Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Product Express Redirect and No Programs In Add/Remove


  • This topic is locked This topic is locked
19 replies to this topic

#1 BraskySTU

BraskySTU

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 13 January 2010 - 09:32 PM

I tried to run RootRepeal but my computer locked up both times during the scan. So I do not have that file in this post.

When browing the internet using Firefox, I am frequently redirected because of a service called "product express." It is certainly Adware of some kind, but Malwarebytes and Spybot S & D cannot locate it.

I also cannot see any programs in add/remove programs. This occurred after I was forced to use combofix, because of another adware/malware program. I assume combofix deleted some windows system files necessary to make the add/remove list generate, but I also thought it may be related to some undiscovered malware.

I am using Windowx XP.

Thanks.

-------


DDS (Ver_09-12-01.01) - NTFSx86
Run by Cody at 20:02:03.43 on Wed 01/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.373 [GMT -6:00]


============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
E:\Program Files\MagicDisc\MagicDisc.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Cody\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - e:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - e:\program files\netzero\qsacc\X1IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - e:\program files\netzero\ucreg.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - e:\program files\netzero\Toolbar.dll
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
uRun: [igndlm.exe] e:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SW24] e:\windows\system32\sw24.exe
mRun: [SW20] e:\windows\system32\sw20.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PCTVOICE] pctspk.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [googletalk] e:\program files\google\google talk\googletalk.exe /autostart
mRun: [IMJPMIG8.1] "e:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] e:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "e:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
StartupFolder: e:\docume~1\cody\startm~1\programs\startup\magicd~1.lnk - e:\program files\magicdisc\MagicDisc.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - e:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\xpc802~1.lnk - e:\program files\wlan\xpc 802.11b+g wireless kit\ZDWlan.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Display All Images with Full Quality - "e:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "e:\program files\netzero\qsacc\appres.dll/227"
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - e:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: lsac.org\www
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///E:/Program%20Files/Risk/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263262775218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} - hxxps://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///E:/Program%20Files/Risk/Images/armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - e:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\cody\applic~1\mozilla\firefox\profiles\ocv2njo5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: e:\program files\mozilla firefox\components\cd751915.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {486E2BB1-FD31-4D60-AC63-FFFAE70450F9} - e:\documents and settings\cody\local settings\application data\{486E2BB1-FD31-4D60-AC63-FFFAE70450F9}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 musbehco;musbehco;\??\e:\docume~1\cody\locals~1\temp\musbehco.sys --> e:\docume~1\cody\locals~1\temp\musbehco.sys [?]
S3 NEXTELC;NEXTELC;e:\windows\system32\drivers\NEXTELC.sys [2006-11-15 25055]
S3 NEXTELU;NEXTELU;e:\windows\system32\drivers\NEXTELU.sys [2006-11-15 50157]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);e:\windows\system32\drivers\ZD1211U.sys [2007-5-27 258560]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;e:\windows\system32\ZDBRGSYS.sys [2007-5-27 19200]

=============== Created Last 30 ================

2010-01-12 02:20:49 15064 ----a-w- e:\windows\system32\wuapi.dll.mui
2010-01-12 02:13:19 116224 -c--a-w- e:\windows\system32\dllcache\xrxwiadr.dll
2010-01-12 02:13:16 23040 -c--a-w- e:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-12 02:13:15 18944 -c--a-w- e:\windows\system32\dllcache\xrxscnui.dll
2010-01-12 02:13:12 27648 -c--a-w- e:\windows\system32\dllcache\xrxftplt.exe
2010-01-12 02:13:08 4608 -c--a-w- e:\windows\system32\dllcache\xrxflnch.exe
2010-01-12 02:13:04 99865 -c--a-w- e:\windows\system32\dllcache\xlog.exe
2010-01-12 02:13:01 16970 -c--a-w- e:\windows\system32\dllcache\xem336n5.sys
2010-01-12 02:13:00 19455 -c--a-w- e:\windows\system32\dllcache\wvchntxx.sys
2010-01-12 02:11:59 19528 -c--a-w- e:\windows\system32\dllcache\w840nd.sys
2010-01-12 02:10:59 22912 -c--a-w- e:\windows\system32\dllcache\umaxpcls.sys
2010-01-12 02:09:59 241664 -c--a-w- e:\windows\system32\dllcache\tosdvd02.sys
2010-01-12 02:08:59 3968 -c--a-w- e:\windows\system32\dllcache\swusbflt.sys
2010-01-12 02:07:56 58368 -c--a-w- e:\windows\system32\dllcache\smiminib.sys
2010-01-12 02:06:58 252032 -c--a-w- e:\windows\system32\dllcache\sis300iv.dll
2010-01-12 02:05:57 245632 -c--a-w- e:\windows\system32\dllcache\s3savmx.dll
2010-01-12 02:04:55 19584 -c--a-w- e:\windows\system32\dllcache\rasirda.sys
2010-01-12 02:03:52 121344 -c--a-w- e:\windows\system32\dllcache\phvfwext.dll
2010-01-12 02:02:57 27209 -c--a-w- e:\windows\system32\dllcache\otc06x5.sys
2010-01-12 02:01:58 13664 -c--a-w- e:\windows\system32\dllcache\n9i128.sys
2010-01-12 02:00:58 235648 -c--a-w- e:\windows\system32\dllcache\mgaud.dll
2010-01-12 01:59:43 26624 -c--a-w- e:\windows\system32\dllcache\irstusb.sys
2010-01-12 01:58:59 38528 -c--a-w- e:\windows\system32\dllcache\ibmvcap.sys
2010-01-12 01:57:58 68608 -c--a-w- e:\windows\system32\dllcache\hpgt53tk.dll
2010-01-12 01:56:58 27165 -c--a-w- e:\windows\system32\dllcache\fetnd5.sys
2010-01-12 01:55:59 7296 -c--a-w- e:\windows\system32\dllcache\elmsmc.sys
2010-01-12 01:54:59 65622 -c--a-w- e:\windows\system32\dllcache\digiasyn.dll
2010-01-12 01:53:59 21530 -c--a-w- e:\windows\system32\dllcache\ce2n5.sys
2010-01-12 01:52:59 23552 -c--a-w- e:\windows\system32\dllcache\atixbar.sys
2010-01-12 01:49:36 101888 -c--a-w- e:\windows\system32\dllcache\adpu160m.sys
2010-01-06 19:28:06 0 d-----w- e:\program files\common files\BioWare

==================== Find3M ====================

2010-01-07 22:07:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-28 13:02:11 2568 --sha-w- e:\windows\system32\KGyGaAvL.sys
2009-11-13 06:26:36 26988 ---ha-w- e:\windows\system32\mlfcache.dat
2009-11-12 22:55:30 214504 ----a-w- e:\windows\system32\PnkBstrB.exe
2009-11-03 02:42:06 195456 ------w- e:\windows\system32\MpSigStub.exe
2009-11-02 05:19:14 25922 ----a-w- e:\windows\fonts\Chris font 1.ttf
2009-10-23 14:24:08 411368 ----a-w- e:\windows\system32\deploytk.dll
2009-10-22 20:19:40 102188 ----a-w- e:\windows\system32\dd5996be.exe
2009-09-23 02:33:21 32768 --sha-w- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092220090923\index.dat

============= FINISH: 20:02:46.87 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 20 January 2010 - 02:31 AM

Hello and welcome.gif to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here
.

*If you have since resolved the original problem you were having, we would appreciate you letting us know.

*If not please perform the following steps below so we can have a look at the current condition of your machine.

*If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.


Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

**If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay
.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.
In order to be notified via email when your topic has a reply you need to enable topic notifications. To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.

2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.

3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.

4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.
----------------------------*-------------------------------

We need to see some information about what is happening in your machine.

Please perform the following scan:


  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Kind regards
Net_Surfer

horse.gif

#3 BraskySTU

BraskySTU
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 24 January 2010 - 12:24 PM

Ok, I am still having the aforementioned problems (see first post). However, I do believe "product express" has only been installed in Firefox, because IE works fine and does not redirect. And it is possible "product express" is not malware but simply a program I cannot unistall because I cannot see a list of programs under add/remove programs in the control panel (once again see first post). However, as I stated before the "no list of programs" problem may not be malware but simply my accidental deletion of system files in eradicating my last fight with a malware program.

I will repost the DDS file and Attach.

Thanks for any help.

Also I hope I have described my problem well enough.

DDS (Ver_09-12-01.01) - NTFSx86
Run by Cody at 11:17:40.70 on Sun 01/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.368 [GMT -6:00]


============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\system32\spoolsv.exe
svchost.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe -k imgsvc
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\Steam\Steam.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
E:\Program Files\MagicDisc\MagicDisc.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\PROGRA~1\MICROS~2\Office\WINWORD.EXE
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\Cody\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearch Bar = hxxp://my.netzero.net/s/search?r=minisearch
mDefault_Search_URL = hxxp://my.netzero.net/s/search?r=minisearch
mSearch Page = hxxp://my.netzero.net/s/search?r=minisearch
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
mSearchAssistant = hxxp://my.netzero.net/s/search?r=minisearch
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - e:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Pop-up Blocker: {52706ef7-d7a2-49ad-a615-e903858cf284} - e:\program files\netzero\qsacc\X1IEBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - e:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - e:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: NetZero Toolbar Helper: {fe3098b0-04a3-41fd-8ca9-bea39cb14c87} - e:\program files\netzero\ucreg.dll
TB: ZeroBar: {f0f8ecbe-d460-4b34-b007-56a92e8f84a7} - e:\program files\netzero\Toolbar.dll
TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File
uRun: [igndlm.exe] e:\program files\download manager\DLM.exe /windowsstart /startifwork
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Steam] "e:\program files\steam\Steam.exe" -silent
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
mRun: [SW24] e:\windows\system32\sw24.exe
mRun: [SW20] e:\windows\system32\sw20.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PCTVOICE] pctspk.exe
mRun: [HPDJ Taskbar Utility] e:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [NvCplDaemon] RUNDLL32.EXE e:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "e:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [googletalk] e:\program files\google\google talk\googletalk.exe /autostart
mRun: [IMJPMIG8.1] "e:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] e:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] e:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NvMediaCenter] RUNDLL32.EXE e:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] e:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "e:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "e:\program files\java\jre6\bin\jusched.exe"
StartupFolder: e:\docume~1\cody\startm~1\programs\startup\magicd~1.lnk - e:\program files\magicdisc\MagicDisc.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - e:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office\OSA9.EXE
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\xpc802~1.lnk - e:\program files\wlan\xpc 802.11b+g wireless kit\ZDWlan.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Display All Images with Full Quality - "e:\program files\netzero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "e:\program files\netzero\qsacc\appres.dll/227"
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - e:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: lsac.org\www
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - hxxp://housecall60.trendmicro.com/housecall/xscan60.cab
DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} - hxxp://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///E:/Program%20Files/Risk/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} - hxxp://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} - hxxp://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe
DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} - hxxp://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263262775218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} - hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} - hxxps://www4.lsac.org/LSACD_XMLWebServices/Http/OIFActiveX/ofmctl.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///E:/Program%20Files/Risk/Images/armhelper.ocx
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} - hxxp://zone.msn.com/binframework/v10/StProxy.cab55579.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - e:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - e:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\cody\applic~1\mozilla\firefox\profiles\ocv2njo5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: e:\program files\mozilla firefox\components\cd751915.dll
FF - plugin: e:\program files\download manager\npfpdlm.dll
FF - plugin: e:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {486E2BB1-FD31-4D60-AC63-FFFAE70450F9} - e:\documents and settings\cody\local settings\application data\{486E2BB1-FD31-4D60-AC63-FFFAE70450F9}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

S2 WinDefend;Windows Defender;e:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 musbehco;musbehco;\??\e:\docume~1\cody\locals~1\temp\musbehco.sys --> e:\docume~1\cody\locals~1\temp\musbehco.sys [?]
S3 NEXTELC;NEXTELC;e:\windows\system32\drivers\NEXTELC.sys [2006-11-15 25055]
S3 NEXTELU;NEXTELU;e:\windows\system32\drivers\NEXTELU.sys [2006-11-15 50157]
S3 rootrepeal;rootrepeal;\??\e:\windows\system32\drivers\rootrepeal.sys --> e:\windows\system32\drivers\rootrepeal.sys [?]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);e:\windows\system32\drivers\ZD1211U.sys [2007-5-27 258560]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;e:\windows\system32\ZDBRGSYS.sys [2007-5-27 19200]

=============== Created Last 30 ================

2010-01-20 01:56:46 0 d-----w- e:\program files\MSECache
2010-01-16 07:02:26 0 d-----w- e:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-15 22:13:18 274288 ----a-w- e:\windows\system32\mucltui.dll
2010-01-15 22:13:18 215920 ----a-w- e:\windows\system32\muweb.dll
2010-01-15 22:13:18 16736 ----a-w- e:\windows\system32\mucltui.dll.mui
2010-01-12 02:20:49 15064 ----a-w- e:\windows\system32\wuapi.dll.mui
2010-01-12 02:13:19 116224 -c--a-w- e:\windows\system32\dllcache\xrxwiadr.dll
2010-01-12 02:13:16 23040 -c--a-w- e:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-12 02:13:15 18944 -c--a-w- e:\windows\system32\dllcache\xrxscnui.dll
2010-01-12 02:13:12 27648 -c--a-w- e:\windows\system32\dllcache\xrxftplt.exe
2010-01-12 02:13:08 4608 -c--a-w- e:\windows\system32\dllcache\xrxflnch.exe
2010-01-12 02:13:04 99865 -c--a-w- e:\windows\system32\dllcache\xlog.exe
2010-01-12 02:13:01 16970 -c--a-w- e:\windows\system32\dllcache\xem336n5.sys
2010-01-12 02:13:00 19455 -c--a-w- e:\windows\system32\dllcache\wvchntxx.sys
2010-01-12 02:11:59 19528 -c--a-w- e:\windows\system32\dllcache\w840nd.sys
2010-01-12 02:10:59 22912 -c--a-w- e:\windows\system32\dllcache\umaxpcls.sys
2010-01-12 02:09:59 241664 -c--a-w- e:\windows\system32\dllcache\tosdvd02.sys
2010-01-12 02:08:59 3968 -c--a-w- e:\windows\system32\dllcache\swusbflt.sys
2010-01-12 02:07:56 58368 -c--a-w- e:\windows\system32\dllcache\smiminib.sys
2010-01-12 02:06:58 252032 -c--a-w- e:\windows\system32\dllcache\sis300iv.dll
2010-01-12 02:05:57 245632 -c--a-w- e:\windows\system32\dllcache\s3savmx.dll
2010-01-12 02:04:55 19584 -c--a-w- e:\windows\system32\dllcache\rasirda.sys
2010-01-12 02:03:52 121344 -c--a-w- e:\windows\system32\dllcache\phvfwext.dll
2010-01-12 02:02:57 27209 -c--a-w- e:\windows\system32\dllcache\otc06x5.sys
2010-01-12 02:01:58 13664 -c--a-w- e:\windows\system32\dllcache\n9i128.sys
2010-01-12 02:00:58 235648 -c--a-w- e:\windows\system32\dllcache\mgaud.dll
2010-01-12 01:59:43 26624 -c--a-w- e:\windows\system32\dllcache\irstusb.sys
2010-01-12 01:58:59 38528 -c--a-w- e:\windows\system32\dllcache\ibmvcap.sys
2010-01-12 01:57:58 68608 -c--a-w- e:\windows\system32\dllcache\hpgt53tk.dll
2010-01-12 01:56:58 27165 -c--a-w- e:\windows\system32\dllcache\fetnd5.sys
2010-01-12 01:55:59 7296 -c--a-w- e:\windows\system32\dllcache\elmsmc.sys
2010-01-12 01:54:59 65622 -c--a-w- e:\windows\system32\dllcache\digiasyn.dll
2010-01-12 01:53:59 21530 -c--a-w- e:\windows\system32\dllcache\ce2n5.sys
2010-01-12 01:52:59 23552 -c--a-w- e:\windows\system32\dllcache\atixbar.sys
2010-01-12 01:49:36 101888 -c--a-w- e:\windows\system32\dllcache\adpu160m.sys
2010-01-06 19:28:06 0 d-----w- e:\program files\common files\BioWare

==================== Find3M ====================

2010-01-15 23:25:48 107888 ----a-w- e:\windows\system32\CmdLineExt.dll
2010-01-14 17:12:06 181120 ------w- e:\windows\system32\MpSigStub.exe
2010-01-07 22:07:14 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07:04 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-12-28 13:02:11 2568 --sha-w- e:\windows\system32\KGyGaAvL.sys
2009-12-21 19:14:05 916480 ----a-w- e:\windows\system32\wininet.dll
2009-11-13 06:26:36 26988 ---ha-w- e:\windows\system32\mlfcache.dat
2009-11-12 22:55:30 214504 ----a-w- e:\windows\system32\PnkBstrB.exe
2009-11-02 05:19:14 25922 ----a-w- e:\windows\fonts\Chris font 1.ttf
2009-10-22 20:23:35 245760 --sha-w- e:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-09-23 02:33:21 32768 --sha-w- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009092220090923\index.dat

============= FINISH: 11:18:33.43 ===============

Attached Files



#4 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 24 January 2010 - 03:39 PM

Hello BraskySTU , and welcome.gif to Bleeping Computer Malware Removal Forum, My Nick is Net_Surfer I'll be glad to help you with your computer problems.

I will be working on your Malware issues, this may or may not solve other issues you may have with your machine.


Sorry about the delay, but the amount of people posting with infected computers is through the roof and sometimes we can't get to logs as fast as we would like to.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.


You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. In order to be notified via email when your topic has a reply you need to enable topic notifications.

To enable topic notifications you should do the following:

1. Click on the My Controls link at the top of the page to enter your control panel.
2. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
3. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
4. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied

The topics you are tracking are shown Here.
Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.
-----------------------------------------------------------

Please be patient and I'd be grateful if you would note the following:

Only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out their hair.


The cleaning process is not instant. DDS, ComboFix, RSIT and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

1. Please reply using the button in the lower right hand corner of your screen. Do not start a new topic.
2. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
3. All of my posts need to be checked by my coach before they are posted here your benefit will be "four eyes and two brains" looking into your problem, but my responses may be somewhat delayed so please be patient while I attempt to remove your malware.
4. Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

I found the source of your problem with your firefox browser and I will be posting a fix for you to follow as soon my coach approves it, so I can take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay
.

In the meantime Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult..

Kind regards
Net_Surfer

medieval.gif

Edited by Net_Surfer, 24 January 2010 - 03:40 PM.


#5 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 24 January 2010 - 08:35 PM



Hello again BraskySTU .icon_hello.gif

Please observe these rules while we work:
  • Please Read All Instructions Carefully
  • Perform all actions in the order given.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
  • In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
  • Please continue to review my answers until I tell you that your machine is clean and free of malware. (Remember absence of symptoms does not mean that everything is clear).
Just because you can't see a problem doesn't mean it isn't there.

If you can do these things, everything should go smoothly. thumbup2.gif

----------------------------^-------------------------------

IMPORTANT NOTE:
One or more of the identified infections was related to a rootkit component. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read "How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?"

Although we MIGHT be able to remove the rootkit, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that IF the rootkit can be removed the computer will then be secure.

In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. Let us know how you wish to proceed.

IF you will like to proceed with the clean up please follow my next set of steps:

step1.gif * Rootkit Scan with Gmer.

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

step2.gif Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic - Free anti-virus software for Windows. Free support.
2) avast! 5 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

step3.gif * Run random's system information tool (RSIT)

We need to see more information about what is happening in your machine. Please perform the following scan:

Please note that it is important that RSIT be run and a log created while in normal mode. *If you run it and create your log while in safe mode, you will be asked to redo it again properly.
  • Download random's system information tool (RSIT) by random/random and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open.
Copy/Paste the contents of both log.txt and info.txt into your next post please.

( Default location for both files is C:\rsit\ )

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE


Make sure, you re-enable your security programs after you done with the scans.

Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Summary of the logs I will need in your next reply:
  • The report log of Gmer
  • The two logs of RSIT
And a description of any remaining problems.

How are things your end BraskySTU???.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer

medieval.gif

Edited by Net_Surfer, 25 January 2010 - 06:03 AM.


#6 BraskySTU

BraskySTU
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 25 January 2010 - 07:36 PM

The two RSIT logs are first followed by the GMER.

Thanks.

FIRST RSIT

info.txt logfile of random's system information tool 1.06 2010-01-25 12:27:32

======Uninstall list======

-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->E:\WINDOWS\IsUninst.exe -fC:\SIERRA\RedBaronII\Uninst.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 6.0-->E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"E:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->E:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer-->E:\WINDOWS\IsUninst.exe -f"E:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AIM 6-->E:\Program Files\AIM6\uninst.exe
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AsusUpdate-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\ASUS\AsusUpdate\Uninst.isu"
Athlon 64 Processor Driver-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Baseball Mogul 2006-->MsiExec.exe /I{59F92CC5-FAEC-47BF-926F-2C79A7B086D7}
Battle of Britain II-->E:\BATTLE~1\UNWISE.EXE E:\BATTLE~1\tempwp.log
Battlefield 2™-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty® 2-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Critical Update for Windows Media Player 11 (KB959772)-->"E:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DesertCombat 0.7-->E:\WINDOWS\iun6002.exe "E:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
DivX Codec-->E:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->E:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->E:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
Download Manager 2.3.6-->E:\Program Files\Download Manager\uninst.exe
EVE Online (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
EVE Trade Finder-->"E:\Program Files\EVETradeFinder\uninstall.exe"
Fable - The Lost Chapters-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Free Allegiance-->E:\Program Files\Microsoft Games\Allegiance\uninst.exe
Freedom Fighters-->E:\PROGRA~1\EAGAME~1\FREEDO~1\UNWISE.EXE E:\PROGRA~1\EAGAME~1\FREEDO~1\INSTALL.LOG
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Talk (remove only)-->"E:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Episode One-->"E:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"E:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2-->"E:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"E:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"E:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"E:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"E:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"E:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
hp deskjet 3500 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
hp deskjet 3500-->msiexec /x{C7EC0699-D82C-4451-B701-C98C330D43AF}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Insurgency-->"E:\Program Files\Steam\steam.exe" steam://uninstall/17700
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LucasArts' X-Wing Alliance-->E:\WINDOWS\uninst.exe -f"E:\Program Files\LucasArts\XWingAlliance\DeIsL1.isu"
Magic ISO Maker v5.4 (build 0255)-->E:\PROGRA~1\MagicISO\UNWISE.EXE E:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->E:\PROGRA~1\MAGICD~1\UNWISE.EXE E:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->E:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Max Payne-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe" uninstall uninstall
MDL ISIS Draw 2.5 Standalone-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MDL ISIS Draw 2.5\uninst.isu"
Medieval - Total War ™ - Viking Invasion ™-->E:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Unwise.exe /u E:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Install.log
Medieval II Total War Manager-->MsiExec.exe /I{C188B6DE-A1B7-44CB-807A-2D4669594FE4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->E:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"E:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Links 2001-->"E:\Program Files\Microsoft Games\Links 2001\UNINSTAL.EXE" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"E:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MINERVA: Metastasis-->E:\PROGRA~1\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE E:\PROGRA~1\Steam\STEAMA~1\SOURCE~1\METAST~1\metastasis.log
mIRC-->"E:\Program Files\mIRC\mirc.exe" -uninstall
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.7)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN Money Investment Toolbox-->"E:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\msninst.inf,Uninstall
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Samples-->MsiExec.exe /I{A918DE8A-98C8-0920-0001-000000000000}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Network Addon Mod Version January 2009-->E:\Documents and Settings\Cody\My Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
Network Play System (Patching)-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NetZero Connection Wizard-->"E:\Program Files\Connection Wizard\unInstall.exe"
NetZero Internet-->"E:\Program Files\NetZero\NetZeroUninstaller.exe"
NVIDIA Drivers-->E:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Oblivion mod manager 1.1.9-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenTTD 0.6.0-->E:\Program Files\OpenTTD\uninstall.exe
PC Probe II-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PCMark04-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{4718EA71-CED3-498D-8FA9-34CB830AF2D8}\Setup.exe" -l0x9
Portal-->"E:\Program Files\Steam\steam.exe" steam://uninstall/400
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
ProductExpress-->E:\WINDOWS\system32\dd5996be.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Railroad Tycoon 3-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DE29025A-091F-4998-AD2D-24C84421190F}\setup.exe" -l0x9
RCT acCeSS-->E:\WINDOWS\iun3405.exe C:\Program Files\RCT acCeSS
RealPlayer-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Roll-->E:\WINDOWS\UniFish3.exe E:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB929969)-->"E:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"E:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"E:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"E:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"E:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"E:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"E:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"E:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"E:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"E:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"E:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"E:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"E:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"E:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"E:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"E:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"E:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"E:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"E:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"E:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"E:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"E:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"E:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"E:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"E:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"E:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"E:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"E:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"E:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"E:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"E:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"E:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"E:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"E:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"E:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"E:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"E:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"E:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"E:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"E:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"E:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"E:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"E:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"E:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"E:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"E:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"E:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"E:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"E:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"E:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"E:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"E:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"E:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"E:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"E:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"E:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"E:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"E:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"E:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"E:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"E:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"E:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"E:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"E:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"E:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"E:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"E:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"E:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"E:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"E:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"E:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"E:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"E:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"E:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"E:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"E:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"E:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"E:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"E:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"E:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"E:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"E:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sid Meier's Civilization 4-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Silent Hunter 4 Wolves of the Pacific-->E:\Program Files\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Battlefront II-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
Star Wars Jedi Knight Jedi Academy-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Star Wars Republic Commando-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}\Setup.exe" -l0x9
Star Wars® Knights of the Old Republic® II: The Sith Lords™-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Steam-->E:\PROGRA~1\Steam\UNWISE.EXE E:\PROGRA~1\Steam\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steel Panthers World At War v8.20-->E:\WINDOWS\iun6002.exe "C:\Matrix Games\Steel Panthers World At War\irunin.ini"
TBS WMP Plug-in-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Total Annihilation-->C:\PROGRAM FILES\CAVEDOG\TOTALA\setup.exe -u
Transport Tycoon Deluxe-->E:\WINDOWS\UniFISH.exe Transport Tycoon Deluxe
Trellian SEO Toolkit v2.0-->"E:\Program Files\TRELLIAN\SEO Toolkit v2.0\unins000.exe"
Trellian WebPage-->"E:\Program Files\Trellian\Trellian WebPage\unins000.exe"
Trillian-->E:\Program Files\Trillian\trillian.exe /uninstall
Unofficial Oblivion Patch v3.2.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe"
Unofficial Shivering Isles Patch v1.3.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Shivering Isles Patch\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"E:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"E:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"E:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"E:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"E:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"E:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"E:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"E:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"E:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"E:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"E:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->E:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"E:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
XPC 802.11b+g Wireless Kit-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9
XviD 1.1 final uninstall-->"E:\Program Files\XviD\unins000.exe"

======System event log======

Computer Name: CODY
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
The specified module could not be found.


Record Number: 3450
Source Name: Service Control Manager
Time Written: 20091121175918.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7000
Message: The Windows Defender service failed to start due to the following error:
Access is denied.


Record Number: 3449
Source Name: Service Control Manager
Time Written: 20091121175918.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
DumaNT

Record Number: 3422
Source Name: Service Control Manager
Time Written: 20091120230629.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
The specified module could not be found.


Record Number: 3421
Source Name: Service Control Manager
Time Written: 20091120230623.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7000
Message: The Windows Defender service failed to start due to the following error:
Access is denied.


Record Number: 3420
Source Name: Service Control Manager
Time Written: 20091120230623.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: CODY
Event Code: 1001
Message: Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 1212
Source Name: MsiInstaller
Time Written: 20080625205552.000000-300
Event Type: warning
User: CODY\Cody

Computer Name: CODY
Event Code: 0
Message: System.Exception: Error getting current year.
at ShellShockEnterprises.MedManager.SaveFiles.SaveFile.Populate()
at ShellShockEnterprises.MedManager.EditSaveFileForm..ctor(SaveFileItem saveFileItem)
at ShellShockEnterprises.MedManager.MainForm.editSaveToolStripMenuItem_Click(Object sender, EventArgs e)

Record Number: 1164
Source Name: Medieval II Total War Manager
Time Written: 20080621120308.000000-300
Event Type: error
User:

Computer Name: CODY
Event Code: 0
Message: System.Exception: Error getting current year.
at ShellShockEnterprises.MedManager.SaveFiles.SaveFile.Populate()
at ShellShockEnterprises.MedManager.EditSaveFileForm..ctor(SaveFileItem saveFileItem)
at ShellShockEnterprises.MedManager.MainForm.editSaveToolStripMenuItem_Click(Object sender, EventArgs e)

Record Number: 1163
Source Name: Medieval II Total War Manager
Time Written: 20080621120301.000000-300
Event Type: error
User:

Computer Name: CODY
Event Code: 1517
Message: Windows saved user CODY\Cody registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1137
Source Name: Userenv
Time Written: 20080619032102.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CODY
Event Code: 1517
Message: Windows saved user CODY\Cody registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1073
Source Name: Userenv
Time Written: 20080608171901.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;E:\Program Files\Common Files\MDL Shared\ISIS;E:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;E:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=E:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

SECOND RSIT


info.txt logfile of random's system information tool 1.06 2010-01-25 12:27:32

======Uninstall list======

-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->E:\WINDOWS\IsUninst.exe -fC:\SIERRA\RedBaronII\Uninst.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 E:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"E:\Program Files\7-Zip\Uninstall.exe"
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->E:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->E:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 6.0-->E:\WINDOWS\ISUNINST.EXE -f"E:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"E:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->E:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE E:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe SVG Viewer-->E:\WINDOWS\IsUninst.exe -f"E:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
AIM 6-->E:\Program Files\AIM6\uninst.exe
America's Army-->MsiExec.exe /I{D873FA4B-C374-4F8A-8D9A-130DB56FAB16}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
AsusUpdate-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\ASUS\AsusUpdate\Uninst.isu"
Athlon 64 Processor Driver-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Baseball Mogul 2006-->MsiExec.exe /I{59F92CC5-FAEC-47BF-926F-2C79A7B086D7}
Battle of Britain II-->E:\BATTLE~1\UNWISE.EXE E:\BATTLE~1\tempwp.log
Battlefield 2™-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x9 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Call of Duty® 2-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D0A05794-48C2-4424-A15A-9F20FCFDD374} /l1033
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}
Critical Update for Windows Media Player 11 (KB959772)-->"E:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DesertCombat 0.7-->E:\WINDOWS\iun6002.exe "E:\Program Files\EA GAMES\Battlefield 1942\DesertCombat.ini"
DivX Codec-->E:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->E:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->E:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->E:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
Download Manager 2.3.6-->E:\Program Files\Download Manager\uninst.exe
EVE Online (remove only)-->C:\Program Files\CCP\EVE\Uninstall.exe
EVE Trade Finder-->"E:\Program Files\EVETradeFinder\uninstall.exe"
Fable - The Lost Chapters-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
Free Allegiance-->E:\Program Files\Microsoft Games\Allegiance\uninst.exe
Freedom Fighters-->E:\PROGRA~1\EAGAME~1\FREEDO~1\UNWISE.EXE E:\PROGRA~1\EAGAME~1\FREEDO~1\INSTALL.LOG
Google Earth-->MsiExec.exe /I{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}
Google Talk (remove only)-->"E:\Program Files\Google\Google Talk\uninstall.exe"
Half-Life 2: Episode One-->"E:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"E:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life® 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2-->"E:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"E:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"E:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"E:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"E:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"E:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"E:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB976098-v2)-->"E:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
hp deskjet 3500 series-->rundll32 hpzcon09.dll,VendorJettison hp deskjet 3500 series
hp deskjet 3500-->msiexec /x{C7EC0699-D82C-4451-B701-C98C330D43AF}
HP Photo and Imaging 2.0 - Deskjet Series-->MsiExec.exe /I{E0828692-FD9D-459F-9312-C645C3CA6650}
hp print screen utility-->C:\Program Files\Hewlett-Packard\hp print screen utility\UnInstall\prnunins.exe
Insurgency-->"E:\Program Files\Steam\steam.exe" steam://uninstall/17700
iTunes-->MsiExec.exe /I{EC2A8F27-4FBF-4E41-B27B-FE822511B761}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
LucasArts' X-Wing Alliance-->E:\WINDOWS\uninst.exe -f"E:\Program Files\LucasArts\XWingAlliance\DeIsL1.isu"
Magic ISO Maker v5.4 (build 0255)-->E:\PROGRA~1\MagicISO\UNWISE.EXE E:\PROGRA~1\MagicISO\INSTALL.LOG
MagicDisc 2.7.106-->E:\PROGRA~1\MAGICD~1\UNWISE.EXE E:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"E:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Mass Effect-->E:\Program Files\Common Files\BioWare\Uninstall Mass Effect.exe
Max Payne-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe" uninstall uninstall
MDL ISIS Draw 2.5 Standalone-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MDL ISIS Draw 2.5\uninst.isu"
Medieval - Total War ™ - Viking Invasion ™-->E:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Unwise.exe /u E:\PROGRA~1\TOTALW~1\MEDIEV~1\Uninstall\Install.log
Medieval II Total War Manager-->MsiExec.exe /I{C188B6DE-A1B7-44CB-807A-2D4669594FE4}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "E:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->E:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Compression Client Pack 1.0 for Windows XP-->"E:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"E:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Links 2001-->"E:\Program Files\Microsoft Games\Links 2001\UNINSTAL.EXE" /runtemp /addremove
Microsoft National Language Support Downlevel APIs-->"E:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"E:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
MINERVA: Metastasis-->E:\PROGRA~1\Steam\STEAMA~1\SOURCE~1\METAST~1\UNWISE.EXE E:\PROGRA~1\Steam\STEAMA~1\SOURCE~1\METAST~1\metastasis.log
mIRC-->"E:\Program Files\mIRC\mirc.exe" -uninstall
MobileMe Control Panel-->MsiExec.exe /I{3AC54383-31D1-4907-961B-B12CBB1D0AE8}
Mozilla Firefox (3.5.7)-->E:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSI Live Update 3-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\MSI\Live Update 3\Uninst.isu"
MSN Money Investment Toolbox-->"E:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection E:\WINDOWS\INF\msninst.inf,Uninstall
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Multimedia Samples-->MsiExec.exe /I{A918DE8A-98C8-0920-0001-000000000000}
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
Network Addon Mod Version January 2009-->E:\Documents and Settings\Cody\My Documents\SimCity 4\Plugins\Network Addon Mod\uninst.exe
Network Play System (Patching)-->E:\WINDOWS\IsUninst.exe -f"E:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NetZero Connection Wizard-->"E:\Program Files\Connection Wizard\unInstall.exe"
NetZero Internet-->"E:\Program Files\NetZero\NetZeroUninstaller.exe"
NVIDIA Drivers-->E:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
Oblivion mod manager 1.1.9-->"C:\Program Files\Bethesda Softworks\Oblivion\obmm\uninstall\unins000.exe"
Oblivion-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
OpenTTD 0.6.0-->E:\Program Files\OpenTTD\uninstall.exe
PC Probe II-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\Setup.exe" -l0x9
PCMark04-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{4718EA71-CED3-498D-8FA9-34CB830AF2D8}\Setup.exe" -l0x9
Portal-->"E:\Program Files\Steam\steam.exe" steam://uninstall/400
Power Tab Editor 1.7-->MsiExec.exe /I{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}
ProductExpress-->E:\WINDOWS\system32\dd5996be.exe
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Railroad Tycoon 3-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DE29025A-091F-4998-AD2D-24C84421190F}\setup.exe" -l0x9
RCT acCeSS-->E:\WINDOWS\iun3405.exe C:\Program Files\RCT acCeSS
RealPlayer-->E:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x9 -removeonly
Roll-->E:\WINDOWS\UniFish3.exe E:\Program Files\Hasbro Interactive\RollerCoaster Tycoon\RollerCoaster Tycoon.log
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB929969)-->"E:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"E:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"E:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"E:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"E:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"E:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"E:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"E:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"E:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"E:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"E:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"E:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"E:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"E:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"E:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"E:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB976325)-->"E:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB978207)-->"E:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"E:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"E:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"E:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"E:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"E:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"E:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"E:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"E:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"E:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"E:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"E:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"E:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"E:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"E:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"E:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"E:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"E:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"E:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"E:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"E:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"E:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"E:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"E:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"E:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"E:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"E:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"E:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"E:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"E:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"E:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"E:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"E:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"E:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"E:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"E:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"E:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"E:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"E:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"E:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"E:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"E:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"E:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"E:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"E:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"E:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"E:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"E:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"E:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"E:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"E:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"E:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969947)-->"E:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"E:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"E:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"E:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"E:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"E:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"E:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"E:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"E:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"E:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"E:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"E:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"E:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"E:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"E:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"E:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"E:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"E:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"E:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"E:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Sid Meier's Civilization 4-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe" -l0x9 -removeonly
Silent Hunter 4 Wolves of the Pacific-->E:\Program Files\InstallShield Installation Information\{0D005F09-A5F4-473B-A901-5735C6AF5628}\setup.exe -runfromtemp -l0x0009 -removeonly
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Battlefront II-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{3D374523-CFDE-461A-827E-2A102E2AB365}\Setup.exe" -l0x9 -removeonly
Star Wars Jedi Knight Jedi Academy-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9
Star Wars Republic Commando-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}\Setup.exe" -l0x9
Star Wars® Knights of the Old Republic® II: The Sith Lords™-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Steam-->E:\PROGRA~1\Steam\UNWISE.EXE E:\PROGRA~1\Steam\INSTALL.LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steel Panthers World At War v8.20-->E:\WINDOWS\iun6002.exe "C:\Matrix Games\Steel Panthers World At War\irunin.ini"
TBS WMP Plug-in-->E:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Total Annihilation-->C:\PROGRAM FILES\CAVEDOG\TOTALA\setup.exe -u
Transport Tycoon Deluxe-->E:\WINDOWS\UniFISH.exe Transport Tycoon Deluxe
Trellian SEO Toolkit v2.0-->"E:\Program Files\TRELLIAN\SEO Toolkit v2.0\unins000.exe"
Trellian WebPage-->"E:\Program Files\Trellian\Trellian WebPage\unins000.exe"
Trillian-->E:\Program Files\Trillian\trillian.exe /uninstall
Unofficial Oblivion Patch v3.2.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe"
Unofficial Shivering Isles Patch v1.3.0-->"C:\Program Files\Bethesda Softworks\Oblivion\Unofficial Shivering Isles Patch\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->E:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB971180)-->"E:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"E:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"E:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"E:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"E:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"E:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"E:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"E:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"E:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"E:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"E:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"E:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->E:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"E:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"E:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"E:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"E:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"E:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->E:\Program Files\WinRAR\uninstall.exe
WinZip 12.1-->MsiExec.exe /X{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}
XPC 802.11b+g Wireless Kit-->RunDll32 E:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "E:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9
XviD 1.1 final uninstall-->"E:\Program Files\XviD\unins000.exe"

======System event log======

Computer Name: CODY
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
The specified module could not be found.


Record Number: 3450
Source Name: Service Control Manager
Time Written: 20091121175918.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7000
Message: The Windows Defender service failed to start due to the following error:
Access is denied.


Record Number: 3449
Source Name: Service Control Manager
Time Written: 20091121175918.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
DumaNT

Record Number: 3422
Source Name: Service Control Manager
Time Written: 20091120230629.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7023
Message: The Automatic Updates service terminated with the following error:
The specified module could not be found.


Record Number: 3421
Source Name: Service Control Manager
Time Written: 20091120230623.000000-360
Event Type: error
User:

Computer Name: CODY
Event Code: 7000
Message: The Windows Defender service failed to start due to the following error:
Access is denied.


Record Number: 3420
Source Name: Service Control Manager
Time Written: 20091120230623.000000-360
Event Type: error
User:

=====Application event log=====

Computer Name: CODY
Event Code: 1001
Message: Detection of product '{00010409-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 1212
Source Name: MsiInstaller
Time Written: 20080625205552.000000-300
Event Type: warning
User: CODY\Cody

Computer Name: CODY
Event Code: 0
Message: System.Exception: Error getting current year.
at ShellShockEnterprises.MedManager.SaveFiles.SaveFile.Populate()
at ShellShockEnterprises.MedManager.EditSaveFileForm..ctor(SaveFileItem saveFileItem)
at ShellShockEnterprises.MedManager.MainForm.editSaveToolStripMenuItem_Click(Object sender, EventArgs e)

Record Number: 1164
Source Name: Medieval II Total War Manager
Time Written: 20080621120308.000000-300
Event Type: error
User:

Computer Name: CODY
Event Code: 0
Message: System.Exception: Error getting current year.
at ShellShockEnterprises.MedManager.SaveFiles.SaveFile.Populate()
at ShellShockEnterprises.MedManager.EditSaveFileForm..ctor(SaveFileItem saveFileItem)
at ShellShockEnterprises.MedManager.MainForm.editSaveToolStripMenuItem_Click(Object sender, EventArgs e)

Record Number: 1163
Source Name: Medieval II Total War Manager
Time Written: 20080621120301.000000-300
Event Type: error
User:

Computer Name: CODY
Event Code: 1517
Message: Windows saved user CODY\Cody registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1137
Source Name: Userenv
Time Written: 20080619032102.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CODY
Event Code: 1517
Message: Windows saved user CODY\Cody registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1073
Source Name: Userenv
Time Written: 20080608171901.000000-300
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;E:\Program Files\Common Files\MDL Shared\ISIS;E:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0c00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;E:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=E:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip

-----------------EOF-----------------

GMER FILE


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-25 18:31:50
Windows 5.1.2600 Service Pack 3
Running: nujqdp05.exe; Driver: E:\DOCUME~1\Cody\LOCALS~1\Temp\pxtdqpob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text E:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF4FFE380, 0x346307, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe[3960] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 035EA939 C:\Program Files\Spybot - Search & Destroy\Plugins\Chai.dll

---- EOF - GMER 1.0.15 ----



#7 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 25 January 2010 - 08:44 PM

Hi again......

You posted the same info.txt logfile of RSIT twice.......

I need you to paste the other log: log.txt

Question: You mentioned that you had ran ComboFix tool, can you tell me how long ago and see if you can find this log file of combofix and pasted here for my review:

C:\ComboFix.txt

Regards
Net_Surfer

#8 BraskySTU

BraskySTU
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 27 January 2010 - 02:45 PM

Sorry, I promise I am not usually that dumb (pasting the same file twice).

Thanks for the help.

Anyway here is the

LOG.txt file

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cody at 2010-01-27 13:39:06
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 26 GB (27%) free of 96 GB
Total RAM: 1023 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:12 PM, on 1/27/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
E:\Program Files\MagicDisc\MagicDisc.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
E:\Program Files\Microsoft Office\Office\WINWORD.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Windows Live\Messenger\msnmsgr.exe
E:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Documents and Settings\Cody\Desktop\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Cody.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - E:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - E:\Program Files\NetZero\ucreg.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - E:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SW24] E:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] E:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "E:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: XPC 802.11b+g Wireless Utility.lnk = E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///E:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263262775218
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///E:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Windows Defender (WinDefend) - Unknown owner - E:\Program Files\Windows Defender\MsMpEng.exe

--
End of file - 11724 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-23 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
Pop-up Blocker - E:\Program Files\NetZero\qsacc\X1IEBHO.dll [2009-03-18 211464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE3098B0-04A3-41fd-8CA9-BEA39CB14C87}]
NetZero Toolbar Helper - E:\Program Files\NetZero\ucreg.dll [2009-10-05 153096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - E:\Program Files\NetZero\Toolbar.dll [2009-10-05 325128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SW24"=E:\WINDOWS\system32\sw24.exe [2005-07-04 69632]
"SW20"=E:\WINDOWS\system32\sw20.exe [2005-06-29 212992]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2005-08-11 77824]
"PCTVOICE"=E:\WINDOWS\system32\pctspk.exe [2002-02-20 163840]
"HPDJ Taskbar Utility"=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"googletalk"=E:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"IMJPMIG8.1"=E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"AppleSyncNotifier"=E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=E:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"Windows Defender"=E:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"SunJavaUpdateSched"=E:\Program Files\Java\jre6\bin\jusched.exe [2009-10-23 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=E:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE
XPC 802.11b+g Wireless Utility.lnk - E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe

E:\Documents and Settings\Cody\Start Menu\Programs\Startup
MagicDisc.lnk - E:\Program Files\MagicDisc\MagicDisc.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=E:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW"
"E:\Program Files\Messenger\msmsgs.exe"="E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\Common Files\AOL\Loader\aolload.exe"="E:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe:*:Enabled:Allegiance"
"E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe:*:Enabled:ASGSUpdate"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"E:\Program Files\Google\Google Talk\googletalk.exe"="E:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{711c9170-6843-11de-9167-0011d8dde8f0}]
shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b27f5466-1167-11da-8829-806d6172696f}]
shell\AutoRun\command - D:\autorun.exe -auto


======List of files/folders created in the last 1 months======

2010-01-25 12:27:22 ----D---- E:\rsit
2010-01-19 19:56:46 ----D---- E:\Program Files\MSECache
2010-01-16 01:02:26 ----D---- E:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\muweb.dll
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll.mui
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll
2010-01-14 19:17:22 ----D---- E:\Program Files\Microsoft Silverlight
2010-01-14 00:55:00 ----HDC---- E:\WINDOWS\$NtUninstallKB970430$
2010-01-14 00:54:55 ----HDC---- E:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-14 00:54:51 ----HDC---- E:\WINDOWS\$NtUninstallKB955759$
2010-01-14 00:54:46 ----HDC---- E:\WINDOWS\$NtUninstallKB974318$
2010-01-14 00:54:42 ----HDC---- E:\WINDOWS\$NtUninstallKB961503$
2010-01-14 00:54:39 ----HDC---- E:\WINDOWS\$NtUninstallKB972270$
2010-01-14 00:52:16 ----HDC---- E:\WINDOWS\$NtUninstallKB973687$
2010-01-14 00:52:10 ----HDC---- E:\WINDOWS\$NtUninstallKB973904$
2010-01-14 00:52:05 ----HDC---- E:\WINDOWS\$NtUninstallKB974392$
2010-01-14 00:52:00 ----HDC---- E:\WINDOWS\$NtUninstallKB971737$
2010-01-14 00:51:47 ----HDC---- E:\WINDOWS\$NtUninstallKB969947$
2010-01-11 20:20:49 ----A---- E:\WINDOWS\system32\wuapi.dll.mui
2010-01-06 13:37:51 ----RHD---- E:\Documents and Settings\Cody\Application Data\SecuROM
2010-01-06 13:28:06 ----D---- E:\Program Files\Common Files\BioWare

======List of files/folders modified in the last 1 months======

2010-01-27 13:39:12 ----D---- E:\WINDOWS\Prefetch
2010-01-27 13:36:57 ----D---- E:\Program Files\Mozilla Firefox
2010-01-27 12:20:01 ----D---- E:\WINDOWS\temp
2010-01-27 01:15:08 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-01-25 15:36:10 ----D---- E:\WINDOWS\system32\CatRoot2
2010-01-25 12:15:34 ----D---- E:\WINDOWS
2010-01-25 12:15:29 ----A---- E:\WINDOWS\SIERRA.INI
2010-01-25 12:12:59 ----RD---- E:\Program Files
2010-01-25 12:12:30 ----HD---- E:\Program Files\InstallShield Installation Information
2010-01-25 12:04:36 ----D---- E:\Program Files\Steam
2010-01-23 19:30:42 ----AD---- E:\Documents and Settings\All Users\Application Data\TEMP
2010-01-22 10:04:53 ----D---- E:\WINDOWS\system32
2010-01-22 00:30:34 ----HD---- E:\WINDOWS\inf
2010-01-22 00:30:24 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-01-22 00:30:23 ----D---- E:\Program Files\Internet Explorer
2010-01-22 00:29:53 ----HD---- E:\WINDOWS\$hf_mig$
2010-01-20 13:53:48 ----SHD---- E:\WINDOWS\Installer
2010-01-19 20:09:23 ----RSD---- E:\WINDOWS\Fonts
2010-01-19 20:09:20 ----D---- E:\Program Files\Microsoft Office
2010-01-19 20:09:19 ----D---- E:\Program Files\Common Files\Microsoft Shared
2010-01-16 01:02:23 ----D---- E:\WINDOWS\WinSxS
2010-01-15 17:25:48 ----A---- E:\WINDOWS\system32\CmdLineExt.dll
2010-01-14 11:12:06 ----N---- E:\WINDOWS\system32\MpSigStub.exe
2010-01-14 09:01:37 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-01-14 08:59:47 ----D---- E:\WINDOWS\AppPatch
2010-01-14 00:55:03 ----A---- E:\WINDOWS\imsins.BAK
2010-01-14 00:55:02 ----D---- E:\WINDOWS\system32\drivers
2010-01-11 20:20:50 ----D---- E:\WINDOWS\Help
2010-01-11 20:19:57 ----SD---- E:\WINDOWS\Downloaded Program Files
2010-01-11 20:17:13 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-11 15:43:09 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2010-01-08 22:00:24 ----A---- E:\WINDOWS\ModemLog_PCTEL Platinum V.92 Modem.txt
2010-01-06 13:28:06 ----D---- E:\Program Files\Common Files
2010-01-04 16:17:48 ----A---- E:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AsIO;AsIO; \??\E:\WINDOWS\system32\drivers\AsIO.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; E:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 enodpl;enodpl; E:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 MaVctrl;MaVctrl; E:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; E:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 tandpl;tandpl; E:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R2 tmcomm;tmcomm; \??\E:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-11 2324480]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; E:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-12-16 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-12-16 12928]
R3 Ptserial;W2K Pctel Serial Device Driver; E:\WINDOWS\system32\DRIVERS\ptserial.sys [2002-02-20 120945]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; E:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDPNDIS5.SYS []
S1 DumaNT;NVIDIA Stereo Helper Service; E:\WINDOWS\system32\DRIVERS\dumant.sys []
S1 kbdhid;Keyboard HID Driver; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\E:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; E:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; E:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 MaRdPnp;MaRdPnp; E:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 musbehco;musbehco; \??\E:\DOCUME~1\Cody\LOCALS~1\Temp\musbehco.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NEXTELC;NEXTELC; E:\WINDOWS\system32\DRIVERS\NEXTELC.sys [2004-12-16 25055]
S3 NEXTELU;NEXTELU; E:\WINDOWS\system32\DRIVERS\NEXTELU.sys [2005-07-04 50157]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCAMPR5.SYS []
S3 PnkBstrK;PnkBstrK; \??\E:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 QCDonner;Logitech QuickCam Express; E:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 rootrepeal;rootrepeal; \??\E:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 SetupSys;Conexant Setup API; E:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 8811]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;MobileAction USB Modem Driver; E:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); E:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-11-29 258560]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDBRGSYS.SYS []
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2009-10-23 153376]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2009-10-03 75064]
R2 PnkBstrB;PnkBstrB; E:\WINDOWS\system32\PnkBstrB.exe [2009-11-12 214504]
R3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 WinDefend;Windows Defender; E:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------




Combofix.txt


ComboFix 09-10-21.02 - Cody 10/22/2009 17:43.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.714 [GMT -5:00]
Running from: e:\documents and settings\Cody\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\windows\Downloaded Program Files\Temp
e:\windows\msa.exe
e:\windows\patch.exe
e:\windows\run.log
e:\windows\system32\images
e:\windows\system32\images\i1.gif
e:\windows\system32\images\i2.gif
e:\windows\system32\images\i3.gif
e:\windows\system32\images\j1.gif
e:\windows\system32\images\j2.gif
e:\windows\system32\images\j3.gif
e:\windows\system32\images\jj1.gif
e:\windows\system32\images\jj2.gif
e:\windows\system32\images\jj3.gif
e:\windows\system32\images\l1.gif
e:\windows\system32\images\l2.gif
e:\windows\system32\images\l3.gif
e:\windows\system32\images\pix.gif
e:\windows\system32\images\t1.gif
e:\windows\system32\images\t2.gif
e:\windows\system32\images\up1.gif
e:\windows\system32\images\up2.gif
e:\windows\system32\images\w1.gif
e:\windows\system32\images\w11.gif
e:\windows\system32\images\w2.gif
e:\windows\system32\images\w3.gif
e:\windows\system32\images\w3.jpg
e:\windows\system32\images\wt1.gif
e:\windows\system32\images\wt2.gif
e:\windows\system32\images\wt3.gif
e:\windows\system32\UACrprqcvjhylbwyba.db
e:\windows\system32\uactmp.db
e:\windows\uwafifinohaz.dll

Infected copy of e:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - e:\windows\ServicePackFiles\i386\eventlog.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ANTIPOL
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-22 20:28 . 2009-10-22 20:28 0 ----a-r- e:\windows\Jqiputivolubu.bin
2009-10-22 20:28 . 2009-10-22 20:28 -------- d-----w- e:\documents and settings\Cody\Local Settings\Application Data\{486E2BB1-FD31-4D60-AC63-FFFAE70450F9}
2009-10-22 20:19 . 2009-10-22 20:19 102188 ----a-w- e:\windows\system32\dd5996be.exe
2009-10-22 20:18 . 2009-10-22 21:28 0 ----a-r- e:\windows\win32k.sys
2009-10-10 14:32 . 2009-10-10 14:32 -------- d-----w- e:\documents and settings\Cody\Local Settings\Application Data\CCP
2009-10-10 13:15 . 2007-07-19 23:14 3727720 ----a-w- e:\windows\system32\d3dx9_35.dll
2009-10-10 03:40 . 2009-10-10 03:40 -------- d-----w- e:\documents and settings\All Users\Application Data\CCP
2009-10-09 20:58 . 2009-10-09 20:58 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache
2009-10-03 20:05 . 2009-10-03 20:05 -------- d-----w- e:\documents and settings\Cody\Local Settings\Application Data\PunkBuster
2009-10-01 03:59 . 2009-10-01 03:59 -------- d-----w- e:\program files\7-Zip
2009-09-23 11:51 . 2009-09-23 11:51 1902080 ----a-w- e:\windows\system32\cc7ceb89.dll
2009-09-23 01:53 . 2009-09-23 01:53 -------- d-----w- e:\windows\system32\scripting
2009-09-23 01:53 . 2009-09-23 01:53 -------- d-----w- e:\windows\l2schemas
2009-09-23 01:53 . 2009-09-23 01:53 -------- d-----w- e:\windows\system32\en
2009-09-23 01:53 . 2009-09-23 01:53 -------- d-----w- e:\windows\system32\bits
2009-09-23 01:47 . 2009-09-23 01:47 -------- d-----w- e:\windows\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 22:38 . 2009-10-22 20:28 120 ----a-w- e:\windows\Ghohebiritadumo.dat
2009-10-22 22:08 . 2009-10-22 22:08 -------- d-----w- e:\program files\Windows Defender
2009-10-22 21:48 . 2009-10-22 21:48 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2009-10-17 03:53 . 2005-10-07 02:21 -------- d-----w- e:\program files\mIRC
2009-10-10 02:13 . 2008-02-02 04:31 139640 ----a-w- e:\windows\system32\drivers\PnkBstrK.sys
2009-10-10 02:12 . 2008-02-02 04:30 190216 ----a-w- e:\windows\system32\PnkBstrB.exe
2009-10-03 20:08 . 2008-02-02 04:30 75064 ----a-w- e:\windows\system32\PnkBstrA.exe
2009-10-03 16:02 . 2008-04-07 15:23 -------- d---a-w- e:\documents and settings\All Users\Application Data\TEMP
2009-10-01 15:29 . 2009-10-22 22:15 195440 ------w- e:\windows\system32\MpSigStub.exe
2009-09-26 03:01 . 2008-01-06 22:51 26108 ---ha-w- e:\windows\system32\mlfcache.dat
2009-09-23 02:30 . 2005-10-06 23:44 26504 ----a-w- e:\documents and settings\Cody\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-23 02:30 . 2007-06-01 01:34 -------- d-----w- e:\documents and settings\Cody\Application Data\Apple Computer
2009-09-21 03:03 . 2005-10-17 20:57 -------- d-----w- e:\program files\Steam
2009-09-21 02:53 . 2009-09-21 02:53 -------- d-----w- e:\program files\iTunes
2009-09-21 02:53 . 2009-09-21 02:53 -------- d-----w- e:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-21 02:53 . 2009-09-21 02:53 -------- d-----w- e:\program files\iPod
2009-09-21 02:53 . 2007-07-17 03:46 -------- d-----w- e:\program files\Common Files\Apple
2009-09-21 02:52 . 2009-09-21 02:52 -------- d-----w- e:\program files\Bonjour
2009-09-21 02:52 . 2009-09-21 02:51 -------- d-----w- e:\program files\QuickTime
2009-09-20 23:04 . 2009-09-20 23:03 -------- d-----w- e:\documents and settings\All Users\Application Data\WinZip
2009-09-20 21:20 . 2009-07-14 04:19 -------- d-----w- e:\program files\GetRight
2009-09-20 21:20 . 2009-07-14 04:19 -------- d-----w- e:\documents and settings\Cody\Application Data\GetRight
2009-09-20 21:16 . 2009-09-20 21:16 -------- d-----w- e:\documents and settings\All Users\Application Data\SpeedBit
2009-09-20 06:32 . 2009-09-20 06:32 -------- d-----w- e:\program files\MSBuild
2009-09-20 06:32 . 2009-09-20 06:32 -------- d-----w- e:\program files\Reference Assemblies
2009-09-20 06:29 . 2009-09-20 06:29 -------- d-----w- e:\program files\MSXML 6.0
2009-09-20 05:04 . 2005-11-05 22:22 -------- d-----w- e:\program files\Spybot - Search & Destroy
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- e:\windows\system32\msv1_0.dll
2009-09-10 19:54 . 2009-10-22 21:48 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 19:53 . 2009-10-22 21:48 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- e:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- e:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- e:\windows\system32\strmdll.dll
2009-08-20 00:47 . 2009-08-20 00:47 8 ----a-w- e:\windows\system32\nvModes.dat
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- e:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2004-08-04 12:00 2189184 ----a-w- e:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- e:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- e:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- e:\windows\system32\t2embed.dll
2009-09-23 11:51 . 2009-10-22 20:19 1926144 ----a-w- e:\program files\mozilla firefox\components\cd751915.dll
2009-02-03 05:34 . 2006-12-04 06:53 168 --sh--r- e:\windows\system32\F83FE4853C.sys
2009-02-03 05:34 . 2006-12-04 06:53 2568 --sha-w- e:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{08c6a72e-04f1-af67-35d7-3662d8de9462}]
2009-09-23 11:51 1902080 ----a-w- e:\windows\system32\cc7ceb89.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"igndlm.exe"="e:\program files\Download Manager\DLM.exe" [2009-05-15 1103216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SW24"="e:\windows\system32\sw24.exe" [2005-07-04 69632]
"SW20"="e:\windows\system32\sw20.exe" [2005-06-29 212992]
"HPDJ Taskbar Utility"="e:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]
"NvCplDaemon"="e:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"googletalk"="e:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"IMJPMIG8.1"="e:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="e:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="e:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvMediaCenter"="e:\windows\system32\NvMcTray.dll" [2007-12-05 81920]
"AppleSyncNotifier"="e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
"Malwarebytes Anti-Malware (reboot)"="e:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Windows Defender"="e:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"SoundMan"="SOUNDMAN.EXE" - e:\windows\SOUNDMAN.EXE [2005-08-12 77824]
"PCTVOICE"="pctspk.exe" - e:\windows\system32\pctspk.exe [2002-02-21 163840]
"nwiz"="nwiz.exe" - e:\windows\system32\nwiz.exe [2007-12-05 1626112]

e:\documents and settings\Cody\Start Menu\Programs\Startup\
MagicDisc.lnk - e:\program files\MagicDisc\MagicDisc.exe [2009-7-3 576000]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-29 113664]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
XPC 802.11b+g Wireless Utility.lnk - e:\program files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe [2007-5-28 581632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli WMVBDFx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"=
"ares"="e:\program files\Ares\Ares.exe" -h
"spc_w"="e:\program files\NZSearch\nzspc.exe" -w

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ccApp"="e:\program files\Common Files\Symantec Shared\ccApp.exe"
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"=e:\program files\Java\jre1.5.0_06\bin\jusched.exe
"vptray"=e:\progra~1\SYMANT~1\VPTray.exe
"DeviceDiscovery"=e:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
"HP Component Manager"="e:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="e:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"HPDJ Taskbar Utility"=e:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Total War\\Medieval - Total War\\Medieval_TW.exe"=
"e:\\Program Files\\Messenger\\msmsgs.exe"=
"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Microsoft Games\\Allegiance\\ASGSClient.exe"=
"e:\\Program Files\\Microsoft Games\\Allegiance\\ASGSUpdate.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"e:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S2 WinDefend;Windows Defender;e:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 musbehco;musbehco;\??\e:\docume~1\Cody\LOCALS~1\Temp\musbehco.sys --> e:\docume~1\Cody\LOCALS~1\Temp\musbehco.sys [?]
S3 NEXTELC;NEXTELC;e:\windows\system32\drivers\NEXTELC.sys [11/15/2006 1:03 AM 25055]
S3 NEXTELU;NEXTELU;e:\windows\system32\drivers\NEXTELU.sys [11/15/2006 1:03 AM 50157]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN);e:\windows\system32\drivers\ZD1211U.sys [5/28/2007 12:33 AM 258560]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;e:\windows\system32\ZDBRGSYS.sys [5/28/2007 12:33 AM 19200]
.
Contents of the 'Scheduled Tasks' folder

2009-10-20 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Display All Images with Full Quality - "e:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "e:\program files\NetZero\qsacc\appres.dll/227"
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
Trusted Zone: lsac.org\www
DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} - hxxp://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
FF - ProfilePath - e:\documents and settings\Cody\Application Data\Mozilla\Firefox\Profiles\ocv2njo5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: e:\program files\Mozilla Firefox\components\cd751915.dll
FF - plugin: e:\program files\Download Manager\npfpdlm.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: e:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - HiddenExtension: XULRunner: {486E2BB1-FD31-4D60-AC63-FFFAE70450F9} - e:\documents and settings\Cody\Local Settings\Application Data\{486E2BB1-FD31-4D60-AC63-FFFAE70450F9}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - e:\program files\BitTorrent\bittorrent.exe
HKLM-Run-Vdetokahubo - e:\windows\uwafifinohaz.dll
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(836)
e:\windows\WMVBDFx.dll
e:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2100)
e:\windows\system32\WININET.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
e:\windows\WMVBDFx.dll
e:\program files\Bonjour\mdnsNSP.dll
.
------------------------ Other Running Processes ------------------------
.
e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
e:\program files\Bonjour\mDNSResponder.exe
e:\windows\system32\nvsvc32.exe
e:\windows\system32\PnkBstrA.exe
e:\windows\system32\PnkBstrB.exe
e:\combofix\CF11674.exe
e:\windows\system32\RUNDLL32.EXE
e:\program files\iPod\bin\iPodService.exe
e:\windows\system32\wscntfy.exe
e:\combofix\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-22 18:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-22 23:00

Pre-Run: 18,922,586,112 bytes free
Post-Run: 23,025,127,424 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 178F96F7EE133597961DE55539986091


#9 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 27 January 2010 - 05:51 PM

Hello again BraskySTU. busy.gif

Question:
After you had ran these steps I want you to check if now you can see the list of your installed programs by doing the following:
Go to: Start > Run, type: control
Press OK
Double-click on: Add/Remove Programs.

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Please carefully follow the next set of steps:

Going over your logs I can see you are running spybot Teatimer and Windows Defender. I suggest you to disable it
Firstly, we need to disable SpyBot's Teatimer which can interfere with the fixes.


TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can reenable it when we're done if you like.
  1. Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
  2. If prompted with a legal dialog, accept the warning.
  3. Click and then on "Advanced Mode"
  4. You may be presented with a warning dialog. If so, press
  5. Click on
  6. Click on
  7. Uncheck this checkbox:
  8. Close/Exit Spybot Search and Destroy
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
~~~~~~~~~~
Please disable Windows Defender's real-time protection as it will interfere with the fix. you can re-enable it when we're finished the cleanup.
  • Open Windows Defender
  • Click on "Tools"
  • Click on "General Settings"
  • Scroll down to "Real-time protection options"
  • Uncheck "Turn on Real-time protection (recommended)"
  • Click "Save"
After all of the fixes are complete it is very important that you enable Real-time Protection again.

step1.gif * GooredFix

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
step2.gif **Note: In the event you already have old versions of Combofix I need you to delete them, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

  • For Internet Explorer:
    o Choose to save, not open the file
    o When prompted - save the file to your desktop
Please download Combofix from any of the links below and save it to your desktop.

Link 1
Link 2

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

step3.gif Please insert your flash drive and all usb-drives before running Combofix
    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
  • Close any open browsers.
    WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
  • Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
-----------------------------------------------------------

step4.gif Double click on the on your desktop & follow the prompts.
If you are unsure how to run ComboFix tool, please visit this webpage for instructions: How-to-use-combofix
  • If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.

    NOTE: If you have Windows XP: Combofix may ask you to install the Recovery Console, please allow it to do so.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
*** When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review.***

A word of advise if you are a lurker: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix.
It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
Please read Combofix's Disclaimer.



step5.gif Malwarebytes' Anti-Malware

Because some malware can be easily removed, we recommend Malwarebytes Anti-Malware be run. It's an advanced piece of software which should get a lot of what's on this machine. These guys are so on top of the latest infections it's amazing.

It's important to let me know however, if you experience any trouble getting to the site or updating it or opening it to run. Some rootkits target MBAM and those indicators are the 'tell', if you will. We have another method of double-checking for this rootkit, which if present, will require another special tool.


* MBAM
You already have Malwarebytes' Anti-Malware installed.
  • Open MBAM
  • Go to the updates tab, and click Update to update to the latest version
  • Once the program has updated, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected .
  • When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
  • Note: if you can not run a full system scan then retry with a quick scan.
    * Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
MBAM Tutorial if needed


step6.gif * Re-run random's system information tool (RSIT) and post the log.

Make sure, you re-enable your security programs after you done with the scans.

Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

Summary of the logs I will need in your next reply:
  • The report log of GooredFix
  • The report log of ComboFix
  • The report log of MBAM
  • The log of RSIT
  • The answer to my question about if you now can see the list of installed programs.
And a description of any remaining problems.

How are things your end BraskySTU???.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Kind regards
Net_Surfer



#10 BraskySTU

BraskySTU
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 28 January 2010 - 01:40 PM

I did steps 1 thru 4 and I could once again see the programs under add/remove programs in the control panel. I found "product express" in the list and deleted it. However, I went to sleep and then the next morning (today) I began to run the Malwarebytes scan (step 5). During the scan I went to add/remove programs and now could no longer see the list of programs (cripes!). I waited until the scan was completed and checked add/remove programs again. And still there is no list of programs being generated.

Since deleting "product express" I am no longer being redirected in Firefox.

Thanks a lot for all of your help!

Anyway, here are the requested logs (I had to add combofix as an attachment because it was too long to paste into the post):

GooredFix

GooredFix by jpshortstuff (08.01.10.1)
Log created at 18:42 on 27/01/2010 (Cody)
Firefox version 3.5.7 (en-US)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{486E2BB1-FD31-4D60-AC63-FFFAE70450F9} -> Success!
Deleting E:\Documents and Settings\Cody\Local Settings\Application Data\{486E2BB1-FD31-4D60-AC63-FFFAE70450F9} -> Success!

========== GooredLog ==========

E:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:57 26/10/2005]
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [14:24 23/10/2009]

E:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\ocv2njo5.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [03:49 23/09/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="E:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [06:32 20/09/2009]
"jqs@sun.com"="E:\Program Files\Java\jre6\lib\deploy\jqs\ff" [14:24 23/10/2009]

-=E.O.F=-


Malwarebytes


Malwarebytes' Anti-Malware 1.44
Database version: 3651
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/28/2010 12:17:17 PM
mbam-log-2010-01-28 (12-17-17).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 323529
Time elapsed: 1 hour(s), 22 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\System Volume Information\_restore{1A9E72AB-C319-4018-B6AE-876C7E3C20A6}\RP877\A0165852.sys (Malware.Trace) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{1A9E72AB-C319-4018-B6AE-876C7E3C20A6}\RP877\A0165891.com (Trojan.Agent) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{1A9E72AB-C319-4018-B6AE-876C7E3C20A6}\RP877\A0166015.sys (Malware.Trace) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{1A9E72AB-C319-4018-B6AE-876C7E3C20A6}\RP877\A0166039.com (Trojan.Agent) -> Quarantined and deleted successfully.

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cody at 2010-01-28 12:31:37
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 26 GB (27%) free of 96 GB
Total RAM: 1023 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:31:42 PM, on 1/28/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Program Files\Java\jre6\bin\jucheck.exe
E:\WINDOWS\system32\NOTEPAD.EXE
E:\Documents and Settings\Cody\Desktop\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Cody.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - E:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - E:\Program Files\NetZero\ucreg.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - E:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SW24] E:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] E:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: XPC 802.11b+g Wireless Utility.lnk = E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///E:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263262775218
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///E:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10325 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-23 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
Pop-up Blocker - E:\Program Files\NetZero\qsacc\X1IEBHO.dll [2009-03-18 211464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE3098B0-04A3-41fd-8CA9-BEA39CB14C87}]
NetZero Toolbar Helper - E:\Program Files\NetZero\ucreg.dll [2009-10-05 153096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - E:\Program Files\NetZero\Toolbar.dll [2009-10-05 325128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SW24"=E:\WINDOWS\system32\sw24.exe [2005-07-04 69632]
"SW20"=E:\WINDOWS\system32\sw20.exe [2005-06-29 212992]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2005-08-11 77824]
"PCTVOICE"=E:\WINDOWS\system32\pctspk.exe [2002-02-20 163840]
"HPDJ Taskbar Utility"=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"googletalk"=E:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"IMJPMIG8.1"=E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"AppleSyncNotifier"=E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=E:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"SunJavaUpdateSched"=E:\Program Files\Java\jre6\bin\jusched.exe [2009-10-23 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=E:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE
XPC 802.11b+g Wireless Utility.lnk - E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW"
"E:\Program Files\Messenger\msmsgs.exe"="E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\Common Files\AOL\Loader\aolload.exe"="E:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe:*:Enabled:Allegiance"
"E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe:*:Enabled:ASGSUpdate"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"E:\Program Files\Google\Google Talk\googletalk.exe"="E:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{711c9170-6843-11de-9167-0011d8dde8f0}]
shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b27f5466-1167-11da-8829-806d6172696f}]
shell\AutoRun\command - D:\autorun.exe -auto


======List of files/folders created in the last 1 months======

2010-01-28 11:23:13 ----SHD---- E:\RECYCLER
2010-01-27 19:02:19 ----SHD---- E:\Config.Msi
2010-01-27 18:58:54 ----A---- E:\ComboFix.txt
2010-01-27 18:47:49 ----A---- E:\WINDOWS\MBR.exe
2010-01-25 12:27:22 ----D---- E:\rsit
2010-01-19 19:56:46 ----D---- E:\Program Files\MSECache
2010-01-16 01:02:26 ----D---- E:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\muweb.dll
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll.mui
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll
2010-01-14 19:17:22 ----D---- E:\Program Files\Microsoft Silverlight
2010-01-14 00:55:00 ----HDC---- E:\WINDOWS\$NtUninstallKB970430$
2010-01-14 00:54:55 ----HDC---- E:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-14 00:54:51 ----HDC---- E:\WINDOWS\$NtUninstallKB955759$
2010-01-14 00:54:46 ----HDC---- E:\WINDOWS\$NtUninstallKB974318$
2010-01-14 00:54:42 ----HDC---- E:\WINDOWS\$NtUninstallKB961503$
2010-01-14 00:54:39 ----HDC---- E:\WINDOWS\$NtUninstallKB972270$
2010-01-14 00:52:16 ----HDC---- E:\WINDOWS\$NtUninstallKB973687$
2010-01-14 00:52:10 ----HDC---- E:\WINDOWS\$NtUninstallKB973904$
2010-01-14 00:52:05 ----HDC---- E:\WINDOWS\$NtUninstallKB974392$
2010-01-14 00:52:00 ----HDC---- E:\WINDOWS\$NtUninstallKB971737$
2010-01-14 00:51:47 ----HDC---- E:\WINDOWS\$NtUninstallKB969947$
2010-01-11 20:20:49 ----A---- E:\WINDOWS\system32\wuapi.dll.mui
2010-01-06 13:37:51 ----RHD---- E:\Documents and Settings\Cody\Application Data\SecuROM
2010-01-06 13:28:06 ----D---- E:\Program Files\Common Files\BioWare

======List of files/folders modified in the last 1 months======

2010-01-28 12:22:09 ----D---- E:\Program Files\Mozilla Firefox
2010-01-28 12:20:35 ----D---- E:\WINDOWS\temp
2010-01-28 12:18:17 ----D---- E:\WINDOWS\system32\drivers
2010-01-28 12:17:37 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-01-28 10:12:11 ----D---- E:\WINDOWS\Prefetch
2010-01-27 23:24:33 ----D---- E:\WINDOWS\system32
2010-01-27 19:02:31 ----SHD---- E:\WINDOWS\Installer
2010-01-27 19:02:21 ----SD---- E:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-27 19:02:21 ----HD---- E:\WINDOWS\inf
2010-01-27 19:02:21 ----D---- E:\Program Files\Windows Defender
2010-01-27 18:58:56 ----D---- E:\Qoobox
2010-01-27 18:56:47 ----D---- E:\WINDOWS
2010-01-27 18:56:47 ----A---- E:\WINDOWS\system.ini
2010-01-27 18:53:00 ----D---- E:\WINDOWS\AppPatch
2010-01-27 18:52:58 ----D---- E:\Program Files\Common Files
2010-01-27 18:48:09 ----D---- E:\WINDOWS\system32\CatRoot2
2010-01-25 12:15:29 ----A---- E:\WINDOWS\SIERRA.INI
2010-01-25 12:12:59 ----RD---- E:\Program Files
2010-01-25 12:12:30 ----HD---- E:\Program Files\InstallShield Installation Information
2010-01-25 12:04:36 ----D---- E:\Program Files\Steam
2010-01-23 19:30:42 ----AD---- E:\Documents and Settings\All Users\Application Data\TEMP
2010-01-22 00:30:24 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-01-22 00:30:23 ----D---- E:\Program Files\Internet Explorer
2010-01-22 00:29:53 ----HD---- E:\WINDOWS\$hf_mig$
2010-01-19 20:09:23 ----RSD---- E:\WINDOWS\Fonts
2010-01-19 20:09:20 ----D---- E:\Program Files\Microsoft Office
2010-01-19 20:09:19 ----D---- E:\Program Files\Common Files\Microsoft Shared
2010-01-16 01:02:23 ----D---- E:\WINDOWS\WinSxS
2010-01-15 17:25:48 ----A---- E:\WINDOWS\system32\CmdLineExt.dll
2010-01-14 11:12:06 ----N---- E:\WINDOWS\system32\MpSigStub.exe
2010-01-14 09:01:37 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-01-14 00:55:03 ----A---- E:\WINDOWS\imsins.BAK
2010-01-11 20:20:50 ----D---- E:\WINDOWS\Help
2010-01-11 20:19:57 ----SD---- E:\WINDOWS\Downloaded Program Files
2010-01-11 20:17:13 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-11 15:43:09 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2010-01-08 22:00:24 ----A---- E:\WINDOWS\ModemLog_PCTEL Platinum V.92 Modem.txt
2010-01-04 16:17:48 ----A---- E:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AsIO;AsIO; \??\E:\WINDOWS\system32\drivers\AsIO.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; E:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 enodpl;enodpl; E:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 MaVctrl;MaVctrl; E:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; E:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 tandpl;tandpl; E:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R2 tmcomm;tmcomm; \??\E:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-11 2324480]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; E:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-12-16 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-12-16 12928]
R3 Ptserial;W2K Pctel Serial Device Driver; E:\WINDOWS\system32\DRIVERS\ptserial.sys [2002-02-20 120945]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; E:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDPNDIS5.SYS []
S1 DumaNT;NVIDIA Stereo Helper Service; E:\WINDOWS\system32\DRIVERS\dumant.sys []
S1 kbdhid;Keyboard HID Driver; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\E:\DOCUME~1\Cody\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; E:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; E:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 MaRdPnp;MaRdPnp; E:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 musbehco;musbehco; \??\E:\DOCUME~1\Cody\LOCALS~1\Temp\musbehco.sys []
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NEXTELC;NEXTELC; E:\WINDOWS\system32\DRIVERS\NEXTELC.sys [2004-12-16 25055]
S3 NEXTELU;NEXTELU; E:\WINDOWS\system32\DRIVERS\NEXTELU.sys [2005-07-04 50157]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCAMPR5.SYS []
S3 PnkBstrK;PnkBstrK; \??\E:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 QCDonner;Logitech QuickCam Express; E:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SetupSys;Conexant Setup API; E:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 8811]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;MobileAction USB Modem Driver; E:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); E:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-11-29 258560]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDBRGSYS.SYS []
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2009-10-23 153376]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2009-10-03 75064]
R2 PnkBstrB;PnkBstrB; E:\WINDOWS\system32\PnkBstrB.exe [2009-11-12 214504]
R3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Attached Files


Edited by BraskySTU, 28 January 2010 - 01:44 PM.


#11 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 29 January 2010 - 02:57 PM

Hello again BraskySTU. busy.gif

GooredFix took care of the bad extension that was causing your redirections with your firefox browser. whistling.gif

There is no indications in your logs that you installed an antivirus!!!

Please I need you to install an antivirus in your computer, please follow my instructions in my earlier post in how to install one.

Fail to do this you will be expose your computer to virus and you will be wasting my time and yours!.

Please carefully follow the next set of steps:

Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

Firstly, we need to ensure that you disable: Teatimer and Windows Defender AGAIN to make sure it won't interfere fixing.

step1.gif * Flash_Disinfector

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

step2.gif * ComboFix

Re-run ComboFix with some additional directives.

Complex Malware removal is to be performed by trained personnel, as they’re capable of doing a surgical cleanup without affecting other components of the Operating System.
:
  1. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  2. Make sure that combofix.exe that you downloaded is on your Desktop but do NOT run it!
    o *If it is not on your Desktop, the below will not work.
  3. Go to Start -> Run... and in the "Open:" box that opens type Notepad and press Enter (alternatively, navigate to Start -> Accessories -> Notepad).
  4. Copy the entire contents inside the CODE box below into Notepad (do NOT copy the word "CODE"!) - don't use any other text editor than Notepad or the script will fail.
    CODE
    KillAll::

    Driver::
    musbehco

    File::
    D:\autorun.exe
    G:\autorun.exe
    E:\DOCUME~1\Cody\LOCALS~1\Temp\musbehco.sys

    DDS::
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    TB: {71AAABE5-1F0F-11D7-BD6F-004854603DCE} - No File

    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{711c9170-6843-11de-9167-0011d8dde8f0}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b27f5466-1167-11da-8829-806d6172696f}]

    Looking at the image below as an example:
  5. Go to File -> Save and save as CFScript.txt in the same location as ComboFix.exe.
  6. Close all applications and windows so that you have nothing open and are at your Desktop.
  7. Drag CFScript.txt on top of ComboFix.exe. (This will start ComboFix again). Please follow the prompts.
  8. When finished, ComboFix shall produce a log for you at C:\ComboFix.txt. Please post the entire contents of that report in your next reply for further review.
    NOTE: Do NOT mouseclick ComboFix's window whilst it's running. That may cause your system to hang!
    CAUTION!
    Anyone else thinking of using the above script does so at their own risk - you may end up having to re-install Windows!

step3.gif * To solve your problem with Add/remove programs

Regarding the add/remove problem I would try using the "regsvr32" command line to register appwiz.cpl

Please go to: >> Run >> Type in: Regsvr32 Appwiz.cpl
Then click: OK.

Let me know if that worked for you so you can see your installed programs.


step4.gif * Re-scan with RSIT so we can verify nothing new is back.

Summary of the logs I will need in your next reply:
  • The report log of ComboFix
  • The report log of RSIT
And a description of any remaining problems in your next post.

How are things your end BraskySTU ?

Do you still can not see the list of installed programs??.


Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer




#12 BraskySTU

BraskySTU
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 31 January 2010 - 09:10 PM

I have comleted the last 4 steps and I still cannot see any programs listed under add/remove in the control panel.

Once again, I appreciate all of your help.

And I attached the combofix log because of its lengthAttached File  ComboFix.txt   15.03KB   12 downloads.

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Cody at 2010-01-31 20:06:38
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 26 GB (27%) free of 96 GB
Total RAM: 1023 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:06:41 PM, on 1/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Java\jre6\bin\jucheck.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Documents and Settings\Cody\Desktop\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Cody.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - E:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - E:\Program Files\NetZero\ucreg.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - E:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SW24] E:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] E:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: XPC 802.11b+g Wireless Utility.lnk = E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Display All Images with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///E:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263262775218
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///E:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 10149 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-23 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
Pop-up Blocker - E:\Program Files\NetZero\qsacc\X1IEBHO.dll [2009-03-18 211464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE3098B0-04A3-41fd-8CA9-BEA39CB14C87}]
NetZero Toolbar Helper - E:\Program Files\NetZero\ucreg.dll [2009-10-05 153096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - E:\Program Files\NetZero\Toolbar.dll [2009-10-05 325128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SW24"=E:\WINDOWS\system32\sw24.exe [2005-07-04 69632]
"SW20"=E:\WINDOWS\system32\sw20.exe [2005-06-29 212992]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2005-08-11 77824]
"PCTVOICE"=E:\WINDOWS\system32\pctspk.exe [2002-02-20 163840]
"HPDJ Taskbar Utility"=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"googletalk"=E:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"IMJPMIG8.1"=E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"AppleSyncNotifier"=E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=E:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"SunJavaUpdateSched"=E:\Program Files\Java\jre6\bin\jusched.exe [2009-10-23 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=E:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE
XPC 802.11b+g Wireless Utility.lnk - E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW"
"E:\Program Files\Messenger\msmsgs.exe"="E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\Common Files\AOL\Loader\aolload.exe"="E:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe:*:Enabled:Allegiance"
"E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe:*:Enabled:ASGSUpdate"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"E:\Program Files\Google\Google Talk\googletalk.exe"="E:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe"="C:\Program Files\Games\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game"
"C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe"="C:\Program Files\Games\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{711c9170-6843-11de-9167-0011d8dde8f0}]
shell\AutoRun\command - G:\autorun.exe


======List of files/folders created in the last 1 months======

2010-01-31 20:04:34 ----SHD---- E:\RECYCLER
2010-01-31 14:26:35 ----D---- E:\Documents and Settings\Cody\Application Data\GRETECH
2010-01-31 14:25:58 ----D---- E:\Program Files\GRETECH
2010-01-31 13:48:19 ----A---- E:\ComboFix.txt
2010-01-31 13:38:03 ----D---- E:\WINDOWS\temp
2010-01-31 13:15:55 ----RAD---- E:\autorun.inf
2010-01-27 19:02:19 ----D---- E:\Config.Msi
2010-01-27 18:47:49 ----A---- E:\WINDOWS\MBR.exe
2010-01-25 12:27:22 ----D---- E:\rsit
2010-01-19 19:56:46 ----D---- E:\Program Files\MSECache
2010-01-16 01:02:26 ----D---- E:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\muweb.dll
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll.mui
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll
2010-01-14 19:17:22 ----D---- E:\Program Files\Microsoft Silverlight
2010-01-14 00:55:00 ----HDC---- E:\WINDOWS\$NtUninstallKB970430$
2010-01-14 00:54:55 ----HDC---- E:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-14 00:54:51 ----HDC---- E:\WINDOWS\$NtUninstallKB955759$
2010-01-14 00:54:46 ----HDC---- E:\WINDOWS\$NtUninstallKB974318$
2010-01-14 00:54:42 ----HDC---- E:\WINDOWS\$NtUninstallKB961503$
2010-01-14 00:54:39 ----HDC---- E:\WINDOWS\$NtUninstallKB972270$
2010-01-14 00:52:16 ----HDC---- E:\WINDOWS\$NtUninstallKB973687$
2010-01-14 00:52:10 ----HDC---- E:\WINDOWS\$NtUninstallKB973904$
2010-01-14 00:52:05 ----HDC---- E:\WINDOWS\$NtUninstallKB974392$
2010-01-14 00:52:00 ----HDC---- E:\WINDOWS\$NtUninstallKB971737$
2010-01-14 00:51:47 ----HDC---- E:\WINDOWS\$NtUninstallKB969947$
2010-01-11 20:20:49 ----A---- E:\WINDOWS\system32\wuapi.dll.mui
2010-01-06 13:37:51 ----RHD---- E:\Documents and Settings\Cody\Application Data\SecuROM
2010-01-06 13:28:06 ----D---- E:\Program Files\Common Files\BioWare

======List of files/folders modified in the last 1 months======

2010-01-31 19:50:35 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-01-31 16:55:46 ----D---- E:\WINDOWS\Prefetch
2010-01-31 14:26:08 ----D---- E:\WINDOWS\system32
2010-01-31 14:25:58 ----RD---- E:\Program Files
2010-01-31 13:48:21 ----D---- E:\WINDOWS\system32\drivers
2010-01-31 13:48:16 ----D---- E:\Qoobox
2010-01-31 13:47:13 ----D---- E:\WINDOWS\system32\CatRoot2
2010-01-31 13:41:37 ----D---- E:\WINDOWS
2010-01-31 13:41:37 ----A---- E:\WINDOWS\system.ini
2010-01-31 13:39:20 ----D---- E:\WINDOWS\system32\config
2010-01-31 13:39:01 ----D---- E:\WINDOWS\ERDNT
2010-01-31 13:35:19 ----D---- E:\WINDOWS\AppPatch
2010-01-31 13:35:17 ----D---- E:\Program Files\Common Files
2010-01-28 20:00:17 ----D---- E:\Program Files\Mozilla Firefox
2010-01-27 19:02:31 ----SHD---- E:\WINDOWS\Installer
2010-01-27 19:02:21 ----SD---- E:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-27 19:02:21 ----HD---- E:\WINDOWS\inf
2010-01-27 19:02:21 ----D---- E:\Program Files\Windows Defender
2010-01-25 12:15:29 ----A---- E:\WINDOWS\SIERRA.INI
2010-01-25 12:12:30 ----HD---- E:\Program Files\InstallShield Installation Information
2010-01-25 12:04:36 ----D---- E:\Program Files\Steam
2010-01-23 19:30:42 ----AD---- E:\Documents and Settings\All Users\Application Data\TEMP
2010-01-22 00:30:24 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-01-22 00:30:23 ----D---- E:\Program Files\Internet Explorer
2010-01-22 00:29:53 ----HD---- E:\WINDOWS\$hf_mig$
2010-01-19 20:09:23 ----RSD---- E:\WINDOWS\Fonts
2010-01-19 20:09:20 ----D---- E:\Program Files\Microsoft Office
2010-01-19 20:09:19 ----D---- E:\Program Files\Common Files\Microsoft Shared
2010-01-16 01:02:23 ----D---- E:\WINDOWS\WinSxS
2010-01-15 17:25:48 ----A---- E:\WINDOWS\system32\CmdLineExt.dll
2010-01-14 11:12:06 ----N---- E:\WINDOWS\system32\MpSigStub.exe
2010-01-14 09:01:37 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-01-14 00:55:03 ----A---- E:\WINDOWS\imsins.BAK
2010-01-11 20:20:50 ----D---- E:\WINDOWS\Help
2010-01-11 20:19:57 ----SD---- E:\WINDOWS\Downloaded Program Files
2010-01-11 20:17:13 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-11 15:43:09 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2010-01-08 22:00:24 ----A---- E:\WINDOWS\ModemLog_PCTEL Platinum V.92 Modem.txt
2010-01-04 16:17:48 ----A---- E:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Athlon64 Processor Driver; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AsIO;AsIO; \??\E:\WINDOWS\system32\drivers\AsIO.sys []
R1 Tcpip6;Microsoft IPv6 Protocol Driver; E:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 enodpl;enodpl; E:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 MaVctrl;MaVctrl; E:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; E:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 tandpl;tandpl; E:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R2 tmcomm;tmcomm; \??\E:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-11 2324480]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; E:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-12-16 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-12-16 12928]
R3 Ptserial;W2K Pctel Serial Device Driver; E:\WINDOWS\system32\DRIVERS\ptserial.sys [2002-02-20 120945]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; E:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDPNDIS5.SYS []
S1 DumaNT;NVIDIA Stereo Helper Service; E:\WINDOWS\system32\DRIVERS\dumant.sys []
S1 kbdhid;Keyboard HID Driver; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\E:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; E:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; E:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 MaRdPnp;MaRdPnp; E:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NEXTELC;NEXTELC; E:\WINDOWS\system32\DRIVERS\NEXTELC.sys [2004-12-16 25055]
S3 NEXTELU;NEXTELU; E:\WINDOWS\system32\DRIVERS\NEXTELU.sys [2005-07-04 50157]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCAMPR5.SYS []
S3 PnkBstrK;PnkBstrK; \??\E:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 QCDonner;Logitech QuickCam Express; E:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SetupSys;Conexant Setup API; E:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 8811]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;MobileAction USB Modem Driver; E:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); E:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-11-29 258560]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDBRGSYS.SYS []
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2009-10-23 153376]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2009-10-03 75064]
R2 PnkBstrB;PnkBstrB; E:\WINDOWS\system32\PnkBstrB.exe [2009-11-12 214504]
R3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


#13 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 01 February 2010 - 04:40 PM

Hello again BraskySTU, busy.gif

Sorry to hear that you still can not see your installed programs, let's give another try to fix that by using Dial a Fix tool.

One of the bad registry entries still in your system, so we will use Erunt to back up your registry before we atemp to fix it with a regfix.


Please carefully follow my next set of steps in the way given.


step1.gif * Backup with Erunt and create a batch file.

Let's create a backup first.

Install ERUNT

ERUNT - Emergency Recovery Utility NT
    Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

    This is a free program that allows you to keep a complete backup of your registry and restore it when needed.
    ERUNT utility program

    Download:

    1. Please download ERUNT...by Lars Hederer. Save it to your desktop.
    2. Double-click erunt-setup-exe to run the install process. Install ERUNT by following the prompts.
    3. Use the default install settings... say "NO" to the section that asks you to add ERUNT to the Start-Up folder. You can enable this later.
    4. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
    5. Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is fine.
    6. Make sure the first two check boxes are selected.
    7. Click on OK ... then click on "YES" to create the folder.
    Run:
    This will create a full backup of your registry... ERUNT can be used to restore the registry from this backup, if needed.

    1. Please navigate to Start >> All Programs >> ERUNT.
    2. Click on OK within the pop-up menu.
    3. In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
    4. Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
    5. Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. Do not continue with any other steps, post back and let me know!

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished, you may, remove ERUNT using Add/Remove Programs.

step2.gif Apply Registry Script
  • Copy the following into a notepad (Start>Run>"notepad"). Do not copy the word "code".
    CODE
    REGEDIT4

    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{711c9170-6843-11de-9167-0011d8dde8f0}]
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input fix.reg
  • Hit OK.
When done properly, the icon should look like .

Double click fix.reg and answer Yes to the prompts. You should recieve the message that the entries have been successfully merged. If not, post back with the error message.

Delete fix.reg after use.

Then...

Please use Windows Explorer to find and delete the following file IF still there:

G:\autorun.exe <-- This File

As an example:
To delete C:\WINDOWS\badfile.dll
Double click the My Computer icon on your Desktop. Or click on the Windows KEY + E.
Double click on Local Disc (C:\)
Double click on the Windows folder,
Right click on badfile.dll and then from the menu that appears, click on Delete


step3.gif * We need to repair some of windows' internal registration settings.

Please read through this guide first
  1. Please download Dial-A-Fix
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix
  8. Go here to check for & install updates to Microsoft applications
    Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install
step4.gif * Re-scan with RSIT so we can verify nothing new is back.

Summary of the logs I will need in your next reply:
  • The report log of RSIT
And a description of any remaining problems in your next post.

How are things your end BraskySTU ?

Do you still can not see the list of installed programs??.


Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer


Edited by Net_Surfer, 01 February 2010 - 07:54 PM.


#14 BraskySTU

BraskySTU
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:06 PM

Posted 02 February 2010 - 01:05 PM

Well, I can see the programs under add/remove again. It appears all of the problems I reported in my first post have been cleared up.

Thank you very much for your help!

RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by C at 2010-02-02 12:03:51
Microsoft Windows XP Home Edition Service Pack 3
System drive E: has 31 GB (33%) free of 96 GB
Total RAM: 1023 MB (28% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:03:59 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Java\jre6\bin\jqs.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\PnkBstrB.exe
E:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\system32\pctspk.exe
E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Java\jre6\bin\jusched.exe
E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
E:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
E:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Java\jre6\bin\jucheck.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\Program Files\Internet Explorer\iexplore.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Documents and Settings\Cody\Desktop\RSIT.exe
E:\Program Files\Trend Micro\HijackThis\Cody.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Pop-up Blocker - {52706EF7-D7A2-49AD-A615-E903858CF284} - E:\Program Files\NetZero\qsacc\X1IEBHO.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: NetZero Toolbar Helper - {FE3098B0-04A3-41fd-8CA9-BEA39CB14C87} - E:\Program Files\NetZero\ucreg.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - E:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [SW24] E:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [SW20] E:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] E:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast5] E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [TMRUBottedTray] "E:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [igndlm.exe] E:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: XPC 802.11b+g Wireless Utility.lnk = E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe
O8 - Extra context menu item: Display All Images with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Display Image with Full Quality - "res://E:\Program Files\NetZero\qsacc\appres.dll/227"
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - E:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {08EE4BCE-527E-4760-B11A-B829415E9103} (MaxisGolfTeleX Control) - http://simgolf.ea.com/teleport/simgolf/MaxisGolfTeleX.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///E:/Program%20Files/Risk/Images/stg_drm.ocx
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.6.108.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1263262775218
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} (MSN Games – Texas Holdem Poker) - http://zone.msn.com/bingame/zpagames/zpa_txhe.cab60096.cab
O16 - DPF: {B2FCED61-570E-11D3-B160-00A0C9E70E84} (OmniForm Form Control) - https://www4.lsac.org/LSACD_XMLWebServices/...iveX/ofmctl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///E:/Program%20Files/Risk/Images/armhelper.ocx
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FRJK - Sysinternals - www.sysinternals.com - E:\DOCUME~1\Cody\LOCALS~1\Temp\FRJK.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - E:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - E:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe

--
End of file - 11469 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-04-23 1377576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52706EF7-D7A2-49AD-A615-E903858CF284}]
Pop-up Blocker - E:\Program Files\NetZero\qsacc\X1IEBHO.dll [2009-03-18 211464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - E:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-23 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-23 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FE3098B0-04A3-41fd-8CA9-BEA39CB14C87}]
NetZero Toolbar Helper - E:\Program Files\NetZero\ucreg.dll [2009-10-05 153096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - ZeroBar - E:\Program Files\NetZero\Toolbar.dll [2009-10-05 325128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SW24"=E:\WINDOWS\system32\sw24.exe [2005-07-04 69632]
"SW20"=E:\WINDOWS\system32\sw20.exe [2005-06-29 212992]
"SoundMan"=E:\WINDOWS\SOUNDMAN.EXE [2005-08-11 77824]
"PCTVOICE"=E:\WINDOWS\system32\pctspk.exe [2002-02-20 163840]
"HPDJ Taskbar Utility"=E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe [2003-09-01 176128]
"NvCplDaemon"=E:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]
"nwiz"=nwiz.exe /install []
"Adobe Reader Speed Launcher"=E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"googletalk"=E:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"IMJPMIG8.1"=E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=E:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"NvMediaCenter"=E:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]
"AppleSyncNotifier"=E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"QuickTime Task"=E:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=E:\Program Files\iTunes\iTunesHelper.exe [2009-09-08 305440]
"SunJavaUpdateSched"=E:\Program Files\Java\jre6\bin\jusched.exe [2009-10-23 149280]
"avast5"=E:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-28 2757512]
"TMRUBottedTray"=E:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe [2008-11-06 288088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"igndlm.exe"=E:\Program Files\Download Manager\DLM.exe [2009-05-14 1103216]
"ctfmon.exe"=E:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

E:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk - E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Microsoft Office.lnk - E:\Program Files\Microsoft Office\Office\OSA9.EXE
XPC 802.11b+g Wireless Utility.lnk - E:\Program Files\WLAN\XPC 802.11b+g Wireless Kit\ZDWlan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe"="E:\Program Files\Total War\Medieval - Total War\Medieval_TW.exe:*:Enabled:Medieval_TW"
"E:\Program Files\Messenger\msmsgs.exe"="E:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"E:\Program Files\Common Files\AOL\Loader\aolload.exe"="E:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSClient.exe:*:Enabled:Allegiance"
"E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe"="E:\Program Files\Microsoft Games\Allegiance\ASGSUpdate.exe:*:Enabled:ASGSUpdate"
"E:\Program Files\uTorrent\uTorrent.exe"="E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"E:\Program Files\EA GAMES\Battlefield 2\BF2.exe"="E:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2"
"E:\Program Files\Google\Google Talk\googletalk.exe"="E:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"="C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4"
"E:\Program Files\Bonjour\mDNSResponder.exe"="E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"E:\Program Files\iTunes\iTunes.exe"="E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"E:\Program Files\Steam\Steam.exe"="E:\Program Files\Steam\Steam.exe:*:Enabled:Steam"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Program Files\Windows Live\Messenger\wlcsdk.exe"="E:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"E:\Program Files\Windows Live\Messenger\msnmsgr.exe"="E:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{711c9170-6843-11de-9167-0011d8dde8f0}]
shell\AutoRun\command - G:\autorun.exe


======List of files/folders created in the last 1 months======

2010-02-01 19:00:37 ----D---- E:\Documents and Settings\Cody\Application Data\SpaceMonger
2010-02-01 19:00:36 ----D---- E:\Program Files\SpaceMonger
2010-02-01 18:27:44 ----D---- E:\WINDOWS\system32\CatRoot2
2010-02-01 18:16:50 ----D---- E:\Program Files\ERUNT
2010-02-01 15:29:44 ----A---- E:\WINDOWS\system32\RootkitReveal.txt
2010-02-01 14:25:57 ----D---- E:\Documents and Settings\Cody\Application Data\InstallShield
2010-01-31 20:24:21 ----A---- E:\WINDOWS\system32\aswBoot.exe
2010-01-31 20:24:13 ----D---- E:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-31 20:04:34 ----SHD---- E:\RECYCLER
2010-01-31 14:26:35 ----D---- E:\Documents and Settings\Cody\Application Data\GRETECH
2010-01-31 14:25:58 ----D---- E:\Program Files\GRETECH
2010-01-31 13:48:19 ----A---- E:\ComboFix.txt
2010-01-31 13:38:03 ----D---- E:\WINDOWS\temp
2010-01-31 13:15:55 ----RAD---- E:\autorun.inf
2010-01-27 18:47:49 ----A---- E:\WINDOWS\MBR.exe
2010-01-25 12:27:22 ----D---- E:\rsit
2010-01-19 19:56:46 ----D---- E:\Program Files\MSECache
2010-01-16 01:02:26 ----D---- E:\Program Files\Microsoft CAPICOM 2.1.0.2
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\muweb.dll
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll.mui
2010-01-15 16:13:18 ----A---- E:\WINDOWS\system32\mucltui.dll
2010-01-14 19:17:22 ----D---- E:\Program Files\Microsoft Silverlight
2010-01-14 00:55:00 ----HDC---- E:\WINDOWS\$NtUninstallKB970430$
2010-01-14 00:54:55 ----HDC---- E:\WINDOWS\$NtUninstallKB976098-v2$
2010-01-14 00:54:51 ----HDC---- E:\WINDOWS\$NtUninstallKB955759$
2010-01-14 00:54:46 ----HDC---- E:\WINDOWS\$NtUninstallKB974318$
2010-01-14 00:54:42 ----HDC---- E:\WINDOWS\$NtUninstallKB961503$
2010-01-14 00:54:39 ----HDC---- E:\WINDOWS\$NtUninstallKB972270$
2010-01-14 00:52:16 ----HDC---- E:\WINDOWS\$NtUninstallKB973687$
2010-01-14 00:52:10 ----HDC---- E:\WINDOWS\$NtUninstallKB973904$
2010-01-14 00:52:05 ----HDC---- E:\WINDOWS\$NtUninstallKB974392$
2010-01-14 00:52:00 ----HDC---- E:\WINDOWS\$NtUninstallKB971737$
2010-01-14 00:51:47 ----HDC---- E:\WINDOWS\$NtUninstallKB969947$
2010-01-11 20:20:49 ----A---- E:\WINDOWS\system32\wuapi.dll.mui
2010-01-06 13:37:51 ----RHD---- E:\Documents and Settings\Cody\Application Data\SecuROM
2010-01-06 13:28:06 ----D---- E:\Program Files\Common Files\BioWare

======List of files/folders modified in the last 1 months======

2010-02-02 12:03:59 ----D---- E:\WINDOWS\Prefetch
2010-02-02 11:35:37 ----D---- E:\Program Files\EVETradeFinder
2010-02-02 11:34:57 ----SHD---- E:\WINDOWS\Installer
2010-02-02 10:56:38 ----D---- E:\WINDOWS\system32
2010-02-02 10:10:04 ----D---- E:\Program Files\Mozilla Firefox
2010-02-02 10:08:26 ----D---- E:\WINDOWS
2010-02-01 21:53:54 ----A---- E:\WINDOWS\SchedLgU.Txt
2010-02-01 21:32:45 ----D---- E:\Program Files\Steam
2010-02-01 19:19:41 ----RD---- E:\Program Files
2010-02-01 18:37:41 ----D---- E:\Documents and Settings\All Users\Application Data\SpeedBit
2010-02-01 18:37:23 ----AD---- E:\Documents and Settings\All Users\Application Data\TEMP
2010-02-01 18:35:29 ----D---- E:\Program Files\LucasArts
2010-02-01 18:35:26 ----HD---- E:\Program Files\InstallShield Installation Information
2010-02-01 18:28:49 ----RD---- E:\WINDOWS\Web
2010-02-01 18:28:03 ----D---- E:\WINDOWS\system32\CatRoot
2010-02-01 18:17:37 ----D---- E:\WINDOWS\ERDNT
2010-02-01 14:27:54 ----D---- E:\WINDOWS\system32\drivers
2010-02-01 14:27:52 ----HD---- E:\WINDOWS\inf
2010-02-01 14:27:03 ----D---- E:\Program Files\Trend Micro
2010-01-31 20:24:26 ----D---- E:\WINDOWS\WinSxS
2010-01-31 20:24:13 ----D---- E:\Program Files\Alwil Software
2010-01-31 13:48:16 ----D---- E:\Qoobox
2010-01-31 13:41:37 ----A---- E:\WINDOWS\system.ini
2010-01-31 13:39:20 ----D---- E:\WINDOWS\system32\config
2010-01-31 13:35:19 ----D---- E:\WINDOWS\AppPatch
2010-01-31 13:35:17 ----D---- E:\Program Files\Common Files
2010-01-27 19:02:21 ----SD---- E:\Documents and Settings\All Users\Application Data\Microsoft
2010-01-27 19:02:21 ----D---- E:\Program Files\Windows Defender
2010-01-25 12:15:29 ----A---- E:\WINDOWS\SIERRA.INI
2010-01-22 00:30:24 ----RSHDC---- E:\WINDOWS\system32\dllcache
2010-01-22 00:30:23 ----D---- E:\Program Files\Internet Explorer
2010-01-22 00:29:53 ----HD---- E:\WINDOWS\$hf_mig$
2010-01-19 20:09:23 ----RSD---- E:\WINDOWS\Fonts
2010-01-19 20:09:20 ----D---- E:\Program Files\Microsoft Office
2010-01-19 20:09:19 ----D---- E:\Program Files\Common Files\Microsoft Shared
2010-01-15 17:25:48 ----A---- E:\WINDOWS\system32\CmdLineExt.dll
2010-01-14 11:12:06 ----N---- E:\WINDOWS\system32\MpSigStub.exe
2010-01-14 09:01:37 ----A---- E:\WINDOWS\system32\PerfStringBackup.INI
2010-01-14 00:55:03 ----A---- E:\WINDOWS\imsins.BAK
2010-01-11 20:20:50 ----D---- E:\WINDOWS\Help
2010-01-11 20:19:57 ----SD---- E:\WINDOWS\Downloaded Program Files
2010-01-11 20:17:13 ----RAH---- E:\WINDOWS\system32\cdplayer.exe.manifest
2010-01-11 15:43:09 ----D---- E:\Program Files\Malwarebytes' Anti-Malware
2010-01-08 22:00:24 ----A---- E:\WINDOWS\ModemLog_PCTEL Platinum V.92 Modem.txt
2010-01-04 16:17:48 ----A---- E:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; E:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-28 28240]
R1 AmdK8;AMD Athlon64 Processor Driver; E:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 35840]
R1 AsIO;AsIO; \??\E:\WINDOWS\system32\drivers\AsIO.sys []
R1 aswSP;aswSP; E:\WINDOWS\system32\drivers\aswSP.sys [2010-01-28 163280]
R1 aswTdi;avast! Network Shield Support; E:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-28 46672]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; E:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; E:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 aswFsBlk;aswFsBlk; E:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-28 19024]
R2 aswMon2;avast! Standard Shield Support; E:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-28 100432]
R2 enodpl;enodpl; E:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 MaVctrl;MaVctrl; E:\WINDOWS\system32\DRIVERS\MaVc2K.sys [2005-08-17 11473]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; E:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-04 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; E:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-04 55936]
R2 tandpl;tandpl; E:\WINDOWS\System32\drivers\tandpl.sys [2003-04-18 4736]
R2 tmcomm;tmcomm; \??\E:\WINDOWS\system32\drivers\tmcomm.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); E:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-08-11 2324480]
R3 Arp1394;1394 ARP Client Protocol; E:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; E:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-28 23376]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; E:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600]
R3 hidusb;Microsoft HID Class Driver; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; E:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; E:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; E:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; E:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-12 5810]
R3 NIC1394;1394 Net Driver; E:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; E:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; E:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2004-12-16 33408]
R3 nvnetbus;NVIDIA Network Bus Enumerator; E:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2004-12-16 12928]
R3 Ptserial;W2K Pctel Serial Device Driver; E:\WINDOWS\system32\DRIVERS\ptserial.sys [2002-02-20 120945]
R3 TMPassthruMP;TMPassthruMP; E:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; E:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; E:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; E:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 ZDPNDIS5;ZDPNDIS5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDPNDIS5.SYS []
S1 DumaNT;NVIDIA Stereo Helper Service; E:\WINDOWS\system32\DRIVERS\dumant.sys []
S1 kbdhid;Keyboard HID Driver; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S3 catchme;catchme; \??\E:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; E:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 EagleNT;EagleNT; \??\E:\WINDOWS\system32\drivers\EagleNT.sys []
S3 ENTECH;ENTECH; \??\E:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; E:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; E:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 MaRdPnp;MaRdPnp; E:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-17 49867]
S3 MSICPL;MSICPL; \??\D:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; E:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; E:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; E:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NEXTELC;NEXTELC; E:\WINDOWS\system32\DRIVERS\NEXTELC.sys [2004-12-16 25055]
S3 NEXTELU;NEXTELU; E:\WINDOWS\system32\DRIVERS\NEXTELU.sys [2005-07-04 50157]
S3 NTACCESS;NTACCESS; \??\D:\NTACCESS.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\E:\WINDOWS\system32\PCAMPR5.SYS []
S3 PnkBstrK;PnkBstrK; \??\E:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 QCDonner;Logitech QuickCam Express; E:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
S3 SetupSys;Conexant Setup API; E:\WINDOWS\system32\drivers\SetupSys.sys [2001-01-09 8811]
S3 SLIP;BDA Slip De-Framer; E:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; E:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TMPassthru;Trend Micro Passthru Ndis Service; E:\WINDOWS\system32\DRIVERS\TMPassthru.sys [2008-03-02 206608]
S3 usbccgp;Microsoft USB Generic Parent Driver; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; E:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;MobileAction USB Modem Driver; E:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-13 26112]
S3 USBSTOR;USB Mass Storage Driver; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WLAN(WLAN);XPC 802.11b/g Wireless Kit Driver(WLAN); E:\WINDOWS\system32\DRIVERS\zd1211u.sys [2004-11-29 258560]
S3 WSTCODEC;World Standard Teletext Codec; E:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver; \??\E:\WINDOWS\system32\ZDBRGSYS.SYS []
S4 IntelIde;IntelIde; E:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 Apple Mobile Device;Apple Mobile Device; E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avast! Antivirus;avast! Antivirus; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R2 Bonjour Service;Bonjour Service; E:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; E:\Program Files\Java\jre6\bin\jqs.exe [2009-10-23 153376]
R2 NVSvc;NVIDIA Display Driver Service; E:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
R2 PnkBstrA;PnkBstrA; E:\WINDOWS\system32\PnkBstrA.exe [2009-10-03 75064]
R2 PnkBstrB;PnkBstrB; E:\WINDOWS\system32\PnkBstrB.exe [2009-11-12 214504]
R2 RUBotted;Trend Micro RUBotted Service; E:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2008-11-06 582992]
R3 avast! Mail Scanner;avast! Mail Scanner; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; E:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-28 40384]
R3 iPod Service;iPod Service; E:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 FRJK;FRJK; E:\DOCUME~1\Cody\LOCALS~1\Temp\FRJK.exe [2010-02-01 379776]
S3 IDriverT;InstallDriver Table Manager; E:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; E:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


#15 Net_Surfer

Net_Surfer

  • Banned
  • 2,154 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:06 AM

Posted 02 February 2010 - 05:01 PM

QUOTE
Well, I can see the programs under add/remove again. It appears all of the problems I reported in my first post have been cleared up.

Thank you very much for your help!

Hello BraskySTU, icon_hello.gif

Glad that we got that fix.

Question: Did you ran the regfix step???

Do you mind doing that step again with the regfix but this time ensure that Spybot TeaTimer and Windows defender are disabled before doing any of the steps.


OPTIONAL FIX!

DAP entries Warning!
a download manager, are showing on the log. Although DAP is not technically malware, it may deliver ads and track your Internet usage.

Removal is suggested as follows, but it is your option:

Go to: Start > Run, type: control
Press OK
Double-click on: Add/Remove Programs

On the list of Currently Installed Programs, look for and, if found, uninstall the following by selecting the entry and clicking on Remove:
DAP

Next, search for and delete the following folder (bold):
C:\Program Files\DAP

Restart the computer.

~~~~
If you decided to get rid of DAP program Then....

Open your HijackThis Program, Click Do a system scan only
, checkmark the following entries:

O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm


Then close all other windows and browsers except HijackThis and press fix checked.
Exit Hijackthis program.
----------------*----------------

Please follow my next set of steps:

step1.gif * JavaRa and Java update.

Your Java program is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Download and Run JavaRA

Please download JavaRa and unzip it to your desktop.
  • Double-click on JavaRa.exe to start.
  • Use the drop down box to choose your language and click Select.
  • Select "Remove Older Versions".
  • Click Yes when asked "This will remove all older versions of the Java JRE...Are you sure you want to proceed?"
  • Click Ok when search and removal of old versions has completed.
  • A notice will appear indicating "Finished searching for all old versions...A logfile has been created...called JavaRa.log...
    JavaRa will now open its logfile.
    "
  • Click Ok and notepad will open with the log results of what was found and removed.
  • View the logfile and close notepad.
  • A copy of JavaRa.log will automatically be saved to your primary hard drive (usually C\:JavaRa.log).
  • Return to JavaRa and click the button for Additonal Tasks.
  • Select these Tasks:
    • Remove Useless JRE Files
    • Remove Startup Entry
    • Remove JavaRa Logfile (optional)
  • Click Go and then Ok when prompted "Finished searching for useless JRE files.
  • Click Ok again when prompted "Finished searching for JRE startup entries.
  • Close the Additional Tasks window, exit JavaRa and reboot your computer.
Then download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 18 (JDK or JRE)"
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • From your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
NOTE: -- The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.
step2.gif * TFC (Temp File Cleaner)
Lets clean up the temp files and make sure there are not any other leftovers.

Download: to your desktop.
(TFC only cleans temp folders. It will not clean URL history, prefetch, or cookies).
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should automatically reboot your machine,
  • if it doesn't, manually reboot to ensure a complete clean
NOTE:
_It's normal after running TFC cleaner that the PC will be slower to boot the first time.

_TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.


step3.gif * FREE ESET Online Virus Scan

Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
.

You can use either Internet Explorer or Mozilla FireFox for this scan.
  1. Please go here then click on: button.
    QUOTE
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  3. Check
  4. Click the button.
  5. Accept any security warnings from your browser.
  6. Check
  7. Push the Start button.
  8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  9. When the scan completes, push
  10. Push , and save the file to your desktop using a unique name, such as ESETScan. the logfile will be located at C:\Program Files\ESET\EsetOnlineScanner\log.txt. Include the contents of this report in your next reply.
    Note: If Eset finds not bad files it will NOT produce a log. This is normal.
  11. Push the button.
  12. Push
Note for Vista Users: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

You can refer to this animation by: neomage
**Note**
To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing anti-virus program while performing the online scan.

step4.gif * Re-scan with RSIT so we can verify nothing new is back.

Summary of the logs I will need in your next reply:
  • The report log of ESET OnlineScan **IF something bad was found by the scan.
  • The report log of RSIT
  • The answer to my question if you had ran the regfix step.
And a description of any remaining problems in your next post.

How are things your end BraskySTU ?

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks.
Kind regards
Net_Surfer






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users