + "Google Toolbar Notifier BHO" "GoogleToolbarNotifier" "Google Inc." "c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll"
    + "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
    + "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
    + "JQSIEStartDetectorImpl Class" "Java(TM) Quick Starter binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
    + "scriptproxy" "VSCore Script Scanner" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\scriptcl.dll"
    + "Windows Live Aplicación auxiliar de inicio de sesión" "WindowsLiveLogin.dll" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
    + "Yahoo! IE Services Button" "Yahoo! IE Services" "Yahoo! Inc." "c:\program files\yahoo!\common\yiesrvc.dll"
    + "Yahoo! IE Suggest" "Search Suggest" "Yahoo! Inc." "c:\program files\yahoo!\search\ysearchsuggest.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
    + "Adobe PDF" "Adobe IE plugin" "Adobe Systems Incorporated" "c:\program files\adobe\adobe acrobat 7.0\acrobat\acroiefavclient.dll"
    + "Bing" "Bing Client Extensions" "Microsoft Corporation." "c:\program files\microsoft\bingbar\bingext.dll"
    + "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files\google\google toolbar\googletoolbar_32.dll"
    "HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
    + "FlashGet" "FlashGet" "FlashGet.com" "c:\program files\flashget\flashget.exe"
    + "Windows Messenger" "Windows Messenger" "Microsoft Corporation" "c:\program files\messenger\msmsgs.exe"
    "Task Scheduler" "" "" ""
    + "AppleSoftwareUpdate.job" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
    + "GoogleUpdateTaskMachineCore.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
    + "GoogleUpdateTaskMachineUA.job" "Google Installer" "Google Inc." "c:\program files\google\update\googleupdate.exe"
    + "HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job" "" "" "c:\program files\common files\sonic shared\sonic central\main\mediahub.exe"
    + "mbam.job" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbam.exe"
    + "TFC.job" "" "OldTimer Tools" "c:\files\new files\tfc.exe"
    "HKLM\System\CurrentControlSet\Services" "" "" ""
    + "Adobe LM Service" "AdobeLM Service" "Adobe Systems" "c:\program files\common files\adobe systems shared\service\adobelmsvc.exe"
    + "Adobe Version Cue CS2" "Adobe Version Cue CS2" "Adobe Systems Incorporated" "c:\program files\adobe\adobe version cue cs2\bin\versioncuecs2.exe"
    + "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe"
    + "AppMgmt" "Provides software installation services such as Assign, Publish, and Remove." "" "File not found: C:\WINDOWS\System32\appmgmts.dll"
    + "Ati HotKey Poller" "ATI External Event Utility EXE Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.exe"
    + "BBSvc" "Keeps Bing Bar up-to-date. Disabling this service might prevent updates and expose your computer to security vulnerabilities or functional flaws in Bing Bar." "Microsoft Corporation." "c:\program files\microsoft\bingbar\bbsvc.exe"
    + "BBUpdate" "Enables the detection, download and installation of up-to-date configuration files for Bing Bar. Also provides server communication for the customer experience improvement program. Stopping or disabling this service may prevent you from getting the latest updates for Bing Bar, which may expose your computer to security vulnerabilities or functional flaws in the Bing Bar." "Microsoft Corporation" "c:\program files\microsoft\bingbar\seaport.exe"
    + "Bonjour Service" "Permite que los dispositivos de hardware y los servicios de software se configuren automáticamente en la red y anuncien su presencia." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
    + "gupdate" "Mantiene actualizado tu software de Google. Si este servicio se desactiva o se detiene, tu software de Google no se mantendrá actualizado, lo que implica que las vulnerabilidades de seguridad que puedan aparecer no podrán arreglarse y es posible que algunas funciones no anden. Este servicio se desinstala automáticamente si ningún software de Google la utiliza." "Google Inc." "c:\program files\google\update\googleupdate.exe"
    + "gupdatem" "Mantiene actualizado tu software de Google. Si este servicio se desactiva o se detiene, tu software de Google no se mantendrá actualizado, lo que implica que las vulnerabilidades de seguridad que puedan aparecer no podrán arreglarse y es posible que algunas funciones no anden. Este servicio se desinstala automáticamente si ningún software de Google la utiliza." "Google Inc." "c:\program files\google\update\googleupdate.exe"
    + "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files\google\common\google updater\googleupdaterservice.exe"
    + "hpqwmiex" "hpqwmiex Module" "Hewlett-Packard Development Company, L.P." "c:\program files\hewlett-packard\shared\hpqwmiex.exe"
    + "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe"
    + "iPod Service" "Servicios de administración del hardware del iPod" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
    + "JavaQuickStarterService" "Prefetches JRE files for faster startup of Java applets and applications" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jqs.exe"
    + "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
    + "McAfeeFramework" "Shared component framework for McAfee products" "McAfee, Inc." "c:\program files\mcafee\common framework\frameworkservice.exe"
    + "McShield" "Ofrece protección de análisis en tiempo real de McAfee para su equipo." "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\mcshield.exe"
    + "McTaskManager" "Permite planificar las actividades de análisis y actualización de McAfee." "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\vstskmgr.exe"
    + "Net Driver HPZ12" "Dot4Net Module" "Hewlett-Packard" "c:\windows\system32\hpzinw12.dll"
    + "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
    + "Programador de LiveUpdate automático" "Administra la programación de las sesiones de LiveUpdate automático" "" "File not found: C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    + "Secunia PSI Agent" "Performs routine software inspections of the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files\secunia\psi\psia.exe"
    + "Secunia Update Agent" "Performs routine updates of selected software on the system, the results of which can be seen in your Secunia PSI" "Secunia" "c:\program files\secunia\psi\sua.exe"
    + "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
    "HKLM\System\CurrentControlSet\Services" "" "" ""
    + "AliIde" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
    + "AmdK8" "AMD Processor Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdk8.sys"
    + "ati2mtag" "ATI Radeon WindowsNT Miniport Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\ati2mtag.sys"
    + "BCM43XX" "Broadcom 802.11 Network Adapter wireless driver" "Broadcom Corporation" "c:\windows\system32\drivers\bcmwl5.sys"
    + "BTWUSB" "Driver for Bluetooth USB Devices" "Broadcom Corporation." "c:\windows\system32\drivers\btwusb.sys"
    + "CAMCAUD" "Conexant WDM AC97 Audio Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\camc6aud.sys"
    + "CAMCHALA" "Conexant AmcHal Driver" "Conexant Systems Inc." "c:\windows\system32\drivers\camc6hal.sys"
    + "Changer" "" "" "File not found: C:\WINDOWS\System32\Drivers\Changer.sys"
    + "cmusbser" "Cmotech USB Modem/Serial Device Driver" "Cmotech Co.,Ltd" "c:\windows\system32\drivers\cmusbser.sys"
    + "eabfiltr" "QLB PS/2 Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabfiltr.sys"
    + "eabusb" "QLB USB Keyboard filter driver" "Hewlett-Packard Development Company, L.P." "c:\windows\system32\drivers\eabusb.sys"
    + "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
    + "HPZid412" "IEEE-1284.4-1999 Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzid412.sys"
    + "HPZipr12" "IEEE-1284.4-1999 Print Class Driver" "HP" "c:\windows\system32\drivers\hpzipr12.sys"
    + "HPZius12" "1284.4<->Usb Datalink Driver (Windows 2000)" "HP" "c:\windows\system32\drivers\hpzius12.sys"
    + "HSF_DP" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dp.sys"
    + "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_dpv.sys"
    + "HSFHWATI" "HSFHWATI WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsfhwati.sys"
    + "i2omgmt" "" "" "File not found: C:\WINDOWS\System32\Drivers\i2omgmt.sys"
    + "k510bus" "Sony Ericsson K510 Driver Driver" "MCCI" "c:\windows\system32\drivers\k510bus.sys"
    + "k510mdfl" "Sony Ericsson K510 USB WMC Modem Filter" "MCCI" "c:\windows\system32\drivers\k510mdfl.sys"
    + "k510mdm" "Sony Ericsson K510 USB WMC Modem Driver" "MCCI" "c:\windows\system32\drivers\k510mdm.sys"
    + "k510mgmt" "Sony Ericsson K510 USB WMC Device Management Drivers (WDM)" "MCCI" "c:\windows\system32\drivers\k510mgmt.sys"
    + "k510obex" "Sony Ericsson K510 USB WMC OBEX Interface" "MCCI" "c:\windows\system32\drivers\k510obex.sys"
    + "lbrtfdc" "" "" "File not found: C:\WINDOWS\System32\Drivers\lbrtfdc.sys"
    + "mdmxsdk" "Diagnostic Interface DRIVER" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
    + "mfeapfk" "Access Protection Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeapfk.sys"
    + "mfeavfk" "Anti-Virus File System Filter Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfeavfk.sys"
    + "mfebopk" "Buffer Overflow Protection Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfebopk.sys"
    + "mfehidk" "Host Intrusion Detection Link Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfehidk.sys"
    + "mferkdk" "VSCore Code Analysis Driver" "McAfee, Inc." "c:\program files\mcafee\virusscan enterprise\mferkdk.sys"
    + "mfetdik" "Anti-Virus Mini-Firewall Driver" "McAfee, Inc." "c:\windows\system32\drivers\mfetdik.sys"
    + "NSNDIS5" "" "" "File not found: C:\WINDOWS\system32\NSNDIS5.SYS"
    + "PCIDump" "" "" "File not found: C:\WINDOWS\System32\Drivers\PCIDump.sys"
    + "PDCOMP" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDCOMP.sys"
    + "PDFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDFRAME.sys"
    + "PDRELI" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRELI.sys"
    + "PDRFRAME" "" "" "File not found: C:\WINDOWS\System32\Drivers\PDRFRAME.sys"
    + "PEEK5" "PEEK Driver v4.5" "WildPackets, Inc." "c:\windows\system32\drivers\peek5.sys"
    + "PSI" "PSI mini-filter driver" "Secunia" "c:\windows\system32\drivers\psi_mf.sys"
    + "Ptilink" "Direct Parallel Link Driver" "Parallel Technologies, Inc." "c:\windows\system32\drivers\ptilink.sys"
    + "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
    + "RTL8023xp" "Realtek 10/100/1000 NDIS 5.1 Driver " "Realtek Semiconductor Corporation " "c:\windows\system32\drivers\rtnicxp.sys"
    + "Secdrv" "SafeDisc driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
    + "SMCIRDA" "SMC IrCC NDIS 5.0 IrDA FIR Device Driver" "SMC" "c:\windows\system32\drivers\smcirda.sys"
    + "SNPP106" "PC Camera driver" "" "c:\windows\system32\drivers\snpp106.sys"
    + "SONYPVU1" "Sony USB Lower Filter driver" "Sony Corporation" "c:\windows\system32\drivers\sonypvu1.sys"
    + "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
    + "tap0901" "TAP-Win32 Virtual Network Driver" "The OpenVPN Project" "c:\windows\system32\drivers\tap0901.sys"
    + "tifm21" "tifm21.sys" "Texas Instruments" "c:\windows\system32\drivers\tifm21.sys"
    + "USBAAPL" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl.sys"
    + "WDICA" "" "" "File not found: C:\WINDOWS\System32\Drivers\WDICA.sys"
    + "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsf_cnxt.sys"
    "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
    + "msacm.iac2" "Indeo® Audio Software" "Ligos Corporation" "c:\windows\system32\iac25_32.ax"
    + "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
    + "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
    + "msacm.trspch" "DSP Group TrueSpeech(TM) Audio Codec for MSACM V3.50" "DSP GROUP, INC." "c:\windows\system32\tssoft32.acm"
    + "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
    + "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
    + "vidc.iv31" "" "" "c:\windows\system32\ir32_32.dll"
    + "vidc.iv32" "" "" "c:\windows\system32\ir32_32.dll"
    + "vidc.iv41" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
    + "vidc.iv50" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
    + "vidc.XVID" "" "" "File not found: xvidvfw.dll"
    + "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
    "HKLM\Software\Classes\Filter" "" "" ""
    + "Indeo® video 4.4 Compression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
    + "Indeo® video 4.4 Decompression Filter" "Intel Indeo® Video 4.5" "Intel Corporation" "c:\windows\system32\ir41_32.ax"
    "HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
    + "9x8Resize" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "ACELP.net Audio Decoder" "ACELP.net Audio Decoder" "Sipro Lab Telecom Inc." "c:\windows\system32\acelpdec.ax"
    + "Allocator Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "Bitmap" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "Capture File Writer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "CyberLink Audio Decoder" "CyberLink Audio Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claud.ax"
    + "CyberLink AudioCD Filter" "CyberLink AudioCD Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\claudiocd.ax"
    + "CyberLink Demultiplexer (HP_QP2005)" "MPEG-2 Dempltiplexer" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\cldemuxer.ax"
    + "CyberLink DVD Navigator" "CyberLink DVD Navigation Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clnavx.ax"
    + "CyberLink Line21 Decoder Filter" "CyberLink Line21 Decoder Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clline21.ax"
    + "CyberLink TimeStretch Filter" "CLAuTS.ax" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clauts.ax"
    + "CyberLink Video Effect" "CLVidFx" "CyberLink" "c:\program files\hp\quickplay\kernel\movie\clvidfx.ax"
    + "CyberLink Video/SP Decoder" "CyberLink Video/SP Filter" "CyberLink Corp." "c:\program files\hp\quickplay\kernel\movie\clvsd.ax"
    + "DirectShow Tap" "Sonic DirectShow Tap Filter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\directshowtap.ax"
    + "DivX AAC Decoder" "AAC audio decoder filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
    + "DivX Decoder Filter" "DivX Decoder Filter" "DivX, Inc." "c:\program files\divx\divx codec\divxdec.ax"
    + "DivX Demux Filter" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
    + "DivX Demux Filter (Unrestricted Edition)" "DivX Plus DMF Navigator Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\directshowdemuxfilter.dll"
    + "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
    + "Frame Eater" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "Indeo® audio software" "Indeo® Audio Software" "Ligos Corporation" "c:\windows\system32\iac25_32.ax"
    + "Indeo® Video 5.11 Compression Filter" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
    + "Indeo® Video 5.11 Decompression Filter" "Ligos Indeo® Video 5.11" "Ligos Corporation" "c:\windows\system32\ir50_32.dll"
    + "MainConcept MPEG Audio Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcdsmpeg.ax"
    + "MainConcept MPEG Splitter" "Mpeg I/II Splitter" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcspmpeg.ax"
    + "MainConcept MPEG Video Decoder" "MPEG Video and Audio Decoder" "MainConcept AG" "c:\program files\common files\muvee technologies\mainconcept\mcdsmpeg.ax"
    + "MPEG Layer-3 Decoder" "MPEG Layer-3 Audio Decoder" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codecx.ax"
    + "muvee HXImage Filter" "HXImage Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\hximagefilter.ax"
    + "muvee Music Analyser" "Music Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvmanalyse.ax"
    + "muvee Video Analyser" "Video Analyser Filter for muvee autoProducer" "muvee Technologies Pte Ltd" "c:\program files\common files\muvee technologies\030625\mvvanalyse.ax"
    + "QuickTime Encoder" "QuickTime Encoder" "muvee Technologies" "c:\program files\common files\muvee technologies\030625\quicktimesink.ax"
    + "QuickTime Source Filter" "QuickTimeSource Module" "" "c:\program files\common files\muvee technologies\030625\quicktimesource.dll"
    + "QuickTimeRenderer Filter" "QuickTimeRenderer Filter" "muvee Technologies Pte. Ltd." "c:\program files\common files\muvee technologies\030625\quicktimerenderer.ax"
    + "Record Queue" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "Record Queue" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "RTStreamSink" "RTStream Sink Filter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\rtstreamsink.ax"
    + "Samsung AAC Decoding Filter" "AAC Decoder Filter Dll" "Pixtree, Inc." "c:\program files\samsung\intelli-studio\filters\pxtraacd.dll"
    + "Samsung AAC Encoder Filter" "AAC Encoder Filter Dll" "Pixtree, Inc." "c:\program files\samsung\intelli-studio\filters\pxtraace.dll"
    + "Samsung H264 Decoder" "HTH264Dec1" "Honest Technology" "c:\program files\samsung\intelli-studio\filters\pxtrvdf.dll"
    + "Samsung H264 Encoding Filter" "Pixtree h264 video encoder dshow filter" "PIXTREE, Inc." "c:\program files\samsung\intelli-studio\filters\pxtrvef.dll"
    + "Samsung MJPEG Decoder" "HTH264Dec1" "Honest Technology" "c:\program files\samsung\intelli-studio\filters\pxtrvdf.dll"
    + "Samsung MP4 Muxer Filter" "" "" "c:\program files\samsung\intelli-studio\filters\ssmp4mux.ax"
    + "Samsung MPEG-4 Splitter Filter" "Pixtree MP4 Splitter Filter" "Pixtree, Inc." "c:\program files\samsung\intelli-studio\filters\pxtrmp4s.dll"
    + "ShotDetect" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "Sonic Audio Depth Converter" "AudioDepthConverter" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\audiodepthconverter.ax"
    + "Sonic Cinemaster MPEG Splitter" "Sonic MPEG Splitter" "" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\sonicmpegsplitter.dll"
    + "Sonic MPEG Audio Decoder" "SonicMPEGAudio" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\sonicmpegaudio.dll"
    + "Sonic MPEG Video Decoder" "SonicMPEGVideo" "Sonic Solutions" "c:\program files\muvee technologies\muvee autoproducer 4.5 - se\sonicmpegvideo.dll"
    + "Stetch" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "Tivo DirectShow Source Filter" "TiVo DirectShow Filter" "TiVo Inc." "c:\program files\common files\tivo shared\directshow\tivodirectshowfilter.dll"
    + "WAV Dest" "" "" "c:\windows\system32\wavdest.ax"
    + "WIA Stream Snapshot Filter" "WIA Stream Snapshot Filter" "MyCompanyName" "c:\windows\system32\wiasf.ax"
    + "WM VIH2 Fix" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WM VIH2 Fix" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMplug" "" "" "File not found: C:\WINDOWS\wt\webdriver\4.1.1\wtwmplug.ax"
    + "WMT Audio Analyzer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Black Frame Generator" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT DirectX Transform Wrapper" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT DV Extract Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT DV Extract Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT FormatConversion" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Import Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Interlacer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Log Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT MuxDeMux Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Sample Info Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Sample Info Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Screen capture Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Switch Filter" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Switch Filter" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Virtual Renderer" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Virtual Renderer" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Virtual Source" "Windows Live Video Acquisition Filters" "Microsoft Corporation" "c:\program files\windows live\photo gallery\wlxvafilt.dll"
    + "WMT Virtual Source" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    + "WMT Volume" "Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
    + "AtiExtEvent" "ATI External Event Utility DLL Module" "ATI Technologies Inc." "c:\windows\system32\ati2evxx.dll"
    "HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
    + "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
    "HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
    + "Adobe PDF Port" "Acrobat ® PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf.dll"
    + "Canon BJ Language Monitor MP150" "IJ Language Monitor" "CANON INC." "c:\windows\system32\cnmlm7k.dll"
    + "LIDIL hpzll5ha" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpzll5ha.dll"
  21. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Re-run Autoruns, scroll down to "HKLM\System\CurrentControlSet\Services" section and UN-check "cmusbser" line.
    Restart computer.
  22. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    The C-MOTECH window is gone now, but still the "found new hardware wizard" appears at the startup, if I click continue it says is looking for a driver to an "unknown" hardware
  23. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Go Start>Run type in:
    devmgmt.msc
    Click OK.

    Device Manager will open.
    Are there any errors listed?
    If not...
    Go View and select "Show hidden devices".
    See if you can see any errors or listings for that modem in "Non-Plug and Play Drivers" section.
  24. evilcaterpillar

    evilcaterpillar Newcomer, in training Topic Starter Posts: 57

    Yes, there is an error.

    Other Devices --
    Unknown Device

    "This device is not configured corectly (Code1)
    To reinstall the drivers for this device, click Reinstall Driver"

    Details: Device Instance ID - ROOT\LEGACY_SAKUTIL\0000
  25. Broni

    Broni Malware Annihilator Posts: 46,123   +251

    Uninstall it.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.