Msiexec.exe is Infected!!!

xblade12100

Offline

Posts: 93

« on: February 08, 2008, 22:21:34 »

Hey, for some reason my msiexec.exe is infected and every 30 minutes or so, My computer restarts and here is my HijackThislog!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09:36 PM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: GigaSize Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8677 bytes
Angry

Thanx


	Logged

Ruby

Authorized Users

Offline

Posts: 1066

Re: Msiexec.exe is Infected!!!

« Reply #1 on: February 09, 2008, 04:15:02 »

Hello xblade12100

how long do you have these problems?
Did you already try to restore your system to a previous state?

Quote

Note: the first thing you could do to get rid of malware under Windows XP is: restore your operating system to a previous state - have a look here:

1.   Log on to Windows as Administrator.
2.   Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. System Restore starts.
3.   On the Welcome to System Restore page, click Restore my computer to an earlier time (if it is not already selected), and then click Next.
4.   On the Select a Restore Point page, click the most recent system checkpoint in the On this list, click a restore point list, and then click Next. A System Restore message may appear that lists configuration changes that System Restore will make. Click OK.
5.   On the Confirm Restore Point Selection page, click Next. System Restore restores the previous Windows XP configuration, and then restarts the computer.
6.   Log on to the computer as Administrator. The System Restore Restoration Complete page appears.
7.   Click OK.

Your HijackThis Logfile doesn't show up enough information to find out what's wrong with your machine.

Please read these instructions carefully and print them out!
Be sure to follow ALL instructions!
Follow the steps.

Step 1
Make sure you set windows to see the hidden files and folders

Step 2
Please download the hjtscanlist.zip

Unzip it to your desktop
- Run it, chose: X
- Chose 1 > [Enter]
- Notepad will open, copy&paste the contents of this new text file to your thread

Step 3
Please go on, download the Deckard's System Scan (DSS) and save it to your desktop.
Note: You must work in administrator account.

Please shut down ALL applications and windows

Double-click onto the dss.exe to start it and follow the prompts.

When the scan is finished two textfiles will open-main.txt <- you will see it maximised and
extra.txt <- you will see it as a minimized file

Copy and post both the contents of main.txt and extra.txt into your next answer.

Step 4
Please visit the http://secunia.com/software_inspector

Click onto the button "Start Now"

Scan your system

Post back the results of this scan.

Please make us see all logfiles.


	Logged

xblade12100

Offline

Posts: 93

Re: Msiexec.exe is Infected!!!

« Reply #2 on: February 09, 2008, 05:37:02 »

well If you want more Info, Here is a Combofix Log and I will run those test's soon

ComboFix 08-02.05.3 - Jim 2008-02-08 17:42:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.400 [GMT -5:00]
Running from: C:\Documents and Settings\Jim\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Jim\Application Data\inst.exe
C:\WINDOWS\install.exe
C:\WINDOWS\system32\_000228_.tmp.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\system32\winsys.exe

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Created from 2008-01-08 to 2008-02-08 )))))))))))))))))))))))))))))))
.

2008-02-08 17:29 . 2008-02-08 17:29   <DIR>   d--------   C:\Deckard
2008-02-07 10:58 . 2003-03-13 12:51   51,200   --a------   C:\WINDOWS\system32\camcodec.dll
2008-02-07 10:58 . 2003-03-13 12:51   1,461   --a------   C:\WINDOWS\system32\drivers\camcodec.inf
2008-02-05 16:43 . 2008-02-05 16:43   <DIR>   d--------   C:\Program Files\Trend Micro
2008-02-03 11:03 . 2008-02-03 11:03   <DIR>   d--------   C:\Program Files\AVSMedia
2008-02-03 09:51 . 2008-02-08 16:57   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-02-03 09:51 . 2008-02-03 09:51   1,409   --a------   C:\WINDOWS\QTFont.for
2008-02-02 09:49 . 2008-02-02 09:49   <DIR>   d--------   C:\Program Files\Microsoft Windows OneCare Live
2008-02-01 09:48 . 2008-02-01 09:49   <DIR>   d--------   C:\Program Files\Common Files\xing shared
2008-01-31 23:03 . 2008-02-05 20:34   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Search Settings
2008-01-31 22:37 . 2008-01-31 22:37   <DIR>   d--------   C:\Program Files\Common Files\SWF Studio
2008-01-31 22:36 . 2008-01-31 22:40   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Dealio
2008-01-31 20:21 . 2008-01-31 20:21   <DIR>   d--------   C:\SICKO
2008-01-30 16:04 . 2008-02-08 17:01   2,218   --a------   C:\rollback.ini
2008-01-30 15:44 . 2007-11-14 16:05   1,086,952   --a------   C:\WINDOWS\system32\zpeng24.dll
2008-01-29 19:48 . 2008-01-29 19:48   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\MailFrontier
2008-01-29 19:43 . 2008-02-08 10:54   11,484,960   --ahs----   C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-29 19:43 . 2008-02-07 21:00   98,564   --ahs----   C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-29 19:37 . 2008-01-29 20:29   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-29 19:36 . 2007-11-14 16:05   75,248   --a------   C:\WINDOWS\zllsputility.exe
2008-01-29 19:35 . 2008-02-07 12:41   <DIR>   d--------   C:\WINDOWS\system32\ZoneLabs
2008-01-29 19:35 . 2008-01-29 19:35   <DIR>   d--------   C:\Program Files\Zone Labs
2008-01-29 19:35 . 2008-02-08 16:47   355,090   --a------   C:\WINDOWS\system32\vsconfig.xml
2008-01-28 17:53 . 2008-01-31 23:23   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Vso
2008-01-28 17:53 . 2008-01-28 17:53   47,360   --a------   C:\WINDOWS\system32\drivers\pcouffin.sys
2008-01-28 17:53 . 2008-01-31 23:23   47,360   --a------   C:\Documents and Settings\Jim\Application Data\pcouffin.sys
2008-01-22 19:46 . 2008-01-28 17:44   <DIR>   d--------   C:\Documents and Settings\Jim\dwhelper
2008-01-20 17:44 . 2008-01-20 17:44   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\MozillaControl
2008-01-20 16:27 . 2008-01-21 18:09   <DIR>   d--------   C:\Program Files\Opera
2008-01-19 22:36 . 2008-02-05 20:38   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\SiteAdvisor
2008-01-19 22:36 . 2008-01-19 22:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-19 22:36 . 2008-01-19 22:36   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-19 22:17 . 2007-12-04 08:04   837,496   --a------   C:\WINDOWS\system32\aswBoot.exe
2008-01-19 22:17 . 2004-01-09 04:13   380,928   --a------   C:\WINDOWS\system32\actskin4.ocx
2008-01-19 22:17 . 2007-12-04 07:54   95,608   --a------   C:\WINDOWS\system32\AvastSS.scr
2008-01-19 22:17 . 2007-12-04 09:55   94,544   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-19 22:17 . 2007-12-04 09:56   93,264   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-19 22:17 . 2007-12-04 09:51   42,912   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-19 22:17 . 2007-12-04 09:49   26,624   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-19 22:17 . 2007-12-04 09:53   23,152   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-19 22:16 . 2008-01-19 22:16   <DIR>   d--------   C:\Program Files\Alwil Software
2008-01-17 16:50 . 2008-01-17 16:50   <DIR>   d--------   C:\Program Files\iPod
2008-01-16 18:42 . 2008-01-16 18:42   27,496   --a------   C:\Documents and Settings\Jim\Application Data\GDIPFONTCACHEV1.DAT
2008-01-16 18:14 . 2008-01-16 18:14   <DIR>   d--------   C:\Program Files\MSBuild
2008-01-16 18:09 . 2008-01-16 18:09   <DIR>   d--------   C:\WINDOWS\system32\XPSViewer
2008-01-16 18:09 . 2008-01-16 18:09   <DIR>   d--------   C:\Program Files\Reference Assemblies
2008-01-16 18:08 . 2006-06-29 13:07   14,048   ---------   C:\WINDOWS\system32\spmsg2.dll
2008-01-16 17:37 . 2008-01-16 17:37   <DIR>   d--------   C:\Program Files\SystemRequirementsLab
2008-01-16 17:37 . 2008-01-16 17:37   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\SystemRequirementsLab
2008-01-14 15:42 . 2008-01-23 17:39   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\dvdcss
2008-01-13 17:14 . 2008-01-13 17:14   <DIR>   d--------   C:\Program Files\Common Files\Scanner
2008-01-13 11:03 . 2008-01-13 11:03   <DIR>   d--------   C:\WINDOWS\.jagex_cache_32
2008-01-12 21:07 . 2008-01-12 21:07   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\vlc
2008-01-10 15:27 . 2008-01-10 15:27   90,112   --a------   C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27   57,344   --a------   C:\WINDOWS\system32\QuickTime.qts
2008-01-09 19:49 . 2008-01-09 19:49   <DIR>   d--------   C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-09 17:57 . 2007-02-20 16:04   2,463,976   --a------   C:\WINDOWS\system32\NPSWF32.dll
2008-01-09 17:57 . 2007-02-20 16:04   190,696   --a------   C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-01-09 17:48 . 2008-01-09 17:48   <DIR>   d--------   C:\Program Files\Common Files\Macrovision Shared
2008-01-08 19:56 . 2008-01-08 19:56   <DIR>   d--------   C:\Program Files\VideoProfessor
2008-01-08 19:55 . 2008-01-08 19:55   <DIR>   d--------   C:\Documents and Settings\Jim\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-08 21:58   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\LimeWire
2008-02-08 21:44   409,088   ----a-w   C:\WINDOWS\Internet Logs\xDB7.tmp
2008-02-08 19:45   2,116,096   ----a-w   C:\WINDOWS\Internet Logs\xDB6.tmp
2008-02-08 17:50   2,116,096   ----a-w   C:\WINDOWS\Internet Logs\xDB5.tmp
2008-02-08 13:14   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\AVG7
2008-02-07 23:43   2,112,000   ----a-w   C:\WINDOWS\Internet Logs\xDB4.tmp
2008-02-07 15:57   ---------   d-----w   C:\Program Files\CamStudio
2008-02-06 23:49   2,076,160   ----a-w   C:\WINDOWS\Internet Logs\xDB3.tmp
2008-02-05 20:44   78,848   ----a-w   C:\WINDOWS\system32\msiexec.exe
2008-02-05 02:29   1,748,480   ----a-w   C:\WINDOWS\Internet Logs\xDB2.tmp
2008-02-02 14:57   ---------   d-----w   C:\Program Files\SpywareBlaster
2008-02-01 14:48   ---------   d-----w   C:\Program Files\Common Files\Real
2008-02-01 13:44   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-01-31 02:38   1,251,328   ----a-w   C:\WINDOWS\Internet Logs\xDB1.tmp
2008-01-30 22:43   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\Apple Computer
2008-01-30 01:27   ---------   d-----w   C:\Program Files\Common Files\Symantec Shared
2008-01-18 13:46   ---------   d-----w   C:\Program Files\iTunes
2008-01-17 21:48   ---------   d-----w   C:\Program Files\QuickTime
2008-01-13 22:14   ---------   d-----w   C:\Program Files\Yahoo!
2008-01-13 16:45   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-13 16:42   12,632   ----a-w   C:\WINDOWS\system32\lsdelete.exe
2008-01-10 01:46   ---------   d-----w   C:\Program Files\Common Files\Adobe
2008-01-07 00:49   ---------   d-----w   C:\Program Files\Doom 3
2008-01-07 00:17   ---------   d-----w   C:\Program Files\Doom 3 Demo
2008-01-06 18:25   ---------   d-----w   C:\Program Files\Total Video Converter
2008-01-06 17:53   ---------   d-----w   C:\Program Files\Zeallsoft
2008-01-05 23:05   ---------   d-----w   C:\Program Files\Windows Live Safety Center
2008-01-04 15:24   ---------   d-----w   C:\Documents and Settings\Administrator\Application Data\AVG7
2008-01-03 23:55   ---------   d-----w   C:\Program Files\Blender Foundation
2008-01-03 23:52   ---------   d-----w   C:\Program Files\LimeWire
2008-01-03 21:45   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\Yahoo!
2008-01-03 21:33   ---------   d-----w   C:\Documents and Settings\Jim\Application Data\Talkback
2008-01-03 19:56   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-03 19:49   ---------   d-----w   C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-03 19:49   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-03 00:52   ---------   d-----w   C:\Program Files\VideoLAN
2008-01-03 00:44   ---------   d-----w   C:\Program Files\DVD Decrypter
2008-01-03 00:21   ---------   d-----w   C:\Program Files\Safari
2008-01-01 18:09   ---------   d-----w   C:\Program Files\Registry Clean Expert
2007-12-26 20:36   ---------   d-----w   C:\Program Files\Guitar Pro 5
2007-12-24 15:47   ---------   d-----w   C:\Program Files\DivX
2007-12-24 15:25   ---------   d-----w   C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-15 02:14   ---------   d-----w   C:\Program Files\Microsoft.NET
2007-12-15 02:14   ---------   d-----w   C:\Program Files\Microsoft Visual Studio 8
2007-12-15 02:14   ---------   d-----w   C:\Program Files\Common Files\Merge Modules
2007-12-14 22:24   ---------   d-----w   C:\Program Files\Game_Maker7
2007-12-14 02:46   ---------   d-----w   C:\Program Files\Lavasoft
2007-12-14 02:46   ---------   d-----w   C:\Program Files\Common Files\Wise Installation Wizard
2007-12-11 22:34   200,704   ----a-w   C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34   1,044,480   ----a-w   C:\WINDOWS\system32\libdivx.dll
2007-12-05 07:53   356,352   ----a-w   C:\WINDOWS\system32\NVUNINST.EXE
2007-12-05 06:41   81,920   ----a-w   C:\WINDOWS\system32\nvwddi.dll
2007-12-05 06:41   81,920   ----a-w   C:\WINDOWS\system32\nvmctray.dll
2007-12-05 06:41   8,523,776   ----a-w   C:\WINDOWS\system32\nvcpl.dll
2007-12-05 06:41   753,664   ----a-w   C:\WINDOWS\system32\nvcplui.exe
2007-12-05 06:41   6,901,760   ----a-w   C:\WINDOWS\system32\nvoglnt.dll
2007-12-05 06:41   6,549,504   ----a-w   C:\WINDOWS\system32\nvdisps.dll
2007-12-05 06:41   5,773,568   ----a-w   C:\WINDOWS\system32\nv4_disp.dll
2007-12-05 06:41   45,056   ----a-w   C:\WINDOWS\system32\nvmccsrs.dll
2007-12-05 06:41   385,024   ----a-w   C:\WINDOWS\system32\nvapi.dll
2007-12-05 06:41   356,352   ----a-w   C:\WINDOWS\system32\nvudisp.exe
2007-12-05 06:41   35,328   ----a-w   C:\WINDOWS\system32\nvcodins.dll
2007-12-05 06:41   35,328   ----a-w   C:\WINDOWS\system32\nvcod.dll
2007-12-05 06:41   307,200   ----a-w   C:\WINDOWS\system32\nvexpbar.dll
2007-12-05 06:41   3,710,976   ----a-w   C:\WINDOWS\system32\nvvitvs.dll
2007-12-05 06:41   3,420,160   ----a-w   C:\WINDOWS\system32\nvgames.dll
2007-12-05 06:41   286,720   ----a-w   C:\WINDOWS\system32\nvnt4cpl.dll
2007-12-05 06:41   229,376   ----a-w   C:\WINDOWS\system32\nvmccs.dll
2007-12-05 06:41   2,498,560   ----a-w   C:\WINDOWS\system32\nvwss.dll
2007-12-05 06:41   188,416   ----a-w   C:\WINDOWS\system32\nvmccss.dll
2007-12-05 06:41   155,716   ----a-w   C:\WINDOWS\system32\nvsvc32.exe
2007-12-05 06:41   147,456   ----a-w   C:\WINDOWS\system32\nvcolor.exe
2007-12-05 06:41   1,228,800   ----a-w   C:\WINDOWS\system32\nvmobls.dll
2007-12-05 06:41   1,089,536   ----a-w   C:\WINDOWS\system32\nvcuda.dll
2007-12-01 13:29   7,650,416   ----a-w   C:\WINDOWS\98910.exe
2007-11-20 00:42   256   ----a-w   C:\sccfg.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 07:00 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 08:01 437160]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-03 20:56 219136]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Jim\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wyatt^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Wyatt\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Wyatt^Start Menu^Programs^Startup^RsGetPoints.lnk]
path=C:\Documents and Settings\Wyatt\Start Menu\Programs\Startup\RsGetPoints.lnk
backup=C:\WINDOWS\pss\RsGetPoints.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
--a------ 2005-04-15 14:18 1482752 C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIService]
--a------ 2005-08-03 13:08 94208 C:\Program Files\ATI Multimedia\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 08:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
--a------ 2008-01-03 20:56 579072 C:\PROGRA~1\Grisoft\AVG7\avgcc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 07:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-01-19 21:58 21488 C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-10-01 21:45 840704 C:\Program Files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 01:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 01:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-28 23:43 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2004-12-01 02:54 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2007-08-31 16:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
-ra------ 2005-06-30 01:03 200704 C:\WINDOWS\system32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
-ra------ 2005-07-04 00:29 69632 C:\WINDOWS\system32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-01 09:47 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2006-11-03 17:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
--a------ 2007-06-26 12:48 509224 C:\PROGRA~1\Yahoo!\YOP\yop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2007-11-14 16:05 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"YPCService"=3 (0x3)
"StarWindServiceAE"=2 (0x2)
"SQLWriter"=2 (0x2)
"rpcapd"=3 (0x3)
"MSSQL$SQLEXPRESS"=2 (0x2)
"iPod Service"=3 (0x3)
"comHost"=3 (0x3)
"Bonjour Service"=2 (0x2)

R1 AmdPPM;AMD HwPState Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 21:46]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);C:\WINDOWS\system32\DRIVERS\A3AB.sys [2007-05-23 04:15]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-06-28 19:01]
S3 XDva028;XDva028;C:\WINDOWS\system32\XDva028.sys []
S3 XDva039;XDva039;C:\WINDOWS\system32\XDva039.sys []
S3 XDva042;XDva042;C:\WINDOWS\system32\XDva042.sys []
S4 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 01:00:00 C:\WINDOWS\Tasks\Ad-Aware SE Personal.job"
- C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe
"2008-02-08 22:43:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-05 01:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Wyatt.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-08 22:30:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe,/AUTOCHECK /AUTOFIX /AUTOUPDATE /AUTOCLOSE+C:\Program Files\Spybot - Search & Destroy
"2008-02-06 01:00:00 C:\WINDOWS\Tasks\SpywareBlaster.job"
- C:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-08 17:48:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-08 17:51:40
ComboFix-quarantined-files.txt 2008-02-08 22:51:28
.
2008-02-08 22:02:06   --- E O F ---


	Logged

Ruby

Authorized Users

Offline

Posts: 1066

Re: Msiexec.exe is Infected!!!

« Reply #3 on: February 09, 2008, 05:50:47 »

Before we continue with the other already given instructions

Quote

-> you may want to visit Combofix Guide & Instructions for instructions for downloading and running ComboFix:
scroll down to the section about installing recovery console & follow the instructions
Once that is done, report back and we can continue helping you.


	Logged

xblade12100

Offline

Posts: 93

Re: Msiexec.exe is Infected!!!

« Reply #4 on: February 09, 2008, 14:39:59 »

Main Log
for DSS
Deckard's System Scanner v20071014.68
Run by Jim on 2008-02-09 09:28:40
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
73: 2008-02-09 14:28:48 UTC - RP110 - Deckard's System Scanner Restore Point
72: 2008-02-09 14:15:49 UTC - RP109 - Windows Defender Checkpoint
71: 2008-02-08 22:41:22 UTC - RP108 - ComboFix created restore point
70: 2008-02-08 22:23:47 UTC - RP107 - Software Distribution Service 3.0
69: 2008-02-08 22:01:45 UTC - RP106 - Software Distribution Service 3.0

-- First Restore Point --
1: 2008-01-03 14:06:10 UTC - RP38 - Software Distribution Service 3.0

Backed up registry hives.
Performed disk cleanup.

-- HijackThis (run as Jim.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:30:19 AM, on 2/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Multimedia\PowerCinema\PCMService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Jim\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jim.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [WinSys] C:\WINDOWS\system32\WinSys.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: GigaSize Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10921 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080206-155021-113 O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb125\SearchSettings.dll (file missing)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S2 windrvNT - c:\windows\system32\windrvnt.sys (file missing)
S3 GMSIPCI - d:\install\gmsipci.sys (file missing)
S3 Maplom - c:\windows\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal>
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 WinDriver6 - c:\windows\system32\drivers\windrvr6.sys <Not Verified; Jungo; WinDriver Device Driver (x86)>
S3 XDva028 - c:\windows\system32\xdva028.sys (file missing)
S3 XDva039 - c:\windows\system32\xdva039.sys (file missing)
S3 XDva042 - c:\windows\system32\xdva042.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Inc.; Bonjour>

S2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S4 YPCService - c:\windows\system32\ypcser~1.exe <Not Verified; Yahoo! Inc.; YPCService Module>

-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Memory Controller
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_71251462&REV_A3\3&2411E6FE&0&00
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_71251462&REV_A3\3&2411E6FE&0&00
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1434C427&0&01
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0057\4&1434C427&0&01
Service: NVENETFD

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&000
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&000
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&010
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&010
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&020
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&020
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&030
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&030
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&040
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&040
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&050
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&050
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&060
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&060
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&070
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&070
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&080
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&080
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&090
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&090
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0A0
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0A0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0B0
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0B0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0C0
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0C0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0D0
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0D0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0E0
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0E0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0F0
Manufacturer: (Standard CD-ROM drives)
Name: CD-ROM Drive
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0F0
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0100
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0100
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0110
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0110
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0120
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0120
Service: cdrom

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}
Description: CD-ROM Drive
Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0130
Manufacturer: (Standard CD-ROM drives)
Name: FvFx CDDVDvx+tech-200 SCSI CdRom Device
PNP Device ID: SCSI\CDROM&VEN_FVFX&PROD_CDDVDVX+TECH-200&REV_0900\2&1A504CCF&0&0130
Service: cdrom

-- Scheduled Tasks -------------------------------------------------------------

2008-02-09 08:53:27 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job
2008-02-08 17:30:00 440 --a------ C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job
2008-02-05 20:00:00 264 --a------ C:\WINDOWS\Tasks\SpywareBlaster.job
2008-02-05 20:00:00 348 --a------ C:\WINDOWS\Tasks\Ad-Aware SE Personal.job
2008-02-04 20:00:00 576 --a------ C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Wyatt.job

-- Files created between 2008-01-09 and 2008-02-09 -----------------------------

2008-02-09 09:10:06 0 dr-hs---- C:\cmdcons
2008-02-09 09:10:02 0 d-------- C:\WINDOWS\setup.pss
2008-02-09 09:09:44 0 d-------- C:\WINDOWS\setupupd
2008-02-09 08:52:34 0 d-------- C:\Documents and Settings\Jim\Application Data\IDM
2008-02-09 08:52:32 0 d-------- C:\Documents and Settings\Jim\Application Data\DMCache
2008-02-08 17:40:39 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-08 17:40:38 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-08 17:40:38 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-08 17:40:38 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-07 10:58:17 51200 --a------ C:\WINDOWS\system32\camcodec.dll <Not Verified; RenderSoft Software.; CamCodec>
2008-02-05 16:43:08 0 d-------- C:\Program Files\Trend Micro
2008-02-03 11:03:20 139264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-02-03 11:03:20 524288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-02-03 11:03:20 638976 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivXNetworks, Inc.; DivX Video for Windows Codec>
2008-02-03 11:03:19 261632 --a------ C:\WINDOWS\system32\mcdvd_32.dll <Not Verified; MainConcept; MainConcept DV Codec "2.0.4>
2008-02-03 11:03:17 0 d-------- C:\Program Files\AVSMedia
2008-02-02 09:49:47 0 d-------- C:\Program Files\Microsoft Windows OneCare Live
2008-02-01 09:48:59 0 d-------- C:\Program Files\Common Files\xing shared
2008-01-31 23:03:55 0 d-------- C:\Documents and Settings\Jim\Application Data\Search Settings
2008-01-31 22:37:02 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-01-31 22:36:47 0 d-------- C:\Documents and Settings\Jim\Application Data\Dealio
2008-01-31 22:35:34 101888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL <Not Verified; Microsoft Corporation; Microsoft® Visual Basic for Windows>
2008-01-31 22:35:34 119568 --a------ C:\WINDOWS\system32\VB6FR.DLL <Not Verified; Microsoft Corporation; Environnement Visual Basic>
2008-01-31 22:35:33 9728 --a------ C:\WINDOWS\system32\PCCLPFR.DLL <Not Verified; Microsoft Corporation; PicClip>
2008-01-31 22:35:32 141312 --a------ C:\WINDOWS\system32\MSCMCFR.DLL <Not Verified; Microsoft Corporation; COMCTL>
2008-01-31 22:35:32 15360 --a------ C:\WINDOWS\system32\inetfr.DLL <Not Verified; Microsoft Corporation; DLL du contrôle Microsoft Internet Transfer>
2008-01-31 22:35:31 32768 --a------ C:\WINDOWS\system32\CMDLGFR.DLL <Not Verified; Microsoft Corporation; CMDIALOG>
2008-01-31 20:21:22 0 d-------- C:\SICKO
2008-01-29 19:48:55 0 d-------- C:\Documents and Settings\Jim\Application Data\MailFrontier
2008-01-29 19:43:09 11769888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-29 19:37:16 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-01-29 19:35:55 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-01-28 17:53:57 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-28 17:53:57 47360 --a------ C:\Documents and Settings\Jim\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2008-01-28 17:53:56 0 d-------- C:\Documents and Settings\Jim\Application Data\Vso
2008-01-22 19:46:20 0 d-------- C:\Documents and Settings\Jim\dwhelper
2008-01-20 17:44:43 0 d-------- C:\Documents and Settings\Jim\Application Data\MozillaControl
2008-01-20 17:41:56 0 d-------- C:\aidualc3
2008-01-20 16:29:02 0 d-------- C:\Documents and Settings\Jim\Application Data\Opera
2008-01-20 16:27:11 0 d-------- C:\Program Files\Opera
2008-01-19 22:36:33 0 d-------- C:\Documents and Settings\Jim\Application Data\SiteAdvisor
2008-01-19 22:36:33 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-19 22:36:33 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-19 22:16:50 0 d-------- C:\Program Files\Alwil Software
2008-01-17 16:50:16 0 d-------- C:\Program Files\iPod
2008-01-17 16:00:02 3171 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2008-01-16 18:42:12 27496 --a------ C:\Documents and Settings\Jim\Application Data\GDIPFONTCACHEV1.DAT
2008-01-16 18:14:51 0 d-------- C:\Program Files\MSBuild
2008-01-16 18:09:58 0 d-------- C:\WINDOWS\system32\XPSViewer
2008-01-16 18:09:09 0 d-------- C:\Program Files\Reference Assemblies
2008-01-16 17:37:49 0 d-------- C:\Program Files\SystemRequirementsLab
2008-01-16 17:37:40 0 d-------- C:\Documents and Settings\Jim\Application Data\SystemRequirementsLab
2008-01-14 15:42:50 0 d-------- C:\Documents and Settings\Jim\Application Data\dvdcss
2008-01-13 17:14:29 0 d-------- C:\Program Files\Common Files\Scanner
2008-01-13 11:03:55 0 d-------- C:\WINDOWS\.jagex_cache_32
2008-01-12 21:07:07 0 d-------- C:\Documents and Settings\Jim\Application Data\vlc
2008-01-09 19:49:08 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-09 17:49:29 0 d-------- C:\Documents and Settings\Jim\Application Data\Adobe
2008-01-09 17:48:35 0 d-------- C:\Program Files\Common Files\Macrovision Shared

-- Find3M Report ---------------------------------------------------------------

2008-02-09 08:54:13 0 d-------- C:\Documents and Settings\Jim\Application Data\LimeWire
2008-02-09 08:52:46 0 d-------- C:\Documents and Settings\Jim\Application Data\AVG7
2008-02-09 08:51:56 53 --a------ C:\biosinfo
2008-02-08 20:40:25 28608 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-02-07 10:57:25 0 d-------- C:\Program Files\CamStudio
2008-02-03 11:03:32 0 d-------- C:\Program Files\Common Files
2008-02-02 09:57:48 0 d-------- C:\Program Files\SpywareBlaster
2008-02-01 09:48:28 0 d-------- C:\Program Files\Common Files\Real
2008-02-01 08:44:46 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-31 23:23:48 33 --a------ C:\Documents and Settings\Jim\Application Data\pcouffin.log
2008-01-31 23:23:47 1144 --a------ C:\Documents and Settings\Jim\Application Data\pcouffin.inf
2008-01-31 23:23:47 7887 --a------ C:\Documents and Settings\Jim\Application Data\pcouffin.cat
2008-01-31 22:51:25 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-01-30 17:43:26 0 d-------- C:\Documents and Settings\Jim\Application Data\Apple Computer
2008-01-29 20:27:34 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-01-27 08:06:41 0 d-------- C:\Documents and Settings\Jim\Application Data\Real
2008-01-18 08:46:50 0 d-------- C:\Program Files\iTunes
2008-01-17 16:48:55 0 d-------- C:\Program Files\QuickTime
2008-01-13 17:14:23 0 d-------- C:\Program Files\Yahoo!
2008-01-09 20:46:16 0 d-------- C:\Program Files\Common Files\Adobe
2008-01-08 19:56:08 0 d-------- C:\Program Files\VideoProfessor
2008-01-08 19:55:06 0 d-------- C:\Documents and Settings\Jim\Application Data\Media Player Classic
2008-01-06 19:49:35 0 d-------- C:\Program Files\Doom 3
2008-01-06 19:17:59 0 d-------- C:\Program Files\Doom 3 Demo
2008-01-06 13:25:21 0 d-------- C:\Program Files\Total Video Converter
2008-01-06 13:10:20 0 d-------- C:\Documents and Settings\Jim\Application Data\Sun
2008-01-06 12:53:59 0 d-------- C:\Program Files\Zeallsoft
2008-01-05 18:05:04 0 d-------- C:\Program Files\Windows Live Safety Center
2008-01-04 13:53:19 0 d-------- C:\Documents and Settings\Jim\Application Data\WinRAR
2008-01-03 18:55:28 0 d-------- C:\Program Files\Blender Foundation
2008-01-03 18:52:24 0 d-------- C:\Program Files\LimeWire
2008-01-03 16:45:56 0 d-------- C:\Documents and Settings\Jim\Application Data\Yahoo!
2008-01-03 16:40:21 0 d-------- C:\Documents and Settings\Jim\Application Data\Macromedia
2008-01-03 16:33:58 0 d-------- C:\Documents and Settings\Jim\Application Data\Talkback
2008-01-03 16:33:38 0 d-------- C:\Documents and Settings\Jim\Application Data\Mozilla
2008-01-02 19:52:49 0 d-------- C:\Program Files\VideoLAN
2008-01-02 19:44:01 0 d-------- C:\Program Files\DVD Decrypter
2008-01-02 19:21:42 0 d-------- C:\Program Files\Safari
2008-01-01 13:09:50 0 d-------- C:\Program Files\Registry Clean Expert
2007-12-30 19:25:34 2570 --a------ C:\WINDOWS\WINDVDBOOTRECDOE.sys
2007-12-26 15:36:49 0 d-------- C:\Program Files\Guitar Pro 5
2007-12-24 13:13:50 34 --ah----- C:\WINDOWS\system32\DVDRipperDiamond_sysquict.dat
2007-12-24 10:47:38 0 d-------- C:\Program Files\DivX
2007-12-14 21:14:32 0 d-------- C:\Program Files\Microsoft.NET
2007-12-14 21:14:31 0 d-------- C:\Program Files\Microsoft Visual Studio 8
2007-12-14 21:14:28 0 d-------- C:\Program Files\Common Files\Merge Modules
2007-12-14 17:24:58 0 d-------- C:\Program Files\Game_Maker7
2007-12-13 21:46:22 0 d-------- C:\Program Files\Lavasoft
2007-12-13 21:46:18 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-13 19:57:39 22704 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-11-19 19:42:54 256 --a------ C:\sccfg.sys

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B8A7839C-51E8-4067-ADA3-CA74BABC1976}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [08/04/2004 07:00 AM]
"SoundMan"="SOUNDMAN.EXE" [12/01/2004 02:54 AM C:\WINDOWS\SOUNDMAN.EXE]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [11/14/2007 04:05 PM]
"WinSys"="C:\WINDOWS\system32\WinSys.exe" []
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [11/03/2006 05:20 PM]
"osCheck"="C:\PROGRA~1\Symantec\osCheck.exe" []
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [01/03/2008 08:56 PM]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [12/04/2007 08:00 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 07:00 AM]
"Steam"="" []
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [08/31/2007 04:46 PM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" []
"ATI Remote Control"="C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe" [04/15/2005 02:18 PM]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Jim\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jim^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=C:\Documents and Settings\Jim\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=C:\WINDOWS\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
"C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
"C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
"C:\PROGRA~1\Symantec\osCheck.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
"C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"C:\Program Files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinSys]
C:\WINDOWS\system32\WinSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"comHost"=3 (0x3)
"YPCService"=3 (0x3)

-- Hosts -----------------------------------------------------------------------

127.0.0.1   007guard.com
127.0.0.1   www.007guard.com
127.0.0.1   008i.com
127.0.0.1   008k.com
127.0.0.1   www.008k.com
127.0.0.1   00hq.com
127.0.0.1   www.00hq.com
127.0.0.1   010402.com
127.0.0.1   032439.com
127.0.0.1   www.032439.com

7887 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2008-02-09 09:31:28 ------------

and Step 2 Doesn't Work


	Logged

xblade12100

Offline

Posts: 93

Re: Msiexec.exe is Infected!!!

« Reply #5 on: February 09, 2008, 14:41:02 »

Extra Log of DSS

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) 64 Processor 3000+
Percentage of Memory in Use: 56%
Physical Memory (total/avail): 1023.48 MiB / 444.9 MiB
Pagefile Memory (total/avail): 2461.46 MiB / 1858.21 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.43 MiB

C: is Fixed (NTFS) - 149.04 GiB total, 91.04 GiB free.
D: is CDROM (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600JS-22MHB0 - 149.05 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 149.04 GiB - C:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: ZoneAlarm Security Suite Firewall v7.0.462.000 (Check Point, LTD.)
AV: ZoneAlarm Security Suite Antivirus v7.0.462.000 (Check Point, LTD.)
AV: AVG 7.5.516 v7.5.516 (Grisoft)
AV: avast! antivirus 4.7.1098 [VPS 080208-0] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Jim\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=WYATTGAMING
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Jim
LOGONSERVER=\\WYATTGAMING
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\PROGRA~1\FARSTONE\VIRTUA~1\;C:\PROGRAM FILES\FARSTONE\VIRTUALDRIVE\VDP;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\QT Lite\QTSystem\;C:\Program Files\QuickTime\QTSystem"
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Jim\LOCALS~1\Temp
TMP=C:\DOCUME~1\Jim\LOCALS~1\Temp
tvdumpflags=8
USERDOMAIN=WYATTGAMING
USERNAME=Jim
USERPROFILE=C:\Documents and Settings\Jim
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Wyatt (admin)
Jim (admin)
Cole (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /X{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Common Files\Adobe\Installers\5bc0f8414ec36c555a3e7e5ec2e225e\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}
Adobe Flash CS3 --> MsiExec.exe /I{6B52140A-F189-4945-BFFC-DB3F00B8C589}
Adobe Flash CS3 Professional --> C:\Program Files\Common Files\Adobe\Installers\c3c7fe8b09d497ab2b3fd91c9353390\Setup.exe
Adobe Flash Player 9 Plugin --> MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
Adobe Setup --> MsiExec.exe /I{D504303A-717D-414C-BA9F-FE01093E2EF8}
Adobe Setup --> MsiExec.exe /I{FFC1ADE3-944B-4231-894E-3903C37271D2}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AnvSoft iPod Movie Maker 2.0 --> C:\Program Files\AnvSoft iPod Movie Maker\uninst.exe
Apple Mobile Device Support --> MsiExec.exe /I{D8AB8F0C-CEEB-4A29-8EF5-219B064813F4}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Parental Control --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{390FF986-468D-4CA9-8830-2C4B313F447F} /l1033
ATI Remote Wonder 3.01 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{8F36E44A-E6E7-41B7-B6F6-4637BF84EFA5} /l1033
ATI TV Settings --> MsiExec.exe /X{66F50839-A069-4903-B6B5-E438077A42ED}
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVG 7.5 --> C:\Program Files\Grisoft\AVG7\setup.exe /UNINSTALL
AVG Anti-Rootkit Free --> C:\Program Files\GRISOFT\AVG Anti-Rootkit Free\Uninstall.exe
CamStudio --> C:\Program Files\CamStudio\uninstall.exe
CamStudio Lossless Codec --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\DRIVERS\camcodec.inf
CD/DVD-ROM Generator 1.20 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\CD_DVD-ROM Generator 1.20\Uninst.isu"
CinemaForge --> C:\WINDOWS\system32\xmforgert.exe c:\program files\CinemaForge\UninstallCF.xmfg
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Doom 3 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}
DVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"
FXhome EffectsLab Pro (remove only) --> "C:\Program Files\FXhome EffectsLab Pro\FXhome EffectsLab Pro Uninstall.exe"
GUIDE PLUS+(TM) for Windows® System - ATI --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}\setup.exe"
Guitar Hero Explorer --> MsiExec.exe /I{2B072A33-D445-46D5-9442-7B41F5171AAC}
Guitar Pro 5.2 --> "C:\Program Files\Guitar Pro 5\unins000.exe"
Half-Life(R) 2 --> MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn (Remove Only) --> "C:\Program Files\ImgBurn\uninstall.exe"
Internet Download Manager --> C:\Program Files\Internet Download Manager\Uninstall.exe
iTunes --> MsiExec.exe /I{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
LimeWire 4.15.3 --> "C:\Program Files\LimeWire\uninstall.exe"
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SQL Server 2005 --> "c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) --> MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition --> MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server Native Client --> MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English) --> MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer --> MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MoviePod --> MsiExec.exe /I{46DAC53E-238A-410B-8BEF-2AD64254C398}
Mozilla Firefox (2.0.0.11) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.25 --> MsiExec.exe /X{C619B312-19F3-460A-9F7B-443248379F18}
PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerCinema 3.0 - ATI Edition --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}
Real Alternative 1.52 --> "C:\Program Files\Real Alternative\unins000.exe"
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Rhapsody Player Engine --> MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
Rhapsody Player Engine --> MsiExec.exe /I{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Rogers Yahoo! Applications --> C:\PROGRA~1\Yahoo!\Common\uninstall.exe
Safari --> MsiExec.exe /I{0CD7D421-C850-4271-8533-0269A3D39FAA}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Spybot - Search & Destroy --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Steam(TM) --> MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Super Screen Recorder 4.0 --> "C:\Program Files\Zeallsoft\Super Screen Recorder\unins000.exe"
System Requirements Lab --> C:\Program Files\SystemRequirementsLab\Uninstall.exe
VideoLAN VLC media player 0.8.6d --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
ViewSonic Monitor Drivers --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B4FEA924-630D-11D4-B78E-005004566E4D}\Setup.exe" -l0x9
Virtools 3D Life Player --> C:\Program Files\Virtools\3D Life Player\WebplayerConfig.exe -u
VS2005 Redistributable Package --> MsiExec.exe /I{F9EB6FB3-879F-4EE7-89D2-7A9674A1B753}
WinAVI Video Converter 9.0 --> "C:\WINDOWS\WinAVI Video Converter 9.0\uninstall.exe" "/U:C:\Program Files\WinAVI Video Converter 9.0\Uninstall\uninstall.xml"
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Defender --> MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer Clean Up --> MsiExec.exe /X{121634B0-2F4B-11D3-ADA3-00C04F52DD52}
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinPcap 4.0.1 --> C:\Program Files\WinPcap\uninstall.exe
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.0.4 --> "C:\Program Files\WinSCP\unins000.exe"
WolfTeam International --> "C:\Program Files\Softnyx\WolfTeam\unins000.exe"
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Anti-Spy --> C:\PROGRA~1\Yahoo!\Common\unypsr.exe
YouTube Uploader --> MsiExec.exe /X{171818BA-E0AD-313D-B45A-1BC9D77ADA86}
ZoneAlarm Security Suite --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

-- Application Event Log -------------------------------------------------------

Event Record #/Type2788 / Error
Event Submitted/Written: 02/09/2008 08:51:22 AM
Event ID/Source: 17204 / MSSQL$SQLEXPRESS
Event Description:
FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is denied.).

Event Record #/Type2787 / Error
Event Submitted/Written: 02/09/2008 08:51:22 AM
Event ID/Source: 17207 / MSSQL$SQLEXPRESS
Event Description:
FCB::Open: Operating system error 5(Access is denied.) occurred while creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'. Diagnose and correct the operating system error, and retry the operation.

Event Record #/Type2786 / Error
Event Submitted/Written: 02/09/2008 08:51:21 AM
Event ID/Source: 17204 / MSSQL$SQLEXPRESS
Event Description:
FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is denied.).

Event Record #/Type2785 / Error
Event Submitted/Written: 02/09/2008 08:51:21 AM
Event ID/Source: 17207 / MSSQL$SQLEXPRESS
Event Description:
FCB::Open: Operating system error 5(Access is denied.) occurred while creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'. Diagnose and correct the operating system error, and retry the operation.

Event Record #/Type2771 / Error
Event Submitted/Written: 02/09/2008 08:51:13 AM
Event ID/Source: 17049 / MSSQL$SQLEXPRESS
Event Description:
Unable to cycle error log file from 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' due to OS error '5(Access is denied.)'. A process outside of SQL Server may be preventing SQL Server from reading the files. As a result, errorlog entries may be lost and it may not be possible to view some SQL Server errorlogs. Make sure no other processes have locked the file with write-only access."

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type10058 / Warning
Event Submitted/Written: 02/09/2008 09:04:35 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%WYATTGAMING27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WYATTGAMING27 can't undo changes that you allow.

For more information please see the following:
%WYATTGAMING275

Event Record #/Type10057 / Warning
Event Submitted/Written: 02/09/2008 09:04:28 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%WYATTGAMING27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WYATTGAMING27 can't undo changes that you allow.

For more information please see the following:
%WYATTGAMING275

Event Record #/Type10056 / Warning
Event Submitted/Written: 02/09/2008 09:04:21 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%WYATTGAMING27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WYATTGAMING27 can't undo changes that you allow.

For more information please see the following:
%WYATTGAMING275

   Path Found: %WYATTGAMING276

   Alert Type: %WYATTGAMING278

   Detection Type: 1.1.1593.02

Event Record #/Type10055 / Warning
Event Submitted/Written: 02/09/2008 09:04:19 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%WYATTGAMING27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WYATTGAMING27 can't undo changes that you allow.

For more information please see the following:
%WYATTGAMING275

   Path Found: %WYATTGAMING276

   Alert Type: %WYATTGAMING278

   Detection Type: 1.1.1593.02

Event Record #/Type10054 / Warning
Event Submitted/Written: 02/09/2008 09:04:12 AM
Event ID/Source: 3004 / WinDefend
Event Description:
%WYATTGAMING27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %WYATTGAMING27 can't undo changes that you allow.

For more information please see the following:
%WYATTGAMING275

   Path Found: %WYATTGAMING276

   Alert Type: %WYATTGAMING278

   Detection Type: 1.1.1593.02

-- End of Deckard's System Scanner: finished at 2008-02-09 09:31:28 ------------ Shocked

edited by Ruby because of Privacy


« Last Edit: February 09, 2008, 16:01:37 by Ruby »	Logged

xblade12100

Offline

Posts: 93

What is Win-Spy?

« Reply #6 on: February 09, 2008, 14:52:33 »

What is Win-Spy? When I was Scanning with Rogers anti-Spy toolbar it said I had Win-Spy, I have never gotten this before so what is it and How to Ignore it?


	Logged

Ruby

Authorized Users

Offline

Posts: 1066

Re: Msiexec.exe is Infected!!!

« Reply #7 on: February 09, 2008, 15:29:43 »

Hello xblade12100

I merged your second thread with your first one.

Since you want to get help on The Spykiller you should use only those programs we ask you to use. When I asked you to give me most possible information about your system with the hjtscanlist and DSS you came up with the ComboFix, which may not be used without our advice. I told you in my last answer to read and follow these instructions with the result that we got the answer which I originally wanted. You don't read what I am telling you, you keep trying programs which you find anywhere on the Internet. Then you come back and ask for advice... Angry

You may want to decide what you want to do... trying programs found on the Internet or following our advice....

If you want to get help here, please read and follow my last answer.


	Logged

xblade12100

Offline

Posts: 93

Re: Msiexec.exe is Infected!!!

« Reply #8 on: February 09, 2008, 17:38:15 »

oK sorry, anyways, for step 2 It say's
"It seems that you are not allowed to download or view attachments on this board."

and for step 4 when I run the scan My Internet Locks up, Here is a HijackThis Log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:38, on 2008-02-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Multimedia\PowerCinema\PCMService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\Google\Update\1.0.103.0\GoogleUpdate.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Jim\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Safari\Safari.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rogers.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {B8A7839C-51E8-4067-ADA3-CA74BABC1976} - (no file)
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [osCheck] "C:\PROGRA~1\Symantec\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra 'Tools' menuitem: GigaSize Toolbar - {18955D47-882E-48fc-B903-A4BDD030E7FD} - (no file)
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase4009.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 10195 bytes


	Logged

Ruby

Authorized Users

Offline

Posts: 1066

Re: Msiexec.exe is Infected!!!

« Reply #9 on: February 09, 2008, 18:34:46 »

Quote

oK sorry, anyways, for step 2 It say's
"It seems that you are not allowed to download or view attachments on this board."

don't understand what you mean? Please scroll down to: ""We now suggest that you install the Windows Recovery Console.''" Read and follow these instructions. Come back and make us know when you succeeded in installing the Windows Recovery Console.


	Logged

Pages: [1] 2 3 4 5 6 ... 16 Go Up

The Spykiller > Spyware & Malware removal and General computer help > Malware removal and help > Topic: Msiexec.exe is Infected!!!

« previous next »

>>>>See this weeks special offers from 7 day shop<<<<

>>>>See this weeks special offers from Insight UK<<<<

Welcome to The Spykiller

INSTRUCTIONS - Read This Before Posting For Malware Removal Help

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

>>>>See this weeks special offers from 7 day shop<<<<

>>>>See this weeks special offers from Insight UK<<<<

Welcome to The Spykiller

INSTRUCTIONS - Read This Before Posting For Malware Removal Help

You have come to The Spykiller for help because your Antivirus or Antispyware hasn't been able to fix your problem.

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you. In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you

Would you do all this for nothing?

I run this site to help raise funds for Hedgehog Rescue

Please donate if I have helped you or you have found this site useful.

You can donate safely and securely by using the PayPal service, just click on one of the buttons below.

Any amount no matter how small is gratefully accepted and needed to ensure we keep the Rescue Centre running

Modern Malware is so involved and difficult to fix that it takes a very long time and a lot of hard work to read all the logs posted here and research and prepare the fixes for you.
In many cases each part of the fix takes about 30 minutes to prepare, so a large part of my time is spent helping you