Author Topic: Virus won't let me run Malwarebytes or Spybot S&D  (Read 18517 times)

0 Members and 1 Guest are viewing this topic.

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Virus won't let me run Malwarebytes or Spybot S&D
« on: August 30, 2009, 04:17:31 AM »
Hello I'm a newbie. hope this is in the right place.

This "virus" or something has stopped my ability to run any spyware or malware program. The programs start but within 3 seconds stop, click to restart them and a window pops up and says window can't detect short cut to program.  I can't system restore in Windows or in safe mode.

If anyone here could direct me to the right place for assistance it would be most appreciated

Offline Niecarrah

  • Hero Member
  • *****
  • Posts: 8290
  • An Armed Society Is A POLITE Society!
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #1 on: August 30, 2009, 04:43:03 AM »
You are at the correct place!  Just hang in there and someone will be around with further instructions.
I can't know...?
 NEVER LET BEING GOOD ENOUGH, BE GOOD ENOUGH!"

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #2 on: August 30, 2009, 06:07:25 AM »
Thank you Niecrrah,

I reinstalled an old trusted program called, Spyware Terminator. It was able to scan to completion in full deep scan.

I do know for sure it was a Trojan with PSkill, also a Mail reader. I wasn't able to delete them with Windows open, however, was able to extricate them running Spyware Terminator in safe mode.

These hijacked google and yahoo search engines.....now after deleting them google and yahoo are back to normal.

I still don't feel safe about it though. I tried to run SpyBot S&D and it failed same as if nothing was removed.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #3 on: August 30, 2009, 12:39:43 PM »
Hi, Tomcat14. Welcome to LandzDown Forum.

We will do our best to assist you.  However, in order to do so, please follow all instructions provided in the sequence given.  Do not install/re-install any programs or run any fixes or scanners that you have not been instructed to use.  This may cause conflicts with the tools being used in the cleanup process.   

If you have questions regarding any of the instructions or problems running any tools, please let us know.

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #4 on: August 30, 2009, 01:29:45 PM »
Hello Corrine,

I downloaded the (RSIT) ran the program and nothing came up.

It's acting exactly the same as Malwarebytes and Spybot S&D.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #5 on: August 30, 2009, 03:11:09 PM »
Hi, Tomcat14. 

Please follow these instructions exactly as indicated

Download ComboFix from one of the following locations.  You must rename it before saving it. Save it to your desktop as ComboFix.com.

Link 1
Link 2

!!! IMPORTANT !!! Save ComboFix.com to your Desktop

Disable your AntiVirus and AntiSpyware applications. If not disabled, these programs will likely interfere with cleanup process. This can usually be accomplished by a right-click on the icon in the System Tray.  This can usually be accomplished by a right-click on the icon in the System Tray. 

Note:  If you use AVG, you must also open the AVG 8 Control Center, by right clicking on the AVG 8 icon on task bar as well as the following:
  • Click on Tools.
  • Select Advanced Settings.
  • In the left hand pane, scroll down to "Resident Shield".
  • In the main pane, deselect the option to "Enable Resident Shield."
  • To re-enable AVG 8, please select "Enable Resident Shield" again.

Now, please run ComboFix:
  • Note:  If infections are found, ComboFix will automatically reboot the machine to complete the removal process.  Please ensure all opened windows are closed before proceeding.
  • Double-click ComboFix.com on your desktop and follow the prompts.
  • As part of the process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. The Recovery Console will allow you to start up the computer in a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    Please note: If the Microsoft Windows Recovery Console is already installed on the computer, ComboFix will continue the malware removal procedures.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

  • After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click "Yes" to continue scanning for malware.
  • When finished, a log will be produced. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #6 on: September 01, 2009, 11:10:48 PM »
ComboFix 09-09-01.04 - dell 09/01/2009 19:52.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.1023.657 [GMT -4:00]
Running from: c:\documents and settings\dell\Desktop\abc.com.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\1b2885.msp
c:\windows\Installer\1b2886.msp
c:\windows\Installer\1b2887.msp
c:\windows\Installer\1b2888.msp
c:\windows\Installer\1b2889.msp
c:\windows\Installer\1b288a.msp
c:\windows\Installer\1b288b.msp
c:\windows\Installer\1b288c.msp
c:\windows\Installer\1b288d.msp
c:\windows\Installer\1e049d.msp
c:\windows\Installer\1e049e.msp
c:\windows\Installer\1e049f.msp
c:\windows\Installer\1e04a0.msp
c:\windows\Installer\1e04a1.msp
c:\windows\Installer\1e04a2.msp
c:\windows\Installer\1e04a3.msp
c:\windows\Installer\1e04a4.msp
c:\windows\Installer\1e04a5.msp
c:\windows\Installer\1e04a6.msp
c:\windows\Installer\2223a.msi
c:\windows\Installer\22240.msi
c:\windows\Installer\22246.msi
c:\windows\Installer\277ece.msi
c:\windows\Installer\277ed4.msi
c:\windows\Installer\277eda.msi
c:\windows\Installer\317e88.msi
c:\windows\Installer\3a560ef.msi
c:\windows\Installer\3a560f5.msi
c:\windows\Installer\3a560fb.msi
c:\windows\Installer\3a89a.msi
c:\windows\Installer\3bdb3.msi
c:\windows\Installer\427a9d.msi
c:\windows\Installer\57607.msi
c:\windows\Installer\9238d.msi
c:\windows\Installer\92392.msi
c:\windows\Installer\92397.msi
c:\windows\Installer\a62c20.msi
c:\windows\Installer\a924a9.msp
c:\windows\Installer\a924aa.msp
c:\windows\Installer\a924ab.msp
c:\windows\Installer\a924ac.msp
c:\windows\Installer\a924ad.msp
c:\windows\Installer\a924ae.msp
c:\windows\Installer\a924af.msp
c:\windows\Installer\a924b0.msp
c:\windows\Installer\a924b1.msp
c:\windows\Installer\a924b2.msp
c:\windows\Installer\e3039.msp
c:\windows\Installer\e303a.msp
c:\windows\Installer\e303b.msp
c:\windows\Installer\e303c.msp
c:\windows\Installer\e303d.msp
c:\windows\Installer\e303e.msp
c:\windows\Installer\e303f.msp
c:\windows\Installer\e3040.msp
c:\windows\Installer\e3041.msp
c:\windows\system32\Data
c:\windows\system32\lp3codec32win.dll

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\eventlog(3).dll
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_NPF


(((((((((((((((((((((((((   Files Created from 2009-08-02 to 2009-09-02  )))))))))))))))))))))))))))))))
.

2009-09-01 20:48 . 2009-08-03 17:36   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-01 20:48 . 2009-08-03 17:36   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-09-01 20:48 . 2009-09-01 20:48   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2009-09-01 20:28 . 2009-09-01 20:28   --------   d-----w-   c:\documents and settings\dell\DoctorWeb
2009-09-01 19:19 . 2009-09-01 19:19   --------   d-----w-   c:\documents and settings\LocalService\Application Data\Spyware Terminator
2009-09-01 18:22 . 2009-09-01 18:26   --------   d-----w-   c:\program files\WinClamAVShield
2009-08-31 22:16 . 2006-06-19 17:01   69632   ----a-w-   c:\windows\system32\ztvcabinet.dll
2009-08-31 22:16 . 2006-05-25 19:52   162304   ----a-w-   c:\windows\system32\ztvunrar36.dll
2009-08-31 22:16 . 2005-08-26 05:50   77312   ----a-w-   c:\windows\system32\ztvunace26.dll
2009-08-31 22:16 . 2003-02-03 00:06   153088   ----a-w-   c:\windows\system32\unrar3.dll
2009-08-31 22:16 . 2002-03-06 05:00   75264   ----a-w-   c:\windows\system32\unacev2.dll
2009-08-31 22:01 . 2009-08-31 23:13   --------   dc----w-   C:\MGtools
2009-08-31 18:13 . 2009-08-31 18:13   --------   d-----w-   c:\documents and settings\Administrator\Application Data\Bitdefender
2009-08-31 18:11 . 2009-08-31 20:57   81984   ----a-w-   c:\windows\system32\bdod.bin
2009-08-31 18:10 . 2009-08-31 18:10   --------   d-----w-   c:\documents and settings\dell\Application Data\Bitdefender
2009-08-31 18:09 . 2009-08-31 18:09   --------   d-----w-   c:\documents and settings\All Users\Application Data\BitDefender
2009-08-31 18:09 . 2009-08-31 18:09   --------   d-----w-   c:\program files\Softwin
2009-08-31 18:08 . 2009-09-01 23:44   --------   d-----w-   c:\program files\Common Files\Softwin
2009-08-31 05:22 . 2009-08-31 05:22   --------   d-----w-   c:\program files\Bam
2009-08-30 17:19 . 2009-08-31 17:53   --------   d-----w-   c:\program files\trend micro
2009-08-30 15:33 . 2009-08-30 23:30   --------   d-----w-   c:\program files\Unlocker
2009-08-30 14:22 . 2009-08-30 14:22   --------   dc----w-   C:\rsit
2009-08-30 05:43 . 2009-08-30 05:43   --------   d-----w-   c:\program files\Crawler
2009-08-30 05:43 . 2009-09-01 20:55   --------   d-----w-   c:\documents and settings\dell\Application Data\Spyware Terminator
2009-08-30 05:43 . 2009-08-30 05:43   6144   ----a-w-   c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-08-30 05:43 . 2009-08-30 05:43   5632   ----a-w-   c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-08-30 05:43 . 2009-08-30 05:43   142592   ----a-w-   c:\windows\system32\drivers\sp_rsdrv2.sys
2009-08-30 05:43 . 2009-09-01 20:55   --------   d-----w-   c:\program files\Spyware Terminator
2009-08-30 05:43 . 2009-09-01 19:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-08-29 22:30 . 2009-08-30 01:23   --------   d-----w-   c:\program files\SUPERAntiSpyware
2009-08-29 22:30 . 2009-08-29 22:30   --------   d-----w-   c:\documents and settings\dell\Application Data\SUPERAntiSpyware.com
2009-08-29 06:37 . 2009-08-29 06:37   --------   d-sh--w-   c:\documents and settings\Administrator\IETldCache
2009-08-26 19:32 . 2009-08-26 19:32   --------   d-----w-   c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-08-21 19:47 . 2009-09-01 05:29   --------   d-----w-   c:\documents and settings\dell\Application Data\foobar2000
2009-08-21 19:47 . 2009-08-25 14:53   --------   d-----w-   c:\program files\foobar2000
2009-08-17 07:04 . 2009-08-17 07:04   2173472   ----a-w-   c:\windows\system32\nvcplui.exe
2009-08-17 07:04 . 2009-08-17 07:04   81920   ----a-w-   c:\windows\system32\nvwddi.dll
2009-08-17 07:03 . 2009-08-17 07:03   3170304   ----a-w-   c:\windows\system32\nvwss.dll
2009-08-17 07:03 . 2009-08-17 07:03   4026368   ----a-w-   c:\windows\system32\nvvitvs.dll
2009-08-17 07:03 . 2009-08-17 07:03   188416   ----a-w-   c:\windows\system32\nvmccss.dll
2009-08-17 07:03 . 2009-08-17 07:03   1286144   ----a-w-   c:\windows\system32\nvmobls.dll
2009-08-17 07:03 . 2009-08-17 07:03   3547136   ----a-w-   c:\windows\system32\nvgames.dll
2009-08-17 07:03 . 2009-08-17 07:03   4923392   ----a-w-   c:\windows\system32\nvdisps.dll
2009-08-17 07:03 . 2009-08-17 07:03   86016   ----a-w-   c:\windows\system32\nvmctray.dll
2009-08-17 07:03 . 2009-08-17 07:03   168004   ----a-w-   c:\windows\system32\nvsvc32.exe
2009-08-17 07:03 . 2009-08-17 07:03   143360   ----a-w-   c:\windows\system32\nvcolor.exe
2009-08-17 07:03 . 2009-08-17 07:03   13877248   ----a-w-   c:\windows\system32\nvcpl.dll
2009-08-17 07:02 . 2009-08-17 07:02   229376   ----a-w-   c:\windows\system32\nvmccs.dll
2009-08-17 04:57 . 2009-08-17 04:57   2189856   ----a-w-   c:\windows\system32\nvcuvid.dll
2009-08-17 04:57 . 2009-08-17 04:57   1706528   ----a-w-   c:\windows\system32\nvcuvenc.dll
2009-08-17 04:57 . 2009-08-17 04:57   1597690   ----a-w-   c:\windows\system32\nvdata.bin
2009-08-11 01:37 . 2009-08-11 01:37   --------   d-----w-   c:\program files\MP3 Rocket

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 23:52 . 2004-08-04 10:00   55808   -c--a-w-   c:\windows\system32\eventlog.dll
2009-09-01 21:00 . 2009-04-22 05:07   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2009-09-01 21:00 . 2008-02-01 18:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-01 18:45 . 2009-02-19 14:42   --------   d-----w-   c:\program files\Windows Sidebar
2009-09-01 17:18 . 2009-02-11 23:49   --------   d-----w-   c:\documents and settings\dell\Application Data\Vista Start Menu
2009-09-01 16:59 . 2009-06-09 01:29   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-08-30 23:31 . 2009-03-03 19:26   --------   d-----w-   c:\documents and settings\dell\Application Data\Move Networks
2009-08-30 05:19 . 2009-02-26 06:06   --------   d-----w-   c:\program files\Wise Disk Cleaner
2009-08-26 19:32 . 2008-04-25 17:16   --------   d-----w-   c:\program files\NVIDIA Corporation
2009-08-26 19:16 . 2009-04-26 06:06   --------   d-----w-   c:\program files\WinFlip
2009-08-26 15:16 . 2009-02-19 07:03   1324   ----a-w-   c:\windows\system32\d3d9caps.dat
2009-08-24 01:26 . 2008-02-01 04:37   --------   d-----w-   c:\documents and settings\dell\Application Data\MP3Rocket
2009-08-17 04:57 . 2009-04-23 06:34   485920   ----a-w-   c:\windows\system32\nvudisp.exe
2009-08-17 04:57 . 2008-01-21 14:54   868352   ----a-w-   c:\windows\system32\nvapi.dll
2009-08-17 04:57 . 2008-01-21 14:54   155648   ----a-w-   c:\windows\system32\nvcodins.dll
2009-08-17 04:57 . 2008-01-21 14:54   155648   ----a-w-   c:\windows\system32\nvcod.dll
2009-08-17 04:57 . 2008-01-21 14:54   10457088   ----a-w-   c:\windows\system32\nvoglnt.dll
2009-08-17 04:57 . 2008-01-21 14:54   2002944   ----a-w-   c:\windows\system32\nvcuda.dll
2009-08-17 04:57 . 2008-01-08 12:04   7729568   ----a-w-   c:\windows\system32\drivers\nv4_mini.sys
2009-08-17 04:57 . 2008-01-08 12:04   5845760   ----a-w-   c:\windows\system32\nv4_disp.dll
2009-08-11 16:35 . 2009-04-23 06:34   485920   ----a-w-   c:\windows\system32\nvuninst.exe
2009-07-28 20:33 . 2009-06-25 03:51   55656   ----a-w-   c:\windows\system32\drivers\avgntflt.sys
2009-07-28 12:01 . 2009-07-28 03:19   --------   d-----w-   c:\documents and settings\All Users\Application Data\Autorun Eater
2009-07-22 21:12 . 2008-02-08 03:36   --------   d-----w-   c:\program files\Common Files\Adobe
2009-06-26 01:21 . 2009-06-26 01:21   488960   ----a-w-   c:\documents and settings\dell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv302-0811070-0-main.dll
2009-06-26 01:21 . 2009-06-26 01:21   319488   ----a-w-   c:\documents and settings\dell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
2009-06-16 06:35 . 2009-06-16 06:35   97144   ----a-w-   c:\documents and settings\dell\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
.

------- Sigcheck -------

[-] 2008-10-16 19:09   78360   0FB0036ACEA470CC670C4919FE53007F   c:\windows\7SP_Files\wuauclt.exe
[-] 2008-10-16 19:09   78360   0FB0036ACEA470CC670C4919FE53007F   c:\windows\7SP_Files\backup\wuauclt.exe
[-] 2008-10-16 19:09   78360   0FB0036ACEA470CC670C4919FE53007F   c:\windows\system32\wuauclt.exe
[-] 2008-10-16 19:09   78360   0FB0036ACEA470CC670C4919FE53007F   c:\windows\VSP_Files\wuauclt.exe
[-] 2008-10-16 19:09   78360   0FB0036ACEA470CC670C4919FE53007F   c:\windows\VSP_Files\backup\wuauclt.exe

[-] 2004-08-04 10:00   1390080   D1D58275780F3DD626EC17904E2E734D   c:\windows\7SP_Files\comres.dll
[7] 2004-08-04 10:00   792064   6728270CB7DBB776ED086F5AC4C82310   c:\windows\7SP_Files\backup\comres.dll
[-] 2004-08-04 10:00   948736   8C23B380C5292E3A9EF88C458341C30E   c:\windows\system32\comres.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe" [2008-09-24 2143744]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"TransBar"="c:\documents and settings\dell\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe" [2005-08-05 66048]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-08-29 1232384]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2009-08-30 3055616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-12-12 157312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IRReceive"="c:\program files\IRReceive\IRReceive.exe" [2007-06-26 675913]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-08-13 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-08-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-08-17 13877248]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

c:\documents and settings\dell\Start Menu\Programs\Startup\
TrueTransparency.lnk - c:\program files\TrueTransparency\TrueTransparency.exe [2009-4-26 263680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-26 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-28 809488]
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2009-6-25 258048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30   72208   ----a-w-   c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^dell^Start Menu^Programs^Startup^Refresh Icon Cache.lnk]
backup=c:\windows\pss\Refresh Icon Cache.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dell^Start Menu^Programs^Startup^ViSplore.lnk]
backup=c:\windows\pss\ViSplore.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dell^Start Menu^Programs^Startup^YzShadow.lnk]
backup=c:\windows\pss\YzShadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" startup
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"TV Card Remote Control Device Monitor"=c:\windows\713xRMTMon.exe
"REGSHAVE"=c:\program files\REGSHAVE\REGSHAVE.EXE /AUTORUN
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" /reg
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\dell\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\ArcSoft\\TotalMedia 3.5\\TotalMedia.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/30/2009 1:43 AM 142592]
R3 AV88BASE;Cx2388x Base Driver;c:\windows\system32\drivers\av88base.sys [9/5/2008 7:33 PM 570112]
R3 viafilter;VIA USB Filter;c:\windows\system32\drivers\viausb1.sys [1/26/2009 2:08 AM 9728]
S1 SASDIFSV;SASDIFSV;\??\c:\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> C:c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 713xTVCard;SAA7130 TV Card;c:\windows\system32\drivers\SAA713x.sys [4/10/2008 8:21 PM 279552]
S2 HidCom;USB-HID -> COM Driver Service;c:\windows\system32\drivers\HidCom.sys [8/24/2001 9:06 AM 69575]
S2 WDMTVTuner;Universal WDM TV Tuner;c:\windows\system32\drivers\WDMTuner.sys [4/10/2008 8:24 PM 25984]
S3 audiobridge;Virtual Audio Bridge;c:\windows\system32\drivers\aubridge.sys [7/23/2007 3:04 PM 22528]
S3 CamdAudio;CamdAudio;c:\windows\system32\drivers\CamdAudio.sys [1/26/2009 2:13 PM 23096]
S3 CamdVideo;CamdVideo;c:\windows\system32\drivers\CamdVideo.sys [1/26/2009 2:13 PM 3768]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [1/26/2009 11:54 AM 23096]
S3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [1/26/2009 11:54 AM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s wlsrvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{65FFB6E3-03E8-48C4-9376-D649003738E9}]
HIDEC /W "%VAIOTOOLS%\REGTLIB" "%ProgramFiles%\Common Files\Ahead\Lib\NeroGadgetCMServer.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]
"%ProgramFiles%\Windows Sidebar\.\regsvr32.exe" /s sbdrop.dll

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
HIDEC /W "%VAIOTOOLS%\REGTLIB" "%ProgramFiles%\Windows Sidebar\sidebar.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-09-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-02 22:02]

2009-09-01 c:\windows\Tasks\User_Feed_Synchronization-{09F9BF91-3135-4F96-9BD3-0AA342EF2B6B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]

2009-03-01 c:\windows\Tasks\Wise Disk Cleaner 4.job
- c:\program files\Wise Disk Cleaner\WiseDiskCleaner.exe [2009-02-26 00:06]

2009-02-22 c:\windows\Tasks\Wise Registry Cleaner 4.job
- c:\program files\Wise Registry Cleaner 4\WiseRegistryCleaner.exe [2009-02-22 18:07]
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-Winfl40.sys


.
------- Supplementary Scan -------
.
IE: Crawler Search - tbr:iemenu
TCP: {676EF022-6ED2-476D-ACC3-554386970D9C} = 208.67.222.222,208.67.220.220
TCP: {A85D69C8-F01C-4630-B4D8-6EF16A906F26} = 208.67.222.222,208.67.220.220
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\dell\Application Data\Mozilla\Firefox\Profiles\191kpxr4.default\
FF - prefs.js: browser.search.selectedEngine - Crawler Search
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-01 20:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\MPR.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3740)
c:\program files\RocketDock\RocketDock.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\program files\TrueTransparency\TrueTransparencyHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\nvwddi.dll
c:\program files\Vista Start Menu\VistaStartMenu.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
c:\windows\system32\ZuneBusEnum.exe
c:\program files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-09-02 20:05 - machine was rebooted
ComboFix-quarantined-files.txt  2009-09-02 00:05

Pre-Run: 51,374,362,624 bytes free
Post-Run: 54,587,867,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

353   --- E O F ---   2009-01-16 08:01

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #7 on: September 01, 2009, 11:39:59 PM »
BRAVO!!!!!......Corrine :Hammys pint:

Able to run Malwarebytes and others.

You saved me! Thank you so much.

On my way to over to make a donation to Combo Fix. You and they are a life saver.

Ciao

T.

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1394
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #8 on: September 02, 2009, 12:19:13 AM »
Your post suggests you tried some things on your own rather than waiting to hear back from us, and while things seem to be working better for you, there's no way for us to review your logs and check to see if things are looking ok or not.  Here at LandzDown, we work step-by-step through logs, reviewing each individual's log thoroughly and base suggestions from what we find, and now that steps occurred beyond those provided here, it negates our progress and resets the thread (meaning, had you wanted us to continue working through your logs, we would have needed to start over).  Going forward, it is paramount to wait for our replies and only perform the steps indicated, and if there is something you feel should be attempted, to run it past us first before doing it.

However, hopefully whatever it is you have done to your system has fully resolved things and you're able to properly clean up from it, and if you would like our assistance sometime in the future, then please keep these asks in mind.

Thanks,
//Aaron

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #9 on: September 02, 2009, 12:42:45 AM »
Hi, Tomcat14.  I am certain the developer of ComboFix will appreciate the donation.  He puts an incredible amount of time not only in the continuing development of ComboFix but also in consulting with and helping with the analysts.

That said, I agree with Aaron.  I haven't had an opportunity to properly analyze your log yet and even with a cursory look see issues that require addressing.  

Since you have scanned with Malwarebytes, please post that log.  I would also like to see an RSIT log now. Please see those instructions in my initial response to you.

Thanks.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #10 on: September 02, 2009, 01:39:06 AM »
Logfile of random's system information tool 1.06 (written by random/random)
Run by dell at 2009-09-01 22:35:53
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 52 GB (67%) free of 78 GB
Total RAM: 1023 MB (16% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{09F9BF91-3135-4F96-9BD3-0AA342EF2B6B}.job
C:\WINDOWS\tasks\Wise Disk Cleaner 4.job
C:\WINDOWS\tasks\Wise Registry Cleaner 4.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-08-26 1218560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{647FD14A-C4F1-46F4-8FC3-0B40F54226F7}]
jZip Webmail plugin - C:\Program Files\jZip\WebmailPlugin.dll [2009-01-27 591296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-15 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-15 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D2F8F919-690B-4EA2-9FA7-A203D1E04F75}
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-08-26 1218560]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-03-15 196608]
"Zune Launcher"=c:\Program Files\Zune\ZuneLauncher.exe [2008-12-12 157312]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"IRReceive"=C:\Program Files\IRReceive\IRReceive.exe [2007-06-26 675913]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VistaStartMenu"=C:\Program Files\Vista Start Menu\VistaStartMenu.exe [2008-09-24 2143744]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"NVIDIA nTune"=C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
"TransBar"=C:\Documents and Settings\dell\Local Settings\Application Data\AKSoftware\TransBar\TransBar.exe [2005-08-05 66048]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2007-08-29 1232384]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2009-08-30 3055616]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell^Start Menu^Programs^Startup^Refresh Icon Cache.lnk]
C:\WINDOWS\7SP_FI~1\REFRES~1\REFRES~1.EXE [2004-12-01 203139]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell^Start Menu^Programs^Startup^ViSplore.lnk]
C:\WINDOWS\7SP_FI~1\ViSplore\VISPLO~1.EXE [2009-03-22 688128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^dell^Start Menu^Programs^Startup^YzShadow.lnk]
C:\WINDOWS\7SP_FI~1\YzShadow\YzShadow.exe [2006-05-21 151552]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Documents and Settings\dell\Start Menu\Programs\Startup
TrueTransparency.lnk - C:\Program Files\TrueTransparency\TrueTransparency.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe"="C:\Program Files\Java\jre1.6.0_07\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\dell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\dell\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:*:Enabled:ArcSoft TotalMedia"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Disabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-09-01 20:26:51 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-01 20:05:08 ----AC---- C:\ComboFix.txt
2009-09-01 20:01:20 ----SHDC---- C:\RECYCLER
2009-09-01 19:50:53 ----AC---- C:\Boot.bak
2009-09-01 19:50:50 ----RASHDC---- C:\cmdcons
2009-09-01 19:45:06 ----A---- C:\WINDOWS\zip.exe
2009-09-01 19:45:06 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-09-01 19:45:06 ----A---- C:\WINDOWS\SWSC.exe
2009-09-01 19:45:06 ----A---- C:\WINDOWS\SWREG.exe
2009-09-01 19:45:06 ----A---- C:\WINDOWS\sed.exe
2009-09-01 19:45:06 ----A---- C:\WINDOWS\PEV.exe
2009-09-01 19:45:06 ----A---- C:\WINDOWS\NIRCMD.exe
2009-09-01 19:45:06 ----A---- C:\WINDOWS\grep.exe
2009-09-01 19:45:00 ----SDC---- C:\abc.com
2009-09-01 19:45:00 ----D---- C:\WINDOWS\ERDNT
2009-09-01 19:37:23 ----DC---- C:\Qoobox
2009-09-01 14:22:29 ----D---- C:\Program Files\WinClamAVShield
2009-08-31 18:16:48 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-08-31 18:16:48 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-08-31 18:16:48 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-08-31 18:16:48 ----A---- C:\WINDOWS\system32\unrar3.dll
2009-08-31 18:16:48 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-08-31 18:04:53 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-31 18:01:51 ----DC---- C:\MGtools
2009-08-31 14:10:39 ----D---- C:\Documents and Settings\dell\Application Data\Bitdefender
2009-08-31 14:09:25 ----D---- C:\Program Files\Softwin
2009-08-31 14:09:25 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-08-31 14:08:36 ----D---- C:\Program Files\Common Files\Softwin
2009-08-31 01:22:45 ----D---- C:\Program Files\Bam
2009-08-30 13:19:04 ----D---- C:\Program Files\trend micro
2009-08-30 11:33:47 ----D---- C:\Program Files\Unlocker
2009-08-30 10:22:15 ----DC---- C:\rsit
2009-08-30 01:43:42 ----D---- C:\Program Files\Crawler
2009-08-30 01:43:39 ----D---- C:\Documents and Settings\dell\Application Data\Spyware Terminator
2009-08-30 01:43:37 ----D---- C:\Program Files\Spyware Terminator
2009-08-30 01:43:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-08-29 18:30:29 ----D---- C:\Program Files\SUPERAntiSpyware
2009-08-29 18:30:29 ----D---- C:\Documents and Settings\dell\Application Data\SUPERAntiSpyware.com
2009-08-26 15:32:47 ----D---- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2009-08-21 15:47:46 ----D---- C:\Documents and Settings\dell\Application Data\foobar2000
2009-08-21 15:47:39 ----D---- C:\Program Files\foobar2000
2009-08-17 03:04:24 ----A---- C:\WINDOWS\system32\nvcplui.exe
2009-08-17 03:04:08 ----A---- C:\WINDOWS\system32\nvwddi.dll
2009-08-17 03:03:44 ----A---- C:\WINDOWS\system32\nvwss.dll
2009-08-17 03:03:38 ----A---- C:\WINDOWS\system32\nvvitvs.dll
2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmobls.dll
2009-08-17 03:03:28 ----A---- C:\WINDOWS\system32\nvmccss.dll
2009-08-17 03:03:22 ----A---- C:\WINDOWS\system32\nvgames.dll
2009-08-17 03:03:02 ----A---- C:\WINDOWS\system32\nvdisps.dll
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvmctray.dll
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcpl.dll
2009-08-17 03:03:00 ----A---- C:\WINDOWS\system32\nvcolor.exe
2009-08-17 03:02:52 ----A---- C:\WINDOWS\system32\nvmccs.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvid.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuvenc.dll
2009-08-10 21:37:15 ----D---- C:\Program Files\MP3 Rocket

======List of files/folders modified in the last 1 months======

2009-09-01 22:35:59 ----D---- C:\WINDOWS\Prefetch
2009-09-01 21:40:30 ----D---- C:\WINDOWS\Temp
2009-09-01 20:51:20 ----D---- C:\Program Files\Mozilla Firefox
2009-09-01 20:43:41 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-01 20:26:53 ----D---- C:\WINDOWS\system32\drivers
2009-09-01 20:26:51 ----RD---- C:\Program Files
2009-09-01 20:05:11 ----D---- C:\WINDOWS\system32
2009-09-01 20:03:58 ----SD---- C:\WINDOWS\Tasks
2009-09-01 20:03:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-01 20:03:29 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-01 20:01:36 ----D---- C:\WINDOWS
2009-09-01 20:01:36 ----AC---- C:\WINDOWS\system.ini
2009-09-01 19:58:43 ----D---- C:\WINDOWS\system32\config
2009-09-01 19:58:16 ----SHD---- C:\WINDOWS\Installer
2009-09-01 19:56:33 ----D---- C:\WINDOWS\AppPatch
2009-09-01 19:56:32 ----D---- C:\Program Files\Common Files
2009-09-01 19:52:45 ----C---- C:\WINDOWS\system32\eventlog.dll
2009-09-01 19:52:44 ----HD---- C:\WINDOWS\PIF
2009-09-01 19:52:44 ----HD---- C:\WINDOWS\msdownld.tmp
2009-09-01 19:52:44 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-09-01 19:52:44 ----D---- C:\WINDOWS\win7Xp
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\xircom
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\wins
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\ShellExt
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\inetsrv
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\export
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\dhcp
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\3com_dmi
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\3076
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\2052
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\1054
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\1042
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\1041
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\1037
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\1031
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\1028
2009-09-01 19:52:44 ----D---- C:\WINDOWS\system32\1025
2009-09-01 19:52:44 ----D---- C:\WINDOWS\NV11281132.TMP
2009-09-01 19:52:44 ----D---- C:\WINDOWS\mui
2009-09-01 19:52:44 ----D---- C:\WINDOWS\Minidump
2009-09-01 19:52:44 ----D---- C:\WINDOWS\Connection Wizard
2009-09-01 19:52:44 ----D---- C:\WINDOWS\Config
2009-09-01 19:52:44 ----D---- C:\WINDOWS\addins
2009-09-01 19:50:53 ----RASH---- C:\boot.ini
2009-09-01 17:00:53 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-01 17:00:52 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-01 14:45:07 ----D---- C:\Program Files\Windows Sidebar
2009-09-01 13:18:20 ----D---- C:\Documents and Settings\dell\Application Data\Vista Start Menu
2009-09-01 12:59:49 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-09-01 12:01:51 ----HD---- C:\WINDOWS\inf
2009-09-01 11:59:43 ----D---- C:\Config.Msi
2009-09-01 11:59:42 ----D---- C:\WINDOWS\WinSxS
2009-08-31 16:26:54 ----D---- C:\TDdownload
2009-08-30 19:31:12 ----D---- C:\Documents and Settings\dell\Application Data\Move Networks
2009-08-30 01:19:33 ----D---- C:\Program Files\Wise Disk Cleaner
2009-08-26 15:45:58 ----D---- C:\WINDOWS\Help
2009-08-26 15:32:53 ----D---- C:\Program Files\NVIDIA Corporation
2009-08-26 15:32:31 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-26 15:32:03 ----DC---- C:\NVIDIA
2009-08-26 15:16:07 ----D---- C:\Program Files\WinFlip
2009-08-23 21:26:09 ----D---- C:\Documents and Settings\dell\Application Data\MP3Rocket
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvudisp.exe
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvoglnt.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcuda.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcodins.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvcod.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nvapi.dll
2009-08-17 00:57:00 ----A---- C:\WINDOWS\system32\nv4_disp.dll
2009-08-11 12:35:08 ----A---- C:\WINDOWS\system32\nvuninst.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
R1 OMCI;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2002-10-15 17153]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-11-10 40832]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AV88BASE;Cx2388x Base Driver; C:\WINDOWS\system32\drivers\av88base.sys [2008-01-08 570112]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2003-09-22 130192]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-04 9600]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\system32\DRIVERS\NetMotCM.sys [2004-09-29 15360]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-17 7729568]
R3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2003-09-22 178672]
R3 P16X;Creative SB Live! Series (WDM); C:\WINDOWS\system32\drivers\P16X.sys [2003-09-22 1330048]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 viafilter;VIA USB Filter; C:\WINDOWS\System32\Drivers\viausb1.sys [2009-01-26 9728]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S1 SASDIFSV;SASDIFSV; \??\C:\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S2 713xTVCard;SAA7130 TV Card; C:\WINDOWS\system32\DRIVERS\SAA713x.sys [2006-10-11 279552]
S2 HidCom;USB-HID -> COM Driver Service; C:\WINDOWS\system32\DRIVERS\HidCom.sys [2001-08-24 69575]
S2 WDMTVTuner;Universal WDM TV Tuner; C:\WINDOWS\system32\drivers\WDMTuner.sys [2006-10-11 25984]
S3 audiobridge;Virtual Audio Bridge; C:\WINDOWS\system32\DRIVERS\aubridge.sys [2007-07-23 22528]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CamdAudio;CamdAudio; C:\WINDOWS\system32\drivers\CamdAudio.sys [2008-11-11 23096]
S3 CamdVideo;CamdVideo; C:\WINDOWS\system32\DRIVERS\CamdVideo.sys [2008-11-11 3768]
S3 catchme;catchme; \??\C:\abc.com\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GcKernel;Microsoft SideWinder Value Add - Filter Driver; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2004-08-03 59136]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 HIDSwvd;Microsoft SideWinder Virtual HID Device Mini-Driver; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-09-21 63120]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-09-21 78992]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-03 15360]
S3 msgame;Sidewinder HID to Joystick Port Enabler; C:\WINDOWS\system32\DRIVERS\msgame.sys [2001-08-17 35200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 Profos;Profos; \??\C:\Program Files\Softwin\BitDefender10\profos.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2005-07-25 48640]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SndTAudio;SndTAudio; C:\WINDOWS\system32\drivers\SndTAudio.sys [2008-11-11 23096]
S3 SndTVideo;SndTVideo; C:\WINDOWS\system32\DRIVERS\SndTVideo.sys [2008-11-11 3768]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Trufos;Trufos; \??\C:\Program Files\Softwin\BitDefender10\trufos.sys []
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); C:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-08-22 280576]
S3 WinUSB;WinUSB; C:\WINDOWS\system32\DRIVERS\WinUSB.sys [2006-11-02 39368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2009-02-06 109056]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-15 152984]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe [2008-07-11 278528]
R2 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-08-30 487424]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe [2006-11-09 86016]
R2 ZuneBusEnum;Zune Bus Enumerator; c:\WINDOWS\system32\ZuneBusEnum.exe [2008-11-10 60032]
S2 bdss;BitDefender Scan Server; C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe /service []
S2 UpdateCenterService;Update Center Service; C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe /StartService []
S2 VSSERV;BitDefender Virus Shield; C:\Program Files\Softwin\BitDefender10\vsserv.exe [2007-10-24 462848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 ZuneNetworkSvc;Zune Network Sharing Service; c:\Program Files\Zune\ZuneNss.exe [2008-12-12 5117568]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service; c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-11-10 243840]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #11 on: September 02, 2009, 01:45:35 AM »
info.txt logfile of random's system information tool 1.06 2009-09-01 22:36:20

======Uninstall list======

-->"C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S /R
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{44DC86A0-248D-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{51F5239C-197B-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9  /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F865C2FE-25E7-11D6-9BAF-0090271AF8A4}\setup.exe" -l0x9  /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
ArcSoft TotalMedia 3.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}\Setup.exe" -l0x9
AudibleManager-->C:\Program Files\Audible\Bin\Upgrade.exe /Uninstall
BitDefender Free Edition v10-->MsiExec.exe /I{CEFC581D-BEAE-4F75-989E-BD931970D8AD}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
ConvertHelper 2.2-->"C:\Program Files\ConvertHelper\unins000.exe"
COWON Media Center - jetAudio Plus VX-->C:\Program Files\InstallShield Installation Information\{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}\setup.exe -runfromtemp -l0x0009 -removeonly
Crawler Toolbar with Web Security Guard-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Drv-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DA71A94B-3617-4935-8BBE-1566B2174C95}\setup.exe" -l0x9  -removeonly
erLT-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
FastStone Photo Resizer 2.8-->C:\Program Files\FastStone Photo Resizer\uninst.exe
FinePix Studio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}\SETUP.EXE" -l0x9
FinePixViewer Resource-->C:\Program Files\InstallShield Installation Information\{B44529FF-501E-47CD-A06D-223C161BE058}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
FinePixViewer Ver.5.4-->C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE -runfromtemp -l0x0009 -removeonly
foobar2000 v0.9.6.8-->"C:\Program Files\foobar2000\uninstall.exe" _?=C:\Program Files\foobar2000
FormatFactory 1.70-->C:\Program Files\FormatFactory\uninst.exe
Fotosizer 1.19-->C:\Program Files\Fotosizer\uninst.exe
FUJIFILM USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
Gadget Extractor-->MsiExec.exe /X{C8838D06-D7DB-4CB0-BF13-7191D2D84C42}
Gadwin PrintScreen-->C:\Program Files\Gadwin Systems\PrintScreen\Uninstall.exe
Glary Utilities 2.10.0.622-->"C:\Program Files\Glary Utilities\unins000.exe"
hexTronik ESC Config-->"C:\WINDOWS\hexTronik ESC Config\uninstall.exe" "/U:C:\Program Files\hexTronik ESC Config\Uninstall\uninstall.xml"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Intel Application Accelerator-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9984DF60-1C5B-11D3-ACA1-908A4FC10801}\Setup.exe"  -INTELUNINST
Intel(R) PRO Network Adapters and Drivers-->Prounstl.exe
IRReceive-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97B78FAE-5E46-4E56-9B25-37862F5EC568} /l1033
Japanese Fonts Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-800000000003}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
jZip-->C:\PROGRA~1\jZip\UNWISE.EXE /U C:\PROGRA~1\jZip\INSTALL.LOG
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.EXE" -l0x9 UNINSTALL
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MATLAB Component Runtime 7.6-->MsiExec.exe /I{C04BADDA-A8E5-4460-8385-88F2A9E2A305}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3 Rocket-->C:\Program Files\MP3 Rocket\Uninstall.exe
Mp3Gain PRO-->"C:\Program Files\Mp3GainPRO\unins000.exe"
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
NETGEAR WG311v3 802.11g Wireless PCI Adapter-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{70014586-7BBA-4A92-A610-CDC896C48F8F}
Network Stumbler 0.4.0 (remove only)-->"C:\Program Files\Network Stumbler\uninst.exe"
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA nTune-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF} /l1033
NVIDIA nView Desktop Manager-->C:\Program Files\NVIDIA Corporation\nView\nViewSetup.exe -uninstall
NVIDIA System Update-->"C:\Program Files\InstallShield Installation Information\{6F69C969-2942-4E7B-B594-75B37664B8BA}\setup.exe" -runfromtemp -l0x0409 -removeonly
Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F}
PL-2303 USB-to-Serial-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly
RocketDock 1.3.5-->"C:\Program Files\RocketDock\unins000.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Sound Blaster Live!-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}\setup.exe" -l0x9
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
VAIOXP-->MsiExec.exe /X{BB05D173-9681-4812-A7FA-BD4042A3DA00}
ViSplore-->C:\Program Files\ViSplore\KillMe.exe
Vista Start Menu 3.01-->"C:\Program Files\Vista Start Menu\unins000.exe"
Windows Essentials Media Codec Pack 2.3b-->C:\Program Files\Essentials Codec Pack\uninst.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media DRM Reset-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\resetdrm.inf,Uninstall
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Sidebar 6.0.6001.16633-->C:\WINDOWS\Windows Sidebar\uninst.exe
Wise Disk Cleaner 4.11-->"C:\Program Files\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 4 Free 4.12-->"C:\Program Files\Wise Registry Cleaner 4\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}
Zune Language Pack (ES)-->MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR)-->MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}
Zune Software Customizer 2.5-->"C:\Program Files\Zune\unins000.exe"
Zune-->c:\Program Files\Zune\ZuneSetup.exe /x
Zune-->MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}

======Security center information======

AV: Bitdefender Antivirus

======System event log======

Computer Name: DELL-98DE1EE877
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 8
Source Name: Service Control Manager
Time Written: 20090901195839.000000-240
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 7009
Message: Timeout (30000 milliseconds) waiting for the PEVSystemStart service to connect.

Record Number: 7
Source Name: Service Control Manager
Time Written: 20090901195832.000000-240
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 11
Message: The device Root\LEGACY_NPF\0000 disappeared from the system without first being prepared for removal.

Record Number: 6
Source Name: PlugPlayManager
Time Written: 20090901195832.000000-240
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 1
Message: The System Restore filter encountered the unexpected error '0xC000000D' while processing the file 'KB931784' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.

Record Number: 2
Source Name: sr
Time Written: 20090901195244.000000-240
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 55
Message: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume C:.

Record Number: 1
Source Name: Ntfs
Time Written: 20090901195241.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: DELL-98DE1EE877
Event Code: 1
Message:
Record Number: 138
Source Name: nview_info
Time Written: 20090210193526.000000-300
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 1
Message:
Record Number: 137
Source Name: nview_info
Time Written: 20090210193526.000000-300
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 1
Message:
Record Number: 136
Source Name: nview_info
Time Written: 20090210193526.000000-300
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 1
Message:
Record Number: 135
Source Name: nview_info
Time Written: 20090210193519.000000-300
Event Type: error
User:

Computer Name: DELL-98DE1EE877
Event Code: 1
Message:
Record Number: 134
Source Name: nview_info
Time Written: 20090210193519.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\MATLAB\MATLAB Component Runtime\v76\runtime\win32;C:\Program Files\jZip;C:\Program Files\VAIOXP\Libraries;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0207
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------

Sorry didn't mean to go out of order......I couldn't run "RIST" until after ComboFix....not sure why. Tried several different "renames" always denied it to run.

I also could stay on this page to get the information...I kept getting redirected for some crazy reason...must have been a tied in with the search engine....I installed several different anti-virus versions that I had already in my computer. Some I was able to update and some not. Malwarebytes comes back completely clean on Full Scan 4 times now...

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19421
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #12 on: September 02, 2009, 02:02:30 PM »
Hi, Tomcat14.  Thank you for posting the RSIT log.  I realize you couldn't run it and other programs before.  However, I wanted to see the log in order to provide you with additional information regarding the state of your computer.

Please do the following to implement cleanup procedures and also to reset System Restore points:

Click Start > Run and Copy/Paste the following bolded text into the Run box and click OK:  ComboFix /u



Note: In the event you wish to contribute to the ongoing development of ComboFix, the developer is accepting donations via PayPal.


Next, let's take care of the obvious vulnerable software on your computer.

SunJava:

You have outdated, vulnerable versions of SunJava on your computer.  Start by going to add/remove programs and uninstall the following:

Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}


Following that, please download JavaRa and unzip it to your desktop.

  • Double-click on JavaRa.exe to start the program.  (Windows Vista users Right-click JavaRa.exe > Select Run as Administrator)
  • Click on Remove Older Versions to remove older versions of Java.
  • A logfile will pop up. Please save it to a convenient location.

Then download and install Java SE Runtime Environment (JRE) 6 Update 16.   

Download Link: Java SE Runtime Environment 6u16

Note:  UNCHECK any pre-checked toolbar and/or software options presented with the update.  They are not part of the software update and are completely optional.   

Adobe Flash Player:

1. Go to add/remove programs and uninstall Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
2. Download Flush Flash Cookies by Bobbi Flekman.
3. Select the Windows version and save flushflash.exe to your Desktop.
4. Double-click flushflash.exe to run it.
5. Select Everything but Site settings.
6. Click Make it so!.
7. When the "Killed off all Flash cookies" window opens, click OK.
8. Close Flush Flash Cookies.

As explained in this Register article, Sites pulling sneaky Flash cookie-snoop, Flash cookies are a new source of concern.  If you use Firefox, consider the Add-on: BetterPrivacy.  To see how to use the On-line Settings Manager to configure Flash Player settings, see this article.

Update Adobe Reader

1.  Go to add/remove programs and uninstall Adobe Reader, located at Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
2.  Install the latest version of Adobe Reader from http://www.adobe.com/products/reader/
or
3.  Switch to an alternate PDF reader.  There are a number of open source readers available from http://pdfreaders.org/.

Other:

1.  I strongly encourage you to uninstall the following registry cleaners as such tools are known to cause more damage than they cure:

Wise Disk Cleaner 4.11-->"C:\Program Files\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 4 Free 4.12-->"C:\Program Files\Wise Registry Cleaner 4\unins000.exe"


2.  If your version of BitDefender does not include a firewall, please select from one of the following firewall programs which are free for personal use:

Online Armor Free
Agnitum Outpost Firewall
Kerio Personal Firewall

3.  Having a firewall, anti-virus and anti-malware software are not enough.  You also need to stay current with security updates.  If you don't have your computer set to automatically install the Microsoft Security Updates, please check for updates now.  For additional information, see my blog post Understanding Microsoft Updates

4.  To check if your system is missing security updates or has insecure applications installed, visit http://secunia.com/software_inspector/ .  The Secunia Software Inspector runs through your browser with no installation or download required and does the following:
  • Detects insecure versions of applications installed
  • Verifies that all Microsoft patches are applied
  • Assists you in updating your system and applications

5.  Install and update SpywareBlaster to prevent the installation of spyware and other potentially unwanted software: http://www.javacoolsoftware.com/spywareblaster.html

6.  My favorite security software is WinPatrol which includes the features described at http://www.winpatrol.com/features.html

Finally, please let me know if you have any questions.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Tomcat14

  • Jr. Member
  • **
  • Posts: 8
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #13 on: September 02, 2009, 04:59:56 PM »
Hi Corrine,

I've done everything you asked and added Online Armor. Update all Adobe, Java, Windows and uninstalled both Wise programs. I'll will look into updating to SP3, however, the reason I didn't do it prior to now is because it was interfering with the Zune programs. Many people were have serious issue when the update became available. I hope most of the bugs are worked out by now. I haven't looked into it in several months. I'll go to you blog and do some reading.

Many thanks to you and all here for you help and generosity.

T.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7203
  • Liverpool FC - YNWA
    • View Profile
Re: Virus won't let me run Malwarebytes or Spybot S&D
« Reply #14 on: September 02, 2009, 05:19:16 PM »
If you haven't already, you might want to look into the Zune Device Diagnostic Tool that Microsoft released:  http://www.microsoft.com/downloads/details.aspx?FamilyID=F872E08B-27A2-4E1E-A0FE-862E4D6B901F&displaylang=en

It compiles information about your system configuration to help diagnose specific wired and wireless sync connection problems.   :D
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member