TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Everlasting Death on December 14, 2008, 09:01:51 AM

Title: Issues
Post by: Everlasting Death on December 14, 2008, 09:01:51 AM

I am not sure what is wrong, whenever I put in my SD card into my card reader and try to click on my computer it freezes and won't do anything, but if I take the card out it will un-freeze. I have done a full viral boot scan with Avast and a full scan with Malwarebytes' These two discovered some Malware in rundll.exe and msservice.exe. I already knew these two were an issue because they kept hogging my CPU power. After dealing with those and every other file that was infected I am still having the issue, and I need to access my SD card. It is not the SD card because I have tried other cards and they also do not work, I even tried another Card reader and I was able to access that, but Avast kept popping up and saying there was a virus in the autorun.inf file, and I clicked delete on that and that file kept re-appearing and so did the Warning from Avast. At first I thought it was my computer failing on me because I received the blue screen and it was all slow and everything which was o.k. because I was planning on making a new one, then I did these scans and now I'm not o.k. because I was just gonna re-use this HDD, but if it has these issues idk if that'll work for me.
Please help if you can.

HJT Log

Quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:42 AM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ideazon\Reaper Edge\Tray.exe
C:\Program Files\Ideazon\Reaper Edge\hid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\msnguard.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.jaswin.net/ (http://\"http://forum.jaswin.net/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by 1&1 Internet  Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Gaming Mouse] "C:\Program Files\Ideazon\Reaper Edge\Tray.exe"
O4 - HKLM\..\Run: [Gaming Mouse Hid] "C:\Program Files\Ideazon\Reaper Edge\hid.exe"
O4 - HKLM\..\Run: [MSN Messenger Guard] msnguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Need for Speedâ„¢ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1and1.com/b2home/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (http://\"http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191251896343 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191251896343\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab (http://\"http://www.acclaim.com/cabs/acclaim_v8.cab\")
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (http://\"http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab (http://\"http://cdn1.acclaimdownloads.com/solidstateion.cab\")
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab (http://\"http://asp.mathxl.com/books/_Players/MathPlayer.cab\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: netstats - Malware Labs - C:\WINDOWS\system\msservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11359 bytes

Quote

------------------
System Information
------------------
Time of this report: 12/14/2008, 07:58:06
       Machine name: SPICY
   Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.080814-1236)
           Language: English (Regional Setting: English)
System Manufacturer: RS480_
       System Model: AWRDACPI
               BIOS: )Phoenix - Award WorkstationBIOS v6.00PG
          Processor: AMD Athlon(tm) 64 Processor 3400+,  MMX,  3DNow, ~2.2GHz
             Memory: 1278MB RAM
          Page File: 569MB used, 2480MB available
        Windows Dir: C:\WINDOWS
    DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
     DxDiag Version: 5.03.2600.5512 32bit Unicode

Title: Issues
Post by: guestolo on December 14, 2008, 11:58:34 AM

Can I get a look at what that file is related to please
Definitely looks like a bad guy, just want a look

Can you open up Task Manager and end process on the following
msnguard.exe

Then, go to this link
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Copy and paste the following bold line to the space next to  'Upload a File'
If using Firefox, you may have to paste to the Filename field of the File Upload box that opens
Or Browse to the file

C:\WINDOWS\msnguard.exe
Then use the SEND FILE button
Let it finish scanning
Could you post back the results this scan back here please
Or better yet, just link to the results page

In addition, can I see the following
Download [color=\"blue\"]random's system information tool (RSIT)[/color] by [color=\"#6600cc\"]random/random[/color] from >>[color=\"red\"]here[/color]<< (http://\"http://images.malwareremoval.com/random/RSIT.exe\") and save it to your desktop.

• Double click on RSIT.exe to launch program.
  
• Click Continue at the disclaimer screen.
  
• Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
  
• Once it has finished, two logs will open:  log.txt[color=\"red\"]<-- this will be maximized[/color] and info.txt[color=\"red\"]<-- this will be minimized[/color].
  

Can you post Both those logs please

NOTE: If you do get an error message trying to post those logs back to the forum
Can you simply upload them, Use the Browse..>>UPLOAD buttons on the bottom right of a reply box
A copy of the files can also be found in this location
C:\rsit folder>>It's normally just Log.txt you have to upload, it's the one causing an error message

Title: Issues
Post by: Everlasting Death on December 14, 2008, 02:42:18 PM

I will do all of that as soon as my internet starts to work again, it'll work on my laptop but not my desktop which has the issue

Title: Issues
Post by: guestolo on December 14, 2008, 02:50:47 PM

OIC, actually, don't worry about uploading the file then
I take it you have a way to transfer files from one computer to the other
We're going to need a couple tools

Did the Internet connection stop after you got the infection?

Title: Issues
Post by: Everlasting Death on December 14, 2008, 02:55:16 PM

internet is working again /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> had to reset the router

Title: Issues
Post by: guestolo on December 14, 2008, 02:56:01 PM

Oh, ok, post the info if you can then

Title: Issues
Post by: Everlasting Death on December 14, 2008, 03:00:20 PM

here is the analysis: http://www.virustotal.com/analisis/4d67e1c...87a17399fdc6c7e (http://\"http://www.virustotal.com/analisis/4d67e1c9b514f0bce87a17399fdc6c7e\") and here are the log and info files

Quote

Logfile of random's system information tool 1.04 (written by random/random)
Run by James at 2008-12-14 13:56:39
Microsoft Windows XP Professional Service Pack 3
System drive C: has 207 GB (54%) free of 382 GB
Total RAM: 1278 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:56:41 PM, on 12/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system\msservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Ideazon\Reaper Edge\Tray.exe
C:\Program Files\Ideazon\Reaper Edge\hid.exe
C:\WINDOWS\msnguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\My Documents\My Downloads\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\James.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.jaswin.net/ (http://\"http://forum.jaswin.net/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by 1&1 Internet  Inc.
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Gaming Mouse] "C:\Program Files\Ideazon\Reaper Edge\Tray.exe"
O4 - HKLM\..\Run: [Gaming Mouse Hid] "C:\Program Files\Ideazon\Reaper Edge\hid.exe"
O4 - HKLM\..\Run: [MSN Messenger Guard] msnguard.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Need for Speedâ„¢ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1and1.com/b2home/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (http://\"http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191251896343 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191251896343\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab (http://\"http://www.acclaim.com/cabs/acclaim_v8.cab\")
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (http://\"http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab (http://\"http://cdn1.acclaimdownloads.com/solidstateion.cab\")
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab (http://\"http://asp.mathxl.com/books/_Players/MathPlayer.cab\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: netstats - Malware Labs - C:\WINDOWS\system\msservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11508 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\Wireless Configuration Utility HW.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-12-07 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2007-08-31 1122128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-09-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-09-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-09-03 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-11-15 77824]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-16 13529088]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-05-27 413696]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-16 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-09-03 144792]
"KBD"=C:\HP\KBD\KBD.EXE [2005-02-02 61440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-12-07 185872]
"Gaming Mouse"=C:\Program Files\Ideazon\Reaper Edge\Tray.exe [2007-07-18 225280]
"Gaming Mouse Hid"=C:\Program Files\Ideazon\Reaper Edge\hid.exe [2007-07-18 237568]
"MSN Messenger Guard"=C:\WINDOWS\msnguard.exe [2008-12-13 73738]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"Google Update"=C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 133104]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2008-10-21 270128]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\palmOne\Hotsync.exe
Post-it® Digital Notes.lnk - C:\Program Files\3M\PDNotes\PDNotes.exe
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\James\Start Menu\Programs\Startup
Need for Speedâ„¢ Undercover Registration.lnk - C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
palmOne Registration.lnk - C:\Program Files\palmOne\register.exe
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Rapid PHP 2007\rapidphp.exe"="C:\Program Files\Rapid PHP 2007\rapidphp.exe:*:Enabled:Rapid PHP 2007"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\fxkcdx.exe"="C:\WINDOWS\system32\fxkcdx.exe:*:Disabled:fxkcdx"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Microsoft Games\Halo\halo.exe"="C:\Program Files\Microsoft Games\Halo\halo.exe:*:Enabled:Halo"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Documents and Settings\James\Local Settings\Temp\solidnm.exe"="C:\Documents and Settings\James\Local Settings\Temp\solidnm.exe:*:Enabled:Solid State Networks Browser Plugin"
"C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe"="C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\SHOUTcast\sc_serv.exe"="C:\Program Files\SHOUTcast\sc_serv.exe:*:Enabled:sc_serv"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Documents and Settings\James\My Documents\My Downloads\2moons_downloader_us_3-28-2008(2).exe"="C:\Documents and Settings\James\My Documents\My Downloads\2moons_downloader_us_3-28-2008(2).exe:*:Enabled:2Moons Downloader"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\xampp\mysql\bin\mysqld.exe"="C:\xampp\mysql\bin\mysqld.exe:*:Enabled:mysqld"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(tm) Platform SE binary"
"C:\Program Files\Teamspeak2_RC2\server_windows.exe"="C:\Program Files\Teamspeak2_RC2\server_windows.exe:*:Enabled:Server"
"C:\Program Files\VentSrv\ventrilo_srv.exe"="C:\Program Files\VentSrv\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\SmartFTP Client\SmartFTP.exe"="C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\Program Files\Ventrilo\Ventrilo.exe"="C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War(tm)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War(tm)"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(tm) Platform SE binary"
"L:\Pokemon\VisualBoyAdvance.exe"="L:\Pokemon\VisualBoyAdvance.exe:*:Enabled:VisualBoyAdvance emulator"
"C:\Program Files\Common Files\System\rundll.exe"="C:\Program Files\Common Files\System\rundll.exe:*:Enabled:Windows Update"
"c:\1.exe"="c:\1.exe:*:Enabled:MSN Messenger Guard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc2ce9-8668-11dc-9d1a-0018e7267783}]
shell\AutoRun\command - G:\setup.exe /autorun
shell\directx\command - G:\DirectX\dxsetup.exe
shell\setup\command - G:\setup.exe


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-12-14 13:56:15 ----D---- C:\rsit
2008-12-13 08:11:24 ----RSH---- C:\WINDOWS\msnguard.exe
2008-12-12 03:05:01 ----D---- C:\Program Files\KAZAA
2008-12-12 03:05:01 ----D---- C:\My Downloads
2008-12-11 20:02:42 ----A---- C:\WINDOWS\QuickInstall.INI
2008-12-11 19:59:46 ----D---- C:\Documents and Settings\All Users\Application Data\HotSync
2008-12-11 19:59:37 ----A---- C:\WINDOWS\PalmDevC.dll
2008-12-11 19:59:18 ----D---- C:\Program Files\palmOne
2008-12-11 19:58:50 ----D---- C:\Documents and Settings\James\Application Data\HotSync
2008-12-11 19:58:41 ----A---- C:\HuskyInstallerLog.txt
2008-12-11 19:27:26 ----D---- C:\Program Files\mp3towav
2008-12-11 19:27:26 ----A---- C:\WINDOWS\system32\mp3dec.dll
2008-12-11 07:49:26 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-11 07:31:22 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-11 07:30:25 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-11 07:30:15 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-11 07:28:13 ----D---- C:\Documents and Settings\All Users\Application Data\Ideazon
2008-12-11 07:27:52 ----D---- C:\Program Files\Ideazon
2008-12-09 15:53:33 ----A---- C:\WINDOWS\psmplay.ini
2008-12-09 15:52:16 ----D---- C:\Program Files\PSM5
2008-12-09 15:45:41 ----D---- C:\Program Files\AmazingMIDI
2008-12-09 15:34:17 ----D---- C:\Aya Software
2008-12-09 15:31:29 ----D---- C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-12-09 15:31:28 ----D---- C:\Documents and Settings\James\Application Data\AVS4YOU
2008-12-09 15:31:05 ----D---- C:\Program Files\Common Files\AVSMedia
2008-12-09 15:31:05 ----A---- C:\WINDOWS\system32\cc3270mt.dll
2008-12-09 15:31:04 ----D---- C:\Program Files\AVS4YOU
2008-12-09 15:25:16 ----D---- C:\Documents and Settings\James\Application Data\Ringtone
2008-12-08 11:50:32 ----D---- C:\Documents and Settings\James\Application Data\Leadertech
2008-12-08 11:38:11 ----D---- C:\Program Files\EA Games
2008-12-07 15:05:32 ----D---- C:\Program Files\Common Files\xing shared
2008-12-07 15:05:21 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2008-12-07 15:05:10 ----A---- C:\WINDOWS\system32\pndx5032.dll
2008-12-07 15:05:10 ----A---- C:\WINDOWS\system32\pndx5016.dll
2008-12-07 15:05:09 ----D---- C:\Program Files\Real
2008-12-07 15:05:09 ----A---- C:\WINDOWS\system32\pncrt.dll
2008-12-07 15:05:07 ----D---- C:\Program Files\Common Files\Real
2008-12-07 15:05:06 ----D---- C:\Documents and Settings\James\Application Data\Real
2008-12-07 15:01:54 ----D---- C:\Documents and Settings\James\Application Data\Moyea
2008-12-07 15:01:40 ----D---- C:\Program Files\Moyea
2008-12-03 20:24:50 ----D---- C:\WINDOWS\Minidump
2008-12-01 15:00:15 ----D---- C:\.jagex_cache_32
2008-11-21 07:23:29 ----D---- C:\Documents and Settings\James\Application Data\Xfire
2008-11-21 07:23:25 ----D---- C:\Program Files\Xfire
2008-11-20 16:08:27 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-20 14:44:26 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-11-19 21:15:35 ----A---- C:\WINDOWS\system32\PnkBstrA.exe
2008-11-19 21:15:35 ----A---- C:\WINDOWS\system32\pbsvc.exe
2008-11-19 21:08:12 ----D---- C:\Program Files\Activision
2008-11-18 17:56:04 ----D---- C:\Program Files\Ventrilo
2008-11-18 17:56:00 ----A---- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

======List of files/folders modified in the last 1 months======

2008-12-14 13:56:25 ----D---- C:\WINDOWS\Temp
2008-12-14 13:56:24 ----D---- C:\WINDOWS\Prefetch
2008-12-14 13:52:12 ----D---- C:\Documents and Settings\James\Application Data\uTorrent
2008-12-14 13:48:01 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 13:47:44 ----SD---- C:\WINDOWS\Tasks
2008-12-14 13:43:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 13:35:15 ----D---- C:\Program Files\Mozilla Firefox 3 Beta 1
2008-12-14 01:51:16 ----SHD---- C:\WINDOWS\CSC
2008-12-13 22:13:03 ----RSHD---- C:\Program Files\Common Files\System
2008-12-13 22:13:03 ----D---- C:\WINDOWS\system32\drivers
2008-12-13 22:13:03 ----D---- C:\WINDOWS
2008-12-13 16:41:37 ----RD---- C:\Program Files
2008-12-13 16:41:36 ----HD---- C:\WINDOWS\inf
2008-12-13 16:41:36 ----D---- C:\WINDOWS\system32
2008-12-13 16:31:47 ----D---- C:\WINDOWS\system
2008-12-11 20:30:36 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-11 20:00:07 ----SHD---- C:\WINDOWS\Installer
2008-12-11 19:59:36 ----D---- C:\Config.Msi
2008-12-11 19:59:35 ----SD---- C:\Documents and Settings\James\Application Data\Microsoft
2008-12-11 19:58:40 ----D---- C:\WINDOWS\Downloaded Installations
2008-12-11 17:09:30 ----D---- C:\Program Files\Internet Explorer
2008-12-11 17:07:56 ----D---- C:\WINDOWS\ie7updates
2008-12-11 17:03:54 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-11 07:49:38 ----A---- C:\WINDOWS\imsins.BAK
2008-12-11 07:46:56 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-11 07:28:02 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-11 07:27:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-11 07:27:51 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-09 17:24:37 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-09 15:34:32 ----D---- C:\WINDOWS\WinSxS
2008-12-09 15:31:05 ----D---- C:\Program Files\Common Files
2008-12-08 15:10:58 ----D---- C:\Documents and Settings\James\Application Data\OpenOffice.org2
2008-12-08 11:38:10 ----D---- C:\WINDOWS\system32\DirectX
2008-12-08 11:37:56 ----RSD---- C:\WINDOWS\assembly
2008-11-26 11:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-20 18:51:16 ----D---- C:\WINDOWS\Registration
2008-11-20 18:50:59 ----D---- C:\WINDOWS\system32\URTTemp
2008-11-20 18:50:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-11-19 21:16:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-19 21:15:34 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-18 17:55:47 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 Tcpip6;Microsoft IPv6 Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2008-06-20 225856]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.2.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-11-03 21419]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 SVKP;SVKP; \??\C:\WINDOWS\system32\SVKP.sys []
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-08-20 44384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-11-17 2297664]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 GamingMsFltr;Ideazon Reaper Edge; C:\WINDOWS\system32\drivers\gamingms.sys [2007-04-25 19712]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver; C:\WINDOWS\system32\drivers\HCWBT8XX.sys [2006-01-25 472644]
R3 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-16 6557408]
R3 RTL8023;Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver; C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys [2003-12-31 69504]
R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rtl8185.sys [2007-01-29 306304]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys []
S3 AMDPCI;AMDPCI; \??\C:\DOCUME~1\James\LOCALS~1\Temp\AMDPCI.sys []
S3 amdtools;AMD Special Tools Driver; C:\WINDOWS\system32\DRIVERS\AmdTools.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 BLKWGU(Belkin);Belkin Wireless G USB Network Adapter(Belkin); C:\WINDOWS\system32\DRIVERS\BLKWGU.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-06-22 51088]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-06-22 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-06-22 21744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2008-12-11 16694]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197); C:\WINDOWS\system32\DRIVERS\qcusbmdm.sys [2003-03-11 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [2003-03-11 59632]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 scrcap;scrcap; C:\WINDOWS\system32\DRIVERS\scrcap.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2005-12-22 80272]
S3 sscdmdfl;SAMSUNG CDMA Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2005-12-22 10864]
S3 sscdmdm;SAMSUNG CDMA Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2005-12-22 137884]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;IPv6 Helper Service; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2007-10-29 587096]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-09-03 147456]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-16 159812]
R2 PnkBstrA;PunkBuster; C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe [2008-10-21 63040]
R2 WinDefend;Windows Defender; C:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
S2 MySql;MySql; c:/xampp/mysql/bin/mysqld-nt.exe []
S2 netstats;netstats; C:\WINDOWS\system\msservice.exe [2008-12-13 88586]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-10-01 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SonicStage Back-End Service;SonicStage Back-End Service; C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe [2007-02-05 112184]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2007-02-05 75320]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

Quote

info.txt logfile of random's system information tool 1.04 2008-12-14 13:56:26

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->Dummy
-->MsiExec /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0014-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2moons-->MsiExec.exe /I{0B69C194-49D3-4A47-A0F9-BBEEAC28E886}
802.11g Wireless Adapter HW.15 V.1.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{F266A90C-3F4A-4F65-9901-3DBBB0D77D80}
Acclaim Game Launcher Plugin-->C:\WINDOWS\system32\AcclaimGames\GameLauncher\acclaimuninstall.exe /Uninstall activex
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->C:\Program Files\Common Files\Adobe\Installers\7328fdfcb73660ec8b11d5a3d5c6232\Setup.exe
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash CS3-->MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}
Adobe Flash Video Encoder-->MsiExec.exe /I{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{0650BB10-BCF4-400A-85EE-04097E3046C6}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup-->MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AGEIA PhysX v7.09.13-->MsiExec.exe /X{45235788-142C-44BE-8A4D-DDE9A84492E5}
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
AIM 6-->C:\Program Files\AIM6\uninst.exe
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitPim 1.0.2-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Call of Duty® - World at War(tm)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x0409
Cavaj Java Decompiler-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Cavaj Java Decompiler\Uninst.isu"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enhanced Multimedia Keyboard Solution-->C:\HP\KBD\Install.exe /u
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9  -removeonly
Guild Wars-->"C:\Program Files\Guild Wars\Gw.exe" -uninstall
Hauppauge WinTV Scheduler-->C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.exe C:\PROGRA~1\WinTV\SCHEDU~1\uniSCHED.log
Hauppauge WinTV2000-->C:\PROGRA~1\WinTV\UNTV32.EXE C:\PROGRA~1\WinTV\WINTV2K.LOG
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
Ideazon Reaper Edge-->C:\Program Files\InstallShield Installation Information\{C52DE33F-117A-4EC8-8A32-084E828D7B1E}\setup.exe -runfromtemp -l0x0009 -removeonly
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
Java 3D 1.5.1-->MsiExec.exe /X{32A9C5B3-D166-4C6D-A11E-A54473151000}
Java DB 10.3.1.4-->MsiExec.exe /X{CD49361E-3FE6-457E-90A1-9C59E29B5D02}
Java Media Framework 2.1.1e-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\JMF2.1.1e\Uninst.isu"
Java(tm) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(tm) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
Java(tm) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Machine Check Analysis Tool-->MsiExec.exe /X{5E6E4E39-B0D8-4FA8-826A-31ABA2935E92}
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Document Explorer 2005-->C:\Program Files\Common Files\Microsoft Shared\Help 8\Microsoft Document Explorer 2005\install.exe
Microsoft Document Explorer 2005-->MsiExec.exe /X{44D4AF75-6870-41F5-9181-662EA05507E1}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3-->rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROR /dll OSETUP.DLL
Microsoft Office Professional 2007-->MsiExec.exe /X{91120000-0014-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000F

Title: Issues
Post by: guestolo on December 14, 2008, 03:18:37 PM

Can you do the following
Let's temporarily disable some protections, so as they don't interfere with this next step

Right click on the Avast icon by the clock and select to "Stop on access protections"
Ok the prompt

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

Go to START>>RUN>>type in services.msc
Hit OK
In the new window
Look on the right hand side for this Exact service name
netstats
Right click on it and select Properties

In the Startup type dropdown box, select Disabled
Stop the service from running if allowed
Apply and Ok it
Then exit

Download ComboFix from one of these locations:

[color=\"#0000FF\"]Link 1[/color] (http://\"http://download.bleepingcomputer.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 2[/color] (http://\"http://www.forospyware.com/sUBs/ComboFix.exe\")
[color=\"#0000FF\"]Link 3[/color] (http://\"http://subs.geekstogo.com/ComboFix.exe\")
Save it ONLY to your desktop

• Double click on Combo-Fix.exe & follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

[color=\"#2e8b57\"]**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
[/color]
(http://img.photobucket.com/albums/v706/ried7/RcAuto1.gif)

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://img.photobucket.com/albums/v706/ried7/whatnext.png)


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combo-Fix.txt in your next reply

NOTE: Do not mouseclick inside ComboFix window as it's running, it may cause it to stall
ComboFix will run again on startup, it will prompt that it's creating a log
This process could take up to 15 minutes, let it run uninterrupted please

Title: Issues
Post by: Everlasting Death on December 14, 2008, 07:45:56 PM

I was off doing some church stuff and my dad did the above and he said he got rid of the msservice.exe and ran the combofix 3 times, here is the latest log file

Quote

ComboFix 08-12-14.03 - James 2008-12-14 15:44:33.4 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.723 [GMT -6:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-11-14 to 2008-12-14  )))))))))))))))))))))))))))))))
.

2008-12-14 15:40 . 2008-12-14 15:40   293   --a------   C:\boot2.ini
2008-12-14 13:56 . 2008-12-14 13:56   <DIR>   d--------   C:\rsit
2008-12-13 16:35 . 2008-12-13 16:35   88,586   --a------   c:\documents and settings\James\h.exe
2008-12-13 08:11 . 2008-12-13 08:11   73,738   -r-hs----   c:\windows\msnguard.exe
2008-12-12 23:27 . 2002-07-17 08:05   16,512   --a------   c:\windows\system32\drivers\ASPI32.SYS
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   c:\program files\KAZAA
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   C:\My Downloads
2008-12-11 20:02 . 2008-12-11 20:02   0   --a------   c:\windows\QuickInstall.INI
2008-12-11 19:59 . 2008-12-12 15:21   <DIR>   d--------   c:\program files\palmOne
2008-12-11 19:59 . 2008-12-11 19:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\HotSync
2008-12-11 19:59 . 2008-12-11 19:58   53,248   --a------   c:\windows\PalmDevC.dll
2008-12-11 19:58 . 2008-12-11 19:58   <DIR>   d--------   c:\documents and settings\James\Application Data\HotSync
2008-12-11 19:27 . 2008-12-13 16:42   <DIR>   d--------   c:\program files\mp3towav
2008-12-11 19:27 . 1999-09-17 10:56   118,784   --a------   c:\windows\system32\mp3dec.dll
2008-12-11 19:27 . 2001-12-12 10:42   40,960   --a------   c:\windows\system32\MDec.ocx
2008-12-11 19:26 . 2008-12-11 19:26   83   --a------   C:\Mp3FE.m3u
2008-12-11 19:25 . 2004-08-03 16:49   17   --a------   c:\windows\system32\WINSPOOL.WIN
2008-12-11 07:31 . 2008-12-11 07:31   268   --ah-----   C:\sqmdata10.sqm
2008-12-11 07:31 . 2008-12-11 07:31   244   --ah-----   C:\sqmnoopt10.sqm
2008-12-11 07:28 . 2008-12-11 07:28   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Ideazon
2008-12-11 07:27 . 2008-12-11 07:27   <DIR>   d--------   c:\program files\Ideazon
2008-12-11 07:27 . 2007-04-25 01:22   19,712   --a------   c:\windows\system32\drivers\gamingms.sys
2008-12-09 15:53 . 2008-12-09 15:54   1,191   --a------   c:\windows\psmplay.ini
2008-12-09 15:52 . 2008-12-09 15:53   <DIR>   d--------   c:\program files\PSM5
2008-12-09 15:45 . 2008-12-09 16:03   <DIR>   d--------   c:\program files\AmazingMIDI
2008-12-09 15:43 . 2003-04-03 12:00   544,768   --a------   c:\windows\system32\vsflex8n.ocx
2008-12-09 15:34 . 2008-12-09 15:34   <DIR>   d--------   C:\Aya Software
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\Common Files\AVSMedia
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\James\Application Data\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-09 15:31 . 2006-03-03 10:02   658,432   --a------   c:\windows\system32\cc3270mt.dll
2008-12-09 15:25 . 2008-12-09 15:28   <DIR>   d--------   c:\documents and settings\James\Application Data\Ringtone
2008-12-08 11:50 . 2008-12-08 11:50   <DIR>   d--------   c:\documents and settings\James\Application Data\Leadertech
2008-12-08 11:50 . 2008-12-08 11:50   1,180   --a------   c:\windows\system32\ealregsnapshot1.reg
2008-12-08 11:38 . 2008-12-08 11:38   <DIR>   d--------   c:\program files\EA Games
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Real
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\xing shared
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\Real
2008-12-07 15:01 . 2008-12-07 15:10   <DIR>   d--------   c:\program files\Moyea
2008-12-07 15:01 . 2008-12-07 15:01   <DIR>   d--------   c:\documents and settings\James\Application Data\Moyea
2008-12-01 15:00 . 2008-12-01 15:00   <DIR>   d--------   C:\.jagex_cache_32
2008-11-21 07:23 . 2008-12-10 13:45   <DIR>   d--------   c:\program files\Xfire
2008-11-21 07:23 . 2008-12-11 18:37   <DIR>   d--------   c:\documents and settings\James\Application Data\Xfire
2008-11-20 16:08 . 2008-12-08 13:47   183,112   --a------   c:\windows\system32\PnkBstrB.exe
2008-11-20 16:08 . 2008-12-08 13:47   138,184   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 14:44 . 2008-11-20 14:44   42,320   --a------   c:\windows\system32\xfcodec.dll
2008-11-19 21:15 . 2008-11-19 21:15   682,280   --a------   c:\windows\system32\pbsvc.exe
2008-11-19 21:15 . 2008-11-20 16:08   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2008-11-19 21:15 . 2008-11-19 21:15   22,328   --a------   c:\documents and settings\James\Application Data\PnkBstrK.sys
2008-11-19 21:08 . 2008-11-19 21:08   <DIR>   d--------   c:\program files\Activision
2008-11-18 17:56 . 2008-11-18 17:56   <DIR>   d--------   c:\program files\Ventrilo
2008-11-18 17:56 . 2008-11-18 17:56   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 21:44   ---------   d-----w   c:\documents and settings\James\Application Data\uTorrent
2008-12-14 20:36   ---------   d-----w   c:\program files\Mozilla Firefox 3 Beta 1
2008-12-14 20:07   31   ----a-w   c:\documents and settings\James\jagex_runescape_preferences.dat
2008-12-12 01:58   16,694   ----a-w   c:\windows\system32\drivers\PalmUSBD.sys
2008-12-11 13:46   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:27   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-08 21:10   ---------   d-----w   c:\documents and settings\James\Application Data\OpenOffice.org2
2008-11-18 23:55   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-11-10 03:43   ---------   d-----w   c:\program files\Bethesda Softworks
2008-11-10 03:43   ---------   d-----w   c:\documents and settings\All Users\Application Data\Fallout3
2008-11-04 01:41   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 14:58   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\James\Application Data\Malwarebytes
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 02:19   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-10-22 22:27   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:27   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-10-22 21:22   ---------   d-----w   c:\program files\3M
2008-10-22 21:22   ---------   d-----w   c:\documents and settings\James\Application Data\3M
2008-10-17 02:53   ---------   d-----w   c:\documents and settings\James\Application Data\Dev-Cpp
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 20:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 20:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 20:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 20:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 20:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 20:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 20:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 20:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 20:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 20:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-09-30 22:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2007-06-13 10:23   22,040   -c-h--w   c:\documents and settings\James\Application Data\aon.dat
2008-07-19 08:20   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-12-14_15.15.35.46   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-14 21:33:59   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_2e4.dat
+ 2008-12-14 21:34:00   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_728.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-21 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Gaming Mouse"="c:\program files\Ideazon\Reaper Edge\Tray.exe" [2007-07-18 225280]
"Gaming Mouse Hid"="c:\program files\Ideazon\Reaper Edge\hid.exe" [2007-07-18 237568]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\James\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-01 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Post-itr Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2006-03-21 6485528]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-02 21:48 133104 c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-09-03 19:35 144792 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-07 15:05 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Messenger Guard]
-r-hs---- 2008-12-13 08:11 73738 c:\windows\msnguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"netstats"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"61951:TCP"= 61951:TCP:*:Disabled:SolidNetworkManager
"61951:UDP"= 61951:UDP:*:Disabled:SolidNetworkManager

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2005-06-01 97920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-30 20560]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-10-01 2368]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [2008-12-11 19712]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-11-07 472644]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-12-12 16512]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2007-10-17 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2007-10-17 59632]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []
S4 netstats;netstats;"c:\windows\system\msservice.exe" []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc2ce9-8668-11dc-9d1a-0018e7267783}]
\Shell\AutoRun\command - G:\setup.exe /autorun
\Shell\directx\command - g:\directx\dxsetup.exe
\Shell\setup\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A6CBBD4-E3C9-C738-E422-F9FE869A435E}]
c:\program files\drivers\msmsrs.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:48]

2008-12-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-14 c:\windows\Tasks\Wireless Configuration Utility HW.job
- c:\progra~1\802~1.11W\80211G~1.00\WlanCU.exe [2006-11-19 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.jaswin.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2etrq3kc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jaswin.net
FF - plugin: c:\documents and settings\James\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-14 15:47:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
Completion time: 2008-12-14 15:49:07
ComboFix-quarantined-files.txt  2008-12-14 21:48:47
ComboFix2.txt  2008-12-14 21:25:31
ComboFix3.txt  2008-12-14 21:16:13

Pre-Run: 217,172,742,144 bytes free
Post-Run: 217,171,771,392 bytes free

269   --- E O F ---   2008-12-12 08:04:24

Title: Issues
Post by: guestolo on December 14, 2008, 08:32:51 PM

Can I see the first log that ComboFix made
it's located here
C:\ComboFix3.txt

In addition, did the service netstats get disabled the way I mentioned?
Or did you use msconfig to disable it earlier?

Title: Issues
Post by: Everlasting Death on December 14, 2008, 08:49:17 PM

idk about the netstats, my dad did that part and he didn't say how he did, I would assume he did it the way you stated

Quote

ComboFix 08-12-14.03 - James 2008-12-14 15:14:21.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.972 [GMT -6:00]
Running from: E:\ComboFix.exe
Command switches used :: E:\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
.

(((((((((((((((((((((((((   Files Created from 2008-11-14 to 2008-12-14  )))))))))))))))))))))))))))))))
.

2008-12-14 15:11 . 2008-12-14 15:11   389,120   --a------   c:\windows\system32\CF31636.exe
2008-12-14 13:56 . 2008-12-14 13:56   <DIR>   d--------   C:\rsit
2008-12-13 16:35 . 2008-12-13 16:35   88,586   --a------   c:\documents and settings\James\h.exe
2008-12-13 08:11 . 2008-12-13 08:11   73,738   -r-hs----   c:\windows\msnguard.exe
2008-12-12 23:27 . 2002-07-17 08:05   16,512   --a------   c:\windows\system32\drivers\ASPI32.SYS
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   c:\program files\KAZAA
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   C:\My Downloads
2008-12-11 20:02 . 2008-12-11 20:02   0   --a------   c:\windows\QuickInstall.INI
2008-12-11 19:59 . 2008-12-12 15:21   <DIR>   d--------   c:\program files\palmOne
2008-12-11 19:59 . 2008-12-11 19:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\HotSync
2008-12-11 19:59 . 2008-12-11 19:58   53,248   --a------   c:\windows\PalmDevC.dll
2008-12-11 19:58 . 2008-12-11 19:58   <DIR>   d--------   c:\documents and settings\James\Application Data\HotSync
2008-12-11 19:27 . 2008-12-13 16:42   <DIR>   d--------   c:\program files\mp3towav
2008-12-11 19:27 . 1999-09-17 10:56   118,784   --a------   c:\windows\system32\mp3dec.dll
2008-12-11 19:27 . 2001-12-12 10:42   40,960   --a------   c:\windows\system32\MDec.ocx
2008-12-11 19:26 . 2008-12-11 19:26   83   --a------   C:\Mp3FE.m3u
2008-12-11 19:25 . 2004-08-03 16:49   17   --a------   c:\windows\system32\WINSPOOL.WIN
2008-12-11 07:31 . 2008-12-11 07:31   268   --ah-----   C:\sqmdata10.sqm
2008-12-11 07:31 . 2008-12-11 07:31   244   --ah-----   C:\sqmnoopt10.sqm
2008-12-11 07:28 . 2008-12-11 07:28   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Ideazon
2008-12-11 07:27 . 2008-12-11 07:27   <DIR>   d--------   c:\program files\Ideazon
2008-12-11 07:27 . 2007-04-25 01:22   19,712   --a------   c:\windows\system32\drivers\gamingms.sys
2008-12-09 15:53 . 2008-12-09 15:54   1,191   --a------   c:\windows\psmplay.ini
2008-12-09 15:52 . 2008-12-09 15:53   <DIR>   d--------   c:\program files\PSM5
2008-12-09 15:45 . 2008-12-09 16:03   <DIR>   d--------   c:\program files\AmazingMIDI
2008-12-09 15:43 . 2003-04-03 12:00   544,768   --a------   c:\windows\system32\vsflex8n.ocx
2008-12-09 15:34 . 2008-12-09 15:34   <DIR>   d--------   C:\Aya Software
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\Common Files\AVSMedia
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\James\Application Data\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-09 15:31 . 2006-03-03 10:02   658,432   --a------   c:\windows\system32\cc3270mt.dll
2008-12-09 15:25 . 2008-12-09 15:28   <DIR>   d--------   c:\documents and settings\James\Application Data\Ringtone
2008-12-08 11:50 . 2008-12-08 11:50   <DIR>   d--------   c:\documents and settings\James\Application Data\Leadertech
2008-12-08 11:50 . 2008-12-08 11:50   1,180   --a------   c:\windows\system32\ealregsnapshot1.reg
2008-12-08 11:38 . 2008-12-08 11:38   <DIR>   d--------   c:\program files\EA Games
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Real
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\xing shared
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\Real
2008-12-07 15:01 . 2008-12-07 15:10   <DIR>   d--------   c:\program files\Moyea
2008-12-07 15:01 . 2008-12-07 15:01   <DIR>   d--------   c:\documents and settings\James\Application Data\Moyea
2008-12-01 15:00 . 2008-12-01 15:00   <DIR>   d--------   C:\.jagex_cache_32
2008-11-21 07:23 . 2008-12-10 13:45   <DIR>   d--------   c:\program files\Xfire
2008-11-21 07:23 . 2008-12-11 18:37   <DIR>   d--------   c:\documents and settings\James\Application Data\Xfire
2008-11-20 16:08 . 2008-12-08 13:47   183,112   --a------   c:\windows\system32\PnkBstrB.exe
2008-11-20 16:08 . 2008-12-08 13:47   138,184   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 14:44 . 2008-11-20 14:44   42,320   --a------   c:\windows\system32\xfcodec.dll
2008-11-19 21:15 . 2008-11-19 21:15   682,280   --a------   c:\windows\system32\pbsvc.exe
2008-11-19 21:15 . 2008-11-20 16:08   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2008-11-19 21:15 . 2008-11-19 21:15   22,328   --a------   c:\documents and settings\James\Application Data\PnkBstrK.sys
2008-11-19 21:08 . 2008-11-19 21:08   <DIR>   d--------   c:\program files\Activision
2008-11-18 17:56 . 2008-11-18 17:56   <DIR>   d--------   c:\program files\Ventrilo
2008-11-18 17:56 . 2008-11-18 17:56   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-14 21:08   ---------   d-----w   c:\documents and settings\James\Application Data\uTorrent
2008-12-14 20:36   ---------   d-----w   c:\program files\Mozilla Firefox 3 Beta 1
2008-12-14 20:07   31   ----a-w   c:\documents and settings\James\jagex_runescape_preferences.dat
2008-12-12 01:58   16,694   ----a-w   c:\windows\system32\drivers\PalmUSBD.sys
2008-12-11 13:46   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:27   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-08 21:10   ---------   d-----w   c:\documents and settings\James\Application Data\OpenOffice.org2
2008-11-18 23:55   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-11-10 03:43   ---------   d-----w   c:\program files\Bethesda Softworks
2008-11-10 03:43   ---------   d-----w   c:\documents and settings\All Users\Application Data\Fallout3
2008-11-04 01:41   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 14:58   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\James\Application Data\Malwarebytes
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 02:19   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-10-22 22:27   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:27   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-10-22 21:22   ---------   d-----w   c:\program files\3M
2008-10-22 21:22   ---------   d-----w   c:\documents and settings\James\Application Data\3M
2008-10-17 02:53   ---------   d-----w   c:\documents and settings\James\Application Data\Dev-Cpp
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 20:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 20:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 20:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 20:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 20:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 20:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 20:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 20:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 20:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 20:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-09-30 22:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2007-06-13 10:23   22,040   -c-h--w   c:\documents and settings\James\Application Data\aon.dat
2008-07-19 08:20   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-21 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Gaming Mouse"="c:\program files\Ideazon\Reaper Edge\Tray.exe" [2007-07-18 225280]
"Gaming Mouse Hid"="c:\program files\Ideazon\Reaper Edge\hid.exe" [2007-07-18 237568]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-13 169984]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\James\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-01 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Post-itr Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2006-03-21 6485528]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-09-03 19:35 144792 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-12-07 15:05 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Messenger Guard]
-r-hs---- 2008-12-13 08:11 73738 c:\windows\msnguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"61951:TCP"= 61951:TCP:*:Disabled:SolidNetworkManager
"61951:UDP"= 61951:UDP:*:Disabled:SolidNetworkManager

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2005-06-01 97920]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [2008-12-11 19712]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-30 111184]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-30 20560]
S2 netstats;netstats;"c:\windows\system\msservice.exe" []
S2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-10-01 2368]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-12-12 16512]
S3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-11-07 472644]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2007-10-17 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2007-10-17 59632]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc2ce9-8668-11dc-9d1a-0018e7267783}]
\Shell\AutoRun\command - G:\setup.exe /autorun
\Shell\directx\command - g:\directx\dxsetup.exe
\Shell\setup\command - G:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{75b6bc31-b5cc-11dd-88a5-00012e15d126}]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc277cbb-ac70-11dd-88a3-00012e15d126}]
\Shell\AutoRun\command - J:\Autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A6CBBD4-E3C9-C738-E422-F9FE869A435E}]
c:\program files\drivers\msmsrs.exe s
.
Contents of the 'Scheduled Tasks' folder

2008-12-14 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:48]

2008-12-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-14 c:\windows\Tasks\Wireless Configuration Utility HW.job
- c:\progra~1\802~1.11W\80211G~1.00\WlanCU.exe [2006-11-19 23:04]
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.jaswin.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2etrq3kc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jaswin.net
FF - plugin: c:\documents and settings\James\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-14 15:15:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
Completion time: 2008-12-14 15:16:12
ComboFix-quarantined-files.txt  2008-12-14 21:15:49

Pre-Run: 217,915,998,208 bytes free
Post-Run: 218,567,782,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /safeboot:minimal

277   --- E O F ---   2008-12-12 08:04:24

Title: Issues
Post by: guestolo on December 14, 2008, 08:57:55 PM

Can you go back to Virustotal
Scan one more file for me please

This one
c:\program files\drivers\msmsrs.exe

Title: Issues
Post by: Everlasting Death on December 14, 2008, 09:23:39 PM

when i try to upload it it says it can't find the file

Title: Issues
Post by: Everlasting Death on December 14, 2008, 09:28:09 PM

sorry for double post, internet was acting wierd

Title: Issues
Post by: guestolo on December 14, 2008, 09:32:43 PM

We still have a bit of cleaning to do, but can I have you run an online virus scan
Avast is great, this is just a second opinion, some files you have/had installed point to a possible keylogger
Do the following please

Temporarily disable Avast's realtime protections so it won't interfere
using IE
Go to the following link
http://www.bitdefender.com/scan8/ie.html (http://\"http://www.bitdefender.com/scan8/ie.html\")
Click the I agree button, allow activex control to install when prompted and run a scan
When the scan is done
Choose to save a report
Save the report to your desktop>>Giving it a name, such as Virusscan
It may be in HTML format

That's ok, reboot
Back in Windows
post the log from BitDefender
You can open the HTML and choose EDIT>>Select ALL>>Edit>>Copy

Title: Issues
Post by: Everlasting Death on December 14, 2008, 09:44:48 PM

it won't scan, it fails everytime

nvm, it's working now

Title: Issues
Post by: Everlasting Death on December 15, 2008, 12:24:43 AM

Quote

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Dec 14, 2008 - 23:14:46

Scan Info

Scanned Files

795217

Infected Files

0

Virus Detected

No virus found.

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

Title: Issues
Post by: guestolo on December 15, 2008, 01:04:54 AM

Can you do the following
Go to START>>RUN>>type in msconfig
Hit OK
Under the General tab select Normal startup
Apply it and Close out, but Don't restart the computer yet

Instead, come back here and post a fresh Hijackthis log

Title: Issues
Post by: Everlasting Death on December 15, 2008, 01:19:43 AM

Quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:08 AM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ideazon\Reaper Edge\Tray.exe
C:\Program Files\Ideazon\Reaper Edge\hid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.jaswin.net/ (http://\"http://forum.jaswin.net/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Gaming Mouse] "C:\Program Files\Ideazon\Reaper Edge\Tray.exe"
O4 - HKLM\..\Run: [Gaming Mouse Hid] "C:\Program Files\Ideazon\Reaper Edge\hid.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messenger Guard] msnguard.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Need for Speedâ„¢ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1and1.com/b2home/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (http://\"http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191251896343 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191251896343\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab (http://\"http://www.acclaim.com/cabs/acclaim_v8.cab\")
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (http://\"http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab (http://\"http://cdn1.acclaimdownloads.com/solidstateion.cab\")
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab (http://\"http://asp.mathxl.com/books/_Players/MathPlayer.cab\")
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: netstats - Unknown owner - C:\WINDOWS\system\msservice.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11168 bytes

Title: Issues
Post by: guestolo on December 15, 2008, 01:40:08 AM

Ensure that ComboFix is directly on your Desktop
I noticed the first time you ran it from the E: drive

Next: do the following please
Copy ALL the BLUE text below and Paste to notepad
Don't use anything else than notepad or the script will not work

[color=\"#0000FF\"]KillAll::

File::
c:\documents and settings\James\h.exe
c:\windows\msnguard.exe
c:\windows\system\msservice.exe
c:\program files\drivers\msmsrs.exe
c:\1.exe
C:\Program Files\Common Files\System\rundll.exe
Driver::
netstats
Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Common Files\\System\\rundll.exe"=-
"c:\\1.exe"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"QuickTime Task"=-
"SunJavaUpdateSched"=-
"TkBellExe"=-
"MSN Messenger Guard"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A6CBBD4-E3C9-C738-E422-F9FE869A435E}]
[/color]
Save this as txtfile on your desktop, with the exact name of
CFScript
(http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif)
Drag CFScript.txt into ComboFix.exe
Combofix will start>>Follow the prompts
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

When finished, it shall produce a log for you  with the same name C:\ComboFix.txt..
Post that log please

Title: Issues
Post by: Everlasting Death on December 15, 2008, 02:15:10 AM

Quote

ComboFix 08-12-14.03 - James 2008-12-15  0:54:36.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.699 [GMT -6:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\James\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
c:\1.exe
c:\documents and settings\James\h.exe
c:\program files\Common Files\System\rundll.exe
c:\program files\drivers\msmsrs.exe
c:\windows\msnguard.exe
c:\windows\system\msservice.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\James\h.exe
c:\windows\msnguard.exe

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETSTATS
-------\Service_netstats


(((((((((((((((((((((((((   Files Created from 2008-11-15 to 2008-12-15  )))))))))))))))))))))))))))))))
.

2008-12-14 20:43 . 2008-12-14 23:14   <DIR>   d--------   c:\windows\BDOSCAN8
2008-12-14 15:40 . 2008-12-14 15:40   293   --a------   C:\boot2.ini
2008-12-14 13:56 . 2008-12-14 13:56   <DIR>   d--------   C:\rsit
2008-12-12 23:27 . 2002-07-17 08:05   16,512   --a------   c:\windows\system32\drivers\ASPI32.SYS
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   c:\program files\KAZAA
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   C:\My Downloads
2008-12-11 20:02 . 2008-12-11 20:02   0   --a------   c:\windows\QuickInstall.INI
2008-12-11 19:59 . 2008-12-12 15:21   <DIR>   d--------   c:\program files\palmOne
2008-12-11 19:59 . 2008-12-11 19:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\HotSync
2008-12-11 19:59 . 2008-12-11 19:58   53,248   --a------   c:\windows\PalmDevC.dll
2008-12-11 19:58 . 2008-12-11 19:58   <DIR>   d--------   c:\documents and settings\James\Application Data\HotSync
2008-12-11 19:27 . 2008-12-13 16:42   <DIR>   d--------   c:\program files\mp3towav
2008-12-11 19:27 . 1999-09-17 10:56   118,784   --a------   c:\windows\system32\mp3dec.dll
2008-12-11 19:27 . 2001-12-12 10:42   40,960   --a------   c:\windows\system32\MDec.ocx
2008-12-11 19:26 . 2008-12-11 19:26   83   --a------   C:\Mp3FE.m3u
2008-12-11 19:25 . 2004-08-03 16:49   17   --a------   c:\windows\system32\WINSPOOL.WIN
2008-12-11 07:31 . 2008-12-11 07:31   268   --ah-----   C:\sqmdata10.sqm
2008-12-11 07:31 . 2008-12-11 07:31   244   --ah-----   C:\sqmnoopt10.sqm
2008-12-11 07:28 . 2008-12-11 07:28   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Ideazon
2008-12-11 07:27 . 2008-12-11 07:27   <DIR>   d--------   c:\program files\Ideazon
2008-12-11 07:27 . 2007-04-25 01:22   19,712   --a------   c:\windows\system32\drivers\gamingms.sys
2008-12-09 15:53 . 2008-12-09 15:54   1,191   --a------   c:\windows\psmplay.ini
2008-12-09 15:52 . 2008-12-09 15:53   <DIR>   d--------   c:\program files\PSM5
2008-12-09 15:45 . 2008-12-09 16:03   <DIR>   d--------   c:\program files\AmazingMIDI
2008-12-09 15:43 . 2003-04-03 12:00   544,768   --a------   c:\windows\system32\vsflex8n.ocx
2008-12-09 15:34 . 2008-12-09 15:34   <DIR>   d--------   C:\Aya Software
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\Common Files\AVSMedia
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\James\Application Data\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-09 15:31 . 2006-03-03 10:02   658,432   --a------   c:\windows\system32\cc3270mt.dll
2008-12-09 15:25 . 2008-12-09 15:28   <DIR>   d--------   c:\documents and settings\James\Application Data\Ringtone
2008-12-08 11:50 . 2008-12-08 11:50   <DIR>   d--------   c:\documents and settings\James\Application Data\Leadertech
2008-12-08 11:50 . 2008-12-08 11:50   1,180   --a------   c:\windows\system32\ealregsnapshot1.reg
2008-12-08 11:38 . 2008-12-08 11:38   <DIR>   d--------   c:\program files\EA Games
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Real
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\xing shared
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\Real
2008-12-07 15:01 . 2008-12-07 15:10   <DIR>   d--------   c:\program files\Moyea
2008-12-07 15:01 . 2008-12-07 15:01   <DIR>   d--------   c:\documents and settings\James\Application Data\Moyea
2008-12-01 15:00 . 2008-12-01 15:00   <DIR>   d--------   C:\.jagex_cache_32
2008-11-21 07:23 . 2008-12-10 13:45   <DIR>   d--------   c:\program files\Xfire
2008-11-21 07:23 . 2008-12-11 18:37   <DIR>   d--------   c:\documents and settings\James\Application Data\Xfire
2008-11-20 16:08 . 2008-12-08 13:47   183,112   --a------   c:\windows\system32\PnkBstrB.exe
2008-11-20 16:08 . 2008-12-08 13:47   138,184   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 14:44 . 2008-11-20 14:44   42,320   --a------   c:\windows\system32\xfcodec.dll
2008-11-19 21:15 . 2008-11-19 21:15   682,280   --a------   c:\windows\system32\pbsvc.exe
2008-11-19 21:15 . 2008-11-20 16:08   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2008-11-19 21:15 . 2008-11-19 21:15   22,328   --a------   c:\documents and settings\James\Application Data\PnkBstrK.sys
2008-11-19 21:08 . 2008-11-19 21:08   <DIR>   d--------   c:\program files\Activision
2008-11-18 17:56 . 2008-11-18 17:56   <DIR>   d--------   c:\program files\Ventrilo
2008-11-18 17:56 . 2008-11-18 17:56   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 05:33   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 05:19   ---------   d-----w   c:\documents and settings\James\Application Data\uTorrent
2008-12-15 01:46   ---------   d-----w   c:\program files\Mozilla Firefox 3 Beta 1
2008-12-15 00:54   31   ----a-w   c:\documents and settings\James\jagex_runescape_preferences.dat
2008-12-12 01:58   16,694   ----a-w   c:\windows\system32\drivers\PalmUSBD.sys
2008-12-11 13:46   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:27   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-08 21:10   ---------   d-----w   c:\documents and settings\James\Application Data\OpenOffice.org2
2008-11-18 23:55   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-11-10 03:43   ---------   d-----w   c:\program files\Bethesda Softworks
2008-11-10 03:43   ---------   d-----w   c:\documents and settings\All Users\Application Data\Fallout3
2008-11-04 01:41   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 14:58   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\James\Application Data\Malwarebytes
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 02:19   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-10-22 22:27   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:27   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-10-22 21:22   ---------   d-----w   c:\program files\3M
2008-10-22 21:22   ---------   d-----w   c:\documents and settings\James\Application Data\3M
2008-10-17 02:53   ---------   d-----w   c:\documents and settings\James\Application Data\Dev-Cpp
2007-06-13 10:23   22,040   -c-h--w   c:\documents and settings\James\Application Data\aon.dat
2008-07-19 08:20   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-12-14_15.15.35.46   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 20:07:02   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-15 00:51:46   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-12-14 20:07:02   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 00:51:46   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 02:43:36   45,056   ----a-w   c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-15 02:43:36   10,240   ----a-w   c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-15 02:43:36   27,136   ----a-w   c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-15 02:43:39   102,400   ----a-w   c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 21:01:48   118,784   ----a-w   c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 21:01:48   53,248   ----a-w   c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-15 02:43:40   142,848   ----a-w   c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-15 02:43:37   86,016   ----a-w   c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 21:01:48   53,248   ----a-w   c:\windows\bdoscandel.exe
+ 2008-01-09 21:01:48   118,784   ----a-w   c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 21:01:48   53,248   ----a-w   c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-10-21 02:02:28   163,328   ----a-w   c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-15 06:59:55   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_36c.dat
+ 2008-12-15 06:59:56   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_74c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Gaming Mouse"="c:\program files\Ideazon\Reaper Edge\Tray.exe" [2007-07-18 225280]
"Gaming Mouse Hid"="c:\program files\Ideazon\Reaper Edge\hid.exe" [2007-07-18 237568]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\James\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-01 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Post-itr Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2006-03-21 6485528]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"61951:TCP"= 61951:TCP:*:Disabled:SolidNetworkManager
"61951:UDP"= 61951:UDP:*:Disabled:SolidNetworkManager

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2005-06-01 97920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-30 20560]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-10-01 2368]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [2008-12-11 19712]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-11-07 472644]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-12-12 16512]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2007-10-17 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2007-10-17 59632]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - k:\setup\rsrc\Autorun.exe
\Shell\dinstall\command - k:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc2ce9-8668-11dc-9d1a-0018e7267783}]
\Shell\AutoRun\command - G:\setup.exe /autorun
\Shell\directx\command - g:\directx\dxsetup.exe
\Shell\setup\command - G:\setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:48]

2008-12-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-15 c:\windows\Tasks\Wireless Configuration Utility HW.job
- c:\progra~1\802~1.11W\80211G~1.00\WlanCU.exe [2006-11-19 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.jaswin.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2etrq3kc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jaswin.net
FF - plugin: c:\documents and settings\James\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-15 01:00:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
c:\windows\system32\searchindexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2008-12-15  1:11:01 - machine was rebooted [James]
ComboFix-quarantined-files.txt  2008-12-15 07:10:59
ComboFix2.txt  2008-12-14 21:49:09
ComboFix3.txt  2008-12-14 21:25:31
ComboFix4.txt  2008-12-14 21:16:13

Pre-Run: 217,082,511,360 bytes free
Post-Run: 216,968,536,064 bytes free

288   --- E O F ---   2008-12-12 08:04:24

Title: Issues
Post by: guestolo on December 15, 2008, 02:37:08 AM

Quote

After dealing with those and every other file that was infected I am still having the issue, and I need to access my SD card. It is not the SD card because I have tried other cards and they also do not work, I even tried another Card reader and I was able to access that, but Avast kept popping up and saying there was a virus in the autorun.inf file

Forgot all about that
Can you still do the following

==Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg

Save this file on the desktop
Ensure to copy from REGEDIT4 and down in the code box

 

Code: [Select]

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23dc2ce9-8668-11dc-9d1a-0018e7267783}]

Double click on fix.reg and allow to add/merge to the registry at the prompt
You can then delete fix.reg

download Flash_Disinfector  (http://\"http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe\") and save it to your desktop

• Double on Flash_Disinfector.exe  to run it. If you receive a prompt, please allow it.
     
  
• You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
• Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
• When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
     
  
• Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.
  

You will have to run this on each external flash card you have

[color=\"#4169E1\"]Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.[/color]

when completed, reboot the computer

See if that helps the situation with the SD cards

Title: Issues
Post by: Everlasting Death on December 15, 2008, 02:51:08 AM

in the reg file, are the J and K supposed to be my card reader drives? because J&K are image drives from nero, my card reader drives r F-I

Title: Issues
Post by: guestolo on December 15, 2008, 03:01:32 AM

What's your G: drive?
I'll redo the reg script, Not that it would do much harm

Title: Issues
Post by: Everlasting Death on December 15, 2008, 03:03:51 AM

im not sure which one is which other then H is the SD card because it's the only one I use, there is CF, MS, and SM drives; I am assuming G is the MS drive

Title: Issues
Post by: guestolo on December 15, 2008, 03:05:53 AM

Forget about fix.reg
Go ahead with Flash_Disinfector

Title: Issues
Post by: Everlasting Death on December 15, 2008, 03:08:22 AM

ok, well I did and no help...I had the SD card in and it was taking forever and so I took the SD card out and it immediately said done, I tried it a couple times

Title: Issues
Post by: guestolo on December 15, 2008, 03:18:30 AM

You may have to try it in safe mode
Are you sure the Card(s) aren't in the locked position
There may be a lock switch to put them into readonly statup

Title: Issues
Post by: Everlasting Death on December 15, 2008, 03:21:36 AM

no, they are not in lock position, how do I boot in safe mode?

Title: Issues
Post by: Everlasting Death on December 15, 2008, 10:37:52 AM

I cannot access the internet or get the flash disinfector to work still

Title: Issues
Post by: guestolo on December 15, 2008, 01:36:52 PM

Is it just the one SD card causing the freeze up, or any of them?

Can you run ComboFix on the computer again
I'll need to see it's new log later

You may have to reset Router again
Then do the following
Download
[color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\")
Save it to your desktop

Reboot your computer in Safe Mode by doing the following :

• Restart your computer
• After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
• Instead of Windows loading as normal, a menu with options should appear;
• Select the first option, to run Windows in Safe Mode, then press "Enter".
• Choose your usual account.

In Safe mode
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Go to START>>My Computer>>Double click to open the C:\ folder  

• Open the extracted SDFix folder and double click RunThis.bat to start the script.
  
• Type Y to begin the cleanup process.
  
• It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
• Press any Key and it will restart the PC.
• When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  
• Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
  

Post the report from SDFix and the log from ComboFix

Title: Issues
Post by: Everlasting Death on December 15, 2008, 05:01:49 PM

Here is the Combofix report, and when I try to boot in safe mode it goes to a black screen after choosing safe mode from the menu and has been like that for a good 30 min.

Quote

ComboFix 08-12-14.03 - James 2008-12-15 15:39:19.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1278.737 [GMT -6:00]
Running from: c:\documents and settings\James\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-11-15 to 2008-12-15  )))))))))))))))))))))))))))))))
.

2008-12-14 20:43 . 2008-12-14 23:14   <DIR>   d--------   c:\windows\BDOSCAN8
2008-12-14 15:40 . 2008-12-14 15:40   293   --a------   C:\boot2.ini
2008-12-14 13:56 . 2008-12-14 13:56   <DIR>   d--------   C:\rsit
2008-12-12 23:27 . 2002-07-17 08:05   16,512   --a------   c:\windows\system32\drivers\ASPI32.SYS
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   c:\program files\KAZAA
2008-12-12 03:05 . 2008-12-12 03:05   <DIR>   d--------   C:\My Downloads
2008-12-11 20:02 . 2008-12-11 20:02   0   --a------   c:\windows\QuickInstall.INI
2008-12-11 19:59 . 2008-12-12 15:21   <DIR>   d--------   c:\program files\palmOne
2008-12-11 19:59 . 2008-12-11 19:59   <DIR>   d--------   c:\documents and settings\All Users\Application Data\HotSync
2008-12-11 19:59 . 2008-12-11 19:58   53,248   --a------   c:\windows\PalmDevC.dll
2008-12-11 19:58 . 2008-12-11 19:58   <DIR>   d--------   c:\documents and settings\James\Application Data\HotSync
2008-12-11 19:27 . 2008-12-13 16:42   <DIR>   d--------   c:\program files\mp3towav
2008-12-11 19:27 . 1999-09-17 10:56   118,784   --a------   c:\windows\system32\mp3dec.dll
2008-12-11 19:27 . 2001-12-12 10:42   40,960   --a------   c:\windows\system32\MDec.ocx
2008-12-11 19:26 . 2008-12-11 19:26   83   --a------   C:\Mp3FE.m3u
2008-12-11 19:25 . 2004-08-03 16:49   17   --a------   c:\windows\system32\WINSPOOL.WIN
2008-12-11 07:31 . 2008-12-11 07:31   268   --ah-----   C:\sqmdata10.sqm
2008-12-11 07:31 . 2008-12-11 07:31   244   --ah-----   C:\sqmnoopt10.sqm
2008-12-11 07:28 . 2008-12-11 07:28   <DIR>   d--------   c:\documents and settings\All Users\Application Data\Ideazon
2008-12-11 07:27 . 2008-12-11 07:27   <DIR>   d--------   c:\program files\Ideazon
2008-12-11 07:27 . 2007-04-25 01:22   19,712   --a------   c:\windows\system32\drivers\gamingms.sys
2008-12-09 15:53 . 2008-12-09 15:54   1,191   --a------   c:\windows\psmplay.ini
2008-12-09 15:52 . 2008-12-09 15:53   <DIR>   d--------   c:\program files\PSM5
2008-12-09 15:45 . 2008-12-09 16:03   <DIR>   d--------   c:\program files\AmazingMIDI
2008-12-09 15:43 . 2003-04-03 12:00   544,768   --a------   c:\windows\system32\vsflex8n.ocx
2008-12-09 15:34 . 2008-12-09 15:34   <DIR>   d--------   C:\Aya Software
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\Common Files\AVSMedia
2008-12-09 15:31 . 2008-12-09 15:32   <DIR>   d--------   c:\program files\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\James\Application Data\AVS4YOU
2008-12-09 15:31 . 2008-12-09 15:31   <DIR>   d--------   c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-09 15:31 . 2006-03-03 10:02   658,432   --a------   c:\windows\system32\cc3270mt.dll
2008-12-09 15:25 . 2008-12-09 15:28   <DIR>   d--------   c:\documents and settings\James\Application Data\Ringtone
2008-12-08 11:50 . 2008-12-08 11:50   <DIR>   d--------   c:\documents and settings\James\Application Data\Leadertech
2008-12-08 11:50 . 2008-12-08 11:50   1,180   --a------   c:\windows\system32\ealregsnapshot1.reg
2008-12-08 11:38 . 2008-12-08 11:38   <DIR>   d--------   c:\program files\EA Games
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Real
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\xing shared
2008-12-07 15:05 . 2008-12-07 15:05   <DIR>   d--------   c:\program files\Common Files\Real
2008-12-07 15:01 . 2008-12-07 15:10   <DIR>   d--------   c:\program files\Moyea
2008-12-07 15:01 . 2008-12-07 15:01   <DIR>   d--------   c:\documents and settings\James\Application Data\Moyea
2008-12-01 15:00 . 2008-12-01 15:00   <DIR>   d--------   C:\.jagex_cache_32
2008-11-21 07:23 . 2008-12-10 13:45   <DIR>   d--------   c:\program files\Xfire
2008-11-21 07:23 . 2008-12-11 18:37   <DIR>   d--------   c:\documents and settings\James\Application Data\Xfire
2008-11-20 16:08 . 2008-12-08 13:47   183,112   --a------   c:\windows\system32\PnkBstrB.exe
2008-11-20 16:08 . 2008-12-08 13:47   138,184   --a------   c:\windows\system32\drivers\PnkBstrK.sys
2008-11-20 14:44 . 2008-11-20 14:44   42,320   --a------   c:\windows\system32\xfcodec.dll
2008-11-19 21:15 . 2008-11-19 21:15   682,280   --a------   c:\windows\system32\pbsvc.exe
2008-11-19 21:15 . 2008-11-20 16:08   66,872   --a------   c:\windows\system32\PnkBstrA.exe
2008-11-19 21:15 . 2008-11-19 21:15   22,328   --a------   c:\documents and settings\James\Application Data\PnkBstrK.sys
2008-11-19 21:08 . 2008-11-19 21:08   <DIR>   d--------   c:\program files\Activision
2008-11-18 17:56 . 2008-11-18 17:56   <DIR>   d--------   c:\program files\Ventrilo
2008-11-18 17:56 . 2008-11-18 17:56   262   --a------   c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-15 21:01   ---------   d-----w   c:\documents and settings\James\Application Data\uTorrent
2008-12-15 05:33   ---------   d-----w   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-15 01:46   ---------   d-----w   c:\program files\Mozilla Firefox 3 Beta 1
2008-12-15 00:54   31   ----a-w   c:\documents and settings\James\jagex_runescape_preferences.dat
2008-12-12 01:58   16,694   ----a-w   c:\windows\system32\drivers\PalmUSBD.sys
2008-12-11 13:46   ---------   d-----w   c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-11 13:27   ---------   d--h--w   c:\program files\InstallShield Installation Information
2008-12-08 21:10   ---------   d-----w   c:\documents and settings\James\Application Data\OpenOffice.org2
2008-11-18 23:55   ---------   d-----w   c:\program files\Common Files\Wise Installation Wizard
2008-11-10 03:43   ---------   d-----w   c:\program files\Bethesda Softworks
2008-11-10 03:43   ---------   d-----w   c:\documents and settings\All Users\Application Data\Fallout3
2008-11-04 01:41   ---------   d---a-w   c:\documents and settings\All Users\Application Data\TEMP
2008-10-25 14:58   ---------   d-----w   c:\program files\Malwarebytes' Anti-Malware
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\James\Application Data\Malwarebytes
2008-10-25 14:58   ---------   d-----w   c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-24 11:21   455,296   ----a-w   c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 12:36   286,720   ----a-w   c:\windows\system32\gdi32.dll
2008-10-23 02:19   ---------   d-----w   c:\program files\Microsoft Silverlight
2008-10-22 22:27   38,496   ----a-w   c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 22:27   15,504   ----a-w   c:\windows\system32\drivers\mbam.sys
2008-10-22 21:22   ---------   d-----w   c:\program files\3M
2008-10-22 21:22   ---------   d-----w   c:\documents and settings\James\Application Data\3M
2008-10-17 02:53   ---------   d-----w   c:\documents and settings\James\Application Data\Dev-Cpp
2008-10-16 20:38   826,368   ----a-w   c:\windows\system32\wininet.dll
2008-10-16 20:13   202,776   ----a-w   c:\windows\system32\wuweb.dll
2008-10-16 20:13   1,809,944   ----a-w   c:\windows\system32\wuaueng.dll
2008-10-16 20:12   561,688   ----a-w   c:\windows\system32\wuapi.dll
2008-10-16 20:12   323,608   ----a-w   c:\windows\system32\wucltui.dll
2008-10-16 20:09   92,696   ----a-w   c:\windows\system32\cdm.dll
2008-10-16 20:09   51,224   ----a-w   c:\windows\system32\wuauclt.exe
2008-10-16 20:09   43,544   ----a-w   c:\windows\system32\wups2.dll
2008-10-16 20:08   34,328   ----a-w   c:\windows\system32\wups.dll
2008-10-16 20:06   268,648   ----a-w   c:\windows\system32\mucltui.dll
2008-10-16 20:06   208,744   ----a-w   c:\windows\system32\muweb.dll
2008-10-03 10:02   247,326   ----a-w   c:\windows\system32\strmdll.dll
2008-09-30 22:43   1,286,152   ----a-w   c:\windows\system32\msxml4.dll
2008-09-15 12:12   1,846,400   ----a-w   c:\windows\system32\win32k.sys
2007-06-13 10:23   22,040   -c-h--w   c:\documents and settings\James\Application Data\aon.dat
2008-07-19 08:20   32,768   --sha-w   c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008071920080720\index.dat
.

(((((((((((((((((((((((((((((   snapshot@2008-12-14_15.15.35.46   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-14 20:07:02   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
+ 2008-12-15 00:51:46   315,392   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl.dll
- 2008-12-14 20:07:02   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 00:51:46   20,480   ----a-w   c:\windows\.jagex_cache_32\runescape\jogl_awt.dll
+ 2008-12-15 02:43:36   45,056   ----a-w   c:\windows\BDOSCAN8\avxdisk.dll
+ 2008-12-15 02:43:36   10,240   ----a-w   c:\windows\BDOSCAN8\avxs.dll
+ 2008-12-15 02:43:36   27,136   ----a-w   c:\windows\BDOSCAN8\avxt.dll
+ 2008-12-15 02:43:39   102,400   ----a-w   c:\windows\BDOSCAN8\bdcore.dll
+ 2008-01-09 21:01:48   118,784   ----a-w   c:\windows\BDOSCAN8\bdupd.dll
+ 2008-01-09 21:01:48   53,248   ----a-w   c:\windows\BDOSCAN8\ipsupd.dll
+ 2008-12-15 02:43:40   142,848   ----a-w   c:\windows\BDOSCAN8\libfn.dll
+ 2008-12-15 02:43:37   86,016   ----a-w   c:\windows\BDOSCAN8\librtvr.dll
+ 2008-01-09 21:01:48   53,248   ----a-w   c:\windows\bdoscandel.exe
+ 2008-01-09 21:01:48   118,784   ----a-w   c:\windows\Downloaded Program Files\bdupd.dll
+ 2008-01-09 21:01:48   53,248   ----a-w   c:\windows\Downloaded Program Files\ipsupd.dll
+ 2005-10-21 02:02:28   163,328   ----a-w   c:\windows\ERDNT\subs\ERDNT.EXE
+ 2008-12-15 19:58:14   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_350.dat
+ 2008-12-15 19:58:14   16,384   ----atw   c:\windows\temp\Perflib_Perfdata_73c.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Google Update"="c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-10-21 270128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Gaming Mouse"="c:\program files\Ideazon\Reaper Edge\Tray.exe" [2007-07-18 225280]
"Gaming Mouse Hid"="c:\program files\Ideazon\Reaper Edge\hid.exe" [2007-07-18 237568]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\James\Start Menu\Programs\Startup\
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
palmOne Registration.lnk - c:\program files\palmOne\register.exe [2005-09-19 2367488]
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2007-10-01 3450608]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HOTSYNCSHORTCUTNAME.lnk - c:\program files\palmOne\Hotsync.exe [2004-06-09 471040]
Post-itr Digital Notes.lnk - c:\program files\3M\PDNotes\PDNotes.exe [2006-03-21 6485528]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\\WINDOWS\\system32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"61951:TCP"= 61951:TCP:*:Disabled:SolidNetworkManager
"61951:UDP"= 61951:UDP:*:Disabled:SolidNetworkManager

R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\DRIVERS\SI3112r.sys [2005-06-01 97920]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-30 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-30 20560]
R2 SVKP;SVKP;\??\c:\windows\system32\SVKP.sys [2007-10-01 2368]
R2 WinDefend;Windows Defender;"c:\program files\Windows Defender\MsMpEng.exe" [2006-11-03 13592]
R3 GamingMsFltr;Ideazon Reaper Edge;c:\windows\system32\drivers\gamingms.sys [2008-12-11 19712]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [2007-11-07 472644]
S3 amdtools;AMD Special Tools Driver;c:\windows\system32\DRIVERS\AmdTools.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\c:\windows\System32\DRIVERS\ASPI32.sys [2008-12-12 16512]
S3 qcusbmdm;Qualcomm Proprietary USB Driver (PID 3197);c:\windows\system32\DRIVERS\qcusbmdm.sys [2007-10-17 59632]
S3 qcusbser;Qualcomm Diagnostic Port 3197;c:\windows\system32\DRIVERS\qcusbser.sys [2007-10-17 59632]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys []

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-02 21:48]

2008-12-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2008-12-15 c:\windows\Tasks\Wireless Configuration Utility HW.job
- c:\progra~1\802~1.11W\80211G~1.00\WlanCU.exe [2006-11-19 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://forum.jaswin.net/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
FF - ProfilePath - c:\documents and settings\James\Application Data\Mozilla\Firefox\Profiles\2etrq3kc.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jaswin.net
FF - plugin: c:\documents and settings\James\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npLegitCheckPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox 3 Beta 1\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-15 15:42:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySql]
"ImagePath"="c:/xampp/mysql/bin/mysqld-nt.exe"
.
Completion time: 2008-12-15 15:43:53
ComboFix-quarantined-files.txt  2008-12-15 21:43:40
ComboFix2.txt  2008-12-15 07:11:04
ComboFix3.txt  2008-12-14 21:49:09
ComboFix4.txt  2008-12-14 21:25:31
ComboFix5.txt  2008-12-15 21:39:05

Pre-Run: 216,982,634,496 bytes free
Post-Run: 216,973,045,760 bytes free

261   --- E O F ---   2008-12-12 08:04:24

Title: Issues
Post by: guestolo on December 15, 2008, 05:34:48 PM

Download gmer.zip from [color=\"#0000FF\"]here[/color] (http://\"http://www2.gmer.net/gmer.zip\"). Once downloaded, doubleclick on gmer.zip and unzip the file to its own folder.

before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan

When you have done this, doubleclick on Gmer.exe to run it.

Run a Scan,
When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

Title: Issues
Post by: Everlasting Death on December 15, 2008, 06:45:40 PM

Quote

GMER 1.0.14.14536 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-15 17:44:00
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwClose [0xA7404576]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwCreateKey [0xA7404432]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDeleteValueKey [0xA7404910]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwDuplicateObject [0xA740400A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenKey [0xA740450C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenProcess [0xA7403F4A]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwOpenThread [0xA7403FAE]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwQueryValueKey [0xA740462C]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwRestoreKey [0xA74045EC]
SSDT            \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)                         ZwSetValueKey [0xA740476C]

---- User code sections - GMER 1.0.14 ----

.text           C:\WINDOWS\system32\SearchIndexer.exe[1632] kernel32.dll!WriteFile                                            7C810E17 7 Bytes  JMP 00F21B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.14 ----

IAT             C:\WINDOWS\system32\services.exe[952] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW]  00380002
IAT             C:\WINDOWS\system32\services.exe[952] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW]        00380000

---- Devices - GMER 1.0.14 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                        aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                      aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                     aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                   aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\Fastfat \Fat                                                                                      aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

---- EOF - GMER 1.0.14 ----

Title: Issues
Post by: guestolo on December 15, 2008, 07:46:52 PM

Download and save to desktop
RegQuery.exe (http://\"http://rathat.geekstogo.com/Applications/RegQuery.exe\") by Novicate
Double click to run it
In the "Enter Key Name" field
Copy and Paste the following

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal

Then click on "Query"
A text file should open, can you copy and paste back here the contents please

Can you also post the whole contents of this file
C:\QooBox\ComboFix-quarantined-files.txt

Title: Issues
Post by: Everlasting Death on December 15, 2008, 09:35:53 PM

here is the regquery file

Quote

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]
@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]
@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]
@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]
@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]
@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]
@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]
@="Human Interface Devices"

and the combofix thing

Quote

2008-11-06 21:00:46 A-------     1,851,544 C:\Qoobox\Quarantine\C\DOCUME~1\James\LOCALS~1\Temp\install_flash_player.exe.vir
2008-12-13 08:11:24 A-------        73,738 C:\Qoobox\Quarantine\C\WINDOWS\msnguard.exe.vir
2008-12-13 16:35:06 A-------        88,586 C:\Qoobox\Quarantine\C\Documents and Settings\James\h.exe.vir
2008-12-14 15:11:50 A-------           452 C:\Qoobox\Quarantine\catchme.log
2008-12-14 15:14:56 A-------         7,659 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2008-12-14 15:15:35 A-------             0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-CFSServ.exe.reg.dat
2008-12-14 15:15:35 A-------             0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NDSTray.exe.reg.dat
2008-12-14 15:15:35 A-------             0 C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-TFncKy.reg.dat
2008-12-14 15:15:42 A-------           276 C:\Qoobox\Quarantine\Registry_backups\Notify-AtiExtEvent.reg.dat
2008-12-15 00:57:29 A-------           806 C:\Qoobox\Quarantine\Registry_backups\Legacy_NETSTATS.reg.dat
2008-12-15 00:57:29 A-------         2,790 C:\Qoobox\Quarantine\Registry_backups\Service_netstats.reg.dat

Thanks for all your help so far, but I think it may be getting worse...Before the only issue was the SD card wouldn't load and it would freeze when I tried to play a couple games. Now, my internet won't work, even after resetting the router, it will not boot in safemode, and it's all around slow with everything my computer does...I did however get it in safemode and ran the SDfix but after it restarted it came up with an error and never finished(It said it couldn't load some file, forgot exactly what it said)

I am gonna go ahead and do a system restore to a week before saturday and see if that makes a difference

nvm on the restore, said it couldn't do it because nothing had changed -.-

Title: Issues
Post by: guestolo on December 15, 2008, 10:31:12 PM

The error message from SDFix may have helped, it's important to post back any error messages

Can you go to the following folder
C:\SDFix

See if there is a report.txt in that folder, if so, post back the contents

Also, do you have any other SD Memory cards?
Have you tried putting into the computer?
Does the computer freeze?

Title: Issues
Post by: Everlasting Death on December 15, 2008, 10:33:08 PM

the error said: cannot load vdm ipx/spx support, I will check for the report file once I get the comp restarted...it's honestly taking forever

there was no report.txt file

Title: Issues
Post by: guestolo on December 15, 2008, 10:44:55 PM

I've seen a couple users with the same problem running SDFix
What they did, run it, the error message came up, but within 5 minutes the tool began to run
When they left it uninterrupted

Can you try that please

Also, I asked this
do you have any other SD Memory cards
and tried putting into the computer?
Does the computer freeze?

Title: Issues
Post by: Everlasting Death on December 15, 2008, 10:48:08 PM

I will try that, and the computer freezes with other SD cards, and I tried my CF card and it freezes also

Title: Issues
Post by: guestolo on December 15, 2008, 10:50:47 PM

When your inserting the SD Cards, does the computer freeze right away
Or when you try to open them through MyComputer?

Title: Issues
Post by: Everlasting Death on December 15, 2008, 10:56:34 PM

only when I try to open it through my computer

Title: Issues
Post by: guestolo on December 15, 2008, 11:04:50 PM

Do you still have Flash_Disinfector?

Title: Issues
Post by: Everlasting Death on December 15, 2008, 11:05:27 PM

yes, i do

Title: Issues
Post by: guestolo on December 15, 2008, 11:12:14 PM

Close down ALL open windows, this includes MyComputer

Ensure that Flash_Disinfector.exe is on your desktop

Right click on Avast icon by the clock and Stop On Access Protections

Insert one of your Flash cards into the computer
But DO NOT try to open it through my Computer
Leave all windows closed

    *  Double on Flash_Disinfector.exe to run it. If you receive a prompt, please allow it.
    *At the prompt to insert any Flash drives, just skip it, you already have one inserted
        * Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
    * When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
    * Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Let me know if that works

Title: Issues
Post by: Everlasting Death on December 15, 2008, 11:20:27 PM

I still have SDFix up and stalled...do u want me to exit and do Flash disinfecter?

Title: Issues
Post by: guestolo on December 15, 2008, 11:23:06 PM

See if SDFix will run to completion,
When we're running any of these tools they should be run uninterrupted from other tools and Security software

Title: Issues
Post by: Everlasting Death on December 15, 2008, 11:52:59 PM

here is the SDFix report, now I will do flash_disinfector

Quote

SDFix: Version 1.240
Run by James on Mon 12/15/2008 at 09:54 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\DOCUME~1\James\LOCALS~1\Temp\tmp21.tmp - Deleted





Removing Temp Files

ADS Check :
 


                                 Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2008-12-15 22:40:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Rapid PHP 2007\\rapidphp.exe"="C:\\Program Files\\Rapid PHP 2007\\rapidphp.exe:*:Enabled:Rapid PHP 2007"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe"="C:\\Program Files\\Mozilla Firefox 3 Beta 1\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\WINDOWS\\system32\\java.exe"="C:\\WINDOWS\\system32\\java.exe:*:Enabled:Java(tm) Platform SE binary"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"="C:\\Program Files\\SmartFTP Client\\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0"
"C:\\Program Files\\Ventrilo\\Ventrilo.exe"="C:\\Program Files\\Ventrilo\\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War(tm)"
"C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"="C:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe:*:Enabled:Call of Duty® - World at War(tm)"
"C:\\Program Files\\Java\\jre6\\bin\\java.exe"="C:\\Program Files\\Java\\jre6\\bin\\java.exe:*:Enabled:Java(tm) Platform SE binary"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 13 Apr 2008     1,695,232 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Sun 13 Apr 2008        60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Fri  9 Nov 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon  1 Oct 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!

Flash Disinfecter appears to have done nothing

Title: Issues
Post by: guestolo on December 16, 2008, 12:16:57 AM

Quote

Flash Disinfecter appears to have done nothing

What do you mean by that?

It won't be a long fix
What exactly did it do?

Title: Issues
Post by: Everlasting Death on December 16, 2008, 12:21:16 AM

it did it's process, I got the done screen, i hit ok and the SD still freezes

and looking on the SD card on another computer, there is no autorun.inf folder

also, I changed the DNS server and the internet is working now

Title: Issues
Post by: guestolo on December 16, 2008, 12:29:26 AM

Autorun.inf is a hidden folder, you would have to properly set Windows to show hidden files/folders
When you inserted the flash drive in another computer
Can you scan it with an updated virus scanner

Title: Issues
Post by: Everlasting Death on December 16, 2008, 12:38:48 AM

i have set it to show hidden files/folders and i can try to virus scan it, is avast ok?

Title: Issues
Post by: guestolo on December 16, 2008, 12:44:16 AM

You would have to set to hide hidden files/folders
and unhide Protected operating system files

Why not just scan the whole flash drive?
I'm not even sure what your doing right now
Which computer do you have this flash drive put in?

Scan it and get back to me

Title: Issues
Post by: Everlasting Death on December 16, 2008, 12:53:21 AM

I have the SD card in an external card reader in the infected computer and am scanning it currently with Avast, the internal card reader will freeze, but the external one will not. I can see the autorun.inf folder on my C drive but not on the SD card

Title: Issues
Post by: guestolo on December 16, 2008, 12:58:21 AM

Did you virus scan the whole flash drive?
What was the results??

Title: Issues
Post by: Everlasting Death on December 16, 2008, 01:00:44 AM

I did scan the whole thing, and it came up with nothing

Title: Issues
Post by: guestolo on December 16, 2008, 01:08:54 AM

Ensure that
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Now, with the Flash card in the external drive
Run Flash_Disinfector.exe again
Afterwards, when you open your Flash drive thru MyComputer
You should see the Auto.inf folder
Inside that folder, you should see a file created by Flash Disinfector, leave the folder/file alone
It will help from future infections
Remove that flash card, insert another and again run Flash_Disinfector

Besides the Autorun.inf folder we're creating, do you see any other files on the Flash drives with autorun.inf names?
Ensure to Scan each drive with Avast, ensure avast is right up to date

Title: Issues
Post by: Everlasting Death on December 16, 2008, 01:32:16 AM

both cards have the autorun.inf folder and no other autorun.inf files, and no viruses were picked up by avast

Title: Issues
Post by: guestolo on December 16, 2008, 01:34:17 AM

How long have you had Nero installed for Drive Image support?

Title: Issues
Post by: Everlasting Death on December 16, 2008, 01:43:39 AM

I've had it installed for quite a while, couple years or so, but only started using it within the past month. The drives are currently disabled.

Title: Issues
Post by: guestolo on December 16, 2008, 01:48:37 AM

Is that when the problem started with the Internal card reader?

Title: Issues
Post by: Everlasting Death on December 16, 2008, 01:52:56 AM

no, the problem started just a couple days ago after I got a new phone and installed the software, the reader worked a couple times and then it started freezing up

Title: Issues
Post by: guestolo on December 16, 2008, 01:56:16 AM

Which assigned letter in MyComputer is for your phone?

Also, if you insert a flash card in the Internal Reader and then go to MyComputer and RIGHT CLICK On the drive and select Explore, does it still lock up?

Title: Issues
Post by: Everlasting Death on December 16, 2008, 01:59:02 AM

my phone doesn't have a specific letter, I use the SD card to transfer files and stuff, so that would be H. I can't even right click without it locking up.

Title: Issues
Post by: guestolo on December 16, 2008, 02:01:15 AM

just for troubleshooting purposes, you may want to uninstall the software for the Phone
Reboot the computer and see if the Internal Reader works

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:09:57 AM

no change

Title: Issues
Post by: guestolo on December 16, 2008, 02:12:19 AM

If you go to Device Manager, do you see any problems?
Any yellow exclamation marks

Right click MyComputer>>Select PROPERTIES>>HARDWARE>>DEVICE MANAGER

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:14:14 AM

nope

the card reader is an Akasa all-in-one if that makes any difference...

Title: Issues
Post by: guestolo on December 16, 2008, 02:29:00 AM

Just for an update
Besides the Internal card reader, how is everything else running?

What is the exact make/model of computer?

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:30:22 AM

it takes longer then usual to boot up, and I custom built the PC

Title: Issues
Post by: guestolo on December 16, 2008, 02:34:35 AM

Can you do a clean boot of the computer

Here's the instructions:
http://support.microsoft.com/kb/310353 (http://\"http://support.microsoft.com/kb/310353\")
Follow
Method 2: Manually starting XP with a clean boot (advanced user only)

Do steps 1,2 and 3

Let me know if startup if faster

Also, try the Internal reader

Edit>>Also, disconnect any USB devices you don't need running on startup

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:47:18 AM

it wasn't faster, and the internal reader still freezes

Title: Issues
Post by: guestolo on December 16, 2008, 02:51:46 AM

Did the Internal card reader plug right onto the USB ports of the Motherboard
Did you have to install any special software with it?

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:53:09 AM

it plugged into the MB, yes, and I don't remember installing special software for it, I will look around for a CD

found the CD, I will try re-installing the drivers

Title: Issues
Post by: Everlasting Death on December 16, 2008, 12:26:54 PM

it didn't do anything /sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />

Title: Issues
Post by: guestolo on December 16, 2008, 12:46:13 PM

I'm not sure what's going on
You may have to try removing Usb controller devices and let them reinstall

First: Can I double check something
Right click on MyComputer>>Left click Properties
Select the Advanced tab>>Settings under Startup and Recovery
Click EDIT beside  "To edit startup file manually, select edit"

Do Not change anything in the file that opens
Give me the name of the text file, is it boot. ini? >>exact name please, I purposely put a space after boot. and before ini so I don't receive an error posting this message

Can you also copy/paste back here the whole contents of that text file
Remember, don't change anything in there

Title: Issues
Post by: Everlasting Death on December 16, 2008, 01:07:21 PM

it is boot .ini

Quote

[boot loader]
timeout=3
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Title: Issues
Post by: guestolo on December 16, 2008, 01:20:21 PM

Ok, try the following
Since it doesn't appear that it's any startup entries slowing your start time
Go back to Start>>Run>>msconfig

Hit ok
Under the General tab ensure Normal startup is selected
Apply and close, reboot the computer

back in Windows
Go into Windows Device manager....Ensure your computer name is highlighted at the top
Click on ACTION>>Scan for Hardware Changes
When done
Shut down
Start back up, any luck with the Internal card reader?

Title: Issues
Post by: Everlasting Death on December 16, 2008, 01:38:44 PM

no change

Title: Issues
Post by: guestolo on December 16, 2008, 01:42:06 PM

Since your use to getting into the inside of the computer
Can you shut down and remove the USB connection from the Internal card reader to motherboard
Leave it removed
Disconnect any other peripheals you have hooked to the computer also that you don't need to run the computer properly, such as your external card reader
Start back up, is it a quicker startup?

Don't reconnect the ICR yet

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:03:19 PM

yes it was quicker starting up

Title: Issues
Post by: guestolo on December 16, 2008, 02:27:38 PM

Do you know the exact model of the card reader
Does it need any special drivers?

If not, we'll try another step
Even if it does

Look in Device manager
Under Universal Serial bus controllers
See anything related to your Card reader?
Also look under SCSI and Raid controllers, not sure if you'll find anything there, but take a look

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:44:08 PM

It is an Akasa Allinone, it has a CD, but it doesn't have any special drivers

there is nothing there

Title: Issues
Post by: guestolo on December 16, 2008, 02:45:21 PM

Did you see my edit

Title: Issues
Post by: guestolo on December 16, 2008, 02:51:02 PM

I think you did see my edit
Try this, shut down, reconnect the Internal card reader to motherboard

Start back up
In device manager, Expand Universal Serial bus controllers

Starting at the top of the list under USB controllers
Right click and uninstall whatever you can
Don't reboot if prompted, just remove what you can from that list

Then shut down the computer
Disconnect again the Internal card reader to motherboard

Start the computer back up
XP should automatically reinstall USB controllers

Reboot a few times ensuring that the startup is ok

After that, shut down, reconnect Internal Card reader
Startup, XP should find and install the device

Restart after it has installed and see if you are back to slow startups again
Check device manager for any errors

Title: Issues
Post by: Everlasting Death on December 16, 2008, 02:51:44 PM

yes, and there is nothing there for the card reader, do u still want it disconnected? because it is

Title: Issues
Post by: guestolo on December 16, 2008, 02:52:32 PM

We're posting at the same time, check my last reply

Title: Issues
Post by: Everlasting Death on December 16, 2008, 03:03:00 PM

after reconnecting the icr it booted like normal and it actually worked /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> So, it would appear there are no more issues

tysm for your help /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Title: Issues
Post by: guestolo on December 16, 2008, 03:06:24 PM

Well, maybe it just needed a kick in the *ss,
Try rebooting a couple more times and check out the ICR and ensure it reads your SD's

We have some cleaning up to do on some tools we used
Don't delete anything yet, we'll do it in proper sequence

P.S. I'm off to the Gym, so I won't be back for a couple hours
Can you post one last final Hijackthis log please
Just to ensure it's clean

Title: Issues
Post by: Everlasting Death on December 16, 2008, 03:27:00 PM

alrighty rebooted 3 times and it all appears to be good

Quote

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:26:46 PM, on 12/16/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Ideazon\Reaper Edge\Tray.exe
C:\Program Files\Ideazon\Reaper Edge\hid.exe
C:\WINDOWS\system32\umonit.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.jaswin.net/ (http://\"http://forum.jaswin.net/\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 (http://\"http://go.microsoft.com/fwlink/?LinkId=54896\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 (http://\"http://go.microsoft.com/fwlink/?LinkId=69157\")
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Gaming Mouse] "C:\Program Files\Ideazon\Reaper Edge\Tray.exe"
O4 - HKLM\..\Run: [Gaming Mouse Hid] "C:\Program Files\Ideazon\Reaper Edge\hid.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Need for Speedâ„¢ Undercover Registration.lnk = C:\Program Files\EA Games\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: palmOne Registration.lnk = C:\Program Files\palmOne\register.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Post-it® Digital Notes.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.1and1.com/b2home/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.com/wizmodules/testgen/i...GenXInstall.cab (http://\"http://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab\")
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab (http://\"http://download.bitdefender.com/resources/scan8/oscan8.cab\")
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1191251896343 (http://\"http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1191251896343\")
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab (http://\"http://www.acclaim.com/cabs/acclaim_v8.cab\")
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (http://\"http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab\")
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (http://\"https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx\")
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab (http://\"http://cdn1.acclaimdownloads.com/solidstateion.cab\")
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.com/books/_Players/MathPlayer.cab (http://\"http://asp.mathxl.com/books/_Players/MathPlayer.cab\")
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3044CC7-01E0-49D5-A32B-723DE444F25D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - c:/xampp/mysql/bin/mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\EA Games\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11000 bytes

Title: Issues
Post by: guestolo on December 17, 2008, 01:53:54 PM

Sorry about the delay
Can you do the following

Delete RSIT.exe and it's folder C:\rsit
Delete Flash_Disinfector.exe on desktop, unless you haven't ran it on on your flash cards, thumb drives,etc...

Go to START>>RUN>>copy and paste the following to the Open field

ComboFix /u
Then hit OK, this will uninstall ComboFix and it's components

Download > [color=\"red\"]OTMoveIt3 [/color] (http://\"http://download.bleepingcomputer.com/oldtimer/OTMoveIt3.exe\") <[/url] by OldTimer.

• Save it to your desktop.
  
• Double-click OTMoveIt3.exe to run it.
  
• Click the Cleanup! button
  A list will be downloaded>>Allow it Internet access if prompted by your Firewall
  Don't change anything in this list
  
• Select Yes at the prompt
  Wait for the confirmation box to open to reboot the computer
  Don't mouseclick during the wait as you may cause the tool to stall
  
• Select Yes to reboot Now
  

NOTE: This procedure will also delete OTMoveit.exe from desktop

Uninstalling ComboFix would of also reset System Restore
Can you manually create a new restore point please
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a Restore Point

When that's done
Close down your browser windows
Access your Add and Remove Programs and remove older updates of Java
This includes
Javaâ„¢ 6 Update 4
Javaâ„¢ 6 Update 7

I suggest that you add SpywareBlaster to your protection software
SpywareBlaster  by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")  
At the link you can read more about it then continue with
Free Download on the right>>Continue Download at next page
Basically it

*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer

Select Manual updating when installing
After installation, Check for updates
After updating, select "Protection Status" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
or again, click on Protection Startus>>enable all protection

I see you have CCleaner installed
Can you run the Cleaner
Just to be on the safe side, I would take the time and change all online passwords
Eg.. Online banking, email, gaming, etc....

Title: Issues
Post by: Everlasting Death on December 17, 2008, 02:27:18 PM

all done /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> thank you so much for all your help /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Title: Issues
Post by: guestolo on December 17, 2008, 02:29:48 PM

Your welcome
I'll lock this topic as your problems appear resolved
Take care, Happy holidays  /smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />