Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

userinit.exe infection turned into mess


  • This topic is locked This topic is locked
11 replies to this topic

#1 callme matt

callme matt

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 27 May 2009 - 05:11 PM

Referred here from: http://www.bleepingcomputer.com/forums/t/227491/userinitexe-and-registry-malware-spyware-reopened/ ~ OB

i used to have a userinit.exe infection and that was it. I got rid of that (i think) and now mass storage devices don't work, google searches are redirected, and i have some virus downloader on my computer that downloads random fake malware removers when i am connected to the internet. Here is my dds


DDS (Ver_09-05-14.01) - NTFSx86
Run by Matt at 17:02:03.64 on Wed 05/27/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.515 [GMT -5:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Matt\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: DF Bar: {67fcef90-073e-11de-8c30-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [] c:\windows\temp\jv8anjl4ni.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\jv8anjl4ni.exe
dRun: [Diagnostic Manager] c:\windows\temp\3789897214.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: line6.net
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5559/mcfscan.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\matt\applic~1\mozilla\firefox\profiles\kqkfwosm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\matt\application data\mozilla\firefox\profiles\kqkfwosm.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [2007-10-5 7680]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-29 31944]
R2 AshEvtSvc;AshEvtSvc;c:\windows\system32\ashevtsvc.exe -k netsvcs --> c:\windows\system32\AshEvtSvc.exe -k netsvcs [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-8-4 210216]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-10-6 104000]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-29 54872]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\RpcAgentSrv.exe [2008-9-7 98488]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [2006-9-29 29312]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-10-6 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-10-6 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-10-6 168776]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [2008-12-26 530816]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-5-9 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-5-9 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2008-5-9 20992]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [2008-11-8 153760]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [2008-12-26 18432]

=============== Created Last 30 ================

2009-05-20 15:17 32,768 a------- c:\windows\system32\AshEvtSvc.exe
2009-05-18 20:52 --d----- c:\windows\system32\NtmsData
2009-05-16 21:59 577,536 a------- c:\windows\system32\dllcache\user32.dll
2009-05-16 21:55 --d----- c:\windows\ERUNT
2009-05-16 21:46 --d----- C:\SDFix
2009-05-16 20:35 --dsh--- c:\documents and settings\matt\IETldCache
2009-05-16 20:32 -cd-h--- c:\windows\ie8
2009-05-16 20:26 118 a------- c:\windows\system32\MRT.INI
2009-05-15 16:15 1 a------- c:\windows\system32\uniq.tll
2009-05-15 16:02 --d----- C:\NVIDIA
2009-05-15 14:46 221,184 a------- c:\windows\system32\wmpns.dll
2009-05-15 00:00 --d----- c:\windows\system32\scripting
2009-05-15 00:00 --d----- c:\windows\l2schemas
2009-05-15 00:00 --d----- c:\windows\system32\en
2009-05-15 00:00 --d----- c:\windows\system32\bits
2009-05-14 23:54 --d----- c:\windows\network diagnostic
2009-05-14 23:52 86,728 a------- c:\windows\system32\msxml6r.dll
2009-05-14 23:50 109,568 a------- c:\windows\system32\dllcache\cic.dll
2009-05-09 11:12 6,412 a------- C:\Pokemon - Crystal Version (UE) (V1.1) [C][!].clt
2009-05-05 14:54 8,412 a------- C:\Pokemon Emerald # GBA.clt
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-05-01 00:31 73,728 a------- c:\windows\system32\nvtuicpl.cpl
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll

==================== Find3M ====================

2009-05-19 15:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-15 15:17 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 8,055,584 a------- c:\windows\system32\drivers\nv4_mini.sys
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-20 17:26 41,808 a------- c:\windows\system32\xfcodec.dll
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2008-12-28 13:54 604 a---h--- c:\program files\WSTLL Notifier

============= FINISH: 17:02:17.11 ===============

Attach.txt is attached

Attached Files


Edited by Orange Blossom, 27 May 2009 - 05:53 PM.


BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 08 June 2009 - 11:30 AM

Hello and welcome to Bleeping Computer. Sorry for the delay the forums here at BC are always
very busy and we do are best to keep up. If you no longer require any help could you let me no
please, so this topic can be closed.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.
First I would like to see a new log since alot could have changed since your origional post.
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Thanks

unite.jpg


#3 callme matt

callme matt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 June 2009 - 11:58 AM

LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt at 2009-06-08 11:55:53
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (20%) free of 76 GB
Total RAM: 1023 MB (53% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-03-24 77824]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-29 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
C:\WINDOWS\vsnpstd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Moongamers Patch Switcher.lnk]
C:\Documents and Settings\Matt\Application Data\Microsoft\Installer\{EE510252-96FC-49C1-AE63-36E1C49314CD}\_154754de.exe [2009-04-11 3638]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2
"WZCSVC"=2
"wuauserv"=2
"VSS"=3
"TlntSvr"=3
"TapiSrv"=2
"SysmonLog"=3
"SwPrv"=3
"PnkBstrA"=2
"ose"=3
"odserv"=3
"mnmsrvc"=3
"Eventlog"=2
"ERSvc"=2
"Microsoft Office Groove Audit Service"=3
"ZuneWlanCfgSvc"=3
"RDSessMgr"=3
"RasMan"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\Xilisoft\Video Converter Ultimate\Update.exe"="C:\Program Files\Xilisoft\Video Converter Ultimate\Update.exe:*:Disabled:Update"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Matt\Desktop\CrucialScan.exe"="C:\Documents and Settings\Matt\Desktop\CrucialScan.exe:*:Disabled:CrucialScan"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Games\Halo 2\halo2.exe"="C:\Program Files\Microsoft Games\Halo 2\halo2.exe:*:Enabled:Halo 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f2202a4-2e7e-11dd-82c7-00508d84ff4f}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-06-08 11:55:54 ----D---- C:\Program Files\trend micro
2009-06-08 11:55:53 ----D---- C:\rsit
2009-05-20 15:17:19 ----A---- C:\WINDOWS\system32\AshEvtSvc.exe
2009-05-19 15:54:03 ----D---- C:\WINDOWS\Prefetch
2009-05-18 20:52:35 ----D---- C:\WINDOWS\system32\NtmsData
2009-05-16 21:55:49 ----D---- C:\WINDOWS\ERUNT
2009-05-16 21:46:26 ----D---- C:\SDFix
2009-05-16 20:32:23 ----HDC---- C:\WINDOWS\ie8
2009-05-16 20:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-16 20:26:38 ----A---- C:\WINDOWS\system32\MRT.INI
2009-05-16 20:25:10 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-16 20:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-16 20:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-15 16:02:26 ----D---- C:\NVIDIA
2009-05-15 15:17:17 ----RHD---- C:\Documents and Settings\Matt\Application Data\SecuROM
2009-05-15 14:56:02 ----D---- C:\Program Files\Electronic Arts
2009-05-15 14:46:05 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-05-15 00:00:12 ----D---- C:\WINDOWS\system32\scripting
2009-05-15 00:00:10 ----D---- C:\WINDOWS\l2schemas
2009-05-15 00:00:09 ----D---- C:\WINDOWS\system32\en
2009-05-15 00:00:09 ----D---- C:\WINDOWS\system32\bits
2009-05-14 23:54:26 ----D---- C:\WINDOWS\network diagnostic
2009-05-14 23:52:26 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-05-14 23:51:34 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-05-14 23:51:34 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-05-14 23:51:31 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-05-14 23:50:17 ----N---- C:\WINDOWS\system32\advapi32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\lsasrv.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\locator.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\localspl.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\lmhsvc.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\kernel32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\imagehlp.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\ftp.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\format.com
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\csrsrv.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\comdlg32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\comctl32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\cmd.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\cacls.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\autoconv.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\autochk.exe
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\rasdlg.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\rasauto.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\rasapi32.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\printui.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\perfctrs.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\olecnv32.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\oleaut32.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\nwprovau.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntvdm.exe
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntprint.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntlsapi.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntdll.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\nslookup.exe
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\msv1_0.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\msgsvc.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\mgmtapi.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\srvsvc.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\smss.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\setupapi.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\sessmgr.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\services.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\schannel.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\scardsvr.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\savedump.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\samsrv.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\samlib.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\rshx32.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\rastapi.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\rasman.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\wkssvc.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\win32spl.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\untfs.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\ulib.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\tcpmonui.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\syssetup.dll
2009-05-14 23:50:13 ----A---- C:\WINDOWS\system32\userinit.exe
2009-05-14 23:50:07 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2009-05-14 23:50:07 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-05-14 23:50:07 ----N---- C:\WINDOWS\system32\hal.dll

======List of files/folders modified in the last 1 months======

2009-06-08 11:55:54 ----RD---- C:\Program Files
2009-06-08 11:53:37 ----D---- C:\Program Files\Mozilla Firefox
2009-06-08 11:53:19 ----D---- C:\WINDOWS\Temp
2009-06-05 16:07:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-05 16:07:26 ----D---- C:\WINDOWS
2009-05-23 16:55:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-23 16:49:22 ----SHD---- C:\WINDOWS\Installer
2009-05-23 16:49:22 ----D---- C:\Program Files\Common Files
2009-05-23 16:48:59 ----HD---- C:\Config.Msi
2009-05-23 16:48:58 ----D---- C:\WINDOWS\system32
2009-05-23 16:48:56 ----HD---- C:\WINDOWS\inf
2009-05-23 16:48:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-23 16:47:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-23 16:47:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-21 17:26:01 ----A---- C:\WINDOWS\win.ini
2009-05-20 21:47:14 ----D---- C:\WINDOWS\system32\drivers
2009-05-20 20:51:30 ----D---- C:\Documents and Settings\Matt\Application Data\U3
2009-05-20 17:21:44 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-19 15:53:08 ----D---- C:\WINDOWS\system32\wbem
2009-05-19 15:53:08 ----D---- C:\WINDOWS\system32\Setup
2009-05-19 15:53:08 ----D---- C:\WINDOWS\AppPatch
2009-05-19 15:53:07 ----RSD---- C:\WINDOWS\Fonts
2009-05-19 15:52:09 ----A---- C:\WINDOWS\imsins.BAK
2009-05-19 15:49:37 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-19 15:49:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-19 15:47:21 ----D---- C:\WINDOWS\WinSxS
2009-05-19 15:47:14 ----DC---- C:\WINDOWS\system32\dllcache
2009-05-19 15:47:00 ----D---- C:\Program Files\Messenger
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\usmt
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\Restore
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\oobe
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\npp
2009-05-19 15:46:57 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-19 15:46:48 ----D---- C:\WINDOWS\system32\Com
2009-05-19 15:46:20 ----D---- C:\WINDOWS\system
2009-05-19 15:46:20 ----D---- C:\WINDOWS\srchasst
2009-05-19 15:44:58 ----D---- C:\WINDOWS\peernet
2009-05-19 15:44:55 ----D---- C:\WINDOWS\msagent
2009-05-19 15:44:51 ----D---- C:\WINDOWS\ime
2009-05-19 15:44:51 ----D---- C:\WINDOWS\Help
2009-05-19 15:44:48 ----D---- C:\Program Files\Windows NT
2009-05-19 15:44:47 ----D---- C:\Program Files\Windows Media Player
2009-05-19 15:44:47 ----D---- C:\Program Files\Outlook Express
2009-05-19 15:44:47 ----D---- C:\Program Files\NetMeeting
2009-05-19 15:44:46 ----D---- C:\Program Files\Movie Maker
2009-05-19 15:44:42 ----D---- C:\Program Files\Common Files\System
2009-05-19 15:42:20 ----SD---- C:\WINDOWS\Tasks
2009-05-18 17:08:50 ----D---- C:\WINDOWS\Minidump
2009-05-16 20:34:38 ----D---- C:\WINDOWS\system32\en-US
2009-05-16 20:34:38 ----D---- C:\WINDOWS\Media
2009-05-16 20:34:38 ----D---- C:\Program Files\Internet Explorer
2009-05-16 20:29:02 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-16 20:24:15 ----RSD---- C:\WINDOWS\assembly
2009-05-16 20:24:10 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-16 20:22:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-16 15:05:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 14:59:22 ----RASH---- C:\boot.ini
2009-05-16 14:59:22 ----A---- C:\WINDOWS\system.ini
2009-05-15 16:41:42 ----D---- C:\QUARANTINE
2009-05-15 16:04:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-15 15:17:17 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-05-15 14:56:01 ----D---- C:\WINDOWS\system32\DirectX
2009-05-15 14:47:27 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-15 14:46:22 ----A---- C:\WINDOWS\setuplog.txt
2009-05-15 00:08:26 ----D---- C:\WINDOWS\security
2009-05-14 23:45:49 ----D---- C:\WINDOWS\EHome
2009-05-14 23:34:30 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-14 17:09:13 ----D---- C:\Program Files\EA GAMES
2009-05-14 17:03:38 ----D---- C:\Program Files\Steinberg
2009-05-14 15:20:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-10 14:22:48 ----D---- C:\Documents and Settings\Matt\Application Data\Move Networks
2009-05-10 14:01:02 ----D---- C:\Program Files\Sector69

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-29 52136]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-03-25 2314560]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2009-01-28 29312]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-29 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-29 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-29 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-29 168776]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys [2004-11-04 32768]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 L6TPortA;Service - Line 6 TonePort UX1; C:\WINDOWS\System32\Drivers\L6TPortA.sys [2009-01-28 530816]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2006-12-13 20992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-12-25 27136]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 AshEvtSvc;AshEvtSvc; C:\WINDOWS\System32\AshEvtSvc.exe [2009-05-20 32768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MA_CMIDI_InstallerService;M-Audio CMIDI Installer; C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe [2005-09-28 94208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-29 54872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-05-01 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PnkBstrA;PunkBuster; C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]

-----------------EOF-----------------

INFO

info.txt logfile of random's system information tool 1.06 2009-06-08 11:55:58

======Uninstall list======

-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
4Front Piano Module 1.0 VSTi-->"C:\Program Files\Line6\VST Plugins\VSTPlugins\unins000.exe"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Apple Mobile Device Support-->MsiExec.exe /I{AA9768AA-FF0B-4C66-A085-31E934F77841}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Battlefield 2: Deluxe Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Call of Duty® 2-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Call of Duty® 4 - Modern Warfare™ 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Cucusoft DVD to iPod Converter 5.28-->"C:\Program Files\Cucusoft\ipod-converter\unins000.exe"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
Drum Machine 1.34 BETA-->C:\Program Files\Drum Machine\uninst.exe
Enigma-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F145099-1224-4C5B-84F2-7AE6DC699F1A}\setup.exe" -l0x9 -removeonly
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB932716-v2)-->"C:\WINDOWS\$NtUninstallKB932716-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{41B9E2CF-0B3F-442A-B5B3-592A4A355634}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LADSPA_plugins-win-0.4.15-->"C:\Program Files\Audacity\Plug-Ins\unins000.exe"
Lexicon Pantheon VST Plug-in (remove only)-->C:\Program Files\Lexicon\Lexicon Pantheon VST Plug-inUNInstaller.exe
Line 6 Uninstaller-->C:\Program Files\Line6\Tools\Line 6 Uninstaller.exe
Live 7.0.14-->C:\PROGRA~1\Ableton\LIVE70~1.14\Install\UNWISE.EXE C:\PROGRA~1\Ableton\LIVE70~1.14\Install\INSTALL.LOG
MA_CMIDI-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{379BD39E-F13E-458F-96D8-56BD7F2CC516}\setup.exe" -l0x9 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
M-Audio Reason Control Surface-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F72DD596-F857-463C-AA43-647B45FCE14D}\setup.exe" -l0x9 -removeonly
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Medal of Honor Airborne-->MsiExec.exe /X{25F28E39-FDBB-11DB-8314-0800200C9A66}
Medal of Honor Allied Assault™ Breakthrough-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
Medal of Honor Pacific Assault™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56CFA833-F44F-4199-8C58-7F8B38F2BC7B}\Setup.exe" -l0x9 -removeonly
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
Moongamer's CoD2 Patch Switcher-->MsiExec.exe /I{EE510252-96FC-49C1-AE63-36E1C49314CD}
Motorola Driver Installation-->MsiExec.exe /I{8F4507EF-C5F3-46CE-9718-9D3698821333}
Motorola Phone Tools-->C:\Program Files\InstallShield Installation Information\{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}\setup.exe -runfromtemp -l0x0009 -removeonly
MoviePod-->MsiExec.exe /I{46DAC53E-238A-410B-8BEF-2AD64254C398}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE
RiffWorks Line 6 Edition-->C:\Program Files\Sonoma Wire Works\RiffWorks Line 6 Edition\Uninstall.exe
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938127)-->"C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Security Update for Windows XP (KB939653)-->"C:\WINDOWS\$NtUninstallKB939653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941568)-->"C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338)-->"C:\WINDOWS\$NtUninstallKB944338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB947864)-->"C:\WINDOWS\$NtUninstallKB947864$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Security Update for Windows XP (KB948881)-->"C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
SiS 900 PCI Fast Ethernet Adapter Driver-->C:\WINDOWS\SiS\900\Uninst.exe
SiSAGP driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC226AC9-0314-496C-BE6A-B6A132628466}\setup.exe" -l0x9
SiSoftware Sandra Lite XII.SP2c-->"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\unins000.exe"
SiSRaidPackage-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}\setup.exe" -l0x9
Syncrosoft License Control-->C:\PROGRA~1\SYNCRO~1\UNWISE.EXE C:\PROGRA~1\SYNCRO~1\INSTALL.LOG
SynthFont Version 1.124-->"C:\Program Files\SynthFont\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TuneAid 3.04-->"C:\Program Files\DigiDNA\TuneAid\unins000.exe"
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB933360)-->"C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
VobSub v2.23 (Remove Only)-->"C:\Program Files\Gabest\VobSub\uninstall.exe"
VST Bridge 1.1-->"C:\Program Files\Audacity\Plug-ins\VST Bridge\unins000.exe"
Vyzex Pocket POD 1.05-->"C:\Program Files\Psicraft\Line 6\Vyzex Pocket POD\Win32\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
XviD MPEG4 Video Codec (remove only)-->"C:\WINDOWS\system32\xvid-uninstall.exe"

======Hosts File======

127.0.0.1 localhost

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise (outdated)

======System event log======

Computer Name: DESKTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 11559
Source Name: Tcpip
Time Written: 20081116154857.000000-360
Event Type: warning
User:

Computer Name: DESKTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 11540
Source Name: Tcpip
Time Written: 20081115183143.000000-360
Event Type: warning
User:

Computer Name: DESKTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 11539
Source Name: Tcpip
Time Written: 20081115173705.000000-360
Event Type: warning
User:

Computer Name: DESKTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 11538
Source Name: Tcpip
Time Written: 20081115170946.000000-360
Event Type: warning
User:

Computer Name: DESKTOP
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 11535
Source Name: Tcpip
Time Written: 20081115165604.000000-360
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"SAN_DIR"=C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------
Now i am leaving tomorrow until saturday so if there isn't another reply by today please don't close this discussion because i will be gone for five days as of tomorrow so don't assume i didn't reply because i am finished. i will have no access to a computer there.

thanks,
Callme matt

#4 callme matt

callme matt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 June 2009 - 12:02 PM

i was not connected to the internet when i ran it, so i redid it so it could download HJT, and here is the log i got when i redid with the internet connected.. this was all i got

LOG

Logfile of random's system information tool 1.06 (written by random/random)
Run by Matt at 2009-06-08 12:00:37
Microsoft Windows XP Professional Service Pack 2
System drive C: has 16 GB (20%) free of 76 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:38 PM, on 6/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\AshEvtSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Matt\Desktop\RSIT.exe
C:\Program Files\trend micro\Matt.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [] C:\WINDOWS\TEMP\jv8anjl4ni.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [uidenhiufgsduiazghs] C:\WINDOWS\TEMP\jv8anjl4ni.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Diagnostic Manager] C:\WINDOWS\TEMP\3789897214.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\WINDOWS\TEMP\jv8anjl4ni.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.line6.net
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...559/mcfscan.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AshEvtSvc - Unknown owner - C:\WINDOWS\System32\AshEvtSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 6285 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-03-24 77824]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-29 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-09-10 289576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-05-01 13750272]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-05-01 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe [2005-03-01 897024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd]
C:\WINDOWS\vsnpstd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Moongamers Patch Switcher.lnk]
C:\Documents and Settings\Matt\Application Data\Microsoft\Installer\{EE510252-96FC-49C1-AE63-36E1C49314CD}\_154754de.exe [2009-04-11 3638]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2
"WZCSVC"=2
"wuauserv"=2
"VSS"=3
"TlntSvr"=3
"TapiSrv"=2
"SysmonLog"=3
"SwPrv"=3
"PnkBstrA"=2
"ose"=3
"odserv"=3
"mnmsrvc"=3
"Eventlog"=2
"ERSvc"=2
"Microsoft Office Groove Audit Service"=3
"ZuneWlanCfgSvc"=3
"RDSessMgr"=3
"RasMan"=2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Pacific Assault™\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault™"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\Xilisoft\Video Converter Ultimate\Update.exe"="C:\Program Files\Xilisoft\Video Converter Ultimate\Update.exe:*:Disabled:Update"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Documents and Settings\Matt\Desktop\CrucialScan.exe"="C:\Documents and Settings\Matt\Desktop\CrucialScan.exe:*:Disabled:CrucialScan"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Microsoft Games\Halo 2\halo2.exe"="C:\Program Files\Microsoft Games\Halo 2\halo2.exe:*:Enabled:Halo 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1f2202a4-2e7e-11dd-82c7-00508d84ff4f}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-06-08 11:55:54 ----D---- C:\Program Files\trend micro
2009-06-08 11:55:53 ----D---- C:\rsit
2009-05-20 15:17:19 ----A---- C:\WINDOWS\system32\AshEvtSvc.exe
2009-05-19 15:54:03 ----D---- C:\WINDOWS\Prefetch
2009-05-18 20:52:35 ----D---- C:\WINDOWS\system32\NtmsData
2009-05-16 21:55:49 ----D---- C:\WINDOWS\ERUNT
2009-05-16 21:46:26 ----D---- C:\SDFix
2009-05-16 20:32:23 ----HDC---- C:\WINDOWS\ie8
2009-05-16 20:26:43 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-05-16 20:26:38 ----A---- C:\WINDOWS\system32\MRT.INI
2009-05-16 20:25:10 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-16 20:25:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-05-16 20:23:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-05-15 16:02:26 ----D---- C:\NVIDIA
2009-05-15 15:17:17 ----RHD---- C:\Documents and Settings\Matt\Application Data\SecuROM
2009-05-15 14:56:02 ----D---- C:\Program Files\Electronic Arts
2009-05-15 14:46:05 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-05-15 00:00:12 ----D---- C:\WINDOWS\system32\scripting
2009-05-15 00:00:10 ----D---- C:\WINDOWS\l2schemas
2009-05-15 00:00:09 ----D---- C:\WINDOWS\system32\en
2009-05-15 00:00:09 ----D---- C:\WINDOWS\system32\bits
2009-05-14 23:54:26 ----D---- C:\WINDOWS\network diagnostic
2009-05-14 23:52:26 ----A---- C:\WINDOWS\system32\msxml6r.dll
2009-05-14 23:51:34 ----N---- C:\WINDOWS\system32\xpsp2res.dll
2009-05-14 23:51:34 ----N---- C:\WINDOWS\system32\qmgr.dll
2009-05-14 23:51:31 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-05-14 23:50:17 ----N---- C:\WINDOWS\system32\advapi32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\lsasrv.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\locator.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\localspl.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\lmhsvc.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\kernel32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\imagehlp.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\ftp.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\format.com
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\dhcpcsvc.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\csrsrv.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\comdlg32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\comctl32.dll
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\cmd.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\cacls.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\autoconv.exe
2009-05-14 23:50:16 ----N---- C:\WINDOWS\system32\autochk.exe
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\rasdlg.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\rasauto.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\rasapi32.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\printui.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\perfctrs.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\olecnv32.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\oleaut32.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\nwprovau.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntvdm.exe
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntprint.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntlsapi.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\ntdll.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\nslookup.exe
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\msv1_0.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\msgsvc.dll
2009-05-14 23:50:15 ----N---- C:\WINDOWS\system32\mgmtapi.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\srvsvc.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\smss.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\setupapi.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\sessmgr.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\services.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\schannel.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\scardsvr.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\savedump.exe
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\samsrv.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\samlib.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\rshx32.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\rastapi.dll
2009-05-14 23:50:14 ----N---- C:\WINDOWS\system32\rasman.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\wkssvc.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\win32spl.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\untfs.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\ulib.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\tcpmonui.dll
2009-05-14 23:50:13 ----N---- C:\WINDOWS\system32\syssetup.dll
2009-05-14 23:50:13 ----A---- C:\WINDOWS\system32\userinit.exe
2009-05-14 23:50:07 ----N---- C:\WINDOWS\system32\ntoskrnl.exe
2009-05-14 23:50:07 ----N---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-05-14 23:50:07 ----N---- C:\WINDOWS\system32\hal.dll

======List of files/folders modified in the last 1 months======

2009-06-08 11:55:54 ----RD---- C:\Program Files
2009-06-08 11:53:37 ----D---- C:\Program Files\Mozilla Firefox
2009-06-08 11:53:19 ----D---- C:\WINDOWS\Temp
2009-06-05 16:07:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-05 16:07:26 ----D---- C:\WINDOWS
2009-05-23 16:55:01 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-23 16:49:22 ----SHD---- C:\WINDOWS\Installer
2009-05-23 16:49:22 ----D---- C:\Program Files\Common Files
2009-05-23 16:48:59 ----HD---- C:\Config.Msi
2009-05-23 16:48:58 ----D---- C:\WINDOWS\system32
2009-05-23 16:48:56 ----HD---- C:\WINDOWS\inf
2009-05-23 16:48:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-05-23 16:47:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-05-23 16:47:37 ----D---- C:\WINDOWS\system32\CatRoot2
2009-05-21 17:26:01 ----A---- C:\WINDOWS\win.ini
2009-05-20 21:47:14 ----D---- C:\WINDOWS\system32\drivers
2009-05-20 20:51:30 ----D---- C:\Documents and Settings\Matt\Application Data\U3
2009-05-20 17:21:44 ----A---- C:\WINDOWS\ntbtlog.txt
2009-05-19 15:53:08 ----D---- C:\WINDOWS\system32\wbem
2009-05-19 15:53:08 ----D---- C:\WINDOWS\system32\Setup
2009-05-19 15:53:08 ----D---- C:\WINDOWS\AppPatch
2009-05-19 15:53:07 ----RSD---- C:\WINDOWS\Fonts
2009-05-19 15:52:09 ----A---- C:\WINDOWS\imsins.BAK
2009-05-19 15:49:37 ----D---- C:\WINDOWS\ServicePackFiles
2009-05-19 15:49:24 ----D---- C:\WINDOWS\system32\CatRoot
2009-05-19 15:47:21 ----D---- C:\WINDOWS\WinSxS
2009-05-19 15:47:14 ----DC---- C:\WINDOWS\system32\dllcache
2009-05-19 15:47:00 ----D---- C:\Program Files\Messenger
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\usmt
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\Restore
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\oobe
2009-05-19 15:46:58 ----D---- C:\WINDOWS\system32\npp
2009-05-19 15:46:57 ----D---- C:\WINDOWS\system32\inetsrv
2009-05-19 15:46:48 ----D---- C:\WINDOWS\system32\Com
2009-05-19 15:46:20 ----D---- C:\WINDOWS\system
2009-05-19 15:46:20 ----D---- C:\WINDOWS\srchasst
2009-05-19 15:44:58 ----D---- C:\WINDOWS\peernet
2009-05-19 15:44:55 ----D---- C:\WINDOWS\msagent
2009-05-19 15:44:51 ----D---- C:\WINDOWS\ime
2009-05-19 15:44:51 ----D---- C:\WINDOWS\Help
2009-05-19 15:44:48 ----D---- C:\Program Files\Windows NT
2009-05-19 15:44:47 ----D---- C:\Program Files\Windows Media Player
2009-05-19 15:44:47 ----D---- C:\Program Files\Outlook Express
2009-05-19 15:44:47 ----D---- C:\Program Files\NetMeeting
2009-05-19 15:44:46 ----D---- C:\Program Files\Movie Maker
2009-05-19 15:44:42 ----D---- C:\Program Files\Common Files\System
2009-05-19 15:42:20 ----SD---- C:\WINDOWS\Tasks
2009-05-18 17:08:50 ----D---- C:\WINDOWS\Minidump
2009-05-16 20:34:38 ----D---- C:\WINDOWS\system32\en-US
2009-05-16 20:34:38 ----D---- C:\WINDOWS\Media
2009-05-16 20:34:38 ----D---- C:\Program Files\Internet Explorer
2009-05-16 20:29:02 ----D---- C:\WINDOWS\Microsoft.NET
2009-05-16 20:24:15 ----RSD---- C:\WINDOWS\assembly
2009-05-16 20:24:10 ----D---- C:\WINDOWS\system32\XPSViewer
2009-05-16 20:22:21 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-16 15:05:53 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-05-16 14:59:22 ----RASH---- C:\boot.ini
2009-05-16 14:59:22 ----A---- C:\WINDOWS\system.ini
2009-05-15 16:41:42 ----D---- C:\QUARANTINE
2009-05-15 16:04:24 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-05-15 15:17:17 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-05-15 14:56:01 ----D---- C:\WINDOWS\system32\DirectX
2009-05-15 14:47:27 ----A---- C:\WINDOWS\OEWABLog.txt
2009-05-15 14:46:22 ----A---- C:\WINDOWS\setuplog.txt
2009-05-15 00:08:26 ----D---- C:\WINDOWS\security
2009-05-14 23:45:49 ----D---- C:\WINDOWS\EHome
2009-05-14 23:34:30 ----D---- C:\WINDOWS\SoftwareDistribution
2009-05-14 17:09:13 ----D---- C:\Program Files\EA GAMES
2009-05-14 17:03:38 ----D---- C:\Program Files\Steinberg
2009-05-14 15:20:58 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-05-10 14:22:48 ----D---- C:\Documents and Settings\Matt\Application Data\Move Networks
2009-05-10 14:01:02 ----D---- C:\Program Files\Sector69

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-29 52136]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-03-25 2314560]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 L6DP;L6DP; C:\WINDOWS\System32\Drivers\l6dp.sys [2009-01-28 29312]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-29 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-29 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-29 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-29 168776]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2009-04-30 8055584]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51; C:\WINDOWS\System32\DRIVERS\sisnicxp.sys [2004-11-04 32768]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-12 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-12 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-12 21568]
S3 L6TPortA;Service - Line 6 TonePort UX1; C:\WINDOWS\System32\Drivers\L6TPortA.sys [2009-01-28 530816]
S3 MA_CMIDI;%EVOL_USB.SvcDesc%; C:\WINDOWS\system32\drivers\ma_cmidi.sys [2005-06-14 21888]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 18176]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 7680]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2006-12-13 20992]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2006-12-13 20992]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NCHSSVAD;SoundTap Recorder; C:\WINDOWS\system32\drivers\nchssvad.sys [2008-12-25 27136]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 nuvaud2;NUVision II Audio Service; C:\WINDOWS\system32\DRIVERS\nuvaud2.sys [2001-07-11 25024]
S3 NUVision;NUVision II Video Service; C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 SynasUSB;SynasUSB; C:\WINDOWS\system32\drivers\SynasUSB.sys [2006-11-23 18432]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-07-22 32000]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-09-10 116040]
R2 AshEvtSvc;AshEvtSvc; C:\WINDOWS\System32\AshEvtSvc.exe [2009-05-20 32768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-10 152984]
R2 MA_CMIDI_InstallerService;M-Audio CMIDI Installer; C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe [2005-09-28 94208]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-29 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-29 54872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2009-05-01 168004]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-09-10 536872]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
S4 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 PnkBstrA;PunkBuster; C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe [2007-08-15 63040]

-----------------EOF-----------------

#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 08 June 2009 - 12:14 PM

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Next

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Then please post back here with Combofix.txt and the Gmer log.

Thanks

Also thanks for letting me no you are going to be away, I will keep this in mind.

Edited by syler, 08 June 2009 - 12:16 PM.

unite.jpg


#6 callme matt

callme matt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 June 2009 - 01:10 PM

alright, i did everything as told, combofix restarted my comp a couple times, but it seemed to function how it was supposed to, so here are my logfiles.

COMBOFIX

ComboFix 09-06-07.07 - Matt 06/08/2009 12:45.1 - NTFSx86
Running from: c:\documents and settings\Matt\Desktop\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Matt\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Matt\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Matt\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\Matt\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\AshEvtSvc.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ChkDisk.lnk
c:\windows\system32\drivers\ovfsthailotpqpxuwurtnbgkoeppmjfqchklmo.sys
c:\windows\system32\ovfstharpdqywurevdplrrhjqvjetfakgcqwmd.dat
c:\windows\system32\ovfsthhhyfdiqyonpcfekoxuwkbrfiokfwnxta.dll
c:\windows\system32\ovfsthliiecstvntavnjabpfqmltevgkbavyll.dll
c:\windows\system32\ovfsthlog.dat
c:\windows\system32\ovfsthpqguhyfatrrvysgxdlttluvnirkfqktw.dll
c:\windows\system32\ovfsthrvlvhdeyngoboeebqerqdxcqitqtbgtc.dat
c:\windows\system32\uniq.tll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf
-------\Legacy_ASHEVTSVC
-------\Legacy_NPF
-------\Service_AshEvtSvc


((((((((((((((((((((((((( Files Created from 2009-05-08 to 2009-06-08 )))))))))))))))))))))))))))))))
.

2009-06-08 16:55 . 2009-06-08 17:00 -------- d-----w- c:\program files\trend micro
2009-06-08 16:55 . 2009-06-08 16:55 -------- d-----w- C:\rsit
2009-05-19 01:52 . 2009-06-08 17:43 -------- d-----w- c:\windows\system32\NtmsData
2009-05-17 23:55 . 2009-05-17 23:55 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-05-17 02:59 . 2007-03-08 15:36 577536 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-05-17 02:55 . 2009-05-17 02:56 -------- d-----w- c:\windows\ERUNT
2009-05-17 02:46 . 2009-05-18 02:27 -------- d-----w- C:\SDFix
2009-05-17 01:37 . 2009-05-17 01:37 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-17 01:35 . 2009-05-17 01:35 -------- d-sh--w- c:\documents and settings\Matt\IETldCache
2009-05-17 01:32 . 2009-05-17 01:32 -------- dc-h--w- c:\windows\ie8
2009-05-15 21:02 . 2009-05-15 21:02 -------- d-----w- C:\NVIDIA
2009-05-15 20:17 . 2009-05-15 20:17 -------- d--h--r- c:\documents and settings\Matt\Application Data\SecuROM
2009-05-15 19:56 . 2009-05-15 19:56 -------- d-----w- c:\program files\Electronic Arts
2009-05-15 19:46 . 2004-08-04 05:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-05-15 05:00 . 2009-05-19 20:44 -------- d-----w- c:\windows\system32\scripting
2009-05-15 05:00 . 2009-05-19 20:44 -------- d-----w- c:\windows\l2schemas
2009-05-15 05:00 . 2009-05-19 20:44 -------- d-----w- c:\windows\system32\en
2009-05-15 05:00 . 2009-05-19 20:44 -------- d-----w- c:\windows\system32\bits
2009-05-15 04:52 . 2006-07-19 16:55 86728 ----a-w- c:\windows\system32\msxml6r.dll
2009-05-15 04:50 . 2006-06-22 05:06 69120 ----a-w- c:\windows\system32\dllcache\ciodm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 21:55 . 2007-10-05 23:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 01:51 . 2008-05-30 19:25 -------- d-----w- c:\documents and settings\Matt\Application Data\U3
2009-05-19 20:43 . 2007-10-05 23:44 86327 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2009-05-17 01:38 . 2007-10-06 00:24 116216 ----a-w- c:\documents and settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 01:24 . 2008-12-06 17:43 223464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-16 20:05 . 2009-03-21 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-16 20:05 . 2009-04-04 22:39 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-15 21:28 . 2007-10-06 19:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-15 20:17 . 2009-01-31 20:41 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-14 22:09 . 2007-10-07 22:53 -------- d-----w- c:\program files\EA GAMES
2009-05-14 22:03 . 2008-12-27 03:54 -------- d-----w- c:\program files\Steinberg
2009-05-10 19:22 . 2009-01-12 21:05 -------- d-----w- c:\documents and settings\Matt\Application Data\Move Networks
2009-05-10 19:01 . 2009-02-20 02:13 -------- d-----w- c:\program files\Sector69
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2007-10-05 23:53 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2006-01-04 16:28 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 03:02 . 2006-01-04 16:28 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2006-01-04 16:28 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2006-01-04 16:28 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-05-01 03:02 . 2006-01-04 16:28 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2006-01-04 16:28 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-04-27 05:42 . 2007-10-05 23:53 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-18 16:06 . 2008-08-04 20:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-04-11 19:39 . 2009-04-11 19:39 3638 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{EE510252-96FC-49C1-AE63-36E1C49314CD}\_4d064db7.exe
2009-04-11 19:39 . 2009-04-11 19:39 3638 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{EE510252-96FC-49C1-AE63-36E1C49314CD}\_154754de.exe
2009-04-11 19:39 . 2009-04-11 19:39 3638 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{EE510252-96FC-49C1-AE63-36E1C49314CD}\_124305e.exe
2009-04-11 19:39 . 2009-04-11 19:39 1078 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{EE510252-96FC-49C1-AE63-36E1C49314CD}\_440d491c.exe
2009-04-11 19:39 . 2009-04-11 19:39 -------- d-----w- c:\program files\Moongamer's
2009-04-06 20:32 . 2009-03-21 18:47 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 20:32 . 2009-03-21 18:47 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-26 19:49 . 2009-03-26 19:49 965344 ----a-w- c:\documents and settings\Matt\Application Data\Move Networks\MoveMediaPlayer_win_mozilla_071303000006.exe
2009-03-20 22:26 . 2009-03-20 22:26 41808 ----a-w- c:\windows\system32\xfcodec.dll
2008-12-28 18:54 . 2008-12-28 18:54 604 ---ha-w- c:\program files\WSTLL Notifier
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-03-24 77824]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll
"midi2"=ma_cmidn.dll
"midi6"=ma_cmidn.dll
"midi9"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Matt^Start Menu^Programs^Startup^Moongamers Patch Switcher.lnk]
path=c:\documents and settings\Matt\Start Menu\Programs\Startup\Moongamers Patch Switcher.lnk
backup=c:\windows\pss\Moongamers Patch Switcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RemoteRegistry"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"VSS"=3 (0x3)
"TlntSvr"=3 (0x3)
"TapiSrv"=2 (0x2)
"SysmonLog"=3 (0x3)
"SwPrv"=3 (0x3)
"PnkBstrA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"mnmsrvc"=3 (0x3)
"Eventlog"=2 (0x2)
"ERSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"ZuneWlanCfgSvc"=3 (0x3)
"RDSessMgr"=3 (0x3)
"RasMan"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault™\\mohpa.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 ABIT-IO;ABIT-IO;c:\windows\system32\drivers\ABIT-IO.SYS [10/5/2007 6:55 PM 7680]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/4/2008 3:24 PM 210216]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [9/7/2008 2:42 PM 98488]
R3 L6DP;L6DP;c:\windows\system32\drivers\l6dp.sys [9/29/2006 11:05 AM 29312]
S3 L6TPortA;Service - Line 6 TonePort UX1;c:\windows\system32\drivers\L6TPortA.sys [12/26/2008 6:51 PM 530816]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [5/9/2008 7:15 PM 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [5/9/2008 7:15 PM 7680]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [5/9/2008 7:55 PM 20992]
S3 NUVision;NUVision II Video Service;c:\windows\system32\drivers\nuvvid2.sys [11/8/2008 8:27 PM 153760]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [12/26/2008 10:54 PM 18432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
.
- - - - ORPHANS REMOVED - - - -

Notify-dimsntfy - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: line6.net
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\kqkfwosm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\kqkfwosm.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-08 12:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,17,d8,e4,31,d3,
04,40,6a,e2,63,26,f1,3f,c8,ff,68,dd,f7,23,99,2a,04,a4,d0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,7d,2b,b0,e8,97,
dd,da,68,6a,9c,d6,61,af,45,84,18,a9,3c,f3,92,61,40,be,b3,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,10,6e,f5,2c,56,
9a,ae,3b,ff,7c,85,e0,43,d4,0e,fe,de,65,9d,2c,39,8a,09,5b,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,4b,d7,ec,6a,ec,
a6,75,94,86,8c,21,01,be,91,eb,e7,57,c0,4a,fb,2d,9f,da,86,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,40,82,04,20,65,
3b,d0,8d,f5,1d,4d,73,a8,13,5c,05,4c,3e,7c,41,0b,29,c5,d6,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,09,22,e8,33,92,
50,5b,61,df,20,58,62,78,6b,cf,c8,c1,7e,f4,74,a1,ca,b0,e6,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c0,db,52,43,b0,
b0,45,b4,fb,a7,78,e6,12,2f,9a,ea,21,93,89,ee,f2,88,9e,38,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,80,f1,36,15,f2,
56,ac,cc,01,3a,48,fc,e8,04,4a,f1,1f,5d,f0,2b,96,52,d1,cb,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,b2,09,ba,45,80,
fd,cf,f7,f6,0f,4e,58,98,5b,89,c9,9b,f9,1c,95,18,96,f7,50,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,98,7a,7a,20,28,
a1,55,ed,3d,ce,ea,26,2d,45,aa,78,ab,2f,88,c5,b6,2d,0e,3f,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,75,91,4e,d9,b9,
9b,4c,9f,2a,b7,cc,b5,b9,7f,41,e7,6f,e2,df,f9,c2,63,d7,b3,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f0,99,d3,2d,dc,
d7,8e,7e,6c,43,2d,1e,aa,22,2f,9c,65,9b,d1,1f,19,60,6a,2a,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3260)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-08 12:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-08 17:56

Pre-Run: 16,204,861,440 bytes free
Post-Run: 16,118,210,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

312 --- E O F --- 2009-05-15 04:21

GMER

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-08 13:07:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xB7C402DB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xB7C402EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xB7C4031B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xB7C402C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xB7C40305]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xB7C40331]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB7C40347]
Code \??\C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwOpenKey 80567D7B 5 Bytes JMP B7C402CB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwCreateKey 8056E829 5 Bytes JMP B7C402DF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetValueKey 80573D0D 7 Bytes JMP B7C40335 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwTerminateProcess 805847CC 5 Bytes JMP B7C4034B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteValueKey 80593B38 7 Bytes JMP B7C4031F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwDeleteKey 805951C2 7 Bytes JMP B7C402F3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRenameKey 8064D0B9 7 Bytes JMP B7C40309 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? Combo-Fix.sys The system cannot find the file specified. !
? C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf@imagepath \systemroot\system32\drivers\ovfsthailotpqpxuwurtnbgkoeppmjfqchklmo.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf@inst 0
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@ver sni060409
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@cid 01
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@bid 1756375704-527237240-606747145-682003330
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@aid 998
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@sid 3
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@feed 0x22 0x64 0x78 0x36 ...
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@cmddelay 28801
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main@logoffset 305294
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\delete
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\ff
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\ff@extension \\?\C:\Program Files\Mozilla Firefox\extensions\{62E91E0D-8F2C-4CE1-9354-118290831F70}
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\ff@version 1
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\injector
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\injector@iexplore.exe ovfsthwi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\injector@explorer.exe ovfsthff.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\main\tasks
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\modules
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\modules@ovfsth.sys \systemroot\system32\drivers\ovfsthailotpqpxuwurtnbgkoeppmjfqchklmo.sys
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\modules@ovfsth.dll \systemroot\system32\ovfsthpqguhyfatrrvysgxdlttluvnirkfqktw.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\modules@ovfsthlog.dat \systemroot\system32\ovfstharpdqywurevdplrrhjqvjetfakgcqwmd.dat
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\modules@ovfsthwi.dll \systemroot\system32\ovfsthliiecstvntavnjabpfqmltevgkbavyll.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\modules@ovfsthff.dll \systemroot\system32\ovfsthhhyfdiqyonpcfekoxuwkbrfiokfwnxta.dll
Reg HKLM\SYSTEM\ControlSet002\Services\ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf\modules@ovfsth.dat \systemroot\system32\ovfsthrvlvhdeyngoboeebqerqdxcqitqtbgtc.dat
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.15 ----

Thanks for your help, so far

#7 callme matt

callme matt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 08 June 2009 - 01:12 PM

and also, combofix created a new internet explorer icon on my desktop, i suppose that is normal, but i don't know. It is not a link though, as it seems to be the application itself. It just struck me odd, that's all.

Edited by callme matt, 08 June 2009 - 01:19 PM.


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 09 June 2009 - 10:40 AM

Hi Matt,

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
C:\WINDOWS\system32\ovfsthpqguhyfatrrvysgxdlttluvnirkfqktw.dll
C:\WINDOWS\system32\drivers\ovfsthailotpqpxuwurtnbgkoeppmjfqchklmo.sys
C:\WINDOWS\system32\ovfstharpdqywurevdplrrhjqvjetfakgcqwmd.dat
C:\WINDOWS\system32\ovfsthliiecstvntavnjabpfqmltevgkbavyll.dll
C:\WINDOWS\system32\ovfsthhhyfdiqyonpcfekoxuwkbrfiokfwnxta.dll
C:\WINDOWS\system32\ovfsthrvlvhdeyngoboeebqerqdxcqitqtbgtc.dat
C:\WINDOWS\system32\ovfsthwi.dll
C:\WINDOWS\system32\ovfsthff.dll

Driver::
ovfsthvalbagbwwuwujkdpxmqhjrkjkouykmxf

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Then please post back here with Combofix.txt and a fresh Gmer log.

Thanks

unite.jpg


#9 callme matt

callme matt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 13 June 2009 - 12:55 PM

i think i want to format and start over, but if i were to burn and backup my data onto a dvd, would the virus/rootkit/trojan etc burn itself onto that disc as well?? i have a lot of data i need to backup so this is vital

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 13 June 2009 - 03:00 PM

As long as you are burning files that you no are virus free, like your pesonal documents, speadsheet, pictures, music,
etc then it should be fine, the malware files should not burn themselves onto the CD, that I no of. You can always check
the disc with a few online scanner, to make sure you haven't backed up any malware. If you are going to go ahead with
formatting please let me no so I cn close this thread.

Thanks

unite.jpg


#11 callme matt

callme matt
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:02:23 PM

Posted 13 June 2009 - 05:03 PM

well i actually decided that i am going to mount my infected drive as a slave, dormant drive to a computer in my house that i know is virus free, so that i can back up what i need to, and then i will format it, so yes, you can close this forum, and thanks for all of your help

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:08:23 PM

Posted 13 June 2009 - 06:04 PM

Since this issue appears resolved ... this Topic is closed. Glad I could help :thumbup2:

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users