Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0

    Buddylist Trojan. Completed sticky, am I clean?


    Also, would you like the uninstall list?
    Many a thanks


    Code:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:01:09 PM, on 6/7/2008
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal
    
    Running processes:
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\WINDOWS\SysWOW64\CTsvcCDA.exe
    C:\WINDOWS\SysWOW64\PnkBstrA.exe
    C:\WINDOWS\SOUNDMAN.EXE
    c:\program files (x86)\steam\steam.exe
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
    C:\WINDOWS\SysWOW64\CTXFISPI.EXE
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = =69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = =54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: gooochi browser optimizer - {ace42305-f36f-65fe-1790-cd0056d75654} - C:\WINDOWS\SysWow64\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (file missing)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files (x86)\PCPitstop\Optimize\PCPOptimize.exe" -boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
    O15 - ESC Trusted Zone: 
    O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - 
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - 
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - 
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - 
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - 
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - 
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - /files/driveragent.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
    
    --
    End of file - 7804 bytes
  2. #2
  3. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Let me see the Malwarebytes log,superantispyware log and the bitdefender log.

    Please do not use the code function when posting logs.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0
    **BITDEFENDER
    BitDefender Online Scanner
    Scan report generated at: Sun, Jun 08, 2008 - 04:39:29
    Scan path: A:\;C:\;D:\;E:\;

    Statistics

    Time
    06:59:18

    Files
    465172

    Folders
    7666

    Boot Sectors
    2

    Archives
    6479

    Packed Files
    9111




    Results

    Identified Viruses
    11

    Infected Files
    18

    Suspect Files
    1

    Warnings
    0

    Disinfected
    0

    Deleted Files
    19




    Engines Info

    Virus Definitions
    1256885

    Engine build
    AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

    Scan plugins
    16

    Archive plugins
    42

    Unpack plugins
    7

    E-mail plugins
    6

    System plugins
    5




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13269
    Infected with: Trojan.Generic.107114

    C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.13269
    Deleted

    C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.57082
    Infected with: Trojan.Agent.AFSZ

    C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.57082
    Deleted

    C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67991
    Detected with: Adware.CommAd.A

    C:\Documents and Settings\Administrator\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.67991
    Deleted

    C:\Program Files (x86)\Internet Explorer\lavumadev209.dll
    Infected with: Trojan.BHO.AW

    C:\Program Files (x86)\Internet Explorer\lavumadev209.dll
    Deleted

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210745.exe
    Detected with: Adware.CommAd.A

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210745.exe
    Deleted

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210748.dll
    Infected with: MemScan:Adware.Rotator.B

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210748.dll
    Deleted

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210749.dll
    Detected with: Adware.CommAd.A

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210749.dll
    Deleted

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210750.dll
    Infected with: Trojan.Generic.241118

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP92\A0210750.dll
    Deleted

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210760.dll
    Infected with: Trojan.BHO.AW

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210760.dll
    Deleted

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210771.dll
    Infected with: Trojan.BHO.AW

    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210771.dll
    Deleted

    C:\WINDOWS\system32\105772\dllsockt.exe
    Infected with: Generic.Zeno.0100E940

    C:\WINDOWS\system32\105772\dllsockt.exe
    Disinfection failed

    C:\WINDOWS\system32\105772\dllsockt.exe
    Deleted

    C:\WINDOWS\system32\btz\L3pars2.exe
    Infected with: Trojan.Downloader.Small.BUY

    C:\WINDOWS\system32\btz\L3pars2.exe
    Deleted

    C:\WINDOWS\system32\expo\mtcon66225.exe
    Detected with: Application.Generic.9344

    C:\WINDOWS\system32\expo\mtcon66225.exe
    Disinfection failed

    C:\WINDOWS\system32\expo\mtcon66225.exe
    Deleted

    C:\WINDOWS\system32\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
    Infected with: MemScan:Adware.Rotator.B

    C:\WINDOWS\system32\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
    Deleted

    C:\WINDOWS\system32\g58.exe=>(NSIS o)
    Update failed

    C:\WINDOWS\system32\vntiho18\vntiho182328.exe
    Infected with: Trojan.Generic.273323

    C:\WINDOWS\system32\vntiho18\vntiho182328.exe
    Deleted

    C:\WINDOWS\system32\xrem\imapIP95.exe
    Suspected of: Generic.Malware.dld!.E3CE2DE4

    C:\WINDOWS\system32\xrem\imapIP95.exe
    Disinfection failed

    C:\WINDOWS\system32\xrem\imapIP95.exe
    Deleted

    C:\WINDOWS\SysWOW64\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
    Infected with: MemScan:Adware.Rotator.B

    C:\WINDOWS\SysWOW64\g58.exe=>(NSIS o)=>lzma_solid_nsis0002
    Deleted

    C:\WINDOWS\SysWOW64\g58.exe=>(NSIS o)
    Update failed

    C:\WINDOWS\TEK76.exe
    Infected with: Trojan.BHO.AW

    C:\WINDOWS\TEK76.exe
    Deleted

    C:\WINDOWS\U3RldmUgS2Fycg\oal5xAo0mZIVw0.vbs
    Detected with: Adware.Isearch.D

    C:\WINDOWS\U3RldmUgS2Fycg\oal5xAo0mZIVw0.vbs
    Deleted




    **MALWAREBYTES LOG

    Malwarebytes' Anti-Malware 1.15
    Database version: 839

    9:10:45 PM 6/7/2008
    mbam-log-6-7-2008 (21-10-45).txt

    Scan type: Quick Scan
    Objects scanned: 31741
    Time elapsed: 1 minute(s), 39 second(s)

    Memory Processes Infected: 3
    Memory Modules Infected: 2
    Registry Keys Infected: 9
    Registry Values Infected: 4
    Registry Data Items Infected: 0
    Folders Infected: 1
    Files Infected: 25

    Memory Processes Infected:
    C:\WINDOWS\U3RldmUgS2Fycg\command.exe (AdWare.CommAd) -> Unloaded process successfully.
    C:\WINDOWS\Fonts\svchost.exe (Trojan.Agent) -> Unloaded process successfully.
    C:\WINDOWS\Fonts\svchost.exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:
    C:\WINDOWS\U3RldmUgS2Fycg\asappsrv.dll (AdWare.CommAd) -> Unloaded module successfully.
    C:\Program Files (x86)\NetMeeting\bidamivog66225.dll (Adware.TTC) -> Unloaded module successfully.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{98de257f-a74a-4362-8b7c-e7638d4fd847} (Adware.TTC) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98de257f-a74a-4362-8b7c-e7638d4fd847} (Adware.TTC) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdservice (AdWare.CommAd) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdservice (AdWare.CommAd) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
    \SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gooochi (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deewoo Network Manager (Adware.Radio) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Network Monitor (Trojan.Service) -> Quarantined and deleted successfully.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{98-8E-EF-F4-DW} (Adware.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{546e69ad-1c87-c080-ad7d-a952446630ec} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExploreUpdSched (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Host Process (Worm.IRCBot) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    C:\Documents and Settings\Default User\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.

    Files Infected:
    C:\WINDOWS\U3RldmUgS2Fycg\asappsrv.dll (AdWare.CommAd) -> Delete on reboot.
    C:\Program Files (x86)\NetMeeting\bidamivog66225.dll (Adware.TTC) -> Delete on reboot.
    C:\WINDOWS\U3RldmUgS2Fycg\command.exe (AdWare.CommAd) -> Quarantined and deleted successfully.
    c:\WINDOWS\SysWOW64\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll (Adware.TargetSaver) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\atmtd.dll._ (Adware.TargetSaver) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJDTMdd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rwwnw64d.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\_{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (Adware.Vapsup) -> Delete on reboot.
    C:\WINDOWS\17PHolmes1000106.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\17PHolmes1188.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Default User\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Deewoo.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\DW_Start.lnk (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\SysWOW64\pcntlkdm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg. (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\Fonts\svchost.exe (Worm.IRCBot) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnav32.ax (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\zxdnt3d.cfg (Malware.Trace) -> Quarantined and deleted successfully.


    **SUPERANTISPYWARE

    SUPERAntiSpyware Scan Log

    Generated 06/07/2008 at 09:31 PM

    Application Version : 4.15.1000

    Core Rules Database Version : 3477
    Trace Rules Database Version: 1468

    Scan type : Complete Scan
    Total Scan Time : 00:13:31

    Memory items scanned : 219
    Memory threats detected : 1
    Registry items scanned : 3937
    Registry threats detected : 22
    File items scanned : 6718
    File threats detected : 155

    Trojan.ZQuest
    C:\PROGRAM FILES (X86)\INTERNET EXPLORER\LAVUMADEV209.DLL
    C:\PROGRAM FILES (X86)\INTERNET EXPLORER\LAVUMADEV209.DLL
    HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E39B2630-589D-4113-B782-6F15EED91E67}
    HKCR\CLSID\{E39B2630-589D-4113-B782-6F15EED91E67}
    HKCR\CLSID\{E39B2630-589D-4113-B782-6F15EED91E67}\InProcServer32
    HKCR\CLSID\{E39B2630-589D-4113-B782-6F15EED91E67}\InProcServer32#ThreadingModel
    C:\PROGRAM FILES (X86)\INTERNET EXPLORER\LAVUMADEV.DLL

    Adware.Tracking Cookie
    C:\Documents and Settings\Administrator\Cookies\administrator@ehg-tigerdirect2.hitbox[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@banners.searchingbooth[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[3].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.adtrak[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@yadro[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ylwbook.findlinks.addresses[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@media6degrees[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.mommo[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@multiply.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[4].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[3].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.googleadservices[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@server.cpmstar[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.think-adz[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@interclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@counter13.sextracker[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@counter12.sextracker[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@blogforadults[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@findwhat[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.domainsuite[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.penis[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.warcraftmovies[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.mousesports[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@wildpornreview[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@clicknotes[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@counter14.sextracker[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@as1.falkag[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@hg1.hitbox[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@counter8.sextracker[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@cgm.adbureau[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ehg-tigerdirect2.hitbox[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[3].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@media.adrevolver[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@precisionclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.expotv[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.madisonavenue[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@elitewowgoldfarming[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@pornput[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.71i[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@msnaccountservices.112.2o7[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@toplist[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adopt.specificclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@googleadservices[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@****thebabysitter[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@banners.searchingbooth[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@imrworldwide[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@teensexmovs[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.revsci[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ehg-telecomitalia.hitbox[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.incgamers[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.warcraftmovies[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@crackle[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ehg-veohnetworksinc.hitbox[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@elitepvpers[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@enhance[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@bravenet[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adbrite[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@galleries.teensexmovs[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@associatedcontent.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ehg-groupernetworks.hitbox[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.flux[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tremor.adbureau[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@revsci[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@specificclick[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@edge.ru4[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@pornotube[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.burstnet[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@aimfar.solution.weborama[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.zanox[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tns-counter[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@clicksor[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@audit.median[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.k8l[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@weborama[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@click.zoopartners[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@rotator.adjuggler[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.elitepvpers[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@findlinks.addresses[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@crackserialkeygen[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@sextracker[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@divx.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@atwola[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.mediaengine[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@videoegg.adbureau[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@revenue[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ad.associatedcontent[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@sex.magicmovies[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.cooperhosting[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@dynamic.media.adrevolver[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.wowps[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@xxxcounter[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@clickarrows[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@r-kimedia.co[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@www.pstats[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@heavycom.122.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@wowwebstats[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.sup[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@anad.tacoda[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@anat.tacoda[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@ads.gamelink[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@network.realmedia[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@stat.youku[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@login.revenueloop[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@metacafe.122.2o7[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@promo.elitepvpers[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@eyewonder[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adserver.mmoga[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@adsby.zwoops[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@rocku.adbureau[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@kontera[2].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
    C:\Documents and Settings\Administrator\Cookies\administrator@hc2.humanclick[3].txt

    Trojan.NetMon/DNSChange
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NETWORK_MONITOR\0000#DeviceDesc

    Trojan.cmdService
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE#NextInstance
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Service
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Legacy
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ConfigFlags
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#Class
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#ClassGUID
    HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE\0000#DeviceDesc
  6. #4
  7. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Looks like those too out a lot. Problem is I do not know what effect the Advanced tools I use will have on a 64bit Windows so at this time I am reluctant to use them till I check with others on that.

    Here is a scan that will do no harm...

    Lets take a closer look at you system.

    Download Deckard's System Scanner. HERE

    1. Close all applications and windows.
    2. Double-click on dss.exe to run it, and follow the prompts.
    3. When the scan is complete, a text file will open - Main.txt
    4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of Main.txt in your thread here.
    5. A folder, C:\Deckard, will also open. In it will be another text file, Extra.txt.
    6. Attach Extra.txt to your post.

    Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

    What Deckard's System Scanner will do:

    * create a new System Restore point in Windows XP and Vista.
    * clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
    * check some important areas of your system and produce a report for your analyst to review. Deckard's System Scanner automatically runs HijackThis for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed.


    When you get the two notepad documents, click somewhere inside the notepad document and hold CTRL/Control and press A then C. This will "select all" and "copy" the text.

    Please post both of the logs.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0
    Main.txt

    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-06-08 18:51:57
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Backed up registry hives.
    Performed disk cleanup.



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:55:06 PM, on 6/8/2008
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\WINDOWS\SysWOW64\CTsvcCDA.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\CTXFIHLP.EXE
    C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
    C:\WINDOWS\SysWOW64\CTXFISPI.EXE
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\AIDWS5G8\dss[1].exe
    C:\PROGRA~2\TRENDM~1\HIJACK~1\Administrator.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = URL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = URL =69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = URL=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = URL =54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = URL =69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: gooochi browser optimizer - {ace42305-f36f-65fe-1790-cd0056d75654} - C:\WINDOWS\SysWow64\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (file missing)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files (x86)\PCPitstop\Optimize\PCPOptimize.exe" -boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
    O15 - ESC Trusted Zone: URL
    O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - URL
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - URL
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - URL
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - URL
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - URL
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - URL
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - URL
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - URL
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - URL
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - URL /files/driveragent.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

    --
    End of file - 7661 bytes

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
    R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
    R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
    R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
    R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
    R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
    R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
    R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
    R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
    R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
    R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
    R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
    R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
    R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
    R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
    R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
    R0 PxHlpa64 - c:\windows\system32\drivers\pxhlpa64.sys (file missing)
    R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys (file missing)
    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys (file missing)
    R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys (file missing)
    R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys (file missing)
    R0 SI3112r (ATI 4379 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys (file missing)
    R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys (file missing)
    R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
    R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
    R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
    R1 AmdK8 (AMD Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
    R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
    R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
    R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
    R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
    R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
    R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
    R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
    R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
    R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
    R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
    R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing)
    R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
    R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
    R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
    R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
    R1 Null - c:\windows\system32\drivers\null.sys (file missing)
    R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
    R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing)
    R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
    R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
    R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
    R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
    R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
    R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
    R2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing)
    R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
    R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
    R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing)
    R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
    R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
    R3 copperhd (Razer Copperhead Driver) - c:\windows\system32\drivers\copperhd.sys (file missing)
    R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing)
    R3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
    R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
    R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing)
    R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing)
    R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
    R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
    R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
    R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
    R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
    R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
    R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing)
    R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
    R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
    R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)
    R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
    R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
    R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
    R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
    R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
    R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing)
    R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
    R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
    R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
    R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
    R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
    R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
    R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
    R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
    R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
    R3 RTL8023x64 (Dynex DX-E102/E202 10/100Mb NDIS XP(x64) Driver) - c:\windows\system32\drivers\rtnic64.sys (file missing)
    R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
    R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
    R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
    R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
    R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
    R3 usbaudio (USB Audio Driver (WDM)) - c:\windows\system32\drivers\usbaudio.sys (file missing)
    R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
    R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
    R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
    R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
    R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
    R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
    R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
    R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

    S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
    S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
    S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcwdm64.sys (file missing)
    S3 AmdLLD64 (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld64.sys (file missing)
    S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
    S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
    S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing)
    S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing)
    S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing)
    S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing)
    S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing)
    S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing)
    S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
    S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing)
    S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
    S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
    S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
    S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
    S3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
    S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
    S3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
    S3 L8042mou (SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys (file missing)
    S3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
    S3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
    S3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
    S3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys (file missing)
    S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
    S3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
    S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
    S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
    S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
    S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
    S3 NwlnkFlt (IPX Traffic Filter Driver) - c:\windows\system32\drivers\nwlnkflt.sys (file missing)
    S3 NwlnkFwd (IPX Traffic Forwarder Driver) - c:\windows\system32\drivers\nwlnkfwd.sys (file missing)
    S3 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
    S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
    S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl39a64.sys (file missing)
    S3 RTL8169 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC NT Driver) - c:\windows\system32\drivers\rtl69a64.sys (file missing)
    S3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
    S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
    S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
    S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
    S3 TnIDriver - c:\docume~1\admini~1\locals~1\temp\tni2c.tmp (file missing)
    S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)
    S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
    S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
    S3 Wdf01000 - c:\windows\system32\drivers\wdf01000.sys (file missing)
    S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
    S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
    S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
    S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
    S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 CTAudSvcService (Creative Audio Service) - c:\program files (x86)\creative\shared files\ctaudsvc.exe
    R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing)
    R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
    R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)

    S2 spupdsvc (Windows Service Pack Installer update service) - c:\windows\system32\spupdsvc.exe (file missing)
    S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
    S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)
    S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
    S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
    S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing)
    S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
    S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
    S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
    S4 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
    S4 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
    S4 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
    S4 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
    S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)
    S4 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: Realtek AC'97 Audio
    Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
    Manufacturer: Realtek
    Name: Realtek AC'97 Audio
    PNP Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
    Service: ALCXWDM

    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ROOT\LEGACY_VGA\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_VGA\0000
    Service: vga


    -- Scheduled Tasks -------------------------------------------------------------

    2007-08-22 20:43:34 330 --ah---c- C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2008-05-08 and 2008-06-08 -----------------------------

    2008-06-07 21:47:26 0 d-------- C:\Program Files (x86)\Trend Micro
    2008-06-07 21:37:55 0 d-------- C:\WINDOWS\BDOSCAN8
    2008-06-07 21:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-07 21:16:39 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
    2008-06-07 21:16:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-06-07 21:08:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-06-07 21:08:13 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2008-06-07 21:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-07 21:03:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-06-07 20:59:19 0 d-------- C:\Program Files (x86)\CCleaner
    2008-06-07 20:02:57 0 d--hs---- C:\WINDOWS\U3RldmUgS2Fycg
    2008-06-07 20:02:57 401972 --a------ C:\WINDOWS\system32\g58.exe
    2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\xrem
    2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\inet2
    2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\expo
    2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\btz
    2008-06-07 20:02:50 0 d-------- C:\WINDOWS\system32\105772
    2008-06-07 20:02:49 0 d-------- C:\WINDOWS\system32\vntiho18
    2008-06-07 20:02:49 0 d-------- C:\Temp
    2008-06-07 19:56:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-07 19:56:31 0 d-------- C:\Fraps
    2008-06-07 19:30:27 0 d-------- C:\Program Files (x86)\Game Cam V2
    2008-06-01 22:53:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
    2008-06-01 19:56:35 0 d-------- C:\Program Files (x86)\Tortun
    2008-05-26 23:43:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
    2008-05-26 23:41:25 0 d-------- C:\Program Files (x86)\OpenOffice.org 2.4
    2008-05-26 23:40:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2008-05-12 20:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-12 20:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-05-12 20:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-05-12 20:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
    2008-05-12 20:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
    2008-05-12 20:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
    2008-05-12 20:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-12 03:44:49 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
    2008-05-12 03:44:49 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
    2008-05-12 03:44:48 0 d-------- C:\Program Files (x86)\Cheat Engine


    -- Find3M Report ---------------------------------------------------------------

    2008-06-08 15:27:50 0 d-------- C:\Program Files (x86)\Steam
    2008-06-07 22:23:17 0 d-------- C:\Program Files (x86)\World of Warcraft
    2008-06-07 21:16:24 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2008-06-07 12:25:16 0 d-------- C:\Program Files (x86)\Warcraft III
    2008-06-01 22:52:37 0 d-------- C:\Program Files (x86)\DivX
    2008-05-26 23:41:11 0 d-------- C:\Program Files (x86)\Java
    2008-05-03 23:10:37 0 d-------- C:\Program Files (x86)\Common Files\SupportSoft
    2008-05-03 23:10:33 0 d-------- C:\Program Files (x86)\CHARTER
    2008-04-28 14:42:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
    2008-03-16 21:52:15 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2008-03-16 21:52:15 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


    -- Registry Dump ---------------------------------------------------------------



    -- End of Deckard's System Scanner: finished at 2008-06-08 18:55:37 ------------


    Character limit restricts me from posting both Main & Extra in one post, so I will extend to two.
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0
    Extra.txt

    Deckard's System Scanner v20071014.68
    Extra logfile - please post this as an attachment with your post.
    --------------------------------------------------------------------------------

    -- System Information ----------------------------------------------------------

    Microsoft(R) Windows(R) XP Professional x64 Edition (build 3790) SP 2.0
    Architecture: X64; Language: English

    CPU 0: AMD Processor model unknown
    CPU 1: AMD Processor model unknown
    Percentage of Memory in Use: 19%
    Physical Memory (total/avail): 2047.27 MiB / 1639.11 MiB
    Pagefile Memory (total/avail): 4993.02 MiB / 4710.62 MiB
    Virtual Memory (total/avail): 4095.88 MiB / 3951.96 MiB

    A: is Removable (No Media)
    C: is Fixed (NTFS) - 233.75 GiB total, 103.3 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM (No Media)

    \\.\PHYSICALDRIVE0 - Maxtor 6 L250S0 SCSI Disk Device - 233.76 GiB - 1 partition
    \PARTITION0 (bootable) - Installable File System - 233.75 GiB - C:



    -- Security Center -------------------------------------------------------------

    Windows Internal Firewall is disabled.

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Authoriz edApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files (x86)\\MSN Messenger\\livecall.exe"="C:\\Program Files (x86)\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

    [HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Author izedApplications\List]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files (x86)\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files (x86)\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
    "C:\\Program Files (x86)\\Sierra\\FEAR\\FEAR.exe"="C:\\Program Files (x86)\\Sierra\\FEAR\\FEAR.exe:*:Enabled:FEAR"
    "C:\\Program Files (x86)\\Sierra\\FEAR\\FEARMP.exe"="C:\\Program Files (x86)\\Sierra\\FEAR\\FEARMP.exe:*:Enabled:FEAR"
    "C:\\Program Files (x86)\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"="C:\\Program Files (x86)\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe:*:Enabled:XR_3DA"
    "C:\\Program Files (x86)\\Steam\\SteamApps\\marik_ishtar893\\sin episodes emergence\\SinEpisodes.exe"="C:\\Program Files (x86)\\Steam\\SteamApps\\marik_ishtar893\\sin episodes emergence\\SinEpisodes.exe:*:Enabled:SinEpisodes"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files (x86)\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
    "C:\\Program Files (x86)\\MSN Messenger\\livecall.exe"="C:\\Program Files (x86)\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"


    -- Environment Variables -------------------------------------------------------

    ALLUSERSPROFILE=C:\Documents and Settings\All Users
    APPDATA=C:\Documents and Settings\Administrator\Application Data
    CLIENTNAME=Console
    CommonProgramFiles=C:\Program Files (x86)\Common Files
    CommonProgramFiles(x86)=C:\Program Files (x86)\Common Files
    CommonProgramW6432=C:\Program Files\Common Files
    COMPUTERNAME=KOALA-T
    ComSpec=C:\WINDOWS\system32\cmd.exe
    FP_NO_HOST_CHECK=NO
    HOMEDRIVE=C:
    HOMEPATH=\Documents and Settings\Administrator
    LOGONSERVER=\\KOALA-T
    NUMBER_OF_PROCESSORS=2
    OS=Windows_NT
    Path=C:\Program Files\Internet Explorer;;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM
    PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    PROCESSOR_ARCHITECTURE=x86
    PROCESSOR_ARCHITEW6432=AMD64
    PROCESSOR_IDENTIFIER=AMD64 Family 15 Model 35 Stepping 2, AuthenticAMD
    PROCESSOR_LEVEL=15
    PROCESSOR_REVISION=2302
    ProgramFiles=C:\Program Files (x86)
    ProgramFiles(x86)=C:\Program Files (x86)
    ProgramW6432=C:\Program Files
    PROMPT=$P$G
    SESSIONNAME=Console
    SystemDrive=C:
    SystemRoot=C:\WINDOWS
    TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
    USERDOMAIN=KOALA-T
    USERNAME=Administrator
    USERPROFILE=C:\Documents and Settings\Administrator
    windir=C:\WINDOWS


    -- User Profiles ---------------------------------------------------------------

    Administrator (admin)


    -- Add/Remove Programs ---------------------------------------------------------

    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    -->
    --> "C:\Program Files (x86)\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe" /remove /nolog/l0x0009
    --> "C:\Program Files (x86)\Creative Installation Information\CTCMSGO\Setup.exe" /remove /nolog/l0x0009
    --> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe" /remove /nolog/l0x0009
    --> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe" /remove /nolog/l0x0009
    --> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe" /remove /nolog/l0x0009
    --> "C:\Program Files (x86)\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe" /remove /nolog/l0x0009
    --> "C:\Program Files (x86)\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe" /remove /nolog/l0x0009
    --> "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Program\SETUP.EXE" /S /U /W
    --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
    --> MsiExec /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{84F573D3-0F71-4768-978A-D35310E3FBA6}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{888347B3-AEC5-4BB5-8BAB-781D72A57C73}\setup.exe" -l0x9 /remove
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9
    --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FBFF2411-D066-4D24-BCE0-893086009E1B}\setup.exe" -l0x9 /remove
    Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files (x86)\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
    Adobe Flash Player ActiveX --> C:\WINDOWS\SysWOW64\Macromed\Flash\uninstall_activeX.exe
    Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
    AGEIA PhysX v7.05.06 --> MsiExec.exe /X{82D8304F-73D7-4EE6-8472-D0684BAA2865}
    AMD Processor Driver --> C:\Program Files (x86)\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe -runfromtemp -l0x0009 -removeonly
    Beowulf TM -->
    Beowulf TM --> "C:\Program Files (x86)\InstallShield Installation Information\{477AB6F3-0907-4E90-ABC2-9525CC6AA356}\setup.exe" -runfromtemp -l0x0009 -removeonly
    Bioshock Demo --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7710
    BloodRayne 2 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{04CB9967-A8BB-468C-ABA6-CE87328712BE}\setup.exe" -l0x9
    Call of Duty(R) 4 - Modern Warfare(TM) -->
    Call of Duty(R) 4 - Modern Warfare(TM) --> C:\Program Files (x86)\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0409
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch -->
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch --> C:\Program Files (x86)\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
    CCleaner (remove only) --> "C:\Program Files (x86)\CCleaner\uninst.exe"
    Charter High Speed Internet Self-Installation Wizard --> MsiExec.exe /I{5AF8C46D-A141-4E69-9EB5-76A43ED29281}
    Cheat Engine 5.4 --> "C:\Program Files (x86)\Cheat Engine\unins000.exe"
    Clive Barker's Jericho --> "C:\Program Files (x86)\InstallShield Installation Information\{BE9A67F1-BDD3-4259-9F5C-2EFCE6B3A6C5}\Setup.exe" -runfromtemp -l0x0009 -removeonly
    Continuum 0.40 --> "C:\Program Files (x86)\Continuum\unins000.exe"
    Counter-Strike: Source --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/240
    Creative Audio Console --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
    Creative MediaSource 5 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\SETUP.EXE" -l0x9 /remove
    Creative Software AutoUpdate --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{88B1984E-36F0-47B8-B8DC-728966807A9C}\SETUP.EXE" -l0x9 /remove
    Creative System Information --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9 /remove
    Dark Messiah --> C:\Program Files (x86)\InstallShield Installation Information\{A8E2EF8F-73EF-4DD8-BB38-31FCCAF50103}\setup.exe -runfromtemp -l0x0009 -removeonly
    Dark Messiah Might and Magic Multi-Player --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/2130
    Dark Messiah Might and Magic Single Player --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/2100
    Day of Defeat --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/30
    Day of Defeat: Source --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/300
    DB Viewer 7.2.0661 --> C:\Program Files (x86)\xBaseView\uninst.exe
    DivX Codec --> C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
    DivX Converter --> C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
    DivX Player --> C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
    DivX Web Player --> C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
    Doom 3 -->
    Doom 3 -->
    Doom 3 --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{584267B8-0BB0-4D18-9FFA-726576619E9A} /l1033 /x
    Enclave --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8AC01A0D-42B6-4A55-AD7A-A545A7AE5364}\Setup.exe" -l0x9
    Enemy Territory: QUAKE Wars Demo --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/10010
    Enhancement Browser Tools Gooochi --> C:\WINDOWS\system32\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll-uninst.exe
    Fable - The Lost Chapters -->
    Fable - The Lost Chapters --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}
    FEAR --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2B653229-9854-4989-B780-D978F5F13EAB}\setup.exe" -l0x9 /zU -removeonly
    Fraps --> "C:\Fraps\uninstall.exe"
    GameSpy Arcade --> C:\PROGRA~2\GAMESP~1\UNWISE.EXE C:\PROGRA~2\GAMESP~1\INSTALL.LOG
    Garry's Mod --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
    Half-Life 2 --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220
    Half-Life 2: Episode One --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/380
    Hermit's Reticles 2 --> C:\Program Files (x86)\Hermit's Reticles 2\uninstall.exe
    HijackThis 2.0.2 --> "C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe" /uninstall
    Infernal Demo --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/7080
    Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 4 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
    Knights of The Temple II --> C:\PROGRA~2\PLAYLO~1\KOTT2\UNWISE.EXE C:\PROGRA~2\PLAYLO~1\KOTT2\INSTALL.LOG
    LimeWire 4.14.12 --> "C:\Program Files (x86)\LimeWire\uninstall.exe"
    Malwarebytes' Anti-Malware --> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 --> MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
    Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
    Oblivion --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
    Oblivion - Horse Armor Pack --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{3ABEBD00-299D-4DCA-967F-B912163AB5EA}\setup.exe" -l0x9 -removeonly
    Oblivion - Knights of the Nine --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{14C87AA7-08E6-419F-A165-998EBE5023D7}\setup.exe" -l0x9 -removeonly
    Oblivion - Mehrunes Razor --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EF295F5C-7B57-47AA-8889-6B3E8E214E89}\setup.exe" -l0x9 -removeonly
    Oblivion - Orrery --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{EC425CFC-EE78-4A91-AA25-3BFA65B75364}\setup.exe" -l0x9 -removeonly
    Oblivion - Spell Tomes --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{16D919E6-F019-4E15-BFBE-4A85EF19DA57}\setup.exe" -l0x9 -removeonly
    Oblivion - Thieves Den --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{FFFFFD17-B460-41EB-93F1-C48ABAD63828}\setup.exe" -l0x9 -removeonly
    Oblivion - Vile Lair --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}\setup.exe" -l0x9 -removeonly
    Oblivion - Wizard's Tower --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2F2E3D62-8B8C-448F-8900-451325E50948}\setup.exe" -l0x9 -removeonly
    OpenOffice.org 2.4 --> MsiExec.exe /I{F87A8E11-02A4-4875-A3A5-5961081B0E4E}
    Painkiller --> C:\WINDOWS\unvise32.exe C:\Program Files (x86)\DreamCatcher\Painkiller\uninstal.log
    PC Pitstop Optimize 1.5 --> "C:\Program Files (x86)\PCPitstop\Optimize\unins000.exe"
    PlayLinc --> MsiExec.exe /I{2158685C-E2B3-4026-B0A1-0FFE31837AFD}
    PowerDVD --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
    Prince of Persia T2T --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}\setup.exe" -l0x9 -removeonly
    Prince of Persia The Two Thrones -->
    Quake 4(TM) -->
    Quake 4(TM) --> C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{152B782A-05F3-48EC-9AAC-4D3EB68D9E20}
    Razer Copperhead --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{D6D5CFB3-7095-4073-B6B7-B7E909838C57}\setup.exe"
    Red Faction --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{47E6B460-04BA-4215-9F5D-3858BF920D07}\setup.exe" anything
    resident evil 4 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{E07F4F90-2BC6-4843-B62D-309D9170986E}\install.exe" -l0x9 -removeonly
    S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0003] --> "C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\unins000.exe"
    Security Update for Windows XP (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
    Serious Sam 2 --> C:\Program Files (x86)\Serious Sam 2\Bin\Uninstall.exe
    SiN Episodes: Emergence --> "C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/1300
    Sound Blaster X-Fi --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}\SETUP.EXE" -l0x9 /remove
    Steam --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
    SUPERAntiSpyware Free Edition --> MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
    System Requirements Lab --> C:\Program Files (x86)\SystemRequirementsLab\Uninstall.exe
    Tortun 0.76 --> "C:\Program Files (x86)\Tortun\unins000.exe"
    Tron 2.0 --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\Buena Vista Interactive\Tron 2.0\Setup.EXE" -l0x9
    Two Worlds --> C:\Program Files (x86)\InstallShield Installation Information\{D166F9A2-C6E5-4BB1-AD66-CD0F9953089F}\setup.exe -runfromtemp -l0x0009 -removeonly
    Ventrilo Client --> MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
    Warkeys 1.7.0.0b --> C:\Program Files (x86)\Warkeys\uninst.exe
    Will Rock --> RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{58DB5417-E1FF-4EF6-A93C-592D35F01E84}\setup.exe" -l0x9
    Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Media Video 9 Advanced Profile Codec --> rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wvc1dmo.inf,Uninstall
    WinRAR archiver --> C:\Program Files (x86)\WinRAR\uninstall.exe
    World of Warcraft --> C:\Program Files (x86)\Common Files\Blizzard Entertainment\World of Warcraft\Uninstall.exe
    WowAceUpdater --> rundll32.exe dfshim.dll,ShArpMaintain WowAceUpdater.application, Culture=neutral, PublicKeyToken=4d89fb8d52541cc9, processorArchitecture=msil
    Xfire (remove only) --> "C:\Program Files (x86)\Xfire\uninst.exe"


    -- Application Event Log -------------------------------------------------------

    No Errors/Warnings found.


    -- Security Event Log ----------------------------------------------------------

    No Errors/Warnings found.


    -- System Event Log ------------------------------------------------------------

    No Errors/Warnings found.


    -- End of Deckard's System Scanner: finished at 2008-06-08 18:55:37 ------------


    Thank you very much for your time!
  12. #7
  13. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    After checking things out lets bring out the big guns.


    Please download ComboFix by sUBs from HERE or HERE directly to your Desktop.


    Make sure any antivirus or protective software is disabled.
    Here is a tutorial for most programs.
    http://www.bleepingcomputer.com/forums/topic114351.html


    Go to -> Run -> copy/paste the following single line command in the runbox & click OK

    "%userprofile%\desktop\combofix.exe" /killall



    * ComboFix will automatically start. Any monitoring programs will be shut down like your antivirus, antispyware programs for example.
    * ComboFix may restart your computer, this is normal.
    * When finished, it will produce a log, ComboFix.txt.
    * Please post ComboFix.txt in your next reply along with a new HijackThis log.



    Notes:
    When starting ComboFix will cause your computer's internal speakers to produce two beeps, and during the start process display two warnings. These are intended to discourage people who are not getting help in the forum from just experimenting with tools they do not understand. Just to inform you so you will understand that the procedures are expected, and okay.

    ComboFix will also disable any screensaver settings made, so know that at some point when we complete repairs you will need to reset your screensaver

    Do not mouse-click Combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


    Post this log in your next reply together with a hijackthislog.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0
    The title of a window is called "Error - Win32 Only"

    "Incompatible OS. ComboFix only works for Windows 2000 and XP."

    This happens right after the initialization on starting it up.
  16. #9
  17. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs.


    Download Otmoveit2 by OldTimer to your desktop.

    Then click OTMoveIt2.exe to run it (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator").

    Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C, or right-click and choose Copy):



    C:\WINDOWS\U3RldmUgS2Fycg
    C:\WINDOWS\system32\g58.exe
    C:\WINDOWS\system32\xrem
    C:\WINDOWS\system32\inet2
    C:\WINDOWS\system32\expo
    C:\WINDOWS\system32\btz
    C:\WINDOWS\system32\105772
    C:\WINDOWS\system32\vntiho18
    Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window and select Paste. Then click the red MoveIt! button. A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder, in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose "Yes".

    -----------------------------

    Then Go HERE and download ATF cleaner. Close all open browsers, then click on the downloaded file to run it, and select "Select All", then click Empty Selected (and close ATF).

    If you have them, you can also click on Firefox/Opera at the top and repeat the steps (and close ATF). Firefox/Opera will need to be closed first for the cleaning to be effective.

    Go HERE for an online AV scan. Follow all prompts to Allow all ActiveX objects to install. If your AV alerts you while the scan installs ignore this - Panda's Active Scan method is often mistaken for infection activity. The scan suggests you can use another window and continue to browse, but please do not use the computer while the scan runs.

    When the scan completes do not click any of the disinfection links provided. Click the small "Export to:" button and save the log file to your desktop. Then copy the contents of that ActiveScan.txt file back here for review please.

    ----------------------------

    Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

    "%userprofile%\desktop\dss.exe" /config

    When the DSS Configuration display opens click the "Check All" button. Next, under Main Log, again uncheck the following:

    System Restore
    Temp Cleanup
    Process Modules

    Then under Extra Log, uncheck all the boxes.

    Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

    Once the scan has completed a textbox will appear - copy/paste those contents back here please (main.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

    Post that along with the OTMoveIt log and the Panda log please.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0
    C:\WINDOWS\U3RldmUgS2Fycg moved successfully.
    C:\WINDOWS\system32\g58.exe moved successfully.
    C:\WINDOWS\system32\xrem moved successfully.
    C:\WINDOWS\system32\inet2 moved successfully.
    C:\WINDOWS\system32\expo moved successfully.
    C:\WINDOWS\system32\btz moved successfully.
    C:\WINDOWS\system32\105772 moved successfully.
    C:\WINDOWS\system32\vntiho18 moved successfully.

    OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06092008_013924




    Deckard's System Scanner v20071014.68
    Run by Administrator on 2008-06-09 02:22:28
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------



    -- HijackThis (run as Administrator.exe) ---------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:22:28 AM, on 6/9/2008
    Platform: Windows 2003 SP2 (WinNT 5.02.3790)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    C:\WINDOWS\SysWOW64\CTsvcCDA.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
    C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Ventrilo\Ventrilo.exe
    C:\Documents and Settings\Administrator\Desktop\dss.exe
    C:\PROGRA~2\TRENDM~1\HIJACK~1\ADMINI~1.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tigerdirect.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: gooochi browser optimizer - {ace42305-f36f-65fe-1790-cd0056d75654} - C:\WINDOWS\SysWow64\{c2a5bb54-c406-c789-0605-0bafb5b2079c}.dll (file missing)
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [razer] "C:\Program Files (x86)\Razer\Copperhead\razerhid.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_04\bin\jusched.exe"
    O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files (x86)\PCPitstop\Optimize\PCPOptimize.exe" -boot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files (x86)\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
    O15 - ESC Trusted Zone: http://runonce.msn.com
    O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - https://install.charter.com/diskless/bin/ssctlsma.dll
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188223290093
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206068375765
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
    O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
    O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
    O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
    O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
    O23 - Service: Windows Service Pack Installer update service (spupdsvc) - Unknown owner - C:\WINDOWS\system32\spupdsvc.exe (file missing)
    O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

    --
    End of file - 7657 bytes

    -- File Associations -----------------------------------------------------------

    .cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*
    .reg - regfile - shell\open\command - regedit.exe "%1" %*
    .scr - scrfile - shell\open\command - "%1" %*


    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    R0 ACPI (Microsoft ACPI Driver) - c:\windows\system32\drivers\acpi.sys (file missing)
    R0 atapi (Standard IDE/ESDI Hard Disk Controller) - c:\windows\system32\drivers\atapi.sys (file missing)
    R0 crcdisk (CRC Disk Filter Driver) - c:\windows\system32\drivers\crcdisk.sys (file missing)
    R0 Disk (Disk Driver) - c:\windows\system32\drivers\disk.sys (file missing)
    R0 dmio (Logical Disk Manager Driver) - c:\windows\system32\drivers\dmio.sys (file missing)
    R0 dmload - c:\windows\system32\drivers\dmload.sys (file missing)
    R0 FltMgr - c:\windows\system32\drivers\fltmgr.sys (file missing)
    R0 Ftdisk (Volume Manager Driver) - c:\windows\system32\drivers\ftdisk.sys (file missing)
    R0 isapnp (PnP ISA/EISA Bus Driver) - c:\windows\system32\drivers\isapnp.sys (file missing)
    R0 KSecDD - c:\windows\system32\drivers\ksecdd.sys (file missing)
    R0 MountMgr (Mount Point Manager) - c:\windows\system32\drivers\mountmgr.sys (file missing)
    R0 Mup - c:\windows\system32\drivers\mup.sys (file missing)
    R0 NDIS (NDIS System Driver) - c:\windows\system32\drivers\ndis.sys (file missing)
    R0 PartMgr (Partition Manager) - c:\windows\system32\drivers\partmgr.sys (file missing)
    R0 PCI (PCI Bus Driver) - c:\windows\system32\drivers\pci.sys (file missing)
    R0 PCIIde - c:\windows\system32\drivers\pciide.sys (file missing)
    R0 PxHlpa64 - c:\windows\system32\drivers\pxhlpa64.sys (file missing)
    R0 sfdrv01 (StarForce Protection Environment Driver (version 1.x)) - c:\windows\system32\drivers\sfdrv01.sys (file missing)
    R0 sfhlp02 (StarForce Protection Helper Driver (version 2.x)) - c:\windows\system32\drivers\sfhlp02.sys (file missing)
    R0 sfsync02 (StarForce Protection Synchronization Driver (version 2.x)) - c:\windows\system32\drivers\sfsync02.sys (file missing)
    R0 sfvfs02 (StarForce Protection VFS Driver (version 2.x)) - c:\windows\system32\drivers\sfvfs02.sys (file missing)
    R0 SI3112r (ATI 4379 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys (file missing)
    R0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys (file missing)
    R0 sr (System Restore Filter Driver) - c:\windows\system32\drivers\sr.sys (file missing)
    R0 VolSnap (Storage volumes) - c:\windows\system32\drivers\volsnap.sys (file missing)
    R1 AFD - c:\windows\system32\drivers\afd.sys (file missing)
    R1 AmdK8 (AMD Processor Driver) - c:\windows\system32\drivers\amdk8.sys (file missing)
    R1 Beep - c:\windows\system32\drivers\beep.sys (file missing)
    R1 Cdrom (CD-ROM Driver) - c:\windows\system32\drivers\cdrom.sys (file missing)
    R1 Fips - c:\windows\system32\drivers\fips.sys (file missing)
    R1 i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) - c:\windows\system32\drivers\i8042prt.sys (file missing)
    R1 imapi (CD-Burning Filter Driver) - c:\windows\system32\drivers\imapi.sys (file missing)
    R1 IPSec (IPSEC driver) - c:\windows\system32\drivers\ipsec.sys (file missing)
    R1 Kbdclass (Keyboard Class Driver) - c:\windows\system32\drivers\kbdclass.sys (file missing)
    R1 kbdhid (Keyboard HID Driver) - c:\windows\system32\drivers\kbdhid.sys (file missing)
    R1 mnmdd - c:\windows\system32\drivers\mnmdd.sys (file missing)
    R1 Mouclass (Mouse Class Driver) - c:\windows\system32\drivers\mouclass.sys (file missing)
    R1 MRxSmb - c:\windows\system32\drivers\mrxsmb.sys (file missing)
    R1 Msfs - c:\windows\system32\drivers\msfs.sys (file missing)
    R1 NetBIOS (NetBIOS Interface) - c:\windows\system32\drivers\netbios.sys (file missing)
    R1 NetBT (NetBios over Tcpip) - c:\windows\system32\drivers\netbt.sys (file missing)
    R1 Npfs - c:\windows\system32\drivers\npfs.sys (file missing)
    R1 Null - c:\windows\system32\drivers\null.sys (file missing)
    R1 RasAcd (Remote Access Auto Connection Driver) - c:\windows\system32\drivers\rasacd.sys (file missing)
    R1 Rdbss - c:\windows\system32\drivers\rdbss.sys (file missing)
    R1 RDPCDD - c:\windows\system32\drivers\rdpcdd.sys (file missing)
    R1 redbook (Digital CD Audio Playback Filter Driver) - c:\windows\system32\drivers\redbook.sys (file missing)
    R1 Serial (Serial port driver) - c:\windows\system32\drivers\serial.sys (file missing)
    R1 Tcpip (TCP/IP Protocol Driver) - c:\windows\system32\drivers\tcpip.sys (file missing)
    R1 TermDD (Terminal Device Driver) - c:\windows\system32\drivers\termdd.sys (file missing)
    R1 VgaSave (VGA Display Controller.) - c:\windows\system32\drivers\vga.sys (file missing)
    R2 atksgt - c:\windows\system32\drivers\atksgt.sys (file missing)
    R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys (file missing)
    R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys (file missing)
    R2 lirsgt - c:\windows\system32\drivers\lirsgt.sys (file missing)
    R2 Secdrv (Security Driver) - c:\windows\system32\drivers\secdrv.sys (file missing)
    R3 audstub (Audio Stub Driver) - c:\windows\system32\drivers\audstub.sys (file missing)
    R3 copperhd (Razer Copperhead Driver) - c:\windows\system32\drivers\copperhd.sys (file missing)
    R3 CT20XUT.DLL - c:\windows\system32\ct20xut.dll (file missing)
    R3 ctac32k (Creative AC3 Software Decoder) - c:\windows\system32\drivers\ctac32k.sys (file missing)
    R3 ctaud2k (Creative Audio Driver (WDM)) - c:\windows\system32\drivers\ctaud2k.sys (file missing)
    R3 CTEXFIFX.DLL - c:\windows\system32\ctexfifx.dll (file missing)
    R3 CTHWIUT.DLL - c:\windows\system32\cthwiut.dll (file missing)
    R3 ctprxy2k (Creative Proxy Driver) - c:\windows\system32\drivers\ctprxy2k.sys (file missing)
    R3 ctsfm2k (Creative SoundFont Management Device Driver) - c:\windows\system32\drivers\ctsfm2k.sys (file missing)
    R3 emupia (E-mu Plug-in Architecture Driver) - c:\windows\system32\drivers\emupia2k.sys (file missing)
    R3 Fdc (Floppy Disk Controller Driver) - c:\windows\system32\drivers\fdc.sys (file missing)
    R3 Flpydisk (Floppy Disk Driver) - c:\windows\system32\drivers\flpydisk.sys (file missing)
    R3 Gpc (Generic Packet Classifier) - c:\windows\system32\drivers\msgpc.sys (file missing)
    R3 ha20x2k (Creative 20X HAL Driver) - c:\windows\system32\drivers\ha20x2k.sys (file missing)
    R3 HidUsb (Microsoft HID Class Driver) - c:\windows\system32\drivers\hidusb.sys (file missing)
    R3 kmixer (Microsoft Kernel Wave Audio Mixer) - c:\windows\system32\drivers\kmixer.sys (file missing)
    R3 ksthunk (Kernel Streaming WOW64 Thunk Service) - c:\windows\system32\drivers\ksthunk.sys (file missing)
    R3 L8042Kbd (SetPoint Keyboard Driver) - c:\windows\system32\drivers\l8042kbd.sys (file missing)
    R3 mouhid (Mouse HID Driver) - c:\windows\system32\drivers\mouhid.sys (file missing)
    R3 mssmbios (Microsoft System Management BIOS Driver) - c:\windows\system32\drivers\mssmbios.sys (file missing)
    R3 NdisTapi (Remote Access NDIS TAPI Driver) - c:\windows\system32\drivers\ndistapi.sys (file missing)
    R3 NdisWan (Remote Access NDIS WAN Driver) - c:\windows\system32\drivers\ndiswan.sys (file missing)
    R3 NDProxy (NDIS Proxy) - c:\windows\system32\drivers\ndproxy.sys (file missing)
    R3 nv - c:\windows\system32\drivers\nv4_mini.sys (file missing)
    R3 ossrv (Creative OS Services Driver) - c:\windows\system32\drivers\ctoss2k.sys (file missing)
    R3 Parport (Parallel port driver) - c:\windows\system32\drivers\parport.sys (file missing)
    R3 PptpMiniport (WAN Miniport (PPTP)) - c:\windows\system32\drivers\raspptp.sys (file missing)
    R3 PSched (QoS Packet Scheduler) - c:\windows\system32\drivers\psched.sys (file missing)
    R3 Ptilink (Direct Parallel Link Driver) - c:\windows\system32\drivers\ptilink.sys (file missing)
    R3 Rasl2tp (WAN Miniport (L2TP)) - c:\windows\system32\drivers\rasl2tp.sys (file missing)
    R3 RasPppoe (Remote Access PPPOE Driver) - c:\windows\system32\drivers\raspppoe.sys (file missing)
    R3 Raspti (Direct Parallel) - c:\windows\system32\drivers\raspti.sys (file missing)
    R3 rdpdr (Terminal Server Device Redirector Driver) - c:\windows\system32\drivers\rdpdr.sys (file missing)
    R3 RTL8023x64 (Dynex DX-E102/E202 10/100Mb NDIS XP(x64) Driver) - c:\windows\system32\drivers\rtnic64.sys (file missing)
    R3 serenum (Serenum Filter Driver) - c:\windows\system32\drivers\serenum.sys (file missing)
    R3 splitter (Microsoft Kernel Audio Splitter) - c:\windows\system32\drivers\splitter.sys (file missing)
    R3 Srv - c:\windows\system32\drivers\srv.sys (file missing)
    R3 swenum (Software Bus Driver) - c:\windows\system32\drivers\swenum.sys (file missing)
    R3 sysaudio (Microsoft Kernel System Audio Device) - c:\windows\system32\drivers\sysaudio.sys (file missing)
    R3 Update (Microcode Update Driver) - c:\windows\system32\drivers\update.sys (file missing)
    R3 usbaudio (USB Audio Driver (WDM)) - c:\windows\system32\drivers\usbaudio.sys (file missing)
    R3 usbccgp (Microsoft USB Generic Parent Driver) - c:\windows\system32\drivers\usbccgp.sys (file missing)
    R3 usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - c:\windows\system32\drivers\usbehci.sys (file missing)
    R3 usbhub (USB2 Enabled Hub) - c:\windows\system32\drivers\usbhub.sys (file missing)
    R3 usbohci (Microsoft USB Open Host Controller Miniport Driver) - c:\windows\system32\drivers\usbohci.sys (file missing)
    R3 Wanarp (Remote Access IP ARP Driver) - c:\windows\system32\drivers\wanarp.sys (file missing)
    R3 wdmaud (Microsoft WINMM WDM Audio Compatibility Driver) - c:\windows\system32\drivers\wdmaud.sys (file missing)
    R4 Cdfs - c:\windows\system32\drivers\cdfs.sys (file missing)
    R4 Ntfs - c:\windows\system32\drivers\ntfs.sys (file missing)

    S1 Sfloppy - c:\windows\system32\drivers\sfloppy.sys (file missing)
    S3 aec (Microsoft Kernel Acoustic Echo Canceller) - c:\windows\system32\drivers\aec.sys (file missing)
    S3 ALCXWDM (Service for Realtek AC97 Audio (WDM)) - c:\windows\system32\drivers\alcwdm64.sys (file missing)
    S3 AmdLLD64 (AMD Low Level Device Driver) - c:\windows\system32\drivers\amdlld64.sys (file missing)
    S3 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\asyncmac.sys (file missing)
    S3 Atmarpc (ATM ARP Client Protocol) - c:\windows\system32\drivers\atmarpc.sys (file missing)
    S3 COMMONFX.DLL - c:\windows\system32\commonfx.dll (file missing)
    S3 CTAUDFX.DLL - c:\windows\system32\ctaudfx.dll (file missing)
    S3 CTEAPSFX.DLL - c:\windows\system32\cteapsfx.dll (file missing)
    S3 CTEDSPFX.DLL - c:\windows\system32\ctedspfx.dll (file missing)
    S3 CTEDSPIO.DLL - c:\windows\system32\ctedspio.dll (file missing)
    S3 CTEDSPSY.DLL - c:\windows\system32\ctedspsy.dll (file missing)
    S3 CTERFXFX.DLL - c:\windows\system32\cterfxfx.dll (file missing)
    S3 CTSBLFX.DLL - c:\windows\system32\ctsblfx.dll (file missing)
    S3 HTTP - c:\windows\system32\drivers\http.sys (file missing)
    S3 Ip6Fw (IPv6 Windows Firewall Driver) - c:\windows\system32\drivers\ip6fw.sys (file missing)
    S3 IpFilterDriver (IP Traffic Filter Driver) - c:\windows\system32\drivers\ipfltdrv.sys (file missing)
    S3 IpInIp (IP in IP Tunnel Driver) - c:\windows\system32\drivers\ipinip.sys (file missing)
    S3 IpNat (IP Network Address Translator) - c:\windows\system32\drivers\ipnat.sys (file missing)
    S3 IRENUM (IR Enumerator Service) - c:\windows\system32\drivers\irenum.sys (file missing)
    S3 L8042mou (SetPoint PS/2 Mouse Filter Driver) - c:\windows\system32\drivers\l8042mou.sys (file missing)
    S3 LHidFilt (Logitech SetPoint KMDF HID Filter Driver) - c:\windows\system32\drivers\lhidfilt.sys (file missing)
    S3 LMouFilt (Logitech SetPoint KMDF Mouse Filter Driver) - c:\windows\system32\drivers\lmoufilt.sys (file missing)
    S3 LMouKE (SetPoint Mouse Filter Driver) - c:\windows\system32\drivers\lmouke.sys (file missing)
    S3 LUsbFilt (Logitech SetPoint KMDF USB Filter) - c:\windows\system32\drivers\lusbfilt.sys (file missing)
    S3 Modem - c:\windows\system32\drivers\modem.sys (file missing)
    S3 MRxDAV (WebDav Client Redirector) - c:\windows\system32\drivers\mrxdav.sys (file missing)
    S3 MSKSSRV (Microsoft Streaming Service Proxy) - c:\windows\system32\drivers\mskssrv.sys (file missing)
    S3 MSPCLOCK (Microsoft Streaming Clock Proxy) - c:\windows\system32\drivers\mspclock.sys (file missing)
    S3 MSPQM (Microsoft Streaming Quality Manager Proxy) - c:\windows\system32\drivers\mspqm.sys (file missing)
    S3 Ndisuio (NDIS Usermode I/O Protocol) - c:\windows\system32\drivers\ndisuio.sys (file missing)
    S3 NwlnkFlt (IPX Traffic Filter Driver) - c:\windows\system32\drivers\nwlnkflt.sys (file missing)
    S3 NwlnkFwd (IPX Traffic Forwarder Driver) - c:\windows\system32\drivers\nwlnkfwd.sys (file missing)
    S3 Processor (Processor Driver) - c:\windows\system32\drivers\processr.sys (file missing)
    S3 RDPWD - c:\windows\system32\drivers\rdpwd.sys (file missing)
    S3 rtl8139 (Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver) - c:\windows\system32\drivers\rtl39a64.sys (file missing)
    S3 RTL8169 (Realtek RTL8169/8110 Family Gigabit Ethernet NIC NT Driver) - c:\windows\system32\drivers\rtl69a64.sys (file missing)
    S3 swmidi (Microsoft Kernel GS Wavetable Synthesizer) - c:\windows\system32\drivers\swmidi.sys (file missing)
    S3 TDPIPE - c:\windows\system32\drivers\tdpipe.sys (file missing)
    S3 TDTCP - c:\windows\system32\drivers\tdtcp.sys (file missing)
    S3 TnIDriver - c:\docume~1\admini~1\locals~1\temp\tni2c.tmp (file missing)
    S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)
    S3 USBSTOR (USB Mass Storage Driver) - c:\windows\system32\drivers\usbstor.sys (file missing)
    S3 vga - c:\windows\system32\drivers\vgapnp.sys (file missing)
    S3 Wdf01000 - c:\windows\system32\drivers\wdf01000.sys (file missing)
    S4 ACPIEC - c:\windows\system32\drivers\acpiec.sys (file missing)
    S4 dmboot - c:\windows\system32\drivers\dmboot.sys (file missing)
    S4 Fastfat - c:\windows\system32\drivers\fastfat.sys (file missing)
    S4 Pcmcia - c:\windows\system32\drivers\pcmcia.sys (file missing)
    S4 Udfs - c:\windows\system32\drivers\udfs.sys (file missing)


    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

    R2 CTAudSvcService (Creative Audio Service) - c:\program files (x86)\creative\shared files\ctaudsvc.exe
    R2 NVSvc (NVIDIA Display Driver Service) - c:\windows\system32\nvsvc64.exe (file missing)
    R2 PlugPlay (Plug and Play) - c:\windows\system32\services.exe (file missing)
    R2 ProtectedStorage (Protected Storage) - c:\windows\system32\lsass.exe (file missing)

    S2 spupdsvc (Windows Service Pack Installer update service) - c:\windows\system32\spupdsvc.exe (file missing)
    S3 dmadmin (Logical Disk Manager Administrative Service) - c:\windows\system32\dmadmin.exe /com (file missing)
    S3 HTTPFilter (HTTP SSL) - c:\windows\system32\lsass.exe (file missing)
    S3 ImapiService (IMAPI CD-Burning COM Service) - c:\windows\system32\imapi.exe (file missing)
    S3 MSDTC (Distributed Transaction Coordinator) - c:\windows\system32\msdtc.exe (file missing)
    S3 NtLmSsp (NT LM Security Support Provider) - c:\windows\system32\lsass.exe (file missing)
    S3 RDSessMgr (Remote Desktop Help Session Manager) - c:\windows\system32\sessmgr.exe (file missing)
    S3 vds (Virtual Disk Service) - c:\windows\system32\vds.exe (file missing)
    S3 WmiApSrv (WMI Performance Adapter) - c:\windows\system32\wbem\wmiapsrv.exe (file missing)
    S4 Eventlog (Event Log) - c:\windows\system32\services.exe (file missing)
    S4 Netlogon (Net Logon) - c:\windows\system32\lsass.exe (file missing)
    S4 PolicyAgent (IPSEC Services) - c:\windows\system32\lsass.exe (file missing)
    S4 SamSs (Security Accounts Manager) - c:\windows\system32\lsass.exe (file missing)
    S4 TlntSvr (Telnet) - c:\windows\system32\tlntsvr.exe (file missing)
    S4 VSS (Volume Shadow Copy) - c:\windows\system32\vssvc.exe (file missing)


    -- Device Manager: Disabled ----------------------------------------------------

    Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
    Description: Realtek AC'97 Audio
    Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
    Manufacturer: Realtek
    Name: Realtek AC'97 Audio
    PNP Device ID: PCI\VEN_1002&DEV_4370&SUBSYS_71511462&REV_02\3&267A616A&0&A5
    Service: ALCXWDM

    Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
    Description:
    Device ID: ROOT\LEGACY_VGA\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\LEGACY_VGA\0000
    Service: vga


    -- Scheduled Tasks -------------------------------------------------------------

    2007-08-22 20:43:34 330 --ah---c- C:\WINDOWS\Tasks\MP Scheduled Scan.job


    -- Files created between 2008-05-09 and 2008-06-09 -----------------------------

    2008-06-09 01:33:23 0 d-------- C:\WINDOWS\LastGood
    2008-06-08 23:47:32 169 --a------ C:\Start_.cmd
    2008-06-07 21:47:26 0 d-------- C:\Program Files (x86)\Trend Micro
    2008-06-07 21:37:55 0 d-------- C:\WINDOWS\BDOSCAN8
    2008-06-07 21:16:48 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-06-07 21:16:39 0 d-------- C:\Program Files (x86)\SUPERAntiSpyware
    2008-06-07 21:16:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    2008-06-07 21:08:15 0 d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    2008-06-07 21:08:13 0 d-------- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2008-06-07 21:08:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-06-07 21:03:36 0 dr-h----- C:\Documents and Settings\Administrator\Recent
    2008-06-07 20:59:19 0 d-------- C:\Program Files (x86)\CCleaner
    2008-06-07 20:02:49 0 d-------- C:\Temp
    2008-06-07 19:56:33 0 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
    2008-06-07 19:56:31 0 d-------- C:\Fraps
    2008-06-07 19:30:27 0 d-------- C:\Program Files (x86)\Game Cam V2
    2008-06-01 22:53:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\DivX
    2008-06-01 19:56:35 0 d-------- C:\Program Files (x86)\Tortun
    2008-05-26 23:43:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
    2008-05-26 23:41:25 0 d-------- C:\Program Files (x86)\OpenOffice.org 2.4
    2008-05-26 23:40:26 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
    2008-05-12 20:53:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
    2008-05-12 20:50:16 196608 --a------ C:\WINDOWS\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
    2008-05-12 20:50:16 81920 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
    2008-05-12 20:50:08 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
    2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX>
    2008-05-12 20:50:08 831488 --a------ C:\WINDOWS\system32\divx_xx0a.dll
    2008-05-12 20:50:08 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX>
    2008-05-12 20:50:06 682496 --a------ C:\WINDOWS\system32\DivX.dll <Not Verified; DivX, Inc.; DivX>
    2008-05-12 20:49:02 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
    2008-05-12 03:44:49 1970176 --a------ C:\WINDOWS\system32\d3dx9.dll
    2008-05-12 03:44:49 679936 --a------ C:\WINDOWS\system32\D3DX81ab.dll <Not Verified; Generated by JEDI; D3DX81>
    2008-05-12 03:44:48 0 d-------- C:\Program Files (x86)\Cheat Engine


    -- Find3M Report ---------------------------------------------------------------

    2008-06-08 22:45:22 0 d-------- C:\Program Files (x86)\Steam
    2008-06-07 22:23:17 0 d-------- C:\Program Files (x86)\World of Warcraft
    2008-06-07 21:16:24 0 d-------- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2008-06-07 12:25:16 0 d-------- C:\Program Files (x86)\Warcraft III
    2008-06-01 22:52:37 0 d-------- C:\Program Files (x86)\DivX
    2008-05-26 23:41:11 0 d-------- C:\Program Files (x86)\Java
    2008-05-03 23:10:37 0 d-------- C:\Program Files (x86)\Common Files\SupportSoft
    2008-05-03 23:10:33 0 d-------- C:\Program Files (x86)\CHARTER
    2008-04-28 14:42:39 0 d-------- C:\Documents and Settings\Administrator\Application Data\LimeWire
    2008-03-16 21:52:15 413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
    2008-03-16 21:52:15 110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>


    -- Registry Dump ---------------------------------------------------------------



    -- End of Deckard's System Scanner: finished at 2008-06-09 02:22:43 ------------




    I am getting operating system errors with both ComboFix and the AV scan. I am currently running Windows XP Professional - 64 bit.
  20. #11
  21. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    Delete combofix. Seems the AV scan is not 64bit ready yet.

    Let me do some more research.

    While Wait lets fix those file associations.

    Please run Deckards System Scanner again, as follows:

    Go to Start > Run, and copy/paste the following in the Open box:

    "%userprofile%\desktop\dss.exe" /daft

    * Read the disclaimer and click OK.
    * Next, click Scan
    * Place a checkmark next to the entries displayed.
    * Click on Fix to restore the default file associations.

    Now, do another scan with DAFT
    This time it should say: All associations OK!.
    Last edited by Porthos; June 9th, 2008 at 04:47 AM.
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  22. #12
  23. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    This scan says 64bit ready

    Nod32 Online Scanner (Win 98/ME/NT 4.0/2000/XP/Vista)

    * 64 bit versions of Windows are supported.
    * The scan report is saved by default in C:\Program Files\EsetOnlineScanner\log.txt


    Lets run THIS online scanner. You will need to use Internet Explorer for this scan and accept the ActiveX control.


    You will get a screen like this, Check mark both boxes.



    And grab a snack.

    Post the log from C:\Program Files\EsetOnlineScanner\log.txt
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0
    Originally Posted by Porthos
    Now, do another scan with DAFT
    This time it should say: All associations OK!.
    There's something that remains regardless of scanning (so I do not see "All associations OK"):

    .cp cplfile shell\runas\command %SystemRoot%\SysWow64\rundll32.exe Shell32.dll,Control_RunDLLAsUser "%1",%*


    Eset log:

    # version=4
    # OnlineScanner.ocx=1.0.0.56
    # OnlineScannerDLLA.dll=1, 0, 0, 51
    # OnlineScannerDLLW.dll=1, 0, 0, 51
    # OnlineScannerUninstaller.exe=1, 0, 0, 49
    # vers_standard_module=3169 (20080609)
    # vers_arch_module=1.064 (20080214)
    # vers_adv_heur_module=1.064 (20070717)
    # EOSSerial=c977fb4c5cc713458e93bedd9578165c
    # end=finished
    # remove_checked=true
    # unwanted_checked=true
    # utc_time=2008-06-09 08:07:16
    # local_time=2008-06-09 03:07:16 (-0600, Central Daylight Time)
    # country="United States"
    # osver=5.2.3790 NT Service Pack 2
    # scanned=469156
    # found=7
    # scan_time=7808
    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210773.exe Win32/Adware.ZenoSearch application (unable to clean - deleted) 00000000000000000000000000000000
    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210774.exe Win32/TrojanDownloader.Small.BUY trojan (unable to clean - deleted) 00000000000000000000000000000000
    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210776.exe Win32/TrojanDownloader.VB.AWJ trojan (unable to clean - deleted) 00000000000000000000000000000000
    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210777.exe Win32/TrojanDownloader.Agent.NZJ trojan (unable to clean - deleted) 00000000000000000000000000000000
    C:\System Volume Information\_restore{1FBC4959-1CB6-4998-BF93-5D400E9E4D45}\RP93\A0210778.exe Win32/Adware.ZQuest application (unable to clean - deleted) 00000000000000000000000000000000
    C:\_OTMoveIt\MovedFiles\06092008_013924\WINDOWS\system32\g58.exe Win32/Adware.GooochiBiz application (deleted) 00000000000000000000000000000000
    C:\_OTMoveIt\MovedFiles\06092008_013924\WINDOWS\system32\g58.exe NSIS Win32/Adware.GooochiBiz application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
  26. #14
  27. Malware Warrior /AV forum Mod
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Nov 2006
    Location
    San Antonio Tx
    Posts
    2,325
    Rep Power
    1140
    The eset log was good only things found were in restore which will be fixed later and the stuff in the otmove it quarantined folder

    There's something that remains regardless of scanning (so I do not see "All associations OK"):

    .cp cplfile shell\runas\command %SystemRoot%\SysWow64\rundll32.exe Shell32.dll,Control_RunDLLAsUser "%1",%*
    This could be a 64bit glitch. Will do some checking.

    How are things running now??
    Neera: The wraith will not allow us to escape.
    Sheppard: Yeah, well I try not to let them tell me what I can and can't do.
    Neera: You do not fear them?
    Sheppard: The wraith, nah. Now clowns that's another story. They scare the crap out of me.

  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2008
    Posts
    16
    Rep Power
    0
    Originally Posted by Porthos
    The eset log was good only things found were in restore which will be fixed later and the stuff in the otmove it quarantined folder



    How are things running now??

    Do you mean you want me to do a system restore?

    Things are running at a better rate, still not so sure I'm running at full speed though. Definitely

    Thanks a lot for the help so far, by the way .
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo