Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TROJAN TOOK OVER MY COMPUTER


  • This topic is locked This topic is locked
10 replies to this topic

#1 KerbyFX

KerbyFX

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 21 December 2008 - 12:00 PM

I had a trojan that installed itself on my computer yesterday. McAffee quickly removed the script, and Windows Defender removed most of the trojan, but reminents are still left over.


1. I CAN NOT TURN MY AUTOMATIC UPDATES ON! Even when i try and start the service, it is still disabled.

2. RANDOM WEBPAGES KEEP POPPING UP IN INTERNET EXPLORER!

3. I have tried to do a System Restore, and it was not able to complete successfully.

Here are my HiJackthis logs. Please, someone help me!

Thanks:

Logfile of random's system information tool 1.05 (written by random/random)
Run by DickHouse at 2008-12-21 10:49:17
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 11 GB (19%) free of 57 GB
Total RAM: 511 MB (13% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:38 AM, on 12/21/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\WINDOWS\System32\taskswitch.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MemTurbo\memturbo.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DickHouse\Desktop\RSIT.exe
C:\Program Files\trend micro\DickHouse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {6E03E9F1-12B4-4D3A-9244-37E52D408690} - C:\WINDOWS\system32\tuvSljkI.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [POINTER] C:\Dell\drivers\R34790\Mouse\SETUP\MSH\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB003" /M "Stylus CX3800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfeeUpdate] "C:\Documents and Settings\DickHouse\Local Settings\Temporary Internet Files\Content.IE5\30NDX3OV\McAfeeUpdate[1].exe" /RunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [prunnet] "C:\WINDOWS\system32\prunnet.exe"
O4 - HKUS\S-1-5-21-484763869-1004336348-725345543-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'NetKerby')
O4 - HKUS\S-1-5-21-484763869-1004336348-725345543-1010\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'NetKerby')
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\memturbo.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Brandon\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229842170750
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://66.133.171.77/VMRCActiveXClient.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...252/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{117F52E0-7C74-4BD9-9793-8EE5354C4AED}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{117F52E0-7C74-4BD9-9793-8EE5354C4AED}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{117F52E0-7C74-4BD9-9793-8EE5354C4AED}: NameServer = 208.67.222.222,208.67.220.220
O22 - SharedTaskScheduler: Wheel Mouse Optical Driver - {D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D} - (no file)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9742 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E03E9F1-12B4-4D3A-9244-37E52D408690}]
C:\WINDOWS\system32\tuvSljkI.dll [2008-12-20 286208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93}
{4982D40A-C53B-4615-B15B-B5B5E98D167C} - AOL Toolbar - C:\Program Files\AOL Toolbar\toolbar.dll [2004-03-22 390256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"POINTER"=C:\Dell\drivers\R34790\Mouse\SETUP\MSH\Mouse\point32.exe [2001-08-23 167936]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2003-07-28 4841472]
"nwiz"=nwiz.exe /install []
"CoolSwitch"=C:\WINDOWS\System32\taskswitch.exe [2002-03-19 45632]
"LXSUPMON"=C:\WINDOWS\system32\LXSUPMON.EXE [2002-05-06 900096]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]
"EPSON Stylus CX3800 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE [2005-02-07 98304]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2003-07-28 49152]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2008-07-11 641208]
"McAfeeUpdate"=C:\Documents and Settings\DickHouse\Local Settings\Temporary Internet Files\Content.IE5\30NDX3OV\McAfeeUpdate[1].exe /RunKey []
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"OpenDNS Update"=C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe [2008-12-09 316416]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-11-10 157312]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2008-12-20 70656]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]
"Aim6"= []
"prunnet"=C:\WINDOWS\system32\prunnet.exe [2008-12-20 70656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ncr]
C:\Program Files\Panasonic\NCR2\ncrcore.exe [2005-11-10 983040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2007-05-14 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zone Labs Client]
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MemTurbo.lnk]
C:\PROGRA~1\MemTurbo\memturbo.exe [2001-03-03 221696]

C:\Documents and Settings\DickHouse\Start Menu\Programs\Startup
MemTurbo.lnk - C:\Program Files\MemTurbo\memturbo.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Wheel Mouse Optical Driver - {D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\tuvSljkI

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
"NoViewOnDrive"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
""=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"="C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe:*:Enabled:McAfee Data Backup"
"C:\Program Files\Rapid Eye Multi-Media 7.0\REMView.exe"="C:\Program Files\Rapid Eye Multi-Media 7.0\REMView.exe:*:Enabled:REMView.exe"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat"="C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber"
"C:\Brandon\AIM\aim.exe"="C:\Brandon\AIM\aim.exe:*:Disabled:AOL Instant Messenger"
"D:\Netcam\EasyConfig.exe"="D:\Netcam\EasyConfig.exe:*:Enabled:Network Camera Setup Software"
"C:\WINDOWS\system32\LEXPPS.EXE"="C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Java\jre1.6.0_03\launch4j-tmp\RKMediaCenter.exe"="C:\Program Files\Java\jre1.6.0_03\launch4j-tmp\RKMediaCenter.exe:*:Enabled:Java™ Platform SE binary"
"C:\Program Files\Orb Networks\Orb\bin\Orb.exe"="C:\Program Files\Orb Networks\Orb\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe"="C:\Program Files\Orb Networks\Orb\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2008-12-21 10:49:18 ----D---- C:\Program Files\trend micro
2008-12-21 10:49:17 ----D---- C:\rsit
2008-12-21 10:24:47 ----D---- C:\Documents and Settings\DickHouse\Application Data\WinRAR
2008-12-21 02:00:58 ----D---- C:\WINDOWS\ERUNT
2008-12-21 01:58:46 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-21 01:55:53 ----D---- C:\SDFix
2008-12-21 00:59:23 ----A---- C:\avenger.txt
2008-12-20 21:41:44 ----SH---- C:\WINDOWS\system32\ypqvhtlm.ini
2008-12-20 21:39:07 ----A---- C:\WINDOWS\system32\fb63672e-.txt
2008-12-20 21:38:30 ----ASH---- C:\WINDOWS\system32\IkjlSvut.ini2
2008-12-20 21:38:30 ----ASH---- C:\WINDOWS\system32\IkjlSvut.ini
2008-12-20 21:38:19 ----A---- C:\WINDOWS\system32\tuvSljkI.dll
2008-12-20 21:32:39 ----A---- C:\WINDOWS\system32\prunnet.exe
2008-12-16 22:11:51 ----A---- C:\WINDOWS\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-16 22:10:11 ----A---- C:\WINDOWS\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-16 21:58:56 ----D---- C:\WINDOWS\system32\RsFx
2008-12-16 21:56:18 ----D---- C:\Program Files\MSXML 6.0
2008-12-16 21:41:16 ----D---- C:\WINDOWS\system32\windowspowershell
2008-12-16 21:40:49 ----HDC---- C:\WINDOWS\$NtUninstallKB926139-v2$
2008-12-16 21:35:10 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2008-12-09 22:11:21 ----D---- C:\Documents and Settings\All Users\Application Data\OpenDNS Updater
2008-12-09 20:14:09 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-09 20:12:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-09 20:12:17 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-09 20:08:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-01 18:57:08 ----D---- C:\Program Files\Windows Defender
2008-12-01 18:15:52 ----A---- C:\McAfee script.txt
2008-12-01 18:02:01 ----D---- C:\Avenger

======List of files/folders modified in the last 1 months======

2008-12-21 10:49:28 ----D---- C:\WINDOWS\Temp
2008-12-21 10:49:24 ----D---- C:\WINDOWS\Prefetch
2008-12-21 10:49:18 ----RD---- C:\Program Files
2008-12-21 10:29:06 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-21 10:28:58 ----SD---- C:\WINDOWS\Tasks
2008-12-21 10:27:02 ----AD---- C:\WINDOWS
2008-12-21 10:24:47 ----HD---- C:\WINDOWS\inf
2008-12-21 10:24:45 ----D---- C:\WINDOWS\system32
2008-12-21 10:23:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-21 10:21:42 ----D---- C:\WINDOWS\system32\Restore
2008-12-21 02:46:33 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-21 02:10:45 ----SHD---- C:\WINDOWS\Installer
2008-12-21 02:10:38 ----D---- C:\Program Files\stc
2008-12-21 01:33:23 ----D---- C:\Program Files\Mozilla Firefox
2008-12-21 00:59:23 ----D---- C:\WINDOWS\system32\drivers
2008-12-21 00:49:36 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-20 20:34:50 ----RD---- C:\Downloads
2008-12-18 00:06:53 ----D---- C:\WINDOWS\system32\config
2008-12-17 22:40:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-17 22:40:21 ----D---- C:\WINDOWS\ie7updates
2008-12-17 22:39:03 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-16 22:54:06 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-16 22:53:48 ----RSD---- C:\WINDOWS\assembly
2008-12-16 22:21:49 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-16 22:21:37 ----SD---- C:\Documents and Settings\DickHouse\Application Data\Microsoft
2008-12-16 22:12:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-16 22:11:54 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-16 22:05:33 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-16 22:01:08 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2008-12-16 22:00:23 ----D---- C:\WINDOWS\WinSxS
2008-12-16 21:59:05 ----D---- C:\Program Files\Microsoft SQL Server
2008-12-16 21:56:12 ----D---- C:\WINDOWS\system32\1033
2008-12-16 21:54:59 ----D---- C:\Program Files\Microsoft.NET
2008-12-16 21:41:56 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 00:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-09 22:11:21 ----D---- C:\Program Files\OpenDNS Updater
2008-12-09 22:09:00 ----D---- C:\Program Files\Internet Explorer
2008-12-09 15:24:38 ----AC---- C:\WINDOWS\system32\MRT.exe
2008-12-08 20:03:52 ----D---- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-12-08 17:56:13 ----D---- C:\Program Files\bfgclient
2008-12-02 17:29:21 ----RD---- C:\Chad's 8-Bit BooShmack! (Please Don't Delete)
2008-11-29 01:52:36 ----A---- C:\WINDOWS\OEWABLog.txt
2008-11-29 01:52:14 ----RD---- C:\Documents and Settings
2008-11-29 01:31:02 ----D---- C:\Chad
2008-11-27 23:09:11 ----AC---- C:\WINDOWS\system.ini
2008-11-27 22:50:54 ----SHD---- C:\RECYCLER
2008-11-27 19:19:49 ----D---- C:\Program Files\Google
2008-11-27 19:17:11 ----D---- C:\Program Files\Yahoo!
2008-11-26 20:01:04 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-26 20:00:38 ----D---- C:\Program Files\Zune
2008-11-26 19:06:37 ----D---- C:\Program Files\McAfee

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1999-09-10 25244]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2008-06-27 207656]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2008-06-02 120136]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-03 12032]
R2 BCMNTIO;BCMNTIO; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys []
R2 CDRPDACC;Arrowkey Device Access; \??\C:\Program Files\321Studios\Shared\CDRPDACC.SYS []
R2 MAPMEM;MAPMEM; \??\C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\PfModNT.sys []
R2 PGPdisk;PGPdisk; C:\WINDOWS\system32\drivers\PGPdisk.sys [2004-06-09 169120]
R2 PGPsdkDriver;PGPsdkDriver; C:\WINDOWS\System32\Drivers\PGPsdk.sys [2004-06-09 26624]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-09-12 40832]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 BCMModem;BCM V.92 56K Modem; C:\WINDOWS\System32\DRIVERS\BCMSM.sys [2003-08-29 1101696]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2008-06-27 79240]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2008-06-27 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2008-06-27 40488]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-09-03 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2003-07-28 1341339]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\System32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 Pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\Pcouffin.sys [2008-07-15 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-06-13 7040]
R3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2008-06-20 34152]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 RDID1033;Roland RS-70; C:\WINDOWS\System32\Drivers\RDWM1033.SYS [2003-11-10 60698]
S3 RimUsb;BlackBerry Device; C:\WINDOWS\System32\Drivers\RimUsb.sys []
S3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2006-06-30 26752]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-03 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USB_RNDIS;USB Remote NDIS Network Device Driver; C:\WINDOWS\system32\DRIVERS\usb8023.sys [2008-04-13 12800]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTsvcCDA.exe [1999-12-13 44032]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-10-10 792696]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-07-18 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2008-07-09 358736]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2008-06-20 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-08-15 40999448]
R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\system32\nvsvc32.exe [2003-07-28 77824]
R2 PGPserv;PGPserv; C:\WINDOWS\System32\PGPserv.exe [2004-06-09 69632]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2008-09-16 605512]
R3 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2008-07-09 884360]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2008-07-10 66848]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2008-06-20 361800]
S3 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-11-10 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.05 2008-12-21 10:49:44

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48E3A9E6-FA13-11D5-8CC9-00A0C98192B6}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E7337A45-3FE5-4392-ABBB-26B794D060C9}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0A6339-A014-4371-BD9D-4C6375EAF3C0}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A0A6339-A014-4371-BD9D-4C6375EAF3C0}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9E54F486-CD4A-44A5-B041-16D4E1E56A53}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Album 2.0 Starter Edition-->MsiExec.exe /I{11B569C2-4BF6-4ED0-9D17-A4273943CB24}
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70700000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Advertisement Service-->C:\WINDOWS\system32\prunnet.exe Uninstall
AIM 6-->C:\Program Files\AIM6\uninst.exe
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
AOL Instant Messenger-->C:\Brandon\AIM\uninstll.exe -LOG= C:\Brandon\AIM\install.log -OEM=
AOL Toolbar-->"C:\Program Files\AOL Toolbar\UNWISE.EXE" /u "C:\Program Files\AOL Toolbar\INSTALL.LOG"
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
AVI to VCD/DVD 4.02-->"C:\Program Files\Cucusoft\avi-vcd-dvd\unins000.exe"
AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bat-->"C:\Program Files\Bat\un_BatSetup_15041.exe"
BCM V.92 56K Modem-->C:\WINDOWS\BCMSMU.exe quiet
Big Fish Games Client-->C:\Program Files\bfgclient\Uninstall.exe
BitComet 1.03-->C:\Program Files\BitComet\uninst.exe
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{468190DA-FB4C-45BA-8E40-4B165FF1A939} /l1033
Broadcom Driver Installer-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CheckIt Diagnostics-->C:\PROGRA~1\CheckIt\DIAGNO~1\UNWISE.EXE C:\PROGRA~1\CheckIt\DIAGNO~1\INSTALL.LOG
Citrix Web Client-->C:\WINDOWS\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Creative Mass Storage Drivers-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AAFE9B0-B60B-4B12-B22D-6B15507502E5}\Setup.exe" -l0x9 /remove
Creative System Information-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
Creative Zen Nano-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F6691488-C717-4FBA-8079-7BE021EC8BE9}\SETUP.EXE" -l0x9 /remove
DEFINITYŽ Basic System Administration-->C:\Lucent\DefAdmin\UNWISE.EXE C:\Lucent\DefAdmin\INSTALL.LOG
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Digital Space Traveler-->C:\WINDOWS\unvise32.exe C:\Program Files\DSTrav\uninstal.log
Diner Dash Flo on the Go-->C:\PROGRA~1\Disney\DISNEY~1\DINERD~1\UNWISE.EXE C:\PROGRA~1\Disney\DISNEY~1\DINERD~1\INSTALL.LOG
Disney's Toontown Online-->C:\PROGRA~1\Disney\DISNEY~1\Toontown\UNWISE.EXE /A C:\PROGRA~1\Disney\DISNEY~1\Toontown\INSTALL.LOG
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivX-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DVD X Rescue-->C:\Program Files\321Studios\DVD X Rescue\UNWISE.EXE "C:\Program Files\321Studios\DVD X Rescue\INSTALL.LOG"
DVDXCopy Platinum 3.2.1-->"C:\Program Files\321Studios\Platinum\uninstall.exe"
Easy AVI/VCD/DVD/MPEG Converter-->"C:\Program Files\Easy AVI VCD DVD MPEG Converter\unins000.exe"
eMedia Codec 4.0-->C:\Program Files\eMedia Codec\uninst.exe
EPSON CX 3800 Guide-->C:\Program Files\epson\guide\cx3800_e\uninstall.exe
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESPN BottomLine-->"C:\Brandon\Brandon's Program Files\ESPN\BottomLine v2.0\setup.exe" -u
eVoice Player 1.0-->"C:\Program Files\eVoice Player 1.0\Uninstall.exe" "C:\Program Files\eVoice Player 1.0\J2GInstall.log"
Feeding Frenzy 2: Shipwreck Showdown-->C:\PROGRA~1\NICKAR~1\FEEDIN~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\FEEDIN~1\INSTALL.LOG
FireBurner-->MsiExec.exe /X{850C4C12-57E2-43E4-B66B-B08B120C55F3}
Fish Tycoon-->C:\PROGRA~1\SHOCKW~1.COM\FISHTY~1\UNWISE.EXE C:\PROGRA~1\SHOCKW~1.COM\FISHTY~1\INSTALL.LOG
Flash-SWF to AVI GIF Converter v2.013 (Release date: 06-09-01 F-->"C:\Program Files\Flash SWF to GIF AVI Converter\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Documents and Settings\DickHouse\Local Settings\Temporary Internet Files\Content.IE5\4BASBHCR\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Ipswitch WS_FTP Pro-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}\setup.exe" -l0x9
IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exe
IsoBuster 1.5-->"C:\Program Files\IsoBuster\Uninst\unins000.exe"
J2SE Runtime Environment 5.0 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150010}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 8-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150080}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Khmer Unicode 1.2.5-->C:\Program Files\Khmer Unicode 1.2\Uninstal.exe
Khmer Unicode Keyboard (NIDA 1.0)-->MsiExec.exe /I{C5C0DE57-0BB6-4B40-8FDC-BC7FA8EE087A}
KhmerOS - Khmer Unicode Keyboard 4.25-->MsiExec.exe /I{D4C727DD-371E-4C13-879C-0F3E00A02B08}
Lexmark Supplies Monitor-->C:\WINDOWS\system32\LXSMUNIN.EXE
Magnifier Powertoy for Windows XP-->MsiExec.exe /I{2FBF04DC-404C-4FA4-BA28-99903080D2B9}
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Media Library Management Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplibwiz.inf,DefaultUninstall
MemTurbo-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MemTurbo\Uninst.isu"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Baseline Security Analyzer 1.2.1-->MsiExec.exe /I{DF15059E-A356-47B2-B14B-6380ED32AB68}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{4A6F34E2-09E5-4616-B227-4A26A488A6F9}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{4815BD99-96A4-49FE-A885-DCF06E9E4E78}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{F3494AB6-6900-41C6-AF57-823626827ED8}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{2020045B-8DCF-4449-8D5C-EB5BA37440F1}
Microsoft SQL Server 2008 Management Studio-->MsiExec.exe /I{FA9C3624-C693-4423-8A8B-2BC2B9F607AB}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{D9D937B0-E842-4130-9588-B948E876904A}
Microsoft SQL Server 2008 Policies-->MsiExec.exe /I{01C5A10F-AD9B-405B-853A-6659841A1242}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{F1DC7648-8623-442F-92B7-E118DF61872E}
Microsoft SQL Server 2008 Setup Support Files (English)-->MsiExec.exe /X{6F7F59D5-12F6-4571-9935-A2921AA17F78}
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /X86
Microsoft SQL Server 2008-->"c:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe" /x86
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Compact 3.5 SP1 Query Tools English-->MsiExec.exe /I{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual Studio Tools for Applications 2.0 - ENU-->MsiExec.exe /X{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"
Movie Maker Background Music Files-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmmusic.inf,DefaultUninstall
Movie Maker Sound Effects-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmsounds.inf,DefaultUninstall
Movie Maker Title Images-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mmtitle.inf,DefaultUninstall
Mozilla (1.7.2)-->C:\WINDOWS\MozillaUninstall.exe /ua "1.7.2 (en)"
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MpcStar 3.0-->C:\Program Files\MpcStar\uninst.exe
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Network Camera Recorder-->MsiExec.exe /I{8B0527BE-427B-459B-93B1-D30ED8CB4F93}
Now Playing: A Windows Media Player Plugin-->"C:\Program Files\Windows Media Player\plugins\Now Playing\NowPlaying-Uninstall.exe"
NVIDIA Display Driver-->C:\WINDOWS\System32\nvudisp.exe Uninstall C:\WINDOWS\System32\nvdisp.nvu,NVIDIA Display Driver
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nv4_disp.inf
ODBC 3.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Lucent Technologies, Inc.\ODBC Setup\ODBCUninst.isu" -c"C:\Program Files\Lucent Technologies, Inc.\ODBC Setup\_UNODBC.DLL"
OpenDNS Updater 1.3-->"C:\Program Files\OpenDNS Updater\Uninstall.exe"
Operation-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Hasbro Interactive\Operation\DeIsL1.isu"
OTOY-->RunDll32 C:\WINDOWS\DOWNLO~1\OTOYAX.dll,_RemoveGroove@16
Personal License Update Wizard for Windows Media Player-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,DefaultUninstall
Pet Shop Hop-->"C:\Program Files\Pet Shop Hop\Uninstall.exe"
PG Music DirectX Plugins 1.3.3.1-->"C:\Program Files\PowerTracks DirectX Plugins\unins000.exe"
PGP 8.1-->C:\PROGRA~1\PGPV8~1.1FR\PGPUNI~1\setup.exe PGP
Plus! MP3 Audio Converter LE-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\audcle.inf,DefaultUninstall
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Rapid Eye Multi-Media Admin and View 7.0.56-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E6B6BE3-929E-4B5A-B61C-EC9E82A0D1B1}\setup.exe" -l0x9 -uninst
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
ShowTime™-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\ShowTime\Install.log
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
Sonic Foundry DVD Architect 1.0-->MsiExec.exe /I{82778A44-46ED-47B6-A9F1-60D94073365D}
Sonic Foundry Vegas 4.0-->MsiExec.exe /I{AACDE433-670D-429B-B90B-A177AFAFD610}
Sony ACID Pro 6.0-->MsiExec.exe /X{87DABCF7-2C38-4996-8FBE-053CA6536168}
Sony Media Manager 2.2-->MsiExec.exe /X{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\SETUP.EXE" -l0x9
SpongeBob SquarePants Diner Dash 2-->C:\PROGRA~1\NICKAR~1\SPONGE~1\UNWISE.EXE C:\PROGRA~1\NICKAR~1\SPONGE~1\INSTALL.LOG
Spy Sweeper-->"C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{C965F01C-76EA-4BD7-973E-46236AE312D7}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Startup Cop 1.1-->"C:\Program Files\StartUp Manager\unins000.exe"
Sweet MIDI Player 32 (remove only)-->"C:\Program Files\Roni Music\Sweet MIDI Player 32\uninstall.exe"
Symantec Technical Support Web Controls-->MsiExec.exe /X{C4868E88-F5B5-4E45-9592-C7062BD97441}
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
TweakNow PowerPack 2005-->"C:\Program Files\TweakNow PowerPack\unins000.exe"
Tweakui Powertoy for Windows XP-->MsiExec.exe /I{C7793EE8-F666-4E6B-9827-76468679480E}
Ultra Key Program Files-->MsiExec.exe /I{A413CBEB-11C1-45B5-91B2-EB7AB8AF5E0C}
Ultra Key-->MsiExec.exe /I{995237D9-6E24-45D9-9B06-C13AA62F518B}
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
VASST Celluloid 1.3.0-->C:\Program Files\VASST\Celluloid\uninst.exe
VASST Celluloid-->MsiExec.exe /I{7BA662B6-C922-415F-BCAA-4933A728EF7D}
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Desktop Manager Powertoy for Windows XP-->MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Webshots Desktop-->C:\PROGRA~1\Webshots\UNWISE.EXE C:\PROGRA~1\Webshots\INSTALL.LOG
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Bonus Pack for Windows XP-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmbonus.inf,DefaultUninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Playlist Import to Excel Wizard-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxlswiz.inf,DefaultUninstall
Windows Media Player Skin Importer-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\wa2wmp.inf,DefaultUninstall
Windows Media Player Tray Control-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mpxptray.inf,DefaultUninstall
Windows PowerShell™ 1.0-->"C:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows Resource Kit Tools - SubInAcl.exe-->MsiExec.exe /X{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}
Windows XP Media Center Edition Screen Saver Screen Saver-->C:\WINDOWS\system32\WINDOW~1.SCR /U
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Xvid 1.1.3 final uninstall-->"C:\Program Files\Xvid\unins000.exe"
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: Norton AntiVirus
AV: McAfee VirusScan
FW: Norton Internet Worm Protection
FW: McAfee Personal Firewall

System event log

Computer Name: CHAD-MAIN
Event Code: 18
Message: Installation Ready: The following updates are downloaded and ready for installation. This computer is currently scheduled to install these updates on Thursday, August 21, 2008 at 12:00 AM:
- Cumulative Security Update for Internet Explorer 7 for Windows XP (KB953838)

Record Number: 42600
Source Name: Windows Update Agent
Time Written: 20080820211441.000000-300
Event Type: information
User:

Computer Name: CHAD-MAIN
Event Code: 7036
Message: The Terminal Services service entered the running state.

Record Number: 42599
Source Name: Service Control Manager
Time Written: 20080820211348.000000-300
Event Type: information
User:

Computer Name: CHAD-MAIN
Event Code: 7035
Message: The Terminal Services service was successfully sent a start control.

Record Number: 42598
Source Name: Service Control Manager
Time Written: 20080820211348.000000-300
Event Type: information
User: NT AUTHORITY\SYSTEM

Computer Name: CHAD-MAIN
Event Code: 7036
Message: The Remote Access Connection Manager service entered the running state.

Record Number: 42597
Source Name: Service Control Manager
Time Written: 20080820211332.000000-300
Event Type: information
User:

Computer Name: CHAD-MAIN
Event Code: 7036
Message: The Application Layer Gateway Service service entered the running state.

Record Number: 42596
Source Name: Service Control Manager
Time Written: 20080820211331.000000-300
Event Type: information
User:

Application event log

Computer Name: CHAD-MAIN
Event Code: 1000
Message: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module mcspmpeg.ax, version 1.0.0.30, fault address 0x00006652.

Record Number: 13927
Source Name: Application Error
Time Written: 20080712121639.000000-300
Event Type: error
User:

Computer Name: CHAD-MAIN
Event Code: 1000
Message: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module mcspmpeg.ax, version 1.0.0.30, fault address 0x00006652.

Record Number: 13926
Source Name: Application Error
Time Written: 20080712021356.000000-300
Event Type: error
User:

Computer Name: CHAD-MAIN
Event Code: 1000
Message: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module mcspmpeg.ax, version 1.0.0.30, fault address 0x00006652.

Record Number: 13925
Source Name: Application Error
Time Written: 20080712020743.000000-300
Event Type: error
User:

Computer Name: CHAD-MAIN
Event Code: 1000
Message: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module mcspmpeg.ax, version 1.0.0.30, fault address 0x00006652.

Record Number: 13924
Source Name: Application Error
Time Written: 20080712020301.000000-300
Event Type: error
User:

Computer Name: CHAD-MAIN
Event Code: 1000
Message: Faulting application wmplayer.exe, version 11.0.5721.5145, faulting module mcspmpeg.ax, version 1.0.0.30, fault address 0x00006652.

Record Number: 13923
Source Name: Application Error
Time Written: 20080712015845.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32\WindowsPowerShell\v1.0;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\;c:\Program Files\Microsoft SQL Server\100\DTS\Binn\;c:\Program Files\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:32 PM

Posted 28 December 2008 - 04:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 KerbyFX

KerbyFX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 30 December 2008 - 12:09 AM

Thank you for Responding.

Windows Defender says that I have (Trojan:Win32/Vundo.gen!Y) and (Trojan:Win32/ConHook.D)

McAfee says that I have Generic!Artemis.


Here are my DDS Logs. Please Help.

Thanks,


DDS (Version 1.1.0) - NTFSx86
Run by DickHouse at 23:00:11.84 on Mon 12/29/2008
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.250 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MemTurbo\memturbo.exe
C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
C:\Documents and Settings\DickHouse\Desktop\dds (1).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: {4d658b71-4d18-4177-98e0-1aaaa19aaf07} - c:\windows\system32\tuvSljkI.dll
BHO: {37a24a00-3fb9-a979-4b34-23f0375035e6}: {6e530573-0f32-43b4-979a-9bf300a42a73} - c:\windows\system32\bjhbbc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Aim6]
uRun: [Google Update] "c:\documents and settings\dickhouse\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [POINTER] c:\dell\drivers\r34790\mouse\setup\msh\mouse\point32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB003" /M "Stylus CX3800"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McAfeeUpdate] "c:\documents and settings\dickhouse\local settings\temporary internet files\content.ie5\30ndx3ov\McAfeeUpdate[1].exe" /RunKey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OpenDNS Update] "c:\program files\opendns updater\OpenDNS Updater.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
StartupFolder: c:\docume~1\dickho~1\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo\memturbo.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\brandon\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
TCP: {117F52E0-7C74-4BD9-9793-8EE5354C4AED} = 208.67.222.222,208.67.220.220
AppInit_DLLs: bjhbbc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\tuvSljkI

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dickho~1\applic~1\mozilla\firefox\profiles\frmh0cqg.default\
FF - prefs.js: browser.search.selectedEngine - Google

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-2 207656]
R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-2-16 3744]
R2 MAPMEM;MAPMEM;\??\c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-2-16 3904]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-30 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-5-2 144704]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2004-8-12 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2004-8-12 26624]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-3 24652]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-2 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-2 35240]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-6-17 7040]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys []
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-2 34152]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-2 40488]
S3 RDID1033;Roland RS-70;c:\windows\system32\drivers\RDWM1033.SYS [2003-11-10 60698]
S4 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-5-2 605512]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE" [2008-8-15 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-8-15 369688]

=============== Created Last 30 ================

2008-12-29 19:29 1,307,934 ---sh--- c:\windows\system32\utwiojfq.ini
2008-12-28 19:31 1,306,974 ---sh--- c:\windows\system32\ikqdjner.ini
2008-12-27 17:39 1,306,974 ---sh--- c:\windows\system32\mocvqqmk.ini
2008-12-27 17:33 134,656 a------- c:\windows\system32\bjhbbc.dll
2008-12-27 17:33 134,656 a------- c:\windows\system32\yykgbugk.dll
2008-12-26 17:32 1,299,082 ---sh--- c:\windows\system32\ijgphwgg.ini
2008-12-26 17:09 37,376 a------- c:\windows\system32\dwmapi.dll
2008-12-26 17:09 26,624 a------- c:\windows\system32\efsadu.dll
2008-12-26 17:08 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2008-12-26 17:08 <DIR> --d----- c:\program files\DVDVideoSoft
2008-12-25 18:28 <DIR> --d----- c:\program files\Nidesoft Studio
2008-12-25 17:32 <DIR> --d----- c:\program files\common files\Sony Shared
2008-12-25 17:32 1,661,209 ---sh--- c:\windows\system32\rxhbkljk.ini
2008-12-25 17:25 0 a------- c:\windows\system32\mcrh.tmp
2008-12-21 19:55 667,291 a--sh--- c:\windows\system32\IkjlSvut.ini2
2008-12-21 17:52 172 a------- c:\windows\wininit.ini
2008-12-21 16:55 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-21 10:49 <DIR> --d----- c:\program files\trend micro
2008-12-21 02:00 <DIR> --d----- c:\windows\ERUNT
2008-12-21 01:55 <DIR> --d----- C:\SDFix
2008-12-20 21:38 667,291 a--sh--- c:\windows\system32\IkjlSvut.ini
2008-12-20 21:38 286,208 a------- c:\windows\system32\tuvSljkI.dll
2008-12-16 22:11 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-16 22:10 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-16 21:58 <DIR> --d----- c:\windows\system32\RsFx
2008-12-16 21:56 <DIR> --d----- c:\program files\MSXML 6.0
2008-12-09 22:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OpenDNS Updater

==================== Find3M ====================

2008-11-16 12:47 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-11-16 12:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-11-10 12:23 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-11-10 12:09 73,728 a------- c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:\windows\system32\ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:\windows\system32\ZuneMTPZ.dll
2008-11-08 22:32 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-11-08 21:26 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-11-08 21:26 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-07-15 22:39 81,920 a------- c:\docume~1\dickho~1\applic~1\ezpinst.exe
2008-07-15 22:39 47,360 a------- c:\docume~1\dickho~1\applic~1\pcouffin.sys
2008-05-06 19:48 0 a------- c:\program files\temp01
2008-07-07 21:42 248 -c-shr-- c:\windows\system32\B90FB4E9C4.sys
2005-11-06 23:23 56 -c-shr-- c:\windows\system32\C4E9B40FB9.sys
2008-07-07 21:42 15,467 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-18 23:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 23:01:14.29 ===============

#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:32 AM

Posted 31 December 2008 - 07:41 AM

Hello KerbyFX and welcome to BleepingComputer,

1. * Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Under Browsing History, click Delete.
  • Click Delete Files, Delete cookies and Delete history
  • Click Close below.
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu..
  • Click the Clear now button below.. A new window will popup what to clear.
  • Select all and click the Clear button again.
  • Click OK to close the Options window
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
2. Please download Malwarebytes' Anti-Malware from Here or Here

Doubleclick mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes'
    Anti-Malware
    , then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let
MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


3. Please download ComboFix from one of the locations below, and save it to your Desktop.

Link
Link
Link

Double click the ComboFix icon to run it.
If ComboFix askes you to install the Recovery Console, please do so..
The Windows Recovery Console will allow you to boot up into a special recovery mode, in case your computer has a problem after an attempted removal of malware. This allows us to help you.
Once the Recovery Console is installed, continue with the malware scan.

Note: Make sure not to click ComboFix's window while it's running. That may cause it to stall or freeze.

Please post the log from ComboFix (can also be found as C:\ComboFix.txt) in your next reply. :thumbsup:

If you have any questions along the way, STOP and ask them before proceeding !!

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 KerbyFX

KerbyFX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 01 January 2009 - 09:33 PM

Thunder,

Thank you very much! I have done everything in order, and it appears the Malware has been removed.

Here is my MalWareByte's Anti-Malware Log:

Malwarebytes' Anti-Malware 1.31
Database version: 1591
Windows 5.1.2600 Service Pack 3

1/1/2009 7:37:28 PM
mbam-log-2009-01-01 (19-37-28).txt

Scan type: Quick Scan
Objects scanned: 84268
Time elapsed: 16 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 27
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 4
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\tuvSljkI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bjhbbc.dll (Trojan.Vundo) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4d658b71-4d18-4177-98e0-1aaaa19aaf07} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{4d658b71-4d18-4177-98e0-1aaaa19aaf07} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6e530573-0f32-43b4-979a-9bf300a42a73} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6e530573-0f32-43b4-979a-9bf300a42a73} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6e530573-0f32-43b4-979a-9bf300a42a73} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4d658b71-4d18-4177-98e0-1aaaa19aaf07} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{04a38f6b-006f-4247-ba4c-02a139d5531c} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3c2d2a1e-031f-4397-9614-87c932a848e0} (Adware.Minibug) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63f7460b-c831-4142-a4aa-5ec303ec4343} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\prunnet (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvsljki -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvsljki -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Bat (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\stc (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\tuvSljkI.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\IkjlSvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IkjlSvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bjhbbc.dll (Trojan.Vundo) -> Delete on reboot.
C:\Downloads\Stardock WindowBlinds 4.x Keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.dll.intermediate.manifest (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.info (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\Bat.original (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.exe (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\un_BatSetup_15041.txt (Adware.Batco) -> Quarantined and deleted successfully.
C:\Program Files\Bat\X_Bat.log (Adware.Batco) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.


Here is my ComboFix Log:

ComboFix 08-12-31.01 - DickHouse 2009-01-01 20:06:21.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.127 [GMT -6:00]
Running from: c:\documents and settings\DickHouse\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: McAfee Personal Firewall *enabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\DickHouse\Application Data\YMBOLS~1
c:\documents and settings\DickHouse\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\DickHouse\My Documents\PPPATC~1
c:\program files\crosof~1.net
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\ijgphwgg.ini
c:\windows\system32\ikqdjner.ini
c:\windows\system32\mocvqqmk.ini
c:\windows\system32\rxhbkljk.ini
c:\windows\system32\utwiojfq.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-02 to 2009-01-02 )))))))))))))))))))))))))))))))
.

2009-01-01 19:54 . 2009-01-01 19:55 <DIR> d-------- C:\32788R22FWJFW
2009-01-01 19:18 . 2009-01-01 19:18 <DIR> d-------- c:\documents and settings\DickHouse\Application Data\Malwarebytes
2009-01-01 19:17 . 2009-01-01 19:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 19:17 . 2009-01-01 19:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-01 19:17 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 19:17 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-26 17:09 . 2006-12-08 16:36 37,376 --a------ c:\windows\system32\dwmapi.dll
2008-12-26 17:09 . 2008-04-14 05:41 26,624 --a------ c:\windows\system32\efsadu.dll
2008-12-26 17:08 . 2008-12-26 17:08 <DIR> d-------- c:\program files\DVDVideoSoft
2008-12-26 17:08 . 2008-12-26 17:09 <DIR> d-------- c:\program files\Common Files\DVDVideoSoft
2008-12-25 18:28 . 2008-12-25 18:28 <DIR> d-------- c:\program files\Nidesoft Studio
2008-12-25 17:32 . 2008-12-25 17:32 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-12-21 17:52 . 2008-12-21 19:54 172 --a------ c:\windows\wininit.ini
2008-12-21 16:55 . 2008-12-21 20:36 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-21 10:49 . 2008-12-21 10:49 <DIR> d-------- C:\rsit
2008-12-21 10:49 . 2008-12-21 10:49 <DIR> d-------- c:\program files\trend micro
2008-12-21 02:00 . 2008-12-21 02:01 <DIR> d-------- c:\windows\ERUNT
2008-12-21 01:55 . 2008-12-21 10:24 <DIR> d-------- C:\SDFix
2008-12-16 22:11 . 2008-08-15 14:47 50,200 --a------ c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-16 22:10 . 2008-08-15 14:47 79,896 --a------ c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-16 21:58 . 2008-12-16 21:58 <DIR> d-------- c:\windows\system32\RsFx
2008-12-16 21:56 . 2008-12-16 21:56 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-09 22:11 . 2008-12-09 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\OpenDNS Updater

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 23:57 --------- d-----w c:\program files\Sony
2008-12-25 23:56 --------- d-----w c:\documents and settings\All Users\Application Data\Sony
2008-12-25 23:54 --------- d-----w c:\documents and settings\DickHouse\Application Data\Sony
2008-12-25 23:29 --------- d-----w c:\program files\Sony Setup
2008-12-23 00:58 --------- d-----w c:\program files\Pet Shop Hop
2008-12-22 02:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-17 04:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-17 04:01 --------- d-----w c:\program files\Microsoft Visual Studio 9.0
2008-12-17 03:59 --------- d-----w c:\program files\Microsoft SQL Server
2008-12-17 03:54 --------- d-----w c:\program files\Microsoft.NET
2008-12-10 04:11 --------- d-----w c:\program files\OpenDNS Updater
2008-12-09 02:03 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-08 23:56 --------- d-----w c:\program files\bfgclient
2008-12-02 00:57 --------- d-----w c:\program files\Windows Defender
2008-11-28 01:19 --------- d-----w c:\program files\Google
2008-11-28 01:17 --------- d-----w c:\program files\Yahoo!
2008-11-27 02:00 --------- d-----w c:\program files\Zune
2008-11-27 01:06 --------- d-----w c:\program files\McAfee
2008-11-16 18:47 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-11-16 18:47 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-11-09 04:32 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-11-09 03:26 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-11-09 03:26 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-07-16 04:39 81,920 ----a-w c:\documents and settings\DickHouse\Application Data\ezpinst.exe
2008-07-16 04:39 47,360 ----a-w c:\documents and settings\DickHouse\Application Data\pcouffin.sys
2008-05-07 01:48 0 ----a-w c:\program files\temp01
2008-12-05 04:51 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-05 04:51 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-05 04:51 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-05 04:51 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-05 04:51 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-07-08 03:42 248 -csh--r c:\windows\system32\B90FB4E9C4.sys
2005-11-07 05:23 56 -csh--r c:\windows\system32\C4E9B40FB9.sys
2008-07-08 03:42 15,467 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-19 05:07 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008081920080820\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"Google Update"="c:\documents and settings\DickHouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-25 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"POINTER"="c:\dell\drivers\R34790\Mouse\SETUP\MSH\Mouse\point32.exe" [2001-08-23 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"CoolSwitch"="c:\windows\System32\taskswitch.exe" [2002-03-19 45632]
"LXSUPMON"="c:\windows\system32\LXSUPMON.EXE" [2002-05-06 900096]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-07 98304]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"OpenDNS Update"="c:\program files\OpenDNS Updater\OpenDNS Updater.exe" [2008-12-09 316416]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"nwiz"="nwiz.exe" [2003-07-28 c:\windows\system32\nwiz.exe]

c:\documents and settings\DickHouse\Start Menu\Programs\Startup\
MemTurbo.lnk - c:\program files\MemTurbo\memturbo.exe [2004-07-28 221696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=bjhbbc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= c:\windows\System32\ctmp3.acm
"midi1"= RDDV1033.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MemTurbo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MemTurbo.lnk
backup=c:\windows\pss\MemTurbo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ncr]
--a------ 2005-11-10 14:17 983040 c:\program files\Panasonic\NCR2\ncrcore.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 09:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2005-10-24 14:53 307200 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 16:22 35328 c:\program files\Winamp\winampa.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Orb"=c:\program files\Orb Networks\Orb\bin\OrbTray.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"X10MediaRemote"=c:\progra~1\X10MUL~1mediaremote.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"workflo"=g:\install\workflow.exe
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
"AcctMgr"=c:\program files\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
"BCMSMMSG"=BCMSMMSG.exe
"bacstray"=BacsTray.exe
"LXSUPMON"=c:\windows\system32\LXSUPMON.EXE RUN
"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_05\bin\jusched.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"UpdReg"=c:\windows\UpdReg.EXE
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\MBK\\McAfeeDataBackup.exe"=
"c:\\Program Files\\Rapid Eye Multi-Media 7.0\\REMView.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Brandon\\AIM\\aim.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\launch4j-tmp\\RKMediaCenter.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25845:TCP"= 25845:TCP:BitComet 25845 TCP
"25845:UDP"= 25845:UDP:BitComet 25845 UDP

R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2006-02-16 3744]
R2 MAPMEM;MAPMEM;\??\c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [2006-02-16 3904]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2004-08-12 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\Drivers\PGPsdk.sys [2004-08-12 26624]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-10-03 24652]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2008-06-17 7040]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 RDID1033;Roland RS-70;c:\windows\system32\Drivers\RDWM1033.SYS [2003-11-10 60698]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [2008-08-15 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-08-15 369688]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2009-01-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-484763869-1004336348-725345543-1005.job
- c:\documents and settings\DickHouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-25 18:37]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-01-02 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-McAfeeUpdate - c:\documents and settings\DickHouse\Local Settings\Temporary Internet Files\Content.IE5\30NDX3OV\McAfeeUpdate[1].exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Zone Labs Client - c:\program files\Zone Labs\ZoneAlarm\zlclient.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
TCP: {117F52E0-7C74-4BD9-9793-8EE5354C4AED} = 208.67.222.222,208.67.220.220

O16 -: DirectAnimation Java Classes - c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

- file://c:\windows\Java\classes\dajava.cab

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

- file://c:\windows\Java\classes\xmldso.cab

c:\windows\Downloaded Program Files\VMKeyboardHook.dll - c:\windows\Downloaded Program Files\VMRCActiveXClient.dll
O16 -: {7C896371-4B7F-4B34-95B1-24851F5DED24}
hxxp://66.133.171.77/VMRCActiveXClient.cab
c:\windows\Downloaded Program Files\VMRCActiveXClient.inf
FF - ProfilePath - c:\documents and settings\DickHouse\Application Data\Mozilla\Firefox\Profiles\frmh0cqg.default\
FF - prefs.js: browser.search.selectedEngine - Google
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 20:09:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000008A20FCD891FD38ACE6 524288 bytes executable


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\RDDV1033.DLL
.
Completion time: 2009-01-01 20:12:56
ComboFix-quarantined-files.txt 2009-01-02 02:11:37

Pre-Run: 12,585,545,728 bytes free
Post-Run: 12,979,748,864 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

245 --- E O F --- 2008-12-19 07:44:59



And here is my fresh HiJackThis Log:


DDS (Version 1.1.0) - NTFSx86
Run by DickHouse at 20:24:09.40 on Thu 01/01/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.91 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated)
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *enabled*
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MemTurbo\memturbo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\DickHouse\Desktop\dds (1).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: AOL Toolbar: {4982d40a-c53b-4615-b15b-b5b5e98d167c} - c:\program files\aol toolbar\toolbar.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\documents and settings\dickhouse\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [POINTER] c:\dell\drivers\r34790\mouse\setup\msh\mouse\point32.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [LXSUPMON] c:\windows\system32\LXSUPMON.EXE RUN
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB003" /M "Stylus CX3800"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [OpenDNS Update] "c:\program files\opendns updater\OpenDNS Updater.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
StartupFolder: c:\docume~1\dickho~1\startm~1\programs\startup\memturbo.lnk - c:\program files\memturbo\memturbo.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: <NO NAME> =
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\brandon\aim\aim.exe
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.2.6.26.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - c:\program files\aol toolbar\toolbar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
TCP: {117F52E0-7C74-4BD9-9793-8EE5354C4AED} = 208.67.222.222,208.67.220.220
AppInit_DLLs: bjhbbc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dickho~1\applic~1\mozilla\firefox\profiles\frmh0cqg.default\
FF - prefs.js: browser.search.selectedEngine - Google

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2007-5-2 207656]
R2 BCMNTIO;BCMNTIO;\??\c:\progra~1\checkit\diagno~1\BCMNTIO.sys [2006-2-16 3744]
R2 MAPMEM;MAPMEM;\??\c:\progra~1\checkit\diagno~1\MAPMEM.sys [2006-2-16 3904]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2007-7-30 358736]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2007-5-2 144704]
R2 PGPdisk;PGPdisk;c:\windows\system32\drivers\PGPdisk.sys [2004-8-12 169120]
R2 PGPsdkDriver;PGPsdkDriver;c:\windows\system32\drivers\PGPsdk.sys [2004-8-12 26624]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\ViewpointService.exe" [2007-10-3 24652]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2007-5-2 605512]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2007-5-2 79240]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2007-5-2 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-5-2 40488]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [2008-6-17 7040]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys []
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-5-2 34152]
S3 RDID1033;Roland RS-70;c:\windows\system32\drivers\RDWM1033.SYS [2003-11-10 60698]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;"c:\program files\microsoft sql server\100\shared\SQLADHLP.EXE" [2008-8-15 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);"c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE" -i SQLEXPRESS [2008-8-15 369688]

=============== Created Last 30 ================

2009-01-01 20:04 <DIR> a-dshr-- C:\cmdcons
2009-01-01 19:55 161,792 a------- c:\windows\SWREG.exe
2009-01-01 19:55 98,816 a------- c:\windows\sed.exe
2009-01-01 19:18 <DIR> --d----- c:\docume~1\dickho~1\applic~1\Malwarebytes
2009-01-01 19:17 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-01 19:17 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-01 19:17 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-01 19:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-26 17:09 37,376 a------- c:\windows\system32\dwmapi.dll
2008-12-26 17:09 26,624 a------- c:\windows\system32\efsadu.dll
2008-12-26 17:08 <DIR> --d----- c:\program files\common files\DVDVideoSoft
2008-12-26 17:08 <DIR> --d----- c:\program files\DVDVideoSoft
2008-12-25 18:28 <DIR> --d----- c:\program files\Nidesoft Studio
2008-12-25 17:32 <DIR> --d----- c:\program files\common files\Sony Shared
2008-12-21 17:52 172 a------- c:\windows\wininit.ini
2008-12-21 16:55 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-21 10:49 <DIR> --d----- c:\program files\trend micro
2008-12-21 02:00 <DIR> --d----- c:\windows\ERUNT
2008-12-21 01:55 <DIR> --d----- C:\SDFix
2008-12-16 22:11 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2008-12-16 22:10 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2008-12-16 21:58 <DIR> --d----- c:\windows\system32\RsFx
2008-12-16 21:56 <DIR> --d----- c:\program files\MSXML 6.0
2008-12-09 22:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OpenDNS Updater

==================== Find3M ====================

2008-11-16 12:47 0 a---h--- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2008-11-16 12:47 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2008-11-10 12:23 243,840 a------- c:\windows\system32\ZuneWlanCfgSvc.exe
2008-11-10 12:23 60,032 a------- c:\windows\system32\ZuneBusEnum.exe
2008-11-10 12:09 73,728 a------- c:\windows\system32\ZuneUsbTransport.dll
2008-11-10 12:09 18,944 a------- c:\windows\system32\ZuneTcp2Udp.dll
2008-11-10 12:09 57,344 a------- c:\windows\system32\ZuneRegUtil.dll
2008-11-10 12:09 12,800 a------- c:\windows\system32\ZunePTDNS.dll
2008-11-10 12:09 310,272 a------- c:\windows\system32\ZuneNetProxy.dll
2008-11-10 12:09 145,920 a------- c:\windows\system32\ZuneMTPZ.dll
2008-11-08 22:32 0 a---h--- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2008-11-08 21:26 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-11-08 21:26 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-16 14:07 208,744 a------- c:\windows\system32\muweb.dll
2008-07-15 22:39 81,920 a------- c:\docume~1\dickho~1\applic~1\ezpinst.exe
2008-07-15 22:39 47,360 a------- c:\docume~1\dickho~1\applic~1\pcouffin.sys
2008-05-06 19:48 0 a------- c:\program files\temp01
2008-07-07 21:42 248 -c-shr-- c:\windows\system32\B90FB4E9C4.sys
2005-11-06 23:23 56 -c-shr-- c:\windows\system32\C4E9B40FB9.sys
2008-07-07 21:42 15,467 ac-sh--- c:\windows\system32\KGyGaAvL.sys
2008-08-18 23:07 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 20:25:11.70 ===============


Again, Thank you very much. And if there is anything else I need to do, please let me know.

Thanks!!!

KerbyFX

Edited by Orange Blossom, 02 January 2009 - 12:19 AM.
Fix BB code. ~ OB


#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:32 AM

Posted 02 January 2009 - 08:16 AM

Looking better, KerbyFX :thumbsup:

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following, if still present :O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O3 - Toolbar: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - (no file)
O20 - AppInit_DLLs: bjhbbc.dll

Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Your JavaVM is also out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update11.
  • Scroll down to where it says The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement
  • The page will refresh.
  • Click on the link to download Windows Offline Installation (jre-6u11-windows-i586-p.exe) and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windowsi586-p.exe to install the newest version.
I see you have Viewpoint installed...
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
Reboot your system and post a fresh HijackThis log please.

Are you still having problems ?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#7 KerbyFX

KerbyFX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 04 January 2009 - 02:25 PM

Thanks Thunder.

I removed the old versions of Java and installed the new one. I also removed ViewPoint Manager and Media Player from my computer.


I can not find HiJackThis executable on my computer. Is there a link to download it?

I have just been using DDS. I think I used HiJackThis when I posted my first log, but I must have deleted it.


There is one more thing that isn't normal on my computer.

I am still unable to turn Automatic Updates on for Windows and Windows Defender.

I try to start the services , but it comes back with an error that states:

"Could not start the Automatic Updates service on Local Computer.

Error 1058: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it."


This started happening when i got the Vundo virus.

#8 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:32 AM

Posted 04 January 2009 - 04:48 PM

Hello KerbyFX,

This is the HijackThis download link : http://www.trendsecure.com/portal/en-US/_d.../HiJackThis.exe
Install it, double click to run and click Do a system scan and save a log file
Post the contents of the file in your next reply. :thumbsup:

Download and unzip Dial-a-Fix to its own folder on your desktop:Open the Dial-a-Fix folder, launch the program by clicking on the blue cog-wheel icon.
First, click the "Policies..." button on the bottom.
If anything is found, make sure it's checked and then, click the "Remove" button and click the "Close" button to close that window.
Now click the green, double check icon (Check all) on the bottom.
Then click on 'GO' at the bottom.
Click "Exit" and restart your pc when Dial-a-Fix has done.
Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#9 KerbyFX

KerbyFX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:32 PM

Posted 04 January 2009 - 07:34 PM

Thunder, you are a genius!

My Automatic Updates are now working.


Here is my current HiJackThis Log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:58 PM, on 1/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\WINDOWS\System32\taskswitch.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\MemTurbo\memturbo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PGPserv.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\DickHouse\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [POINTER] C:\Dell\drivers\R34790\Mouse\SETUP\MSH\Mouse\point32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\System32\taskswitch.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB003" /M "Stylus CX3800"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OpenDNS Update] "C:\Program Files\OpenDNS Updater\OpenDNS Updater.exe"
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\DickHouse\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-21-484763869-1004336348-725345543-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1004336348-725345543-1004\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-484763869-1004336348-725345543-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'NetKerby')
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo\memturbo.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Brandon\AIM\aim.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1229842170750
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {7C896371-4B7F-4B34-95B1-24851F5DED24} (Microsoft Virtual Server VMRC Control) - http://66.133.171.77/VMRCActiveXClient.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...252/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{117F52E0-7C74-4BD9-9793-8EE5354C4AED}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{117F52E0-7C74-4BD9-9793-8EE5354C4AED}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{117F52E0-7C74-4BD9-9793-8EE5354C4AED}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PGPserv - PGP Corporation - C:\WINDOWS\System32\PGPserv.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 9356 bytes

#10 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:32 AM

Posted 05 January 2009 - 04:15 AM

Hello KerbyFX,

Your log looks fine now. :thumbsup:

You can remove all used tools and folders created in the process.
To remove ComboFix :
Go to Start > Run, and copy and paste next command in the field:ComboFix /u
Make sure there's a space between Combofix and /u
Then press Enter.
This will uninstall Combofix, delete its related folders and files, restore your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

No more issues?

Greetings,
Thunder
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#11 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:01:32 AM

Posted 03 February 2009 - 05:38 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users