Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

How do I get rid of this NTOSKRNL-HOOK trojan [Solved]

Started by Master Spade , Jul 14 2009 03:29 PM

This topic is locked

#1
Master Spade

Posted 14 July 2009 - 03:29 PM

Member

Member
94 posts

I've been redirected to this site from others that say this forum might be able to help, as the others couldn't. I'll copy and paste the information:

I've seen, read, and tried the suggestion from other threads that had the same problem, but that did not remove the trojan in my case.

I tried the one where I Boot into safe mode and run a scan there. I did that, but still have the same problem. It worked for some others, so I wonder why it didn't work for me?

I just tried the talking online with McAfee worker. They did NOTHING about this except tell me to PAY money to fix the problem. Why should we Pay McAfee to use their product, then when it FAILS to do it's job in Protecting our PC's, they want MORE of our Money!!?? If their product did what it's supposed to do in the first place, there wouldn't be a Problem!

Any other ways of finally getting rid of the NTOSKRNL-HOOK trojan?

Any help would be VERY Appreciated. Thanks.

I've been surching the internet for a solution. I've noticed a possible symptom of this Trojan. When I google for removal instructions, I try to click on one of the results. But instead of taking me to the address of that link, it takes me to other search sites!!?? I'm thinking this is a cause of the Trojan?

Anyway, when I run the scan, besides the NTOSKRNL-HOOK trojan, it continues to find the same 2 other trojans. Maybe they're related? The other 2 are:

Detection Names: DNSChanger.ad

Status: Scan after restart

File Name: C:\windows\system32\skynetbfoqlxet.dll

C:\windows\system32\skynetfsodemqs.dll

McAfee doesn't remove them and only says that the "Status" is it will rescan after restart, which doesn't help. And I try to remove them manually since it shows the location, but this comes up:
Cannot delete SKYNETbfoqlxet: Access is denied;

Make sure the disk is not full or write-protected and that the file is not currently in use.

Any Suggestions?

-------------------------------------------
Just to keep everyone up to date, I've tried another suggestion I saw on the internet that seemed to work for some. I went into Safe Mode with Networking. Downloaded Malwarebytes Anti-Malware while in that safe mode, renamed the .exe file to gogetem, ran the complete scan, and while it did detect the same trojan and Malware that McAfee did, it does NOT remove them. It says it does, and says to complete removal that I have to restart the PC. I do restart the PC, run another scan, and the cycle starts ALL OVER Again!! Bottom line is it does NOT remove the Trojans.

So I am currently trying another suggestion I saw. I downloaded SuperAntySpyware, but the PC won't let me Install it!?? When I try to, this message comes up: "The System Administrator has set policies to prevent this installation." It seems like that trojan is now the Administrator!!?? I renamed the .exe file before I tried to install that software just like the other one, but that did not work for this one. Why did it allow me to install Malwarebytes Anti-Malware, but it now won't let me install SuperAntySpyware?? Is it because the SuperAntySpyware WILL remove it?

Any suggestions? What else can I do?
If you need more info from me, just let me know.
-----------------------------------------------------
7-14=09 --- After some time, I the PC finally let me download and Install SuperAntySpyware. I ran a scan that said it found over 500 detections!! McAfee only finds 4, and Malwarebytes only found about 17!!?? Anyway, I tried Deleting those files. It says it did, but it had to restart the PC to make it happen. I restarted the PC, ran another scan, and those same 3 continue to come up!?? The NTOSKRNL-HOOK trojan, and the 2 SKYNET ones!??

What else can I do? Thanks in advance.

#2
heir

Posted 14 July 2009 - 03:43 PM

Trusted Helper

Malware Removal
5,427 posts

Hello Master Spade !

Welcome to the site!

My nickname is heir and I'll be helping clean up your computer.

Before we proceed to clean your computer from malware, let's go over some points that will help both me and you, and prevent causing damage to your computer:

To make sure that you receive an email when I reply to this topic, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
Please don't be afraid to ask questions! No question is considered dumb here. It's better to be safe than sorry!
When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
NEVER fix anything in HijackThis or other programs on your own! This can be very dangerous and cause harm to your system. If you see a certain entry or program you're unsure about, please don't hesitate to ask!
Make sure you reply to this thread using the Add Reply button:

Please read my posts completely before following the instructions.
It may be easier for you if you copy and paste a post to a new text document or print it for reference later.
This is required when you won't have access to Internet.

I've seen, read, and tried the suggestion from other threads that had the same problem, but that did not remove the trojan in my case.

Don't do that. It's dangerous. Posts in a topic is tailored for that user only. Starting a new topic here with your issue is the right thing to do.

Step 1.
ComboFix:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 2
Link 3

Posted Image

--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.

Step 2.
OTL-scan:

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Step 3.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 4.
Things I would like to see in your reply:

The content of C:\ComboFix.txt from step 1.
The content of OTL.txt and Extras.txt from step 2.
The content of C:\lopR.txt from step 3.

#3
Master Spade

Posted 14 July 2009 - 04:08 PM

Member

Topic Starter
Member
94 posts

Thanks for responding so quick!

First thing though, while I downloaded Combofix, a Warning box/message came out that says:

Combofix Has Detected the following real time scanner(s) to be active:
Anitvirus: McAfee VirusScan

Antivirus and intrusion prevention programs are known to interfere with ComboFix's running. This may lead to unpredictable results or possible machine damage.

Please disabe these scanners before clicking 'OK'.

Should I disable McAfee, or is this a trick by that trojan trying to trick me?

Thanks.

#4
heir

Posted 14 July 2009 - 10:18 PM

Trusted Helper

Malware Removal
5,427 posts

Should I disable McAfee, or is this a trick by that trojan trying to trick me?

That messaged is legit and comes from ComboFix.
Yes please disable McAfee and perform the steps laid out in my previous post.

#5
Master Spade

Posted 15 July 2009 - 04:50 PM

Member

Topic Starter
Member
94 posts

I completed Step 1.
For Step 2, when I try to click the link to download OTL onto my desktop, the link says that "File Not Found", so I'm stuck there. What should I do?
Step 3 is completed.

Here are the scan results for Step 1:

ComboFix 09-07-13.01 - Jaime 07/15/2009 16:58.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1699 [GMT -5:00]
Running from: c:\documents and settings\Jaime\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
c:\windows\system32\drivers\SKYNETjejtydey.sys
c:\windows\system32\mfc45.dll
c:\windows\system32\SKYNETbfoqlxet.dll
c:\windows\system32\SKYNETdgmmjgwy.dat
c:\windows\system32\SKYNETfsodemqs.dll
c:\windows\system32\SKYNETonrevyuu.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETaicrmsoi
-------\Service_SKYNETaicrmsoi

((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-14 21:03 . 2009-07-14 21:08 -------- d-----w- c:\documents and settings\Jaime\Incomplete
2009-07-14 04:26 . 2009-07-15 22:06 117760 ----a-w- c:\documents and settings\Jaime\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-14 04:25 . 2009-07-14 04:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-14 04:24 . 2009-07-14 04:24 65024 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
2009-07-14 04:24 . 2009-07-14 04:24 18944 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-14 04:24 . 2009-07-14 04:24 -------- d-----w- c:\documents and settings\Jaime\Application Data\SUPERAntiSpyware.com
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\documents and settings\Jaime\Application Data\Malwarebytes
2009-07-13 23:43 . 2009-07-13 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 23:43 . 2009-07-13 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-13 23:43 . 2009-07-13 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 23:26 . 2009-07-13 23:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 21:27 . 2009-07-12 21:27 61224 ----a-w- c:\documents and settings\Jaime\GoToAssistDownloadHelper.exe
2009-07-10 21:35 . 2009-07-10 21:35 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-08 20:20 . 2007-10-23 14:27 110592 ----a-w- c:\documents and settings\Jaime\Application Data\U3\temp\cleanup.exe
2009-07-08 19:04 . 2008-05-02 15:41 3493888 ---ha-w- c:\documents and settings\Jaime\Application Data\U3\temp\Launchpad Removal.exe
2009-07-08 19:04 . 2009-07-08 20:20 -------- d-----w- c:\documents and settings\Jaime\Application Data\U3
2009-06-27 23:15 . 2009-06-27 23:15 49152 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-06-27 23:15 . 2009-06-27 23:15 49152 ----a-r- c:\documents and settings\Jaime\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\program files\MSBuild
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- c:\program files\Reference Assemblies
2009-06-27 18:41 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-06-27 18:41 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-06-27 18:41 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-06-27 18:41 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-06-27 18:41 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-06-27 18:41 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-06-27 18:41 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-06-27 18:41 . 2009-06-27 18:41 -------- d-----w- C:\1c1eb82dd82a04c467d64d45f1
2009-06-22 05:38 . 2009-06-22 05:38 -------- d-----w- c:\windows\system32\vmm32
2009-06-20 09:15 . 2009-06-20 09:15 518 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\Registry\Last\restore.bat
2009-06-20 09:15 . 2009-06-20 09:15 1479 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\restore.bat
2009-06-20 06:50 . 2009-06-20 06:50 -------- d-----w- c:\documents and settings\LocalService\Application Data\iolo
2009-06-20 06:50 . 2009-04-27 20:47 933208 ----a-w- c:\windows\system32\Incinerator.dll
2009-06-20 06:50 . 2009-03-09 21:04 8192 ----a-w- c:\windows\system32\smrgdf.exe
2009-06-20 06:50 . 2009-03-09 21:04 28672 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-06-20 06:50 . 2009-06-20 06:50 -------- d-----w- c:\program files\iolo
2009-06-20 06:48 . 2009-04-28 16:22 16430856 ----a-w- c:\documents and settings\Jaime\Application Data\iolo\Installers\PCTuneUp2.exe
2009-06-20 06:41 . 2009-06-20 08:49 -------- d-----w- c:\documents and settings\Jaime\Application Data\iolo
2009-06-20 06:41 . 2009-06-20 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-06-16 14:36 . 2009-06-16 14:36 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-06-16 14:36 . 2009-06-16 14:36 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 22:03 . 2008-10-25 05:19 -------- d-----w- c:\program files\DNA
2009-07-15 22:03 . 2008-10-25 05:19 -------- d-----w- c:\documents and settings\Jaime\Application Data\DNA
2009-07-15 08:06 . 2009-01-30 01:35 -------- d-----w- c:\documents and settings\Jaime\Application Data\FrostWire
2009-07-14 21:58 . 2008-05-22 06:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-14 21:10 . 2008-10-25 05:17 -------- d-----w- c:\documents and settings\Jaime\Application Data\BitTorrent
2009-07-14 21:06 . 2008-07-03 00:31 -------- d-----w- c:\program files\Java
2009-07-14 21:04 . 2008-07-03 00:34 -------- d-----w- c:\documents and settings\Jaime\Application Data\LimeWire
2009-07-13 23:30 . 2008-12-31 07:23 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-09 17:01 . 2008-09-11 21:50 56 --sh--r- c:\windows\system32\80EAD07259.sys
2009-07-09 17:01 . 2008-09-11 21:50 1682 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-06-29 18:55 . 2008-06-17 20:51 34760 ----a-w- c:\documents and settings\Jaime\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 23:15 . 2008-04-21 18:25 -------- d-----w- c:\program files\McAfee
2009-06-27 03:50 . 2008-04-20 17:44 -------- d-----w- c:\program files\Dell
2009-06-16 14:36 . 2004-08-10 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-10 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 23:16 . 2009-06-12 23:16 152576 ----a-w- c:\documents and settings\Jaime\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-03 19:09 . 2004-08-10 11:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-22 07:09 . 2009-05-22 07:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-22 07:09 . 2009-05-22 07:09 -------- d-----w- c:\program files\iTunes
2009-05-22 07:09 . 2009-05-22 07:09 -------- d-----w- c:\program files\iPod
2009-05-22 07:09 . 2008-04-21 23:54 -------- d-----w- c:\program files\Common Files\Apple
2009-05-22 07:07 . 2009-05-22 07:07 -------- d-----w- c:\program files\Bonjour
2009-05-22 07:06 . 2009-05-22 07:06 -------- d-----w- c:\program files\QuickTime
2009-05-22 07:03 . 2009-05-22 07:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-05-22 07:02 . 2008-12-18 19:57 -------- d-----w- c:\program files\Safari
2009-05-21 16:33 . 2008-12-10 19:56 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-21 02:47 . 2009-05-21 02:47 -------- d-----w- c:\program files\Digital Line Detect
2009-05-21 02:47 . 2008-04-20 19:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-18 00:08 . 2009-05-16 21:08 3344 ----a-w- c:\windows\system32\drivers\sthdae.log
2009-05-17 21:44 . 2008-04-20 19:58 -------- d-----w- c:\program files\Creative
2009-05-17 01:30 . 2008-04-20 20:03 -------- d-----w- c:\documents and settings\Jaime\Application Data\Creative
2009-05-17 01:04 . 2009-05-17 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-05-13 05:15 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 21:08 . 2008-08-18 05:33 266400 ----a-r- c:\documents and settings\Jaime\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-05-07 15:32 . 2004-08-10 11:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1657376 ----a-w- c:\windows\system32\nwiz.exe
2009-05-01 05:31 . 2009-05-01 05:31 449056 ----a-w- c:\windows\system32\nvappbar.exe
2009-05-01 05:31 . 2009-05-01 05:31 436768 ----a-w- c:\windows\system32\keystone.exe
2009-05-01 05:31 . 2009-05-01 05:31 466944 ----a-w- c:\windows\system32\nvshell.dll
2009-05-01 05:31 . 2009-05-01 05:31 1724416 ----a-w- c:\windows\system32\nvwdmcpl.dll
2009-05-01 05:31 . 2009-05-01 05:31 1507328 ----a-w- c:\windows\system32\nview.dll
2009-05-01 05:31 . 2009-05-01 05:31 1101824 ----a-w- c:\windows\system32\nvwimg.dll
2009-05-01 03:02 . 2009-05-01 03:02 806912 ----a-w- c:\windows\system32\nvapi.dll
2009-05-01 03:02 . 2009-05-01 03:02 663552 ----a-w- c:\windows\system32\nvcuvid.dll
2009-05-01 03:02 . 2009-05-01 03:02 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-05-01 03:02 . 2009-05-01 03:02 1579630 ----a-w- c:\windows\system32\nvdata.bin
2009-05-01 03:02 . 2009-05-01 03:02 1314816 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-05-01 03:02 . 2008-04-20 19:41 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-05-01 03:02 . 2008-04-20 19:40 9994240 ----a-w- c:\windows\system32\nvoglnt.dll
2009-05-01 03:02 . 2008-04-20 19:40 143360 ----a-w- c:\windows\system32\nvcodins.dll
2009-05-01 03:02 . 2008-04-20 19:40 143360 ----a-w- c:\windows\system32\nvcod.dll
2009-05-01 03:02 . 2008-04-20 19:40 8055584 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-05-01 03:02 . 2008-04-20 19:40 5896320 ----a-w- c:\windows\system32\nv4_disp.dll
2009-04-27 08:14 . 2009-04-27 08:14 5856 --sh--w- c:\windows\system32\rigiwoti.exe
2009-04-27 05:42 . 2009-05-13 23:17 457248 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-04-17 12:26 . 2004-08-10 11:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-06-13 01:05 . 2008-09-12 06:51 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-15_21.28.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-15 22:03 . 2009-07-15 22:03 16384 c:\windows\Temp\Perflib_Perfdata_7f0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-09 04:08 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-16 342848]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-02 582992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CtHelper.exe [2006-12-12 19456]
"CTxfiHlp"="CTXFIHLP.EXE" - c:\windows\system32\CTXFIHLP.EXE [2005-11-08 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2009-5-20 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn ]
2008-04-14 00:12 92672 ----a-w- c:\windows\system32\wlnotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\nexon\Combat Arms\CombatArms.exe"= c:\nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms\Engine.exe"= c:\nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms\\NMService.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcods.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [10/8/2008 1:21 AM 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [10/8/2008 1:21 AM 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [10/8/2008 1:21 AM 72728]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-07-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-22 05:09]

2009-07-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-21 18:32]

2009-07-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-04-21 18:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\documents and settings\Jaime\Application Data\Mozilla\Firefox\Profiles\0bakc5pi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 17:06
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3820)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\CTXFISPI.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-07-15 17:08 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 22:08
ComboFix2.txt 2009-07-15 21:34

Pre-Run: 446,119,624,704 bytes free
Post-Run: 446,084,075,520 bytes free

300 --- E O F --- 2009-07-15 08:01

Here are the results for step 3:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 07/15/2009|17:31 )

--------------------\\ Listing folders in APPLIC~1

[05/22/2009|02:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[06/24/2008|03:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[04/21/2008|06:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[04/21/2008|06:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[04/20/2008|02:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Citrix
[04/21/2008|07:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CopyTransControlCenter
[05/10/2009|04:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Creative
[04/20/2008|02:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DIGStream
[07/19/2008|04:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[07/14/2009|04:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google Updater
[05/07/2008|05:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> InstallShield
[06/20/2009|03:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> iolo
[06/17/2008|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> LightScribe
[07/13/2009|06:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[08/18/2008|12:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[05/25/2008|01:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[05/05/2008|06:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Nero
[08/21/2008|01:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NexonUS
[05/16/2009|08:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PC Drivers HeadQuarters
[04/23/2008|03:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sonic
[07/13/2009|11:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/19/2009|03:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[04/02/2009|03:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WildTangent
[04/23/2008|02:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage

[08/07/2008|03:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Macromedia
[04/20/2008|02:26] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft

[07/22/2008|06:44] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Adobe
[05/05/2008|06:51] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Apple Computer
[05/05/2008|06:49] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Identities
[07/22/2008|06:44] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Macromedia
[05/05/2008|06:48] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Microsoft
[09/23/2008|06:42] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Mozilla
[08/05/2008|05:55] C:\DOCUME~1\Guest\APPLIC~1\<DIR> Sun

[04/25/2009|11:57] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Adobe
[04/26/2009|12:09] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Ahead
[05/04/2009|06:01] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Apple Computer
[07/14/2009|04:10] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> BitTorrent
[04/26/2009|12:07] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> CopyTrans
[04/25/2009|11:59] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> CopyTransControlCenter
[04/26/2009|12:03] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Corel
[05/16/2009|08:30] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Creative
[07/15/2009|05:23] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> DNA
[07/15/2009|03:06] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> FrostWire
[04/26/2009|12:10] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> funkitron
[04/26/2009|12:06] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Google
[04/25/2009|11:52] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Help
[04/25/2009|11:49] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Identities
[06/20/2009|03:49] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> iolo
[07/14/2009|04:04] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> LimeWire
[04/25/2009|11:42] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Macromedia
[07/13/2009|06:43] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Malwarebytes
[04/25/2009|11:46] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> McAfee
[06/27/2009|06:15] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Microsoft
[04/25/2009|11:50] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Mozilla
[04/26/2009|12:00] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Smart Recorder
[04/26/2009|12:13] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> SpinTop
[04/25/2009|11:55] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Sun
[07/13/2009|11:24] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> SUPERAntiSpyware.com
[04/26/2009|12:04] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> Talkback
[07/08/2009|03:20] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> U3
[04/25/2009|11:53] C:\DOCUME~1\Jaime\APPLIC~1\<DIR> WinRAR

[06/20/2009|01:50] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> iolo
[04/20/2008|02:29] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[04/20/2008|02:29] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[07/15/2009 05:03 PM][--a------] C:\WINDOWS\tasks\Google Software Updater.job
[07/13/2009 11:30 PM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[07/15/2009 01:30 AM][--a------] C:\WINDOWS\tasks\McDefragTask.job
[07/01/2009 01:00 AM][--a------] C:\WINDOWS\tasks\McQcTask.job
[07/15/2009 05:03 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 06:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[08/05/2008|02:20] C:\Program Files\<DIR> Adobe
[10/07/2008|06:00] C:\Program Files\<DIR> Apple Software Update
[04/25/2009|09:34] C:\Program Files\<DIR> AskBarDis
[10/25/2008|12:19] C:\Program Files\<DIR> BitTorrent
[05/22/2009|02:07] C:\Program Files\<DIR> Bonjour
[04/20/2008|02:37] C:\Program Files\<DIR> Citrix
[07/15/2009|05:00] C:\Program Files\<DIR> Common Files
[04/20/2008|02:22] C:\Program Files\<DIR> ComPlus Applications
[05/16/2009|12:05] C:\Program Files\<DIR> CONEXANT
[05/17/2009|04:44] C:\Program Files\<DIR> Creative
[05/07/2008|04:59] C:\Program Files\<DIR> Cucusoft
[06/26/2009|10:50] C:\Program Files\<DIR> Dell
[05/20/2009|09:47] C:\Program Files\<DIR> Digital Line Detect
[04/20/2008|02:34] C:\Program Files\<DIR> DIGStream
[07/15/2009|05:03] C:\Program Files\<DIR> DNA
[04/20/2008|02:34] C:\Program Files\<DIR> EnglishOtto
[04/20/2008|02:34] C:\Program Files\<DIR> ESPNMotion
[04/19/2009|03:42] C:\Program Files\<DIR> Full Tilt Poker
[04/20/2008|02:34] C:\Program Files\<DIR> GemMaster
[08/07/2008|03:37] C:\Program Files\<DIR> Google
[05/16/2009|04:08] C:\Program Files\<DIR> IDT
[05/20/2009|09:47] C:\Program Files\<DIR> InstallShield Installation Information
[04/20/2008|01:28] C:\Program Files\<DIR> Intel
[04/23/2008|03:22] C:\Program Files\<DIR> InterActual
[06/27/2009|01:39] C:\Program Files\<DIR> Internet Explorer
[06/20/2009|01:50] C:\Program Files\<DIR> iolo
[05/22/2009|02:09] C:\Program Files\<DIR> iPod
[05/22/2009|02:09] C:\Program Files\<DIR> iTunes
[07/14/2009|04:06] C:\Program Files\<DIR> Java
[07/13/2009|06:43] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[07/23/2008|03:35] C:\Program Files\<DIR> Mario Forever
[06/27/2009|06:15] C:\Program Files\<DIR> McAfee
[04/21/2008|01:26] C:\Program Files\<DIR> McAfee.com
[08/22/2008|01:59] C:\Program Files\<DIR> Messenger
[04/20/2008|02:27] C:\Program Files\<DIR> microsoft frontpage
[08/22/2008|01:51] C:\Program Files\<DIR> Movie Maker
[07/15/2009|05:14] C:\Program Files\<DIR> Mozilla Firefox
[06/27/2009|01:41] C:\Program Files\<DIR> MSBuild
[03/23/2009|07:30] C:\Program Files\<DIR> MSN
[04/20/2008|02:21] C:\Program Files\<DIR> MSN Gaming Zone
[05/05/2008|06:33] C:\Program Files\<DIR> Nero
[04/26/2009|12:30] C:\Program Files\<DIR> NetMeeting
[04/20/2008|02:22] C:\Program Files\<DIR> Online Services
[05/06/2009|12:44] C:\Program Files\<DIR> OpenAL
[04/26/2009|12:32] C:\Program Files\<DIR> Outlook Express
[12/16/2008|05:24] C:\Program Files\<DIR> PlayNow
[04/13/2009|10:31] C:\Program Files\<DIR> Poker Superstars 3
[05/22/2009|02:06] C:\Program Files\<DIR> QuickTime
[06/27/2009|01:41] C:\Program Files\<DIR> Reference Assemblies
[04/20/2008|02:35] C:\Program Files\<DIR> RGB
[05/22/2009|02:02] C:\Program Files\<DIR> Safari
[04/20/2008|02:42] C:\Program Files\<DIR> SigmaTel
[07/10/2008|12:12] C:\Program Files\<DIR> Sun
[07/13/2009|11:24] C:\Program Files\<DIR> SUPERAntiSpyware
[04/20/2008|02:42] C:\Program Files\<DIR> Uninstall Information
[05/25/2008|12:59] C:\Program Files\<DIR> Windows Media Connect 2
[04/26/2009|12:25] C:\Program Files\<DIR> Windows Media Player
[08/22/2008|01:47] C:\Program Files\<DIR> Windows NT
[04/20/2008|02:21] C:\Program Files\<DIR> Windows Plus
[04/20/2008|02:24] C:\Program Files\<DIR> WindowsUpdate
[04/21/2008|07:15] C:\Program Files\<DIR> WindSolutions
[05/05/2008|11:38] C:\Program Files\<DIR> WinRAR
[03/25/2009|01:18] C:\Program Files\<DIR> WM Converter
[05/07/2008|05:25] C:\Program Files\<DIR> WordPerfect Office 12
[05/07/2008|05:31] C:\Program Files\<DIR> WordPerfect OfficeReady 1.0
[04/20/2008|02:27] C:\Program Files\<DIR> xerox

--------------------\\ Listing Folders in C:\Program Files\Common Files

[04/25/2009|09:56] C:\Program Files\Common Files\<DIR> Adobe
[04/25/2009|09:40] C:\Program Files\Common Files\<DIR> Ahead
[05/22/2009|02:09] C:\Program Files\Common Files\<DIR> Apple
[04/25/2009|09:43] C:\Program Files\Common Files\<DIR> Borland Shared
[04/25/2009|09:49] C:\Program Files\Common Files\<DIR> Corel
[04/25/2009|09:52] C:\Program Files\Common Files\<DIR> InstallShield
[04/25/2009|09:53] C:\Program Files\Common Files\<DIR> Java
[04/25/2009|09:38] C:\Program Files\Common Files\<DIR> LightScribe
[04/25/2009|09:45] C:\Program Files\Common Files\<DIR> McAfee
[05/16/2009|08:00] C:\Program Files\Common Files\<DIR> Microsoft Shared
[04/25/2009|09:46] C:\Program Files\Common Files\<DIR> MSSoap
[04/25/2009|09:44] C:\Program Files\Common Files\<DIR> ODBC
[04/25/2009|09:50] C:\Program Files\Common Files\<DIR> Roxio Shared
[04/25/2009|09:39] C:\Program Files\Common Files\<DIR> Services
[04/25/2009|09:36] C:\Program Files\Common Files\<DIR> Sonic Shared
[04/25/2009|09:48] C:\Program Files\Common Files\<DIR> SpeechEngines
[04/25/2009|09:35] C:\Program Files\Common Files\<DIR> System
[07/13/2009|06:26] C:\Program Files\Common Files\<DIR> Wise Installation Wizard

--------------------\\ Process

( 56 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 17:34:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections

No other infections found !

[F:2][D:1]-> C:\DOCUME~1\Jaime\LOCALS~1\Temp
[F:20][D:0]-> C:\DOCUME~1\Jaime\Cookies
[F:2][D:0]-> C:\DOCUME~1\Jaime\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 07/15/2009|17:34 - Option : [1]

--------------------\\ Scan completed at 17:34:58

#6
heir

Posted 15 July 2009 - 10:53 PM

Trusted Helper

Malware Removal
5,427 posts

And the result from step 2, please?

Edited by heir, 15 July 2009 - 10:53 PM.

#7
Master Spade

Posted 16 July 2009 - 01:36 AM

Member

Topic Starter
Member
94 posts

And the result from step 2, please?

I tried step 2, but when I click on that OTL link, this comes up:

"File Not Found

Firefox can't find the file at http://oldtimer.geekstogo.com/OTL.exe.

* Could the item have been renamed, removed, or relocated?
* Is there a spelling, capitalization, or other typographical error in the address?
* Do you have sufficient access permissions to the requested item?"

I keep trying that link, but with no success. Do you have another link for that?

Thanks.

#8
heir

Posted 16 July 2009 - 06:58 AM

Trusted Helper

Malware Removal
5,427 posts

Works fine here.
Maybe it was temporarily unavailable.
Try again

#9
Master Spade

Posted 16 July 2009 - 08:23 PM

Member

Topic Starter
Member
94 posts

Works fine here.
Maybe it was temporarily unavailable.
Try again

I keep trying, but with no success. I click on it, and the same message comes up. It's a "Page Load Error" message. It says "File Not Found", Firefox can't find the file at http://oldtimer.geekstogo.com/OTL.exe.

I've tried to right click and see if it will open in a new window, but nothing works.

Could it be a result of the Trojan causing this? If so, what can I do?

Thanks.

#10
heir

Posted 17 July 2009 - 12:15 AM

Trusted Helper

Malware Removal
5,427 posts

Let's use this tool then.

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#11
Master Spade

Posted 17 July 2009 - 06:58 PM

Member

Topic Starter
Member
94 posts

I downloaded, installed, and ran the scan for Malwarebytes when I first knew of the Trojan. It didn't help, as it kept doing what McAfee did, it found the Trojans, Said it removed them, but after restart and another scan, it kept finding the same thing.

But now that I tried your suggestions of ComboFix and Step 3's LopSD, it only found One infection. Maybe this is working now?

I did a Quick scan, and a Full Scan. The quick scan said it found nothing. I did that last night. Today the Full Scan found one thing, here are the logs:

Quick Scan:

Malwarebytes' Anti-Malware 1.39
Database version: 2424
Windows 5.1.2600 Service Pack 3

7/17/2009 2:53:09 AM
mbam-log-2009-07-17 (02-53-09).txt

Scan type: Quick Scan
Objects scanned: 92091
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And Full Scan:

Malwarebytes' Anti-Malware 1.39
Database version: 2453
Windows 5.1.2600 Service Pack 3

7/17/2009 7:32:02 PM
mbam-log-2009-07-17 (19-32-02).txt

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 159963
Time elapsed: 22 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\WinRAR\Default.SFX (Spyware.Banker) -> Quarantined and deleted successfully.

#12
heir

Posted 19 July 2009 - 01:50 AM

Trusted Helper

Malware Removal
5,427 posts

Something is preventing the use of some tools. let's find out what.

Download RootRepeal from one of the following locations:

Unzip it to your Desktop.

Double click RootRepeal.exe to start the program
Click on the Report tab at the bottom of the program window
Click the Scan button
In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
- Shadow SSDT
Click the OK button
In the next dialog, select all drives showing
Click OK to start the scan

Note: The scan can take some time. DO NOT run any other programs while the scan is running
When the scan is complete, the Save Report button will become available
Click this and save the report to your Desktop as RootRepeal.txt
Go to File, then Exit to close the program

If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:

Click Add Reply
Under the reply panel is the Attachments Panel
Browse for the attachment file you want to upload, then click the green Upload button
Once it has uploaded, click the Manage Current Attachments drop down box
Click on to insert the attachment into your post

#13
Master Spade

Posted 19 July 2009 - 05:38 PM

Member

Topic Starter
Member
94 posts

You say something is preventing the use of some tools, what tools?

I ran 2 more scans, one yesterday with McAfee and one today with MalwareBytes. The GREAT news is that both say there is Zero infected files!! GREAT NEWS!! Is this too good to be true??

This is the Full Scan result from MalwareBytes:

7/19/2009 6:21:16 PM
mbam-log-2009-07-19 (18-21-16).txt

Scan type: Full Scan (A:\|C:\|)
Objects scanned: 159656
Time elapsed: 22 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Do I still need to do that last step and download RootRepeal?

Thanks for the Help!!

#14
heir

Posted 20 July 2009 - 11:27 PM

Trusted Helper

Malware Removal
5,427 posts

Just because one log or a couple of logs looks clean it's not certain that your clean.

Please run OTL.exe on your desktop then and we'll see if it run. (If so post the logs)
If not you should run RootRepeal as there is something preventing that tool from running - most likely it's malware.

btw, I'll let you know when I thing that you are as clean as you can get.

#15
Master Spade

Posted 21 July 2009 - 07:23 PM

Member

Topic Starter
Member
94 posts

Just because one log or a couple of logs looks clean it's not certain that your clean.

Please run OTL.exe on your desktop then and we'll see if it run. (If so post the logs)
If not you should run RootRepeal as there is something preventing that tool from running - most likely it's malware.

btw, I'll let you know when I thing that you are as clean as you can get.

GREAT NEWS!! The PC FINALLY let me download and run the original Step 2!

After I downloaded OTL-scan, I ran the scan. It was completed VERY fast.
These are the 2 reports it gave:

OTL Extras logfile created on: 7/21/2009 8:11:29 PM - Run 1
OTL by OldTimer - Version 3.0.9.2 Folder = C:\Documents and Settings\Jaime\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.26% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.83% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 415.03 Gb Free Space | 89.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 4.18 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 293.40 Gb Total Space | 57.53 Gb Free Space | 19.61% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAIME-D41F31405
Current User Name: Jaime
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Nexon\Combat Arms\CombatArms.exe" = C:\Nexon\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms\Engine.exe" = C:\Nexon\Combat Arms\Engine.exe:*Enabled:Engine.exe -- (Nexon)
"C:\Nexon\Combat Arms\NMService.exe" = C:\Nexon\Combat Arms\NMService.exe:*:Enabled:Nexon Messenger Core -- (Nexon Corp.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\McAfee\VirusScan\mcods.exe" = C:\Program Files\McAfee\VirusScan\mcods.exe:*:Enabled:mcods -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 14
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{737D7CA8-D05C-46C7-AFED-A76616E8CA3B}" = WordPerfect OfficeReady
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C48DCA4-00C2-449C-88D8-B1EE1692B44F}" = Safari
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{FCC07EEA-FA18-4A21-9105-9666603C6885}" = McAfee Virtual Technician
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ask Toolbar_is1" = Ask Toolbar
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Combat Arms" = Combat Arms
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Cucusoft iPod Video Converter_is1" = Cucusoft iPod Video Converter 7.11
"ESPNMotion" = ESPNMotion
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Poker Superstars 3" = Poker Superstars 3
"PROSet" = Intel® PRO Network Connections Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WM Converter 2.0" = WM Converter 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2009 11:59:22 PM | Computer Name = JAIME-D41F31405 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1006.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 7/14/2009 12:08:37 AM | Computer Name = JAIME-D41F31405 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1006.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 7/14/2009 12:15:56 AM | Computer Name = JAIME-D41F31405 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1006.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 7/14/2009 12:17:46 AM | Computer Name = JAIME-D41F31405 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\Program Files\Common Files\Wise Installation
Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_26_0_1006.MSI is not permitted due
to an error in software restriction policy processing. The object cannot be trusted.

Error - 7/15/2009 5:20:37 PM | Computer Name = JAIME-D41F31405 | Source = Application Error | ID = 1000
Description = Faulting application pev.cfexe, version 0.0.0.0, faulting module pev.cfexe,
version 0.0.0.0, fault address 0x0005dcae.

Error - 7/15/2009 5:39:28 PM | Computer Name = JAIME-D41F31405 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module medialibrarynse.dll, version 1.5.13.0, fault address 0x000082a2.

Error - 7/15/2009 5:39:35 PM | Computer Name = JAIME-D41F31405 | Source = Application Error | ID = 1001
Description = Fault bucket 755957880.

Error - 7/15/2009 5:43:25 PM | Computer Name = JAIME-D41F31405 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module medialibrarynse.dll, version 1.5.13.0, fault address 0x000082a2.

Error - 7/21/2009 2:04:31 AM | Computer Name = JAIME-D41F31405 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3483, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/21/2009 2:04:38 AM | Computer Name = JAIME-D41F31405 | Source = Application Hang | ID = 1001
Description = Fault bucket 1369206954.

[ System Events ]
Error - 7/19/2009 9:18:51 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:19:05 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:19:20 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:19:35 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:19:48 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:20:03 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:20:18 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:20:33 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:20:48 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

Error - 7/19/2009 9:21:02 PM | Computer Name = JAIME-D41F31405 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom1, has a bad block.

< End of report >

Edited by Master Spade, 21 July 2009 - 07:31 PM.