Instabil laptop after virus infection

View previous topic View next topic Go down

Instabil laptop after virus infection

Post by ivangu on Sun Sep 19, 2010 11:11 am

Hello to all!

I have a Dell Vostro 1310 laptop with Windows XP OS.
I have McAffee antivirus but it has not been updated on time. I have installed SUPERAntiSpyware professional and it found a lot of threats. I have also installed Windows Defender but id did not find anything suspect. Each day I run SUPERAntiSpyware scan it finds traking cookies and at least a new troyan (the last one - A0022553.exe). After running more then 2 hours the system become instable. Windows closes Windows explorer, sometimes the screen flickers and computer si blocked (I do not know that it is because of a virus or not...).
Can somebody help me?
Thanks in advance !

IVangu

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Sun Sep 19, 2010 2:24 pm

In the meantime I could download OTL and run it. Here is the log file:
OTL logfile created on: 19.09.2010 16:57:43 - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = E:\Kituri\OTL Antispyware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 13,00% Memory free
4,00 Gb Paging File | 1,00 Gb Available in Paging File | 18,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 9,09 Gb Free Space | 22,73% Space Free | Partition Type: NTFS
Drive D: | 605,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 254,68 Gb Total Space | 218,01 Gb Free Space | 85,60% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NASA-X
Current User Name: ivangu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.09.19 16:55:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Kituri\OTL Antispyware\OTL.com
PRC - [2010.09.02 17:31:24 | 002,332,505 | ---- | M] () -- C:\Program Files\Search Advisor\adgui.exe
PRC - [2010.09.01 00:30:18 | 002,835,968 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010.03.19 23:10:55 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010.01.15 15:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010.01.08 02:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\pdfforge Toolbar\SearchSettings.exe
PRC - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2010.01.05 07:56:02 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.10.24 04:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2009.10.10 11:57:50 | 000,246,272 | ---- | M] () -- C:\Program Files\Join Air\AssistantServices.exe
PRC - [2009.10.10 11:56:44 | 000,132,096 | ---- | M] () -- C:\Program Files\Join Air\UIExec.exe
PRC - [2009.08.10 23:43:39 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009.05.11 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009.03.10 03:29:41 | 000,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
PRC - [2009.02.23 16:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.05.26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008.04.14 03:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.26 12:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008.02.22 14:43:38 | 001,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008.02.21 16:57:10 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM13Mon.exe
PRC - [2008.02.21 16:25:06 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008.02.21 16:24:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008.02.21 16:24:54 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008.02.21 16:24:54 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007.08.30 11:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007.07.27 18:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
PRC - [2007.01.11 22:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006.12.18 17:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006.12.15 13:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006.12.09 20:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation) -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe
PRC - [2006.11.29 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006.11.29 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006.11.29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006.11.17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006.11.17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006.11.17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006.11.17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006.11.03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006.10.27 22:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2006.02.07 01:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006.01.24 01:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (SafeList) ==========

MOD - [2010.09.19 16:55:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- E:\Kituri\OTL Antispyware\OTL.com
MOD - [2010.09.19 13:04:26 | 000,012,800 | ---- | M] (Applian Technologies, Inc.) -- C:\Documents and Settings\ivangu\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
MOD - [2010.08.15 12:59:52 | 000,213,504 | ---- | M] () -- C:\WINDOWS\system32\HTMUTIL32.dll
MOD - [2010.03.19 23:13:31 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2009.08.13 16:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008.04.14 03:11:52 | 000,367,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dsound.dll
MOD - [2008.04.14 03:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008.02.22 14:45:06 | 000,098,304 | ---- | M] () -- C:\Program Files\Dell\QuickSet\dadkeyb.dll
MOD - [2003.03.18 20:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003.02.21 04:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.01.15 15:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.08 01:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.10.24 04:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.10 11:57:50 | 000,246,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Join Air\AssistantServices.exe -- (UI Assistant Service)
SRV - [2008.11.09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008.08.14 00:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2006.12.09 20:04:10 | 000,128,832 | ---- | M] (Microsoft (R) Corporation) [Auto | Running] -- C:\Program Files\Microsoft Firewall Client 2004\FwcAgent.exe -- (FwcAgent)
SRV - [2006.11.29 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006.11.29 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006.11.17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006.11.03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [On_Demand | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [1998.06.06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - [2010.09.19 16:55:43 | 000,098,240 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2010.09.18 19:56:36 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010.01.05 07:56:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010.01.05 07:56:04 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010.01.05 07:56:02 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009.09.27 09:46:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.09.27 09:46:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.09.27 09:46:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.09.27 09:46:16 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.02.17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009.02.17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008.11.26 11:39:24 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.08.07 19:14:56 | 000,111,360 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.04.13 21:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008.04.13 21:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008.04.13 19:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.17 16:59:36 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008.03.04 15:38:56 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.02.21 16:57:18 | 000,235,200 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vid.sys -- (OEM13Vid)
DRV - [2008.02.21 16:57:16 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys -- (OEM13Vfx)
DRV - [2008.02.21 16:38:30 | 000,043,480 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.21 16:38:24 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.02.21 16:24:52 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.02.21 16:21:58 | 004,625,408 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.10.15 17:27:10 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.07.23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007.07.23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007.07.23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007.07.23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007.07.23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007.07.23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007.07.23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007.07.23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007.07.23 16:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007.07.23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007.07.23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007.07.23 16:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007.04.26 16:29:30 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.04.26 16:29:28 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.04.26 16:29:28 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.26 16:29:28 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2007.04.26 16:29:26 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.04.26 16:29:26 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.04.26 16:29:24 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.11.29 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006.11.29 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006.11.29 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006.11.29 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006.11.29 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006.11.29 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2005.08.12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2001.08.17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.08.17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.08.17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 95 F8 28 01 BA 15 34 4C 91 6E 05 49 D4 E5 11 E0 [binary data]
IE - HKCU\..\URLSearchHook: {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://search.speedbit.com"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:3.4.4.113
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.4
FF - prefs.js..extensions.enabledItems: {B97F57B9-1B42-4aed-9475-0022600C62DC}:2.6
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {f13b157f-b174-47e7-a34d-4815ddfdfeb8}:0.9.88.1
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.5.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2.3
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {701de95d-20fc-4221-b822-c401c28adbba}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.8
FF - prefs.js..extensions.enabledItems: {1CE11043-9A15-4207-A565-0C94C42D590D}:11.3.7.0
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.11
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.19 23:13:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files\SpeedBit Video Downloader\SPFireFox [2010.09.01 00:30:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\support@predictad.com: C:\Program Files\AutocompletePro\support@predictad.com [2010.09.04 23:35:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.10 21:41:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.10 21:41:59 | 000,000,000 | ---D | M]

[2009.09.24 21:24:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Extensions
[2010.09.18 18:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions
[2010.09.01 12:45:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
[2010.04.27 21:40:59 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.19 13:19:27 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{701de95d-20fc-4221-b822-c401c28adbba}
[2010.07.24 10:57:36 | 000,000,000 | ---D | M] (Google Global) -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2010.08.23 21:53:58 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010.07.31 19:28:58 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010.05.07 10:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\firebug@software.joehewitt.com
[2010.01.22 17:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\jsdeobfuscator@adblockplus.org
[2009.12.21 19:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\moveplayer@movenetworks.com
[2010.07.17 18:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\toolbar@ask.com
[2010.09.18 18:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.09.02 21:40:09 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}
[2010.04.20 21:07:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.19 18:25:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.10.26 13:31:30 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin9.dll

O1 HOSTS File: ([2010.09.09 01:33:34 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0128F895-15BA-4C34-916E-0549D4E511E0} - C:\WINDOWS\system32\dciman3232.dll (Inprise Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (70dc2e83) - {961E69CD-C9D7-A9C0-F79E-E68A963BE159} - C:\WINDOWS\system32\dispex32.dll (Borland Software Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Online Sharing Toolbar) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Online Sharing Toolbar) - {bc4be15d-6a34-4356-9e97-79e43da32b1d} - C:\Program Files\P2P_Torrent\tbP2P1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKCU\..\Toolbar\WebBrowser: (Online Sharing Toolbar) - {BC4BE15D-6A34-4356-9E97-79E43DA32B1D} - C:\Program Files\P2P_Torrent\tbP2P1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UIExec] C:\Program Files\Join Air\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Search Advisor] C:\Program Files\Search Advisor\adgui.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Firewall Client Management.lnk = C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe (Microsoft (R) Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\DOCUME~1\ivangu\LOCALS~1\Temp\21.tmp File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: YCFPMIPNCP = rundll32 "C:\WINDOWS\system32\perfd009S.dll",hyoxv ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} [You must be registered and logged in to see this link.] (ObjWinNTCheck Class)
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} [You must be registered and logged in to see this link.] (OfficeScan Corp Edition Web-Deployment SetupCtrl Class)
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} [You must be registered and logged in to see this link.] (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} [You must be registered and logged in to see this link.] (Qualys BrowserCheck)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - Reg Error: Key error. File not found
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\HTMUTIL32.dll) - C:\WINDOWS\system32\HTMUTIL32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\af7ed6985: DllName - C:\WINDOWS\system32\HTMUTIL32.dll - C:\WINDOWS\system32\HTMUTIL32.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\ivangu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\ivangu\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.08.04 15:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009.09.27 15:54:21 | 000,000,030 | ---- | M] () - E:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{4f1abf6e-a047-11de-be9e-001e37f9f314}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\{513bdf56-41ee-11de-be04-001c2352b1fd}\Shell - "" = AutoRun
O33 - MountPoints2\{513bdf56-41ee-11de-be04-001c2352b1fd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{513bdf56-41ee-11de-be04-001c2352b1fd}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{578908f6-a129-11dd-bd68-001fe1469b26}\Shell - "" = AutoRun
O33 - MountPoints2\{578908f6-a129-11dd-bd68-001fe1469b26}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{578908f6-a129-11dd-bd68-001fe1469b26}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe -- File not found
O33 - MountPoints2\{c0772495-a916-11df-80a7-001e37f9f314}\Shell - "" = AutoRun
O33 - MountPoints2\{c0772495-a916-11df-80a7-001e37f9f314}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c0772495-a916-11df-80a7-001e37f9f314}\Shell\AutoRun\command - "" = F:\windows\Install.exe -- File not found
O33 - MountPoints2\{d9f1d3dd-ab05-11dd-bd72-001fe1469b26}\Shell\AutoRun\command - "" = wscript.exe ..\Test_VBS.vbs
O33 - MountPoints2\{d9f1d3dd-ab05-11dd-bd72-001fe1469b26}\Shell\Open\Command - "" = wscript.exe ..\Test_VBS.vbs
O33 - MountPoints2\{ea933c20-2a30-11df-bf9b-001e37f9f314}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autoRcd.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {270C7F22-6D59-4041-B865-76C48D190D91} - Yahoo! Search Settings Update
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {8FD9D712-A285-4834-9F46-705AD5146A6B} - NoIETour
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Yahoo! Messenger
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{64A10DCF-7FF1-4600-9824-DE0BCC2AA72E} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.avis - C:\WINDOWS\System32\ff_acm.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.fvfw - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

I will post the rest of the log...

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Sun Sep 19, 2010 2:25 pm

The rest of the log:

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (63345424676683776)

========== Files/Folders - Created Within 30 Days ==========

[2010.09.19 13:19:26 | 000,314,368 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dciman3232.dll
[2010.09.18 23:30:49 | 000,314,368 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dssec32.dll
[2010.09.18 23:28:29 | 000,000,000 | ---D | C] -- C:\Program Files\SIW
[2010.09.18 20:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010.09.18 19:56:36 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010.09.18 19:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Local Settings\Application Data\eSupport.com
[2010.09.18 19:05:08 | 000,314,368 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\capesnpn32.dll
[2010.09.16 10:51:44 | 000,315,392 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\fltlib32.dll
[2010.09.15 21:36:21 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dmcompos32.dll
[2010.09.15 19:04:12 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cdmodem32.dll
[2010.09.15 18:30:05 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\csseqchk32.dll
[2010.09.15 16:06:26 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\cryptdll32.dll
[2010.09.14 22:29:35 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dot3ui32.dll
[2010.09.14 19:47:26 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dsauth3232.dll
[2010.09.14 13:37:42 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dtcutil32.dll
[2010.09.14 11:58:13 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\drmstor32.dll
[2010.09.14 11:34:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Local Settings\Application Data\PCHealth
[2010.09.13 23:11:54 | 000,318,464 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dplayx32.dll
[2010.09.10 21:55:26 | 000,314,880 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dxva232.dll
[2010.09.10 11:49:28 | 000,314,880 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\dsuiext32.dll
[2010.09.09 23:31:11 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Unlocker
[2010.09.09 22:43:27 | 000,000,000 | ---D | C] -- C:\Program Files\Zip Password Recovery Magic
[2010.09.09 17:03:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010.09.09 17:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2010.09.09 15:35:11 | 000,314,880 | ---- | C] (Inprise Corporation) -- C:\WINDOWS\System32\deskperf32.dll
[2010.09.08 23:37:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.09.07 00:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Caricature Software
[2010.09.06 23:56:56 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.09.06 23:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Local Settings\Application Data\Conduit
[2010.09.06 23:56:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Local Settings\Application Data\P2P_Torrent
[2010.09.06 23:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\P2P_Torrent
[2010.09.06 17:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Application Data\SUPERAntiSpyware.com
[2010.09.06 17:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Desktop\Unused Desktop Shortcuts
[2010.09.06 15:26:03 | 000,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.09.06 10:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010.09.06 10:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.09.05 23:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010.09.05 23:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\RegCure
[2010.09.04 23:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Application Data\WhiteSmokeTranslator
[2010.09.04 23:35:43 | 000,000,000 | ---D | C] -- C:\Program Files\AutocompletePro
[2010.09.04 23:35:24 | 000,000,000 | ---D | C] -- C:\Program Files\Search Advisor
[2010.09.04 20:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Application Data\DELL Drivers Update Utility
[2010.09.04 20:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Application Data\Hide IP NG
[2010.09.04 18:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Memory Optimizer
[2010.09.02 22:12:03 | 000,314,880 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\cdfview32.dll
[2010.09.01 13:05:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\workspace
[2010.09.01 12:34:19 | 000,314,880 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\dimap32.dll
[2010.09.01 00:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\My Documents\My DAP Downloads
[2010.09.01 00:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\DAP
[2010.09.01 00:30:10 | 000,172,032 | ---- | C] (Jin Hui E-mail: [You must be registered and logged in to see this link.] Web: [You must be registered and logged in to see this link.] -- C:\WINDOWS\System32\AniGIF.ocx
[2010.09.01 00:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Application Data\Toolbar4
[2010.09.01 00:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2010.09.01 00:30:10 | 000,000,000 | ---D | C] -- C:\Program Files\SearchPredict
[2010.09.01 00:30:08 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedBit Video Downloader
[2010.08.31 22:49:38 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.31 22:49:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.31 22:49:38 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.31 20:15:55 | 000,314,880 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\dpserial32.dll
[2010.08.31 00:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Local Settings\Application Data\Help
[2010.08.31 00:02:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Application Data\Help
[2010.08.30 13:12:14 | 000,314,880 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\compatui32.dll
[2010.08.29 22:16:52 | 000,320,512 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\dpnhpast3232.dll
[2010.08.29 13:13:14 | 000,320,512 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\comrepl32.dll
[2010.08.28 23:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Local Settings\Application Data\WinZip
[2010.08.28 23:42:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010.08.28 23:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010.08.28 22:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\API-Guide
[2010.08.28 13:02:36 | 000,320,512 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\d3dramp32.dll
[2010.08.27 18:49:27 | 000,320,512 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\dsound3d3232.dll
[2010.08.27 11:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ivangu\Application Data\vlc
[2010.08.27 11:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.08.26 22:41:14 | 000,320,512 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\dmband32.dll
[2010.08.23 19:31:57 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010.08.21 00:06:46 | 002,682,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vcredist_x86.exe
[2010.08.21 00:06:45 | 000,151,552 | ---- | C] (Broadcom Corp.) -- C:\WINDOWS\System32\bcmwlapi.dll
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\ivangu\Desktop\*.tmp files -> C:\Documents and Settings\ivangu\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\ivangu\*.tmp files -> C:\Documents and Settings\ivangu\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.09.19 17:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.09.19 17:00:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D11BB762-721A-41BE-AB81-F447E31E0AFF}.job
[2010.09.19 17:00:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010.09.19 16:58:00 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0AB3872B-F0E4-4F81-AEB8-A1A8017D12BA}.job
[2010.09.19 16:55:48 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\1893008810
[2010.09.19 16:55:43 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2010.09.19 16:55:43 | 000,098,240 | ---- | M] () -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.09.19 16:47:30 | 000,000,211 | ---- | M] () -- C:\WINDOWS\System32\502f79d1
[2010.09.19 16:22:54 | 000,004,043 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985P.manifest
[2010.09.19 16:18:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.09.19 16:05:00 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.19 13:52:23 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\ivangu\NTUSER.DAT
[2010.09.19 13:19:26 | 000,314,368 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dciman3232.dll
[2010.09.19 13:06:33 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.09.19 13:04:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.09.19 13:04:05 | 000,082,670 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.09.19 13:03:47 | 000,174,141 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.09.19 13:03:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.09.19 13:03:39 | 000,000,423 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985O.manifest
[2010.09.19 13:03:39 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-443752475-4275716833-3173746613-1007.job
[2010.09.19 13:03:39 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985C.manifest
[2010.09.19 13:03:39 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985S.manifest
[2010.09.19 13:03:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.09.19 13:03:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.09.19 13:03:26 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.19 13:02:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\ivangu\ntuser.ini
[2010.09.19 13:02:25 | 000,000,376 | ---- | M] () -- C:\Documents and Settings\ivangu\config.dat
[2010.09.19 13:02:22 | 017,623,332 | -H-- | M] () -- C:\Documents and Settings\ivangu\Local Settings\Application Data\IconCache.db
[2010.09.18 23:30:49 | 000,314,368 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dssec32.dll
[2010.09.18 23:28:30 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\ivangu\Desktop\SIW.lnk
[2010.09.18 23:14:23 | 000,082,670 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010.09.18 19:56:38 | 000,001,045 | ---- | M] () -- C:\Documents and Settings\ivangu\Desktop\BiosAgent Plus.lnk
[2010.09.18 19:56:36 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010.09.18 19:05:08 | 000,314,368 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\capesnpn32.dll
[2010.09.18 18:26:47 | 000,000,888 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010.09.18 18:04:32 | 000,005,749 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2010.09.18 17:57:31 | 000,000,153 | -HS- | M] () -- C:\WINDOWS\System32\1358900870
[2010.09.18 17:56:58 | 000,000,208 | ---- | M] () -- C:\WINDOWS\System32\sl824097812
[2010.09.18 13:36:25 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.09.17 14:39:06 | 000,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2010.09.16 22:32:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.09.16 10:51:44 | 000,315,392 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\fltlib32.dll
[2010.09.15 23:26:56 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-443752475-4275716833-3173746613-1007.job
[2010.09.15 23:01:13 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null
[2010.09.15 21:52:22 | 000,000,528 | ---- | M] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2010.09.15 21:36:21 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dmcompos32.dll
[2010.09.15 21:18:07 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.09.15 21:17:46 | 000,001,809 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.09.15 19:04:12 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cdmodem32.dll
[2010.09.15 18:30:05 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\csseqchk32.dll
[2010.09.15 16:06:26 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\cryptdll32.dll
[2010.09.14 22:29:35 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dot3ui32.dll
[2010.09.14 19:47:26 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dsauth3232.dll
[2010.09.14 16:19:45 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.09.14 16:19:45 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.09.14 13:37:42 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dtcutil32.dll
[2010.09.14 11:58:13 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\drmstor32.dll
[2010.09.13 23:11:54 | 000,318,464 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dplayx32.dll
[2010.09.12 18:08:01 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\11501270
[2010.09.12 04:59:00 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010.09.12 03:49:00 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\File Helper.job
[2010.09.11 00:08:54 | 000,000,171 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010.09.10 21:55:26 | 000,314,880 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dxva232.dll
[2010.09.10 18:07:32 | 000,000,509 | ---- | M] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to KL_D.exe.lnk
[2010.09.10 11:49:28 | 000,314,880 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\dsuiext32.dll
[2010.09.09 22:43:28 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\ZIP Password Recovery Magic.lnk
[2010.09.09 22:08:51 | 000,002,870 | ---- | M] () -- C:\WINDOWS\aopr.ini
[2010.09.09 16:32:37 | 000,559,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.09.09 16:32:37 | 000,468,292 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.09.09 16:32:37 | 000,080,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.09.09 15:35:11 | 000,314,880 | ---- | M] (Inprise Corporation) -- C:\WINDOWS\System32\deskperf32.dll
[2010.09.09 01:33:34 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.09.08 22:01:55 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010.09.08 13:18:04 | 000,004,146 | ---- | M] () -- C:\Documents and Settings\ivangu\My Documents\__www.schukat.com_schukat_schukat_cms_en.nsf_print_FrameVi.pdf
[2010.09.07 00:23:32 | 000,001,942 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Photo to Cartoon.lnk
[2010.09.06 10:40:56 | 000,000,001 | ---- | M] () -- C:\Documents and Settings\ivangu\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.09.05 23:00:57 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010.09.04 20:52:00 | 000,094,720 | RHS- | M] () -- C:\WINDOWS\System32\perfd009S.dll
[2010.09.03 11:02:02 | 000,000,396 | ---- | M] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Java.lnk
[2010.09.02 22:12:03 | 000,314,880 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\cdfview32.dll
[2010.09.02 22:08:18 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\ivangu\Desktop\i_view32.ini
[2010.09.01 21:08:55 | 000,058,200 | ---- | M] () -- C:\Documents and Settings\ivangu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.09.01 19:58:14 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to eclipse.exe.lnk
[2010.09.01 18:59:52 | 000,231,184 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.09.01 12:34:19 | 000,314,880 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\dimap32.dll
[2010.09.01 12:29:40 | 000,000,653 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010.09.01 00:33:33 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\ivangu\Desktop\Download Accelerator Plus (DAP).lnk
[2010.08.31 20:15:55 | 000,314,880 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\dpserial32.dll
[2010.08.30 13:12:14 | 000,314,880 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\compatui32.dll
[2010.08.29 22:16:52 | 000,320,512 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\dpnhpast3232.dll
[2010.08.29 13:13:14 | 000,320,512 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\comrepl32.dll
[2010.08.28 23:50:34 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\ivangu\Desktop\MSDN Library - October 2001.lnk
[2010.08.28 23:42:54 | 000,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010.08.28 23:42:54 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010.08.28 22:50:33 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\API-Guide.lnk
[2010.08.28 22:50:33 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\ivangu\Desktop\API-Guide.lnk
[2010.08.28 13:02:36 | 000,320,512 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\d3dramp32.dll
[2010.08.28 01:29:26 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCT2.oca
[2010.08.28 01:29:26 | 000,035,328 | ---- | M] () -- C:\WINDOWS\System32\comct332.oca
[2010.08.28 01:29:25 | 000,265,728 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCTL.oca
[2010.08.28 01:29:25 | 000,240,128 | ---- | M] () -- C:\WINDOWS\System32\COMCTL32.oca
[2010.08.28 01:29:25 | 000,052,224 | ---- | M] () -- C:\WINDOWS\System32\COMCT232.oca
[2010.08.28 01:16:49 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\MSINET.oca
[2010.08.27 18:49:27 | 000,320,512 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\dsound3d3232.dll
[2010.08.27 11:57:39 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.08.26 22:41:14 | 000,320,512 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\dmband32.dll
[2010.08.24 23:10:36 | 000,196,608 | ---- | M] () -- C:\WINDOWS\System32\HMIPCore.dll
[2010.08.23 16:20:00 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\ivangu\Desktop\*.tmp files -> C:\Documents and Settings\ivangu\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\ivangu\*.tmp files -> C:\Documents and Settings\ivangu\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.09.18 23:28:30 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\ivangu\Desktop\SIW.lnk
[2010.09.18 19:56:37 | 000,001,045 | ---- | C] () -- C:\Documents and Settings\ivangu\Desktop\BiosAgent Plus.lnk
[2010.09.18 14:10:05 | 2145,832,960 | -HS- | C] () -- C:\hiberfil.sys
[2010.09.15 21:52:22 | 000,000,528 | ---- | C] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk
[2010.09.12 20:45:30 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\1893008810
[2010.09.10 18:07:32 | 000,000,509 | ---- | C] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to KL_D.exe.lnk
[2010.09.09 22:43:28 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\ZIP Password Recovery Magic.lnk
[2010.09.09 17:05:47 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.09.08 13:53:33 | 000,140,056 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010.09.08 13:18:03 | 000,004,146 | ---- | C] () -- C:\Documents and Settings\ivangu\My Documents\__www.schukat.com_schukat_schukat_cms_en.nsf_print_FrameVi.pdf
[2010.09.07 00:23:32 | 000,001,942 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Photo to Cartoon.lnk
[2010.09.06 17:22:09 | 000,000,796 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010.09.05 23:01:01 | 000,000,392 | ---- | C] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010.09.05 23:01:01 | 000,000,374 | ---- | C] () -- C:\WINDOWS\tasks\RegCure.job
[2010.09.05 23:00:57 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegCure.lnk
[2010.09.05 14:29:14 | 000,000,376 | ---- | C] () -- C:\Documents and Settings\ivangu\config.dat
[2010.09.04 20:55:06 | 000,000,001 | ---- | C] () -- C:\Documents and Settings\ivangu\oashdihasidhasuidhiasdhiashdiuasdhasd
[2010.09.04 20:55:00 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.09.04 20:52:00 | 000,094,720 | RHS- | C] () -- C:\WINDOWS\System32\perfd009S.dll
[2010.09.04 20:51:28 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010.09.03 11:02:02 | 000,000,396 | ---- | C] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Java.lnk
[2010.09.01 19:58:14 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to eclipse.exe.lnk
[2010.09.01 00:33:33 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\ivangu\Desktop\Download Accelerator Plus (DAP).lnk
[2010.08.31 22:48:41 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.08.28 23:50:30 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\ivangu\Desktop\MSDN Library - October 2001.lnk
[2010.08.28 23:42:54 | 000,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010.08.28 23:42:54 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010.08.28 22:50:33 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\ivangu\Application Data\Microsoft\Internet Explorer\Quick Launch\API-Guide.lnk
[2010.08.28 22:50:33 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\ivangu\Desktop\API-Guide.lnk
[2010.08.28 01:29:26 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MSCOMCT2.oca
[2010.08.28 01:29:26 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\comct332.oca
[2010.08.28 01:29:25 | 000,265,728 | ---- | C] () -- C:\WINDOWS\System32\MSCOMCTL.oca
[2010.08.28 01:29:25 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\COMCTL32.oca
[2010.08.28 01:29:25 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\COMCT232.oca
[2010.08.28 01:16:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\MSINET.oca
[2010.08.27 11:57:39 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.08.25 00:30:34 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\HMIPCore.dll
[2010.08.21 00:06:46 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\vcredist_x86.bat
[2010.08.15 12:59:53 | 000,004,043 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985P.manifest
[2010.08.15 12:59:53 | 000,000,423 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985O.manifest
[2010.08.15 12:59:53 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985C.manifest
[2010.08.15 12:59:53 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985S.manifest
[2010.08.15 12:59:52 | 000,213,504 | ---- | C] () -- C:\WINDOWS\System32\HTMUTIL32.dll
[2010.08.13 00:17:09 | 000,002,870 | ---- | C] () -- C:\WINDOWS\aopr.ini
[2010.08.11 15:14:03 | 000,005,749 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2010.08.11 15:05:51 | 000,004,166 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982P.manifest
[2010.08.11 15:05:51 | 000,000,138 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982O.manifest
[2010.08.11 15:05:51 | 000,000,051 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982C.manifest
[2010.08.11 15:05:51 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982S.manifest
[2010.07.10 15:17:27 | 000,000,362 | ---- | C] () -- C:\WINDOWS\System32\WinNt_3.dll
[2010.07.10 15:17:27 | 000,000,362 | ---- | C] () -- C:\WINDOWS\System32\WinNt_2.dll
[2010.07.10 15:17:27 | 000,000,362 | ---- | C] () -- C:\WINDOWS\System32\WinNt_1.dll
[2010.07.09 12:51:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\WinMark.dll
[2010.07.04 23:52:34 | 000,005,767 | ---- | C] () -- C:\WINDOWS\System32\WinNt_.dll
[2010.05.24 00:27:26 | 000,000,120 | ---- | C] () -- C:\WINDOWS\imagedit.ini
[2010.04.03 23:33:07 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\LogWin.dll
[2010.02.11 17:56:39 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.11.25 01:02:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.11.22 23:09:06 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.10.30 17:08:09 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\ivangu\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.24 23:52:39 | 008,801,704 | ---- | C] () -- C:\Program Files\FLV PlayerATBSetup.exe
[2009.08.31 15:53:07 | 000,000,191 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009.08.24 18:01:12 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.08.24 18:01:11 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.08.14 13:10:37 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008.12.10 16:25:53 | 000,013,894 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2008.10.22 13:18:54 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\dtctrace.dll
[2008.09.24 15:31:19 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008.09.24 15:01:57 | 000,001,554 | ---- | C] () -- C:\WINDOWS\saplogon.ini
[2008.09.24 15:01:57 | 000,000,090 | ---- | C] () -- C:\WINDOWS\sapmsg.ini
[2008.09.24 15:01:57 | 000,000,056 | ---- | C] () -- C:\WINDOWS\saproute.ini
[2008.09.24 15:00:05 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll
[2008.09.19 11:56:07 | 000,000,888 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.06.06 00:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.06.06 00:52:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.06.06 00:46:09 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008.06.06 00:43:00 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008.06.06 00:42:59 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2008.06.06 00:19:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.06.06 00:19:41 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.06.06 00:19:41 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.06.06 00:19:40 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.06.06 00:17:46 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007.09.27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005.09.02 16:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.07.22 23:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.08.11 19:24:19 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 00:59:54 | 000,098,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2004.07.20 19:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 16:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003.01.07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998.06.10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998.05.18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998.04.24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009.08.17 23:33:52 | 001,193,832 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[2010.09.04 20:52:00 | 000,094,720 | RHS- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\perfd009S.dll
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004.08.11 19:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004.08.11 19:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004.08.11 19:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004.08.04 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004.08.04 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004.08.04 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004.08.04 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004.08.04 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004.08.04 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004.08.04 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004.08.04 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004.08.04 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004.08.04 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004.08.04 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004.08.04 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004.08.04 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004.08.04 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004.08.04 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008.04.13 21:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010.06.23 16:44:04 | 001,851,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008.04.14 03:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 03:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 03:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 03:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 03:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 03:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 03:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008.04.14 03:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 03:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 03:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 03:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 03:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 03:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008.04.14 03:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 03:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009.08.11 22:14:57 | 000,026,624 | ---- | M] () -- C:\Ascuns_in_Pictura.doc
[2009.08.11 22:16:16 | 000,004,134 | ---- | M] () -- C:\Ascuns_in_Pictura.zip
[2009.09.25 00:14:13 | 000,009,285 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2004.08.11 19:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.09.14 16:19:45 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2004.08.11 19:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010.08.16 16:38:02 | 000,005,748 | ---- | M] () -- C:\debug1214.txt
[2008.06.06 00:21:00 | 000,006,372 | RH-- | M] () -- C:\dell.sdr
[2008.12.10 16:20:50 | 000,000,128 | ---- | M] () -- C:\dwl.dat
[2010.05.22 11:58:51 | 000,493,066 | ---- | M] () -- C:\ff.htm
[2010.09.19 13:03:26 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.06 01:15:53 | 000,542,655 | ---- | M] () -- C:\history_dump.txt
[2008.12.10 16:20:50 | 000,000,132 | ---- | M] () -- C:\httpdwl.dat
[2010.05.23 21:40:02 | 005,443,636 | ---- | M] () -- C:\ie.htm
[2008.09.18 15:24:53 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004.08.11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004.08.11 19:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2010.08.16 16:38:02 | 000,000,618 | ---- | M] () -- C:\NetworkCfg.xml
[2009.08.11 22:22:21 | 000,075,323 | ---- | M] () -- C:\NewSunset.jpg
[2004.08.04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.09.18 15:49:23 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009.06.27 15:13:10 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009.06.27 15:13:10 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010.09.19 13:03:25 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010.07.13 16:33:44 | 000,000,624 | ---- | M] () -- C:\spy.htm
[2004.08.04 07:00:00 | 000,071,189 | ---- | M] () -- C:\Sunset.jpg
[2009.08.11 22:15:11 | 000,026,624 | ---- | M] () -- C:\Test ascundere in pictura_bis.doc
[2009.06.18 16:22:00 | 000,000,000 | ---- | M] () -- C:\Teste.txt
[2008.12.19 17:00:21 | 000,000,021 | ---- | M] () -- C:\tmuninst.ini
[2010.06.01 20:33:28 | 000,000,910 | ---- | M] () -- C:\User_Administrator.doc

< %PROGRAMFILES%\*. >
[2010.08.11 14:37:53 | 000,000,000 | ---D | M] -- C:\Program Files\360Share Pro
[2008.11.11 18:13:36 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010.08.28 22:52:42 | 000,000,000 | ---D | M] -- C:\Program Files\API-Guide
[2010.01.10 01:03:26 | 000,000,000 | ---D | M] -- C:\Program Files\Application Updater
[2009.09.25 00:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Ask & Record Toolbar
[2010.07.17 18:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\Ask.com
[2010.09.04 23:35:43 | 000,000,000 | ---D | M] -- C:\Program Files\AutocompletePro
[2008.12.10 16:21:09 | 000,000,000 | ---D | M] -- C:\Program Files\BitDefender
[2010.09.07 00:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Caricature Software
[2010.09.01 12:29:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2004.08.11 19:12:04 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010.09.06 23:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010.01.17 00:14:08 | 000,000,000 | ---D | M] -- C:\Program Files\Core Services
[2008.06.06 00:44:39 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008.06.06 00:44:28 | 000,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2008.06.06 00:49:09 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2010.09.01 00:33:33 | 000,000,000 | ---D | M] -- C:\Program Files\DAP
[2008.06.06 00:45:19 | 000,000,000 | ---D | M] -- C:\Program Files\Dell
[2008.06.06 00:48:10 | 000,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008.06.06 00:22:58 | 000,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2010.09.18 18:27:34 | 000,000,000 | ---D | M] -- C:\Program Files\DemoProfessionalDictionary20
[2010.08.13 00:19:31 | 000,000,000 | ---D | M] -- C:\Program Files\ElcomSoft
[2009.08.24 18:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2010.05.27 11:56:38 | 000,000,000 | ---D | M] -- C:\Program Files\File Helper
[2010.01.26 22:29:21 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2009.09.24 23:52:30 | 000,000,000 | ---D | M] -- C:\Program Files\FLV Player
[2008.10.22 13:00:53 | 000,000,000 | ---D | M] -- C:\Program Files\Free-Soft
[2009.11.25 00:49:07 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010.09.04 20:29:57 | 000,000,000 | ---D | M] -- C:\Program Files\Hide My IP 2009
[2010.06.06 00:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\IEInspector
[2010.06.04 13:22:21 | 000,000,000 | ---D | M] -- C:\Program Files\Index.dat Analyzer
[2010.09.05 09:19:02 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2010.08.13 03:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009.08.10 22:15:25 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView
[2010.08.31 22:49:14 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010.08.16 16:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\Join Air
[2010.09.14 11:39:41 | 000,000,000 | ---D | M] -- C:\Program Files\Magic Memory Optimizer
[2009.09.26 15:53:38 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee
[2010.07.06 16:09:43 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2008.09.18 16:37:52 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008.09.19 11:55:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2009.01.27 13:28:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Firewall Client 2004
[2004.08.11 19:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009.02.20 12:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010.09.04 17:09:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010.08.28 23:50:14 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2010.08.13 03:14:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008.09.19 11:55:20 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010.08.13 03:03:30 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010.09.18 18:08:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009.08.08 19:30:24 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2009.10.29 23:55:59 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2004.08.11 19:11:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008.12.26 14:18:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2008.06.06 00:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008.09.18 15:50:16 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2004.08.11 19:11:50 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010.05.12 11:47:56 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010.09.06 23:59:12 | 000,000,000 | ---D | M] -- C:\Program Files\P2P_Torrent
[2009.11.22 23:10:31 | 000,000,000 | ---D | M] -- C:\Program Files\PDFCreator
[2010.01.13 14:05:54 | 000,000,000 | ---D | M] -- C:\Program Files\pdfforge Toolbar
[2009.08.24 17:58:56 | 000,000,000 | ---D | M] -- C:\Program Files\PlayFLV
[2009.10.26 13:27:58 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010.09.09 23:31:58 | 000,000,000 | ---D | M] -- C:\Program Files\RAR Password Unlocker
[2010.03.19 23:12:46 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2008.10.03 14:01:46 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2008.09.24 15:06:40 | 000,000,000 | ---D | M] -- C:\Program Files\RealVNC
[2009.08.08 19:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010.09.05 23:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\RegCure
[2009.10.31 21:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Winner
[2009.03.09 09:57:12 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2010.09.05 00:24:41 | 000,000,000 | ---D | M] -- C:\Program Files\Search Advisor
[2010.09.01 00:30:10 | 000,000,000 | ---D | M] -- C:\Program Files\SearchPredict
[2010.09.18 23:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\SIW
[2008.06.06 00:46:02 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2010.03.07 21:50:53 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010.07.31 19:28:36 | 000,000,000 | ---D | M] -- C:\Program Files\SourceTec
[2010.09.01 00:30:11 | 000,000,000 | ---D | M] -- C:\Program Files\SpeedBit Video Downloader
[2010.09.08 22:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010.09.18 20:20:01 | 000,000,000 | ---D | M] -- C:\Program Files\SystemRequirementsLab
[2009.12.15 16:48:02 | 000,000,000 | ---D | M] -- C:\Program Files\Teach Me HTML
[2008.06.06 00:43:11 | 000,000,000 | ---D | M] -- C:\Program Files\Toshiba
[2004.08.11 19:20:34 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010.08.30 01:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2009.09.06 23:25:47 | 000,000,000 | ---D | M] -- C:\Program Files\Vbsedit
[2010.08.27 11:57:07 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008.10.03 14:24:24 | 000,000,000 | ---D | M] -- C:\Program Files\Vodafone
[2010.08.17 12:41:34 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2009.08.31 15:51:41 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2010.09.09 17:02:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2009.09.29 01:07:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2008.09.19 11:36:09 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2008.09.19 11:36:08 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008.09.18 15:50:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2010.08.10 12:01:37 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Script Encoder
[2004.08.11 19:13:20 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008.09.24 15:05:30 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010.08.28 23:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\WinZip
[2004.08.11 19:15:24 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2009.06.27 15:13:07 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010.09.09 22:43:28 | 000,000,000 | ---D | M] -- C:\Program Files\Zip Password Recovery Magic

< %appdata%\*.* >
[2010.08.15 12:59:44 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982C.manifest
[2010.08.15 12:59:44 | 000,000,138 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982O.manifest
[2010.08.15 12:59:44 | 000,004,166 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982P.manifest
[2010.08.15 12:59:44 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581982S.manifest
[2010.09.19 13:03:39 | 000,000,051 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985C.manifest
[2010.09.19 13:03:39 | 000,000,423 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985O.manifest
[2010.09.19 16:22:54 | 000,004,043 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985P.manifest
[2010.09.19 13:03:39 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\02000000c0c97581985S.manifest
[2004.08.11 19:07:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\ivangu\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\i386\agp440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 21:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\i386\atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 21:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:disk.sys
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004.08.04 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008.04.13 21:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\i386\disk.sys
[2008.04.13 21:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008.04.13 21:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\i386\eventlog.dll
[2008.04.14 03:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008.03.17 16:59:36 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\drivers\storage\R179638\iastor.sys
[2008.03.17 16:59:36 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\i386\iaStor.sys
[2008.03.17 16:59:36 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 03:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\i386\netlogon.dll
[2008.04.14 03:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 03:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\i386\scecli.dll
[2008.04.14 03:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:usbstor.sys
[2004.08.04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2008.09.18 15:48:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008.04.13 21:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008.04.13 21:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008.04.13 21:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-17 11:35:21

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Can anybody help me?
Thanks in advance !
I Vangu

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by Belahzur on Sun Sep 19, 2010 7:21 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Sun Sep 19, 2010 10:57 pm

This is the ComboFix log:

ComboFix 10-09-17.04 - ivangu 20.09.2010 1:36.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1269 [GMT 3:00]
Running from: e:\kituri\ComboFix AntiMalware\Combo-Fix.exe
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\documents and settings\ivangu\Application Data\02000000c0c97581982C.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581982O.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581982P.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581982S.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581985C.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581985O.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581985P.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581985S.manifest
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{701de95d-20fc-4221-b822-c401c28adbba}
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{701de95d-20fc-4221-b822-c401c28adbba}\chrome.manifest
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{701de95d-20fc-4221-b822-c401c28adbba}\chrome\xulcache.jar
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{701de95d-20fc-4221-b822-c401c28adbba}\defaults\preferences\xulcache.js
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{701de95d-20fc-4221-b822-c401c28adbba}\install.rdf
c:\documents and settings\ivangu\Application Data\SystemProc
c:\documents and settings\ivangu\Application Data\SystemProc\lsass.exe
c:\documents and settings\ivangu\Local Settings\Temporary Internet Files\cookies.sqlite
c:\documents and settings\ivangu\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\LocalService\Application Data\02000000c0c97581985P.manifest
c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\pdfforge Toolbar\IE\1.1.2\pdFForgetoolbarie.dll
c:\program files\pdfforge Toolbar\SearchSettings.dll
c:\windows\GnuHashes.ini
c:\windows\system\VI30AUT.DLL
c:\windows\system32\849156529
c:\windows\system32\cccc
c:\windows\system32\COMMDLG32.DLL
c:\windows\system32\COMPATUI32.DLL
c:\windows\system32\cooper.mine
c:\windows\system32\D3DRAMP32.DLL
c:\windows\system32\DCIMAN3232.DLL
c:\windows\system32\DHCPCSVC32.DLL
c:\windows\system32\DIMAP32.DLL
c:\windows\system32\dimsntfy32.dll
c:\windows\system32\DINPUT32.DLL
c:\windows\system32\DMBAND32.DLL
c:\windows\system32\dmloader3232.dll
c:\windows\system32\dpnhpast3232.dll
c:\windows\system32\DPSERIAL32.DLL
c:\windows\system32\DPVACM32.DLL
c:\windows\system32\drivers\140.exe
c:\windows\system32\drivers\265.exe
c:\windows\system32\drivers\453.exe
c:\windows\system32\drivers\484.exe
c:\windows\system32\drivers\546.exe
c:\windows\system32\drivers\750.exe
c:\windows\system32\drivers\765.exe
c:\windows\system32\drivers\937.exe
c:\windows\system32\dsauth3232.dll
c:\windows\system32\DSOUND3D32.DLL
c:\windows\system32\dsound3d3232.dll
c:\windows\system32\DSSEC32.DLL
c:\windows\system32\EqnClass3232.dll
c:\windows\system32\EqnClass323232.dll
c:\windows\system32\FM203232.dll
c:\windows\system32\iasads32.dll
c:\windows\system32\nmklo.dll
c:\windows\system32\ppppppppp
c:\windows\system32\SysWoW32
c:\windows\system32\SysWoW32\@u1526015116v0
c:\windows\system32\SysWoW32\@u1526015116v1
c:\windows\system32\SysWoW32\@u1526015116v2
c:\windows\system32\SysWoW32\@u1526015116v3
c:\windows\system32\SysWoW32\@u1526015116v4
c:\windows\system32\SysWoW32\@u1526015116v5
c:\windows\system32\SysWoW32\@u1526015116v6
c:\windows\system32\SysWoW32\@u1526015116v7
c:\windows\system32\SysWoW32\_u1526015116v0
c:\windows\system32\SysWoW32\_u1526015116v1
c:\windows\system32\SysWoW32\_u1526015116v2
c:\windows\system32\SysWoW32\_u1526015116v3
c:\windows\system32\SysWoW32\_u1526015116v4
c:\windows\system32\SysWoW32\_u1526015116v5
c:\windows\system32\SysWoW32\_u1526015116v6
c:\windows\system32\SysWoW32\_u1526015116v7
c:\windows\system32\SysWoW32\mu1526015116v4
c:\windows\system32\SysWoW32\mu1526015116v4.kwd
c:\windows\system32\SysWoW32\mu1526015116v5
c:\windows\system32\SysWoW32\mu1526015116v5.kwd
c:\windows\system32\SysWoW32\mu1526015116v6
c:\windows\system32\SysWoW32\mu1526015116v6.kwd
c:\windows\system32\SysWoW32\mu1526015116v7
c:\windows\system32\SysWoW32\mu1526015116v7.kwd
c:\windows\system32\SysWoW32\wu1526015116v0
c:\windows\system32\SysWoW32\wu1526015116v0.kwd
c:\windows\system32\SysWoW32\wu1526015116v1
c:\windows\system32\SysWoW32\wu1526015116v1.kwd
c:\windows\system32\SysWoW32\wu1526015116v2
c:\windows\system32\SysWoW32\wu1526015116v2.kwd
c:\windows\system32\SysWoW32\wu1526015116v3
c:\windows\system32\SysWoW32\wu1526015116v3.kwd
c:\windows\system32\unrar.exe
c:\windows\system32\WinMark.dll
c:\windows\system32\WinNt_1.dll
c:\windows\system32\WinNt_2.dll
c:\windows\system32\WinNt_3.dll
E:\AUTORUN.INF

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cdrom.sys

.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 21:53 . 2005-05-03 15:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-09-19 21:51 . 2010-09-19 21:51 -------- d-----w- c:\program files\RSA
2010-09-19 21:50 . 2010-09-19 21:55 -------- d-----w- c:\program files\Protector Suite QL
2010-09-19 21:42 . 2008-02-19 08:07 192512 ----a-w- c:\windows\LockStatusTray.exe
2010-09-19 21:22 . 2010-09-19 21:22 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\BVRP Software
2010-09-19 21:22 . 2010-09-19 21:22 -------- d-----w- c:\program files\NetWaiting
2010-09-19 21:21 . 2010-09-19 21:22 -------- d-----w- c:\program files\Digital Line Detect
2010-09-19 21:15 . 2006-08-01 12:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-09-19 21:14 . 2010-09-19 21:14 315392 ----a-w- c:\windows\HideWin.exe
2010-09-19 21:14 . 2007-07-26 14:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-09-19 21:13 . 2010-09-19 21:14 -------- d--h--w- c:\documents and settings\ivangu\Application Data\GTek
2010-09-19 21:13 . 2010-09-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Gtek
2010-09-19 21:13 . 2010-09-19 21:13 -------- d-----w- c:\program files\DellAutomatedPCTuneUp
2010-09-19 21:06 . 2007-04-10 17:29 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2010-09-19 21:06 . 2007-04-23 13:39 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2010-09-19 21:06 . 2006-10-05 13:07 73600 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2010-09-19 21:06 . 2006-11-20 14:55 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2010-09-19 21:06 . 2005-01-06 10:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2010-09-19 21:06 . 2006-10-10 16:33 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys
2010-09-19 21:06 . 2005-08-01 13:45 64896 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2010-09-19 21:06 . 2010-09-19 21:06 -------- d-----w- c:\program files\Toshiba
2010-09-19 21:04 . 2010-09-19 21:04 314368 ----a-w- c:\windows\system32\bitsprx432.dll
2010-09-19 21:00 . 2007-01-16 07:22 31744 ----a-w- c:\windows\system32\drivers\csrbcxp.sys
2010-09-19 20:51 . 2010-09-19 20:51 -------- d-----w- c:\program files\Intel
2010-09-19 20:51 . 2007-07-19 13:45 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-19 20:43 . 2010-09-19 20:43 -------- d-----w- C:\Intel
2010-09-19 20:42 . 2008-07-29 07:11 71512 ----a-w- c:\windows\system32\drivers\o2flash.exe
2010-09-19 20:42 . 2010-09-19 20:42 -------- d-----w- c:\windows\system32\SDA
2010-09-19 20:42 . 2010-09-19 20:42 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2010-09-19 20:39 . 2010-09-19 20:39 314368 ----a-w- c:\windows\system32\fde32.dll
2010-09-19 20:39 . 2010-09-19 20:39 -------- d-----w- C:\Dell Management Packs
2010-09-19 20:22 . 2005-07-08 11:19 666 ----a-w- c:\windows\speed.reg
2010-09-19 18:21 . 2010-09-19 18:21 314368 ----a-w- c:\windows\system32\comres32.dll
2010-09-19 15:25 . 2010-09-19 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Cobra64
2010-09-19 15:25 . 2010-07-02 17:08 371712 --s-a-w- c:\windows\system32\Cobra64_ker.dll
2010-09-19 15:25 . 2010-09-19 15:25 -------- d-----w- c:\program files\Cobra64
2010-09-19 14:47 . 2010-09-19 14:47 314368 ----a-w- c:\windows\system32\dpnwsock32.dll
2010-09-18 20:28 . 2010-09-18 20:39 -------- d-----w- c:\program files\SIW
2010-09-18 17:20 . 2010-09-18 17:20 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-18 16:56 . 2010-09-18 16:56 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-18 16:56 . 2010-09-18 16:56 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\eSupport.com
2010-09-18 16:05 . 2010-09-18 16:05 314368 ----a-w- c:\windows\system32\capesnpn32.dll
2010-09-16 07:51 . 2010-09-16 07:51 315392 ----a-w- c:\windows\system32\fltlib32.dll
2010-09-15 18:36 . 2010-09-15 18:36 318464 ----a-w- c:\windows\system32\dmcompos32.dll
2010-09-15 16:04 . 2010-09-15 16:04 318464 ----a-w- c:\windows\system32\cdmodem32.dll
2010-09-15 15:30 . 2010-09-15 15:30 318464 ----a-w- c:\windows\system32\csseqchk32.dll
2010-09-15 13:06 . 2010-09-15 13:06 318464 ----a-w- c:\windows\system32\cryptdll32.dll
2010-09-14 19:29 . 2010-09-14 19:29 318464 ----a-w- c:\windows\system32\dot3ui32.dll
2010-09-14 10:37 . 2010-09-14 10:37 318464 ----a-w- c:\windows\system32\dtcutil32.dll
2010-09-14 08:58 . 2010-09-14 08:58 318464 ----a-w- c:\windows\system32\drmstor32.dll
2010-09-14 08:34 . 2010-09-14 08:34 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\PCHealth
2010-09-13 20:11 . 2010-09-13 20:11 318464 ----a-w- c:\windows\system32\dplayx32.dll
2010-09-10 18:55 . 2010-09-10 18:55 314880 ----a-w- c:\windows\system32\dxva232.dll
2010-09-10 08:49 . 2010-09-10 08:49 314880 ----a-w- c:\windows\system32\dsuiext32.dll
2010-09-09 20:31 . 2010-09-09 20:31 -------- d-----w- c:\program files\RAR Password Unlocker
2010-09-09 19:43 . 2010-09-09 19:43 -------- d-----w- c:\program files\Zip Password Recovery Magic
2010-09-09 14:03 . 2010-05-21 11:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-09 14:02 . 2010-09-09 14:02 -------- d-----w- c:\program files\Windows Defender
2010-09-09 12:35 . 2010-09-09 12:35 314880 ----a-w- c:\windows\system32\deskperf32.dll
2010-09-08 10:53 . 2010-09-08 10:53 140056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-06 21:23 . 2010-09-06 21:23 -------- d-----w- c:\program files\Caricature Software
2010-09-06 20:56 . 2010-09-06 20:56 -------- d-----w- c:\program files\Conduit
2010-09-06 20:56 . 2010-09-06 20:56 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\Conduit
2010-09-06 20:56 . 2010-09-06 20:59 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\P2P_Torrent
2010-09-06 20:56 . 2010-09-06 20:59 -------- d-----w- c:\program files\P2P_Torrent
2010-09-06 14:22 . 2010-09-06 14:22 -------- d-----w- c:\documents and settings\ivangu\Application Data\SUPERAntiSpyware.com
2010-09-06 12:26 . 2010-09-19 22:01 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-09-06 07:51 . 2010-09-06 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-06 07:51 . 2010-09-08 19:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-05 20:00 . 2010-09-05 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-09-05 20:00 . 2010-09-05 20:13 -------- d-----w- c:\program files\RegCure
2010-09-05 11:29 . 2010-09-19 22:42 376 ----a-w- c:\documents and settings\ivangu\config.dat
2010-09-04 20:36 . 2010-09-04 20:36 -------- d-----w- c:\documents and settings\ivangu\Application Data\WhiteSmokeTranslator
2010-09-04 20:35 . 2010-09-04 20:35 -------- d-----w- c:\program files\AutocompletePro
2010-09-04 20:35 . 2010-09-04 21:24 -------- d-----w- c:\program files\Search Advisor
2010-09-04 17:52 . 2010-09-04 17:52 94720 --sha-r- c:\windows\system32\perfd009S.dll
2010-09-04 17:38 . 2010-09-04 17:38 -------- d-----w- c:\documents and settings\ivangu\Application Data\DELL Drivers Update Utility
2010-09-04 17:26 . 2010-09-04 17:30 -------- d-----w- c:\documents and settings\ivangu\Application Data\Hide IP NG
2010-09-04 15:40 . 2010-09-14 08:39 -------- d-----w- c:\program files\Magic Memory Optimizer
2010-09-02 19:12 . 2010-09-02 19:12 314880 ----a-w- c:\windows\system32\cdfview32.dll
2010-09-01 10:05 . 2010-09-01 17:06 -------- d-----w- c:\documents and settings\ivangu\workspace
2010-08-31 21:30 . 2010-08-31 21:33 -------- d-----w- c:\program files\DAP
2010-08-31 21:30 . 2010-09-14 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-08-31 21:30 . 2010-08-31 21:30 -------- d-----w- c:\program files\SearchPredict
2010-08-31 21:30 . 2010-08-31 21:30 -------- d-----w- c:\documents and settings\ivangu\Application Data\Toolbar4
2010-08-31 21:30 . 2010-08-31 21:30 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-08-30 21:02 . 2010-08-30 21:02 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\Help
2010-08-29 10:13 . 2010-08-29 10:13 320512 ----a-w- c:\windows\system32\comrepl32.dll
2010-08-28 20:43 . 2010-08-28 20:43 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\WinZip
2010-08-28 20:42 . 2010-08-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-08-28 19:50 . 2010-08-28 19:52 -------- d-----w- c:\program files\API-Guide
2010-08-27 08:57 . 2010-08-27 09:09 -------- d-----w- c:\documents and settings\ivangu\Application Data\vlc
2010-08-27 08:57 . 2010-08-27 08:57 -------- d-----w- c:\program files\VideoLAN
2010-08-24 21:30 . 2010-08-24 20:10 196608 ----a-w- c:\windows\system32\HMIPCore.dll
2010-08-23 16:31 . 2010-08-23 16:32 -------- d-----w- C:\ERDNT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 22:39 . 2009-11-22 20:09 -------- d-----w- c:\program files\pdfforge Toolbar
2010-09-19 21:42 . 2008-06-05 21:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-19 21:15 . 2008-10-03 11:01 -------- d-----w- c:\program files\Realtek
2010-09-19 21:13 . 2010-09-19 21:13 750223 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\HTML\AutoMaintenance\AutoMaintenance.dll
2010-09-19 21:13 . 2010-09-19 21:13 208896 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\HTML\AutoMaintenance\Images.dll
2010-09-19 21:13 . 2010-09-19 21:14 698511 ----a-w- c:\documents and settings\ivangu\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\AutoMaintenance\AutoMaintenance.dll
2010-09-19 21:13 . 2010-09-19 21:14 208896 ----a-w- c:\documents and settings\ivangu\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\AutoMaintenance\Images.dll
2010-09-19 21:13 . 2010-09-19 21:13 698511 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\HTML\AutoMaintenance\AutoMaintenance.dll
2010-09-19 21:13 . 2010-09-19 21:13 208896 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\HTML\AutoMaintenance\Images.dll
2010-09-19 20:22 . 2010-09-19 20:22 5 ----a-w- c:\windows\system32\drivers\DELL_XPS_Vostro1310.MRK
2010-09-19 20:22 . 2010-09-19 20:22 5 ----a-w- c:\windows\system32\drivers\1028_DELL_XPS_Vostro1310.MRK
2010-09-19 20:22 . 2008-06-05 21:42 -------- d-----w- c:\program files\Dell
2010-09-19 20:15 . 2010-08-12 19:34 -------- d-----w- c:\documents and settings\ivangu\Application Data\uTorrent
2010-09-19 19:24 . 2009-09-06 21:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-19 19:06 . 2010-09-06 14:22 117760 ----a-w- c:\documents and settings\ivangu\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-19 15:56 . 2008-10-22 10:18 -------- d-----w- c:\program files\DemoProfessionalDictionary20
2010-09-19 14:32 . 2009-08-10 19:14 58200 ----a-w- c:\documents and settings\ivangu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 20:14 . 2008-06-05 21:23 82670 ----a-w- c:\windows\system32\nvModes.dat
2010-09-18 10:36 . 2010-05-06 09:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-18 09:13 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP3f5a.tmp
2010-09-18 09:08 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4ae3.tmp
2010-09-18 08:17 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4229.tmp
2010-09-18 08:14 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP42a6.tmp
2010-09-17 19:31 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4ca9.tmp
2010-09-17 19:20 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4b9f.tmp
2010-09-17 17:55 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4b70.tmp
2010-09-17 15:52 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4b80.tmp
2010-09-17 15:25 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4c1c.tmp
2010-09-17 14:20 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4c0c.tmp
2010-09-16 15:04 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4a95.tmp
2010-09-15 19:48 . 2010-08-31 21:33 96432 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-09-15 18:17 . 2009-02-20 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-15 14:52 . 2010-09-15 14:54 183860 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-09-13 20:11 . 2010-09-13 20:11 1142272 --sha-w- c:\windows\system32\83.tmp
2010-09-12 07:38 . 2010-09-12 07:36 1142272 --sha-w- c:\windows\system32\189.tmp
2010-09-12 07:36 . 2010-09-12 07:33 1142272 --sha-w- c:\windows\system32\182.tmp
2010-09-12 07:19 . 2010-09-12 07:17 1142272 --sha-w- c:\windows\system32\179.tmp
2010-09-06 14:22 . 2010-09-06 14:22 52224 ----a-w- c:\documents and settings\ivangu\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-06 14:21 . 2008-10-03 11:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-04 17:29 . 2010-08-18 14:03 -------- d-----w- c:\program files\Hide My IP 2009
2010-09-04 17:27 . 2010-09-04 17:27 867644 ----a-w- c:\documents and settings\ivangu\Application Data\Hide IP NG\hideipng-update.exe
2010-09-04 14:09 . 2009-12-21 16:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 19:35 . 2008-06-05 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-08-31 21:40 . 2009-11-02 19:37 -------- d-----w- c:\documents and settings\ivangu\Application Data\Uniblue
2010-08-31 21:33 . 2010-08-31 21:33 5276200 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\speedupmypc.exe
2010-08-31 21:32 . 2010-08-31 21:33 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-08-31 21:30 . 2010-08-31 21:33 62464 ----a-w- c:\documents and settings\ivangu\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
2010-08-31 21:30 . 2010-08-31 21:33 48128 ----a-w- c:\documents and settings\ivangu\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
2010-08-31 19:49 . 2008-06-05 21:38 -------- d-----w- c:\program files\Java
2010-08-31 19:48 . 2010-08-31 19:48 79488 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-08-31 19:48 . 2010-08-31 19:48 152576 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-08-30 19:08 . 2010-08-17 09:33 -------- d-----w- c:\documents and settings\ivangu\Application Data\Azureus
2010-08-29 22:52 . 2010-08-12 19:34 -------- d-----w- c:\program files\uTorrent
2010-08-29 22:43 . 2009-12-08 11:46 -------- d-----w- c:\documents and settings\ivangu\Application Data\FileZilla
2010-08-19 22:23 . 2010-08-19 22:23 -------- d-----w- c:\documents and settings\ivangu\Application Data\DriverXP For DELL
2010-08-19 15:25 . 2008-06-05 21:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 11:37 . 2010-08-19 11:37 318976 ----a-w- c:\windows\system32\dsauth32.dll
2010-08-18 08:38 . 2010-08-18 08:38 318976 ----a-w- c:\windows\system32\FM2032.dll
2010-08-17 18:10 . 2010-09-01 02:37 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-17 13:17 . 2004-08-11 16:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 09:41 . 2010-08-17 09:33 -------- d-----w- c:\program files\Vuze
2010-08-17 09:39 . 2010-08-17 09:39 310208 ----a-w- c:\documents and settings\ivangu\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-17 09:33 . 2010-08-17 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-08-16 13:39 . 2010-08-16 13:37 -------- d-----w- c:\program files\Join Air
2010-08-15 10:15 . 2010-08-15 10:15 1160704 --sha-w- c:\windows\system32\CA.tmp
2010-08-15 09:59 . 2010-08-15 09:59 213504 ----a-w- c:\windows\system32\HTMUTIL32.dll
2010-08-14 07:51 . 2010-08-14 07:51 1160704 --sha-w- c:\windows\system32\66.tmp
2010-08-13 00:14 . 2008-06-05 21:48 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 21:19 . 2010-08-12 21:19 -------- d-----w- c:\program files\ElcomSoft
2010-08-12 12:45 . 2010-08-11 11:38 -------- d-----w- c:\documents and settings\ivangu\Application Data\LimeWire
2010-08-11 19:02 . 2010-08-11 19:02 0 ---ha-w- c:\documents and settings\ivangu\acbmhojlbh.tmp
2010-08-11 12:06 . 2010-08-11 12:06 325632 ----a-w- c:\windows\system32\CtCamMgr32.dll
2010-08-11 12:05 . 2010-08-11 12:05 1154048 --sha-w- c:\windows\system32\1EF.tmp
2010-08-11 12:05 . 2010-08-11 12:05 209408 ----a-w- c:\windows\system32\dispex32.dll
2010-08-11 11:37 . 2010-08-11 11:37 -------- d-----w- c:\program files\360Share Pro
2010-08-10 09:01 . 2010-08-10 09:01 -------- d-----w- c:\program files\Windows Script Encoder
2010-08-09 15:36 . 2009-08-10 18:54 -------- d--h--r- c:\documents and settings\ivangu\Application Data\yahoo!
2010-08-09 15:31 . 2010-08-09 15:31 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-03 08:02 . 2010-08-03 08:02 503808 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ae6d65d-n\msvcp71.dll
2010-08-03 08:02 . 2010-08-03 08:02 499712 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ae6d65d-n\jmc.dll
2010-08-03 08:02 . 2010-08-03 08:02 348160 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ae6d65d-n\msvcr71.dll
2010-08-03 08:02 . 2010-08-03 08:02 12800 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-70402822-n\decora-d3d.dll
2010-08-03 08:02 . 2010-08-03 08:02 61440 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-70402822-n\decora-sse.dll
2010-07-31 16:29 . 2010-02-15 11:01 -------- d-----w- c:\program files\Common Files\SourceTec
2010-07-31 16:28 . 2010-07-31 16:28 -------- d-----w- c:\program files\SourceTec
2010-07-27 20:41 . 2010-07-04 20:52 5767 ----a-w- c:\windows\system32\WinNt_.dll
2010-07-22 15:49 . 2004-08-11 16:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-24 06:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 02:00 . 2010-04-20 18:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 07:21 . 2010-07-15 07:21 2944904 ----a-w- c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-09 14:26 . 2010-09-01 02:38 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-07-02 14:25 . 2010-09-01 02:38 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-07-02 14:25 . 2010-09-01 02:38 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-06-30 12:31 . 2004-08-11 16:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 09:26 . 2010-06-27 09:25 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-06-24 12:22 . 2004-08-11 16:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-11 16:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2009-09-24 20:58 . 2009-09-24 20:52 8801704 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2008-06-05 21:44 . 2008-06-05 21:44 74 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-08-31 21:30 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{961E69CD-C9D7-A9C0-F79E-E68A963BE159}]
2010-08-11 12:05 209408 ----a-w- c:\windows\system32\dispex32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2010-09-06 20:59 2735200 ----a-w- c:\program files\P2P_Torrent\tbP2P1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 12:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 09:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 09:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Search Advisor"="c:\program files\Search Advisor\adgui.exe" [2010-09-02 2332505]
"Cobra64 Messages Server"="c:\program files\Cobra64\Cobra64MsgServer.exe" [2010-07-02 841728]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"nwiz"="nwiz.exe" [2008-06-09 1630208]
"NVHotkey"="nvHotkey.dll" [2008-06-09 90112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-09 86016]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-10 122368]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-10-10 132096]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"YCFPMIPNCP"="c:\windows\system32\perfd009S.dll" [2010-09-04 94720]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-9-20 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 11:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985]
2010-08-15 09:59 213504 ----a-w- c:\windows\system32\HTMUTIL32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 09:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\HTMUTIL32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1380632483-483917175-3770656036-1141\Scripts\Logon\0\0]
"Script"=LogOnScriptMappingONGroups.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1380632483-483917175-3770656036-1141\Scripts\Logon\0\1]
"Script"=ITInventar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1380632483-483917175-3770656036-1831\Scripts\Logon\0\0]
"Script"=LogOnScriptMappingONGroups.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\360Share Pro\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Kituri\\Java\\Eclipse 3.6\\eclipse\\eclipse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]
R2 Cobra64KernelService;Cobra64 Kernel Service;c:\program files\Cobra64\Cobra64_Kernel.exe [19.09.2010 18:25 747520]
R2 Cobra64UpdaterService;Cobra64 updater Service;c:\program files\Cobra64\Cobra64_Updater.exe [19.09.2010 18:25 805376]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [09.12.2006 20:04 128832]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 04:18 360224]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [16.08.2010 16:37 246272]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [06.06.2008 00:19 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [06.06.2008 00:19 43608]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [06.06.2008 00:19 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [06.06.2008 00:19 235840]
S2 gupdate1ca6d4fe7bc28b4;Google Update Service (gupdate1ca6d4fe7bc28b4);c:\program files\Google\Update\GoogleUpdate.exe [25.11.2009 00:48 133104]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [18.09.2010 19:56 23456]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.08.2010 16:38 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 15:49 227232]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [06.06.2008 00:19 141376]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 01:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 21:48]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 21:48]

2010-09-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-09-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 20:00]

2010-09-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 20:00]

2010-09-19 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 12:23]

2010-09-19 c:\windows\Tasks\User_Feed_Synchronization-{0AB3872B-F0E4-4F81-AEB8-A1A8017D12BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]

2010-09-19 c:\windows\Tasks\User_Feed_Synchronization-{D11BB762-721A-41BE-AB81-F447E31E0AFF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride =
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\program files\SpeedBit Video Downloader\SPFireFox\components\Engine.dll
FF - plugin: c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ivangu\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{0128F895-15BA-4C34-916E-0549D4E511E0} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-20 01:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0128F895-15BA-4C34-916E-0549D4E511E0}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\dciman3232.dll"
"ThreadingModel"="Both"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1372)
c:\windows\system32\vrlogon.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\HTMUTIL32.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll

- - - - - - - > 'lsass.exe'(1428)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll

- - - - - - - > 'explorer.exe'(4428)
c:\windows\system32\WININET.dll
c:\documents and settings\ivangu\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\Protector Suite QL\farchns.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\HTMUTIL32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\WinZip\wzshlstb.dll
c:\program files\WinRAR\rarext.dll
c:\program files\McAfee\VirusScan Enterprise\shext.dll
c:\windows\system32\TosBtShell.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\progra~1\Windows Defender\MpShHook.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\McAfee\VirusScan Enterprise\scriptcl.dll
c:\windows\system32\JScript.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\RTHDCPL.EXE
c:\program files\Protector Suite QL\psqltray.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-09-20 01:51:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 22:51

Pre-Run: 11.320.369.152 bytes free
Post-Run: 12.741.054.464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B6489EE2818D20555D39C9BB7E10D226

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by Belahzur on Sun Sep 19, 2010 11:30 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "YCFPMIPNCP"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

    RegLockDel::
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0128F895-15BA-4C34-916E-0549D4E511E0}\InprocServer32]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Mon Sep 20, 2010 9:13 am

Ok. Thanks!
This is ComboFix log file:

ComboFix 10-09-19.02 - ivangu 20.09.2010 11:50:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1201 [GMT 3:00]
Running from: e:\kituri\ComboFix AntiMalware\Combo-Fix.exe
Command switches used :: e:\kituri\ComboFix AntiMalware\CFScript.txt
AV: Bitdefender Antivirus *On-access scanning disabled* (Outdated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: Bitdefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ivangu\Application Data\02000000c0c97581985C.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581985O.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581985P.manifest
c:\documents and settings\ivangu\Application Data\02000000c0c97581985S.manifest
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{a2e2357b-ec8e-4198-bd59-60c06ebddd31}
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{a2e2357b-ec8e-4198-bd59-60c06ebddd31}\chrome.manifest
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{a2e2357b-ec8e-4198-bd59-60c06ebddd31}\chrome\xulcache.jar
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{a2e2357b-ec8e-4198-bd59-60c06ebddd31}\defaults\preferences\xulcache.js
c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{a2e2357b-ec8e-4198-bd59-60c06ebddd31}\install.rdf
c:\documents and settings\ivangu\Application Data\SystemProc
c:\documents and settings\ivangu\Application Data\SystemProc\lsass.exe
c:\windows\system32\849156529
c:\windows\system32\DFRGRES32.DLL
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 08:12 . 2010-09-20 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-20 08:12 . 2010-09-20 08:12 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-20 08:12 . 2010-09-20 08:12 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-20 08:12 . 2010-09-20 08:12 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-20 08:12 . 2010-09-20 08:12 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-20 08:08 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-09-20 08:08 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-09-20 08:08 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-09-20 08:08 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-09-20 08:08 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-09-20 08:08 . 2010-09-20 08:08 -------- d-----w- C:\NVIDIA
2010-09-19 21:53 . 2005-05-03 15:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-09-19 21:51 . 2010-09-19 21:51 -------- d-----w- c:\program files\RSA
2010-09-19 21:50 . 2010-09-19 21:55 -------- d-----w- c:\program files\Protector Suite QL
2010-09-19 21:42 . 2008-02-19 08:07 192512 ----a-w- c:\windows\LockStatusTray.exe
2010-09-19 21:22 . 2010-09-19 21:22 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\BVRP Software
2010-09-19 21:22 . 2010-09-19 21:22 -------- d-----w- c:\program files\NetWaiting
2010-09-19 21:21 . 2010-09-19 21:22 -------- d-----w- c:\program files\Digital Line Detect
2010-09-19 21:15 . 2006-08-01 12:02 49152 ----a-w- c:\windows\system32\ChCfg.exe
2010-09-19 21:14 . 2010-09-19 21:14 315392 ----a-w- c:\windows\HideWin.exe
2010-09-19 21:14 . 2007-07-26 14:09 520192 ----a-w- c:\windows\RtlExUpd.dll
2010-09-19 21:14 . 2010-09-19 21:13 698511 ----a-w- c:\documents and settings\ivangu\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\AutoMaintenance\AutoMaintenance.dll
2010-09-19 21:14 . 2010-09-19 21:13 208896 ----a-w- c:\documents and settings\ivangu\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\HTML\AutoMaintenance\Images.dll
2010-09-19 21:13 . 2010-09-19 21:13 750223 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\HTML\AutoMaintenance\AutoMaintenance.dll
2010-09-19 21:13 . 2010-09-19 21:13 208896 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch2\HTML\AutoMaintenance\Images.dll
2010-09-19 21:13 . 2010-09-19 21:13 698511 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\HTML\AutoMaintenance\AutoMaintenance.dll
2010-09-19 21:13 . 2010-09-19 21:13 208896 ----a-w- c:\documents and settings\All Users\Application Data\Gtek\GTUpdate\AUpdate\Channels\ch1\HTML\AutoMaintenance\Images.dll
2010-09-19 21:13 . 2010-09-19 21:14 -------- d--h--w- c:\documents and settings\ivangu\Application Data\GTek
2010-09-19 21:13 . 2010-09-19 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Gtek
2010-09-19 21:13 . 2010-09-19 21:13 -------- d-----w- c:\program files\DellAutomatedPCTuneUp
2010-09-19 21:06 . 2007-04-10 17:29 41856 ----a-w- c:\windows\system32\drivers\tosrfusb.sys
2010-09-19 21:06 . 2007-04-23 13:39 113920 ----a-w- c:\windows\system32\drivers\tosrfbd.sys
2010-09-19 21:06 . 2006-10-05 13:07 73600 ----a-w- c:\windows\system32\drivers\Tosrfhid.sys
2010-09-19 21:06 . 2006-11-20 14:55 36480 ----a-w- c:\windows\system32\drivers\tosrfbnp.sys
2010-09-19 21:06 . 2005-01-06 10:42 18612 ----a-w- c:\windows\system32\drivers\tosrfnds.sys
2010-09-19 21:06 . 2006-10-10 16:33 41600 ----a-w- c:\windows\system32\drivers\tosporte.sys
2010-09-19 21:06 . 2005-08-01 13:45 64896 ----a-w- c:\windows\system32\drivers\tosrfcom.sys
2010-09-19 21:06 . 2010-09-19 21:06 -------- d-----w- c:\program files\Toshiba
2010-09-19 21:04 . 2010-09-19 21:04 314368 ----a-w- c:\windows\system32\bitsprx432.dll
2010-09-19 21:00 . 2007-01-16 07:22 31744 ----a-w- c:\windows\system32\drivers\csrbcxp.sys
2010-09-19 20:51 . 2010-09-19 20:51 -------- d-----w- c:\program files\Intel
2010-09-19 20:51 . 2007-07-19 13:45 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-09-19 20:43 . 2010-09-19 20:43 -------- d-----w- C:\Intel
2010-09-19 20:42 . 2008-07-29 07:11 71512 ----a-w- c:\windows\system32\drivers\o2flash.exe
2010-09-19 20:42 . 2010-09-19 20:42 -------- d-----w- c:\windows\system32\SDA
2010-09-19 20:42 . 2010-09-19 20:42 -------- d-----w- c:\program files\O2Micro Flash Memory Card Driver
2010-09-19 20:39 . 2010-09-19 20:39 314368 ----a-w- c:\windows\system32\fde32.dll
2010-09-19 20:39 . 2010-09-19 20:39 -------- d-----w- C:\Dell Management Packs
2010-09-19 20:22 . 2005-07-08 11:19 666 ----a-w- c:\windows\speed.reg
2010-09-19 18:21 . 2010-09-19 18:21 314368 ----a-w- c:\windows\system32\comres32.dll
2010-09-19 15:25 . 2010-09-19 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Cobra64
2010-09-19 15:25 . 2010-07-02 17:08 371712 --s-a-w- c:\windows\system32\Cobra64_ker.dll
2010-09-19 15:25 . 2010-09-19 15:25 -------- d-----w- c:\program files\Cobra64
2010-09-19 14:47 . 2010-09-19 14:47 314368 ----a-w- c:\windows\system32\dpnwsock32.dll
2010-09-18 20:28 . 2010-09-18 20:39 -------- d-----w- c:\program files\SIW
2010-09-18 17:20 . 2010-09-18 17:20 -------- d-----w- c:\program files\SystemRequirementsLab
2010-09-18 16:56 . 2010-09-18 16:56 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-09-18 16:56 . 2010-09-18 16:56 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\eSupport.com
2010-09-18 16:05 . 2010-09-18 16:05 314368 ----a-w- c:\windows\system32\capesnpn32.dll
2010-09-16 07:51 . 2010-09-16 07:51 315392 ----a-w- c:\windows\system32\fltlib32.dll
2010-09-15 18:36 . 2010-09-15 18:36 318464 ----a-w- c:\windows\system32\dmcompos32.dll
2010-09-15 16:04 . 2010-09-15 16:04 318464 ----a-w- c:\windows\system32\cdmodem32.dll
2010-09-15 15:30 . 2010-09-15 15:30 318464 ----a-w- c:\windows\system32\csseqchk32.dll
2010-09-15 13:06 . 2010-09-15 13:06 318464 ----a-w- c:\windows\system32\cryptdll32.dll
2010-09-14 19:29 . 2010-09-14 19:29 318464 ----a-w- c:\windows\system32\dot3ui32.dll
2010-09-14 10:37 . 2010-09-14 10:37 318464 ----a-w- c:\windows\system32\dtcutil32.dll
2010-09-14 08:58 . 2010-09-14 08:58 318464 ----a-w- c:\windows\system32\drmstor32.dll
2010-09-14 08:34 . 2010-09-14 08:34 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\PCHealth
2010-09-13 20:11 . 2010-09-13 20:11 318464 ----a-w- c:\windows\system32\dplayx32.dll
2010-09-10 18:55 . 2010-09-10 18:55 314880 ----a-w- c:\windows\system32\dxva232.dll
2010-09-10 08:49 . 2010-09-10 08:49 314880 ----a-w- c:\windows\system32\dsuiext32.dll
2010-09-09 20:31 . 2010-09-09 20:31 -------- d-----w- c:\program files\RAR Password Unlocker
2010-09-09 19:43 . 2010-09-09 19:43 -------- d-----w- c:\program files\Zip Password Recovery Magic
2010-09-09 14:03 . 2010-05-21 11:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-09-09 14:02 . 2010-09-09 14:02 -------- d-----w- c:\program files\Windows Defender
2010-09-09 12:35 . 2010-09-09 12:35 314880 ----a-w- c:\windows\system32\deskperf32.dll
2010-09-08 10:53 . 2010-09-08 10:53 140056 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-06 21:23 . 2010-09-06 21:23 -------- d-----w- c:\program files\Caricature Software
2010-09-06 20:56 . 2010-09-06 20:56 -------- d-----w- c:\program files\Conduit
2010-09-06 20:56 . 2010-09-06 20:56 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\Conduit
2010-09-06 20:56 . 2010-09-06 20:59 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\P2P_Torrent
2010-09-06 20:56 . 2010-09-06 20:59 -------- d-----w- c:\program files\P2P_Torrent
2010-09-06 14:22 . 2010-09-06 14:22 52224 ----a-w- c:\documents and settings\ivangu\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-06 14:22 . 2010-09-19 19:06 117760 ----a-w- c:\documents and settings\ivangu\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-06 14:22 . 2010-09-06 14:22 -------- d-----w- c:\documents and settings\ivangu\Application Data\SUPERAntiSpyware.com
2010-09-06 12:26 . 2010-09-19 22:01 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-09-06 07:51 . 2010-09-06 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-09-06 07:51 . 2010-09-08 19:01 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-05 20:00 . 2010-09-05 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-09-05 20:00 . 2010-09-05 20:13 -------- d-----w- c:\program files\RegCure
2010-09-05 11:29 . 2010-09-19 22:58 376 ----a-w- c:\documents and settings\ivangu\config.dat
2010-09-04 20:36 . 2010-09-04 20:36 -------- d-----w- c:\documents and settings\ivangu\Application Data\WhiteSmokeTranslator
2010-09-04 20:35 . 2010-09-04 20:35 -------- d-----w- c:\program files\AutocompletePro
2010-09-04 20:35 . 2010-09-04 21:24 -------- d-----w- c:\program files\Search Advisor
2010-09-04 17:52 . 2010-09-04 17:52 94720 --sha-r- c:\windows\system32\perfd009S.dll
2010-09-04 17:38 . 2010-09-04 17:38 -------- d-----w- c:\documents and settings\ivangu\Application Data\DELL Drivers Update Utility
2010-09-04 17:27 . 2010-09-04 17:27 867644 ----a-w- c:\documents and settings\ivangu\Application Data\Hide IP NG\hideipng-update.exe
2010-09-04 17:26 . 2010-09-04 17:30 -------- d-----w- c:\documents and settings\ivangu\Application Data\Hide IP NG
2010-09-04 15:40 . 2010-09-14 08:39 -------- d-----w- c:\program files\Magic Memory Optimizer
2010-09-02 19:12 . 2010-09-02 19:12 314880 ----a-w- c:\windows\system32\cdfview32.dll
2010-09-01 10:05 . 2010-09-01 17:06 -------- d-----w- c:\documents and settings\ivangu\workspace
2010-09-01 02:38 . 2010-07-09 14:26 475136 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\RMCCreationInfo.exe
2010-09-01 02:38 . 2010-07-02 14:25 1118208 ------w- c:\documents and settings\All Users\Application Data\Dell\RMC\Libxml2.dll
2010-09-01 02:38 . 2010-07-02 14:25 60416 ----a-w- c:\documents and settings\All Users\Application Data\Dell\RMC\ZLib1.dll
2010-09-01 02:37 . 2010-08-17 18:10 372736 ------w- c:\documents and settings\All Users\Application Data\Dell\DSL\DSLCheck.exe
2010-08-31 21:33 . 2010-09-15 19:48 96432 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2010-08-31 21:33 . 2010-08-31 21:30 62464 ----a-w- c:\documents and settings\ivangu\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\update.exe
2010-08-31 21:33 . 2010-08-31 21:30 48128 ----a-w- c:\documents and settings\ivangu\Application Data\Toolbar4\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}\uninstall.exe
2010-08-31 21:33 . 2010-08-31 21:33 5276200 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\speedupmypc.exe
2010-08-31 21:33 . 2010-08-31 21:32 3509272 ----a-w- c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-08-31 21:30 . 2010-08-31 21:33 -------- d-----w- c:\program files\DAP
2010-08-31 21:30 . 2010-09-14 08:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2010-08-31 21:30 . 2010-08-31 21:30 -------- d-----w- c:\program files\SearchPredict
2010-08-31 21:30 . 2010-08-31 21:30 -------- d-----w- c:\documents and settings\ivangu\Application Data\Toolbar4
2010-08-31 21:30 . 2010-08-31 21:30 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-08-31 19:48 . 2010-08-31 19:48 79488 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\jre1.6.0_20\gtapi.dll
2010-08-31 19:48 . 2010-08-31 19:48 152576 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\jre1.6.0_20\lzma.dll
2010-08-30 21:02 . 2010-08-30 21:02 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\Help
2010-08-29 10:13 . 2010-08-29 10:13 320512 ----a-w- c:\windows\system32\comrepl32.dll
2010-08-28 20:43 . 2010-08-28 20:43 -------- d-----w- c:\documents and settings\ivangu\Local Settings\Application Data\WinZip
2010-08-28 20:42 . 2010-08-28 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-08-28 19:50 . 2010-08-28 19:52 -------- d-----w- c:\program files\API-Guide
2010-08-27 08:57 . 2010-08-27 09:09 -------- d-----w- c:\documents and settings\ivangu\Application Data\vlc
2010-08-27 08:57 . 2010-08-27 08:57 -------- d-----w- c:\program files\VideoLAN
2010-08-24 21:30 . 2010-08-24 20:10 196608 ----a-w- c:\windows\system32\HMIPCore.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 08:36 . 2010-09-20 08:36 1154560 --sha-w- c:\windows\system32\10.tmp
2010-09-20 08:15 . 2008-06-05 21:23 35757 ----a-w- c:\windows\system32\nvModes.dat
2010-09-20 07:52 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP6987.tmp
2010-09-19 22:39 . 2009-11-22 20:09 -------- d-----w- c:\program files\pdfforge Toolbar
2010-09-19 21:42 . 2008-06-05 21:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-19 21:15 . 2008-10-03 11:01 -------- d-----w- c:\program files\Realtek
2010-09-19 20:22 . 2010-09-19 20:22 5 ----a-w- c:\windows\system32\drivers\DELL_XPS_Vostro1310.MRK
2010-09-19 20:22 . 2010-09-19 20:22 5 ----a-w- c:\windows\system32\drivers\1028_DELL_XPS_Vostro1310.MRK
2010-09-19 20:22 . 2008-06-05 21:42 -------- d-----w- c:\program files\Dell
2010-09-19 20:15 . 2010-08-12 19:34 -------- d-----w- c:\documents and settings\ivangu\Application Data\uTorrent
2010-09-19 19:24 . 2009-09-06 21:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-19 15:56 . 2008-10-22 10:18 -------- d-----w- c:\program files\DemoProfessionalDictionary20
2010-09-19 14:32 . 2009-08-10 19:14 58200 ----a-w- c:\documents and settings\ivangu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-18 10:36 . 2010-05-06 09:02 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-18 09:13 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP3f5a.tmp
2010-09-18 09:08 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4ae3.tmp
2010-09-18 08:17 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4229.tmp
2010-09-18 08:14 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP42a6.tmp
2010-09-17 19:31 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4ca9.tmp
2010-09-17 19:20 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4b9f.tmp
2010-09-17 17:55 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4b70.tmp
2010-09-17 15:52 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4b80.tmp
2010-09-17 15:25 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4c1c.tmp
2010-09-17 14:20 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4c0c.tmp
2010-09-16 15:04 . 2009-11-02 22:57 98304 ----a-w- c:\windows\DUMP4a95.tmp
2010-09-15 18:17 . 2009-02-20 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-15 14:52 . 2010-09-15 14:54 183860 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-09-13 20:11 . 2010-09-13 20:11 1142272 --sha-w- c:\windows\system32\83.tmp
2010-09-12 07:38 . 2010-09-12 07:36 1142272 --sha-w- c:\windows\system32\189.tmp
2010-09-12 07:36 . 2010-09-12 07:33 1142272 --sha-w- c:\windows\system32\182.tmp
2010-09-12 07:19 . 2010-09-12 07:17 1142272 --sha-w- c:\windows\system32\179.tmp
2010-09-06 14:21 . 2008-10-03 11:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-09-04 17:29 . 2010-08-18 14:03 -------- d-----w- c:\program files\Hide My IP 2009
2010-09-04 14:09 . 2009-12-21 16:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-03 19:35 . 2008-06-05 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-08-31 21:40 . 2009-11-02 19:37 -------- d-----w- c:\documents and settings\ivangu\Application Data\Uniblue
2010-08-31 19:49 . 2008-06-05 21:38 -------- d-----w- c:\program files\Java
2010-08-30 19:08 . 2010-08-17 09:33 -------- d-----w- c:\documents and settings\ivangu\Application Data\Azureus
2010-08-29 22:52 . 2010-08-12 19:34 -------- d-----w- c:\program files\uTorrent
2010-08-29 22:43 . 2009-12-08 11:46 -------- d-----w- c:\documents and settings\ivangu\Application Data\FileZilla
2010-08-19 22:23 . 2010-08-19 22:23 -------- d-----w- c:\documents and settings\ivangu\Application Data\DriverXP For DELL
2010-08-19 15:25 . 2008-06-05 21:38 -------- d-----w- c:\program files\Common Files\Java
2010-08-19 11:37 . 2010-08-19 11:37 318976 ----a-w- c:\windows\system32\dsauth32.dll
2010-08-18 08:38 . 2010-08-18 08:38 318976 ----a-w- c:\windows\system32\FM2032.dll
2010-08-17 13:17 . 2004-08-11 16:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-17 09:41 . 2010-08-17 09:33 -------- d-----w- c:\program files\Vuze
2010-08-17 09:39 . 2010-08-17 09:39 310208 ----a-w- c:\documents and settings\ivangu\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-17 09:33 . 2010-08-17 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-08-16 13:39 . 2010-08-16 13:37 -------- d-----w- c:\program files\Join Air
2010-08-15 10:15 . 2010-08-15 10:15 1160704 --sha-w- c:\windows\system32\CA.tmp
2010-08-15 09:59 . 2010-08-15 09:59 213504 ----a-w- c:\windows\system32\HTMUTIL32.dll
2010-08-14 07:51 . 2010-08-14 07:51 1160704 --sha-w- c:\windows\system32\66.tmp
2010-08-13 00:14 . 2008-06-05 21:48 -------- d-----w- c:\program files\Microsoft Works
2010-08-12 21:19 . 2010-08-12 21:19 -------- d-----w- c:\program files\ElcomSoft
2010-08-12 12:45 . 2010-08-11 11:38 -------- d-----w- c:\documents and settings\ivangu\Application Data\LimeWire
2010-08-11 19:02 . 2010-08-11 19:02 0 ---ha-w- c:\documents and settings\ivangu\acbmhojlbh.tmp
2010-08-11 12:06 . 2010-08-11 12:06 325632 ----a-w- c:\windows\system32\CtCamMgr32.dll
2010-08-11 12:05 . 2010-08-11 12:05 1154048 --sha-w- c:\windows\system32\1EF.tmp
2010-08-11 12:05 . 2010-08-11 12:05 209408 ----a-w- c:\windows\system32\dispex32.dll
2010-08-11 11:37 . 2010-08-11 11:37 -------- d-----w- c:\program files\360Share Pro
2010-08-10 09:01 . 2010-08-10 09:01 -------- d-----w- c:\program files\Windows Script Encoder
2010-08-09 15:36 . 2009-08-10 18:54 -------- d--h--r- c:\documents and settings\ivangu\Application Data\yahoo!
2010-08-09 15:31 . 2010-08-09 15:31 27591840 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe
2010-08-03 08:02 . 2010-08-03 08:02 503808 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ae6d65d-n\msvcp71.dll
2010-08-03 08:02 . 2010-08-03 08:02 499712 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ae6d65d-n\jmc.dll
2010-08-03 08:02 . 2010-08-03 08:02 348160 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4ae6d65d-n\msvcr71.dll
2010-08-03 08:02 . 2010-08-03 08:02 12800 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-70402822-n\decora-d3d.dll
2010-08-03 08:02 . 2010-08-03 08:02 61440 ----a-w- c:\documents and settings\ivangu\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-70402822-n\decora-sse.dll
2010-07-31 16:29 . 2010-02-15 11:01 -------- d-----w- c:\program files\Common Files\SourceTec
2010-07-31 16:28 . 2010-07-31 16:28 -------- d-----w- c:\program files\SourceTec
2010-07-27 20:41 . 2010-07-04 20:52 5767 ----a-w- c:\windows\system32\WinNt_.dll
2010-07-22 15:49 . 2004-08-11 16:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-24 06:33 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-17 02:00 . 2010-04-20 18:07 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-15 07:21 . 2010-07-15 07:21 2944904 ----a-w- c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-09 22:38 . 2008-06-05 21:23 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-09 22:38 . 2008-06-05 21:19 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38 . 2008-06-05 21:19 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38 . 2008-06-05 21:19 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2008-06-05 21:19 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2008-06-05 21:19 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2004-08-11 16:08 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 22:38 . 2004-08-11 16:08 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-07 11:03 . 2008-06-05 21:23 604776 ----a-w- c:\windows\system32\nvuninst.exe
2010-06-30 12:31 . 2004-08-11 16:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-27 09:26 . 2010-06-27 09:25 2605008 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-06-24 12:22 . 2004-08-11 16:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-11 16:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2009-09-24 20:58 . 2009-09-24 20:52 8801704 ----a-w- c:\program files\FLV PlayerATBSetup.exe
2008-06-05 21:44 . 2008-06-05 21:44 74 --sh--r- c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-08-31 21:30 2447360 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{961E69CD-C9D7-A9C0-F79E-E68A963BE159}]
2010-08-11 12:05 209408 ----a-w- c:\windows\system32\dispex32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]
2010-09-06 20:59 2735200 ----a-w- c:\program files\P2P_Torrent\tbP2P1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 12:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{bc4be15d-6a34-4356-9e97-79e43da32b1d}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
"{BC4BE15D-6A34-4356-9E97-79E43DA32B1D}"= "c:\program files\P2P_Torrent\tbP2P1.dll" [2010-09-06 2735200]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{bc4be15d-6a34-4356-9e97-79e43da32b1d}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-11-14 09:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-11-14 09:22 3186440 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"Search Advisor"="c:\program files\Search Advisor\adgui.exe" [2010-09-02 2332505]
"Cobra64 Messages Server"="c:\program files\Cobra64\Cobra64MsgServer.exe" [2010-07-02 841728]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-10 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-02-21 159744]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-11-26 2289664]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-10 122368]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"UIExec"="c:\program files\Join Air\UIExec.exe" [2009-10-10 132096]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-19 202256]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2008-01-07 36864]
"LockStatusTray"="c:\windows\LockStatusTray.exe" [2008-02-19 192512]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-11-14 49416]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-06 16855552]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"NVHotkey"="nvHotkey.dll" [2010-07-09 178792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2010-9-20 50688]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Firewall Client Management.lnk - c:\program files\Microsoft Firewall Client 2004\FwcMgmt.exe [2006-12-9 117568]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-5-11 525640]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 11:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985]
2010-08-15 09:59 213504 ----a-w- c:\windows\system32\HTMUTIL32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-11-14 09:07 96008 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\HTMUTIL32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1380632483-483917175-3770656036-1141\Scripts\Logon\0\0]
"Script"=LogOnScriptMappingONGroups.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1380632483-483917175-3770656036-1141\Scripts\Logon\0\1]
"Script"=ITInventar.vbs

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1380632483-483917175-3770656036-1831\Scripts\Logon\0\0]
"Script"=LogOnScriptMappingONGroups.vbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\[You must be registered and logged in to see this link.]
"c:\\Program Files\\360Share Pro\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"e:\\Kituri\\Java\\Eclipse 3.6\\eclipse\\eclipse.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05.01.2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05.01.2010 07:56 74480]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]
R2 Cobra64KernelService;Cobra64 Kernel Service;c:\program files\Cobra64\Cobra64_Kernel.exe [19.09.2010 18:25 747520]
R2 Cobra64UpdaterService;Cobra64 updater Service;c:\program files\Cobra64\Cobra64_Updater.exe [19.09.2010 18:25 805376]
R2 FwcAgent;Firewall Client Agent;c:\program files\Microsoft Firewall Client 2004\FwcAgent.exe [09.12.2006 20:04 128832]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [24.10.2009 04:18 360224]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [16.08.2010 16:37 246272]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03.11.2006 19:19 13592]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [06.06.2008 00:19 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [06.06.2008 00:19 43608]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [06.06.2008 00:19 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [06.06.2008 00:19 235840]
S2 gupdate1ca6d4fe7bc28b4;Google Update Service (gupdate1ca6d4fe7bc28b4);c:\program files\Google\Update\GoogleUpdate.exe [25.11.2009 00:48 133104]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [18.09.2010 19:56 23456]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [16.08.2010 16:38 9216]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.01.2010 15:49 227232]
S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [06.06.2008 00:19 141376]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05.01.2010 07:56 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 01:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 21:48]

2010-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-24 21:48]

2010-09-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]

2010-09-19 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 20:00]

2010-09-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 20:00]

2010-09-20 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 12:23]

2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{0AB3872B-F0E4-4F81-AEB8-A1A8017D12BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]

2010-09-20 c:\windows\Tasks\User_Feed_Synchronization-{D11BB762-721A-41BE-AB81-F447E31E0AFF}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = socks=
uInternet Settings,ProxyOverride =
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: {7D2FB79E-E58C-4DB5-A36F-AC1C73967F4D} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}\components\nsCatcher.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\program files\SpeedBit Video Downloader\SPFireFox\components\Engine.dll
FF - plugin: c:\documents and settings\ivangu\Application Data\Mozilla\Firefox\Profiles\jwhfgkzt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ivangu\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin9.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{0128F895-15BA-4C34-916E-0549D4E511E0} - (no file)
HKLM-Explorer_Run-RTHDBPL - c:\documents and settings\ivangu\Application Data\SystemProc\lsass.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
RTHDBPL = c:\documents and settings\ivangu\Application Data\SystemProc\lsass.exe??????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1376)
c:\windows\system32\vrlogon.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\HTMUTIL32.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\bio.dll
c:\program files\Protector Suite QL\qlbase.dll
c:\program files\Protector Suite QL\otp.dll
c:\program files\Protector Suite QL\psqltray.dll

- - - - - - - > 'lsass.exe'(1432)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infql2.dll

- - - - - - - > 'explorer.exe'(4816)
c:\windows\system32\WININET.dll
c:\documents and settings\ivangu\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\Protector Suite QL\farchns.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Protector Suite QL\infql2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\HTMUTIL32.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\program files\Common Files\Roxio Shared\9.0\DLLShared\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\DRIVERS\o2flash.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\windows\system32\wscntfy.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Protector Suite QL\psqltray.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
.
**************************************************************************
.
Completion time: 2010-09-20 12:02:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-20 09:02
ComboFix2.txt 2010-09-19 22:51

Pre-Run: 12.309.999.616 bytes free
Post-Run: 12.305.719.296 bytes free

- - End Of File - - 1033AD3B84F9121BA412942A79C66237

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Mon Sep 20, 2010 9:13 pm

Each time I start computer Windows Explorer is stopped by Data Execution Prevention - Microsoft windows.
I do not have task bar and icons on desktop. Just the wallpaper. Sometimes it is started by Windows. Some other times I need to start it through Task Manager.
I hope this help in solving the problem...
Thanks in advance for your help !

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by Belahzur on Mon Sep 20, 2010 11:41 pm

Hello.
This just doesn't want to die, okay, time for the big guns.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
c:\windows\system32\HTMUTIL32.dll

Registry keys to delete:
HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985

Registry values to delete:
HKLM\software\microsoft\windows nt\currentversion\windows | AppInit_DLLs

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Tue Sep 21, 2010 9:01 am

Thanks for your effort in helping me but I do not know if the log is relevant in the next circumstances:
I did not know that the 'recipe' of closing all AV must be applied… So, McAfee antivirus killed 'Cleanup.exe' on drive C. After reboot I have received the message that Windows did not find the file C:\Cleanup.exe.
I stopped all antivirus programs and I run Avenger again. After reboot I have received the same message saying that Cleanup.exe could not be found. I have deleted the folder Avenger from C, I have deleted Avenger.exe and recreate it from the archive file and I have run it again... Only now I had the black window and I looked for the log file. I have manually checked the registry values mentioned in the log file and they do not exist indeed but I do not know if they have been deleted at first attempt... This is the log:

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\windows\system32\HTMUTIL32.dll" not found!
Deletion of file "c:\windows\system32\HTMUTIL32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985" not found!
Deletion of registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\software\microsoft\windows nt\currentversion\windows|AppInit_DLLs"
Deletion of registry value "HKLM\software\microsoft\windows nt\currentversion\windows|AppInit_DLLs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.



Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

Hidden driver "rnrg" found!
Could not open driver rnrg for rootkit scan. Error:c0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Rootkit scan completed.


Error: file "c:\windows\system32\HTMUTIL32.dll" not found!
Deletion of file "c:\windows\system32\HTMUTIL32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985" not found!
Deletion of registry key "HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\af7ed6985" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\software\microsoft\windows nt\currentversion\windows|AppInit_DLLs"
Deletion of registry value "HKLM\software\microsoft\windows nt\currentversion\windows|AppInit_DLLs" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by Belahzur on Tue Sep 21, 2010 9:13 pm

Weird.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Wed Sep 22, 2010 7:41 am

Thanks again!
Here's the log:


Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4669

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

22.09.2010 10:30:01
mbam-log-2010-09-22 (10-30-01).txt

Scan type: Quick scan
Objects scanned: 184377
Time elapsed: 6 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{961e69cd-c9d7-a9c0-f79e-e68a963be159} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{961e69cd-c9d7-a9c0-f79e-e68a963be159} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{02624599-eb19-4a45-b4a1-ee5321af0730} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02624599-eb19-4a45-b4a1-ee5321af0730} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{961e69cd-c9d7-a9c0-f79e-e68a963be159} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{961e69cd-c9d7-a9c0-f79e-e68a963be159} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{bc4be15d-6a34-4356-9e97-79e43da32b1d} (Adware.Shopper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\ivangu\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\dispex32.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Program Files\P2P_Torrent\tbP2P1.dll (Adware.Shopper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CA.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\capesnpn32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpnwsock32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\perfd009S.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cdfview32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsauth32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dsuiext32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fde32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fltlib32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FM2032.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CtCamMgr32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\10.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comrepl32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comres32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dxva232.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bitsprx432.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\1EF.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\66.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dplayx32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drmstor32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sl824097812 (Trojan.Tracur) -> Quarantined and deleted successfully.

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Wed Sep 22, 2010 9:18 am

After Malwarebytes' running McAfee found 6 ittemns A0029169 - 174.exe (named Generic.dx!twx) and SUPERAntiSpyware found 20 ittems - A0035259.dll - A0035278.dll (named Trojan.Agent/Gen-Nullo[Short])
in "C:\SYSTEM VOLUME INFORMATION\_RESTORE{46DE8921-1D39-44D2-A9E9-64119261F211}\RP45"
It looks I am not fully desinfected...

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by Belahzur on Wed Sep 22, 2010 11:43 pm

Hello.
Don't worry about that. Do you have Extras.txt that OTL should have made?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Thu Sep 23, 2010 8:31 am

I am afraid that I do not... I found the folder where I saved OTL and where Extras.txt and OTL.txt should be created empty. I have downloaded it again I have run it and 'of course' after opening the log files I have pressed "Run Fix" and "CleanUp" buttons. It looks that during the boot sequence it fully 'cleans' the content of its folder...
I do not now if it is relevant enough but I have run it again and hire is the Extras.txt :

OTL Extras logfile created on: 23.09.2010 11:15:46 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = E:\Kituri\OTL Antispyware
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000418 | Country: Romania | Language: ROM | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 40,00 Gb Total Space | 10,88 Gb Free Space | 27,21% Space Free | Partition Type: NTFS
Drive D: | 605,82 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 254,68 Gb Total Space | 217,50 Gb Free Space | 85,40% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NASA-X
Current User Name: ivangu
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Command] -- command.com /k cd "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiSpywareOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE" = C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE:*:Enabled:Microsoft (R) Visual Studio VSA RPC Event Creator -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\[You must be registered and logged in to see this link.] = C:\WINDOWS\system32\[You must be registered and logged in to see this link.] Transfer Program -- (Microsoft Corporation)
"C:\Program Files\360Share Pro\jre\bin\javaw.exe" = C:\Program Files\360Share Pro\jre\bin\javaw.exe:*:Enabled:Java(TM) Platform SE Binary -- (Sun Microsystems, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"E:\Kituri\Java\Eclipse 3.6\eclipse\eclipse.exe" = E:\Kituri\Java\Eclipse 3.6\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{144A1586-E16C-448D-910D-E12ACD65DD98}" = Keyboard Lock Status
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}" = Microsoft Firewall Client
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{2305C4D1-783C-4031-A1DE-912C43C44010}" = Vbsedit
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{2CD82D77-8D1E-44FC-9A90-BBA95AC8D6B7}" = Protector Suite QL 5.8
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{723166B3-1B80-4F9F-8D59-312A89633E0A}_is1" = Search Advisor
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{781F3066-5B5F-4970-A75C-D7EBEB534ED5}_is1" = AxScripter V1.1.5
"{7FC84AD6-D939-41A0-A3DF-FB9B511FF275}_is1" = Sothink SWF Catcher for Internet Explorer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Join Air
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B2974D26-9080-4FA4-B344-DA2D314F41DC}" = Vodafone Mobile Connect Lite Runtime Components
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B789FA51-6A71-408F-92DE-EDE4A517B8F6}_is1" = RAR Password Unlocker 3.2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C7DE53DF-A820-431B-9A24-F558C374C500}" = Photo to Cartoon
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7252334-1115-4A4B-B9CE-6FE52AD18F75}" = Everest Dictionary
"{E2867240-F889-4D76-9AAF-252D9A1A623E}" = O2Micro Flash Memory Card Reader Driver (x86)
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"360Share Pro" = 360Share Pro(remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Office Password Recovery" = Advanced Office Password Recovery (remove only)
"Advanced Video FX Engine" = Advanced Video FX Engine
"API-Guide" = API-Guide (remove only)
"Applian FLV Player2.0.24" = Applian FLV Player
"Ask & Record Toolbar4.01" = Ask & Record Toolbar 4.01
"AutocompletePro2_is1" = AutocompletePro
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"DebugBar" = DebugBar v5.3 for Internet Explorer (remove only)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"DriverAgent.exe" = DriverAgent by eSupport.com
"FileZilla Client" = FileZilla Client 3.3.1
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Index.dat Analyzer_is1" = Index.dat Analyzer v2.5
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Migo" = Migo (remove only)
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library - October 2001" = MSDN Library - October 2001
"MsJavaVM" = Microsoft VM for Java
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"P2P_Torrent Toolbar" = P2P_Torrent Toolbar
"PlayFLV" = PlayFLV
"RealPlayer 12.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.2
"RegCure" = RegCure
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"ST5UNST #1" = DemoProfessionalDictionary20
"SystemRequirementsLab" = System Requirements Lab
"Teach Me HTML" = Teach Me HTML
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"VLC media player" = VLC media player 1.1.3
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZIP Password Recovery Magic_is1" = ZIP Password Recovery Magic v6.1.1.169

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"f031ef6ac137efc5" = Dell Driver Download Manager - 1
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.09.2010 02:18:02 | Computer Name = NASA-X | Source = Google Update | ID = 1
Description =

Error - 14.09.2010 03:18:02 | Computer Name = NASA-X | Source = Google Update | ID = 1
Description =

Error - 14.09.2010 04:18:02 | Computer Name = NASA-X | Source = Google Update | ID = 1
Description =

Error - 14.09.2010 04:34:44 | Computer Name = NASA-X | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.6103.0, P3 unspecified, P4
1.89.1411.0, P5 trojan_win32_agentoff.gen!a, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10
NIL.

Error - 14.09.2010 04:34:47 | Computer Name = NASA-X | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.6103.0, P3 unspecified, P4
1.89.1411.0, P5 trojan_win32_agentoff.gen!a, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10
NIL.

Error - 14.09.2010 04:34:51 | Computer Name = NASA-X | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.6103.0, P3 unspecified, P4
1.89.1411.0, P5 trojan_win32_agentoff.gen!a, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10
NIL.

Error - 14.09.2010 04:37:29 | Computer Name = NASA-X | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 04:42:49 | Computer Name = NASA-X | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 06:20:24 | Computer Name = NASA-X | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x00008434.

Error - 14.09.2010 15:13:50 | Computer Name = NASA-X | Source = Google Update | ID = 20
Description =

[ Application Events ]
Error - 14.09.2010 02:18:02 | Computer Name = NASA-X | Source = Google Update | ID = 1
Description =

Error - 14.09.2010 03:18:02 | Computer Name = NASA-X | Source = Google Update | ID = 1
Description =

Error - 14.09.2010 04:18:02 | Computer Name = NASA-X | Source = Google Update | ID = 1
Description =

Error - 14.09.2010 04:34:44 | Computer Name = NASA-X | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.6103.0, P3 unspecified, P4
1.89.1411.0, P5 trojan_win32_agentoff.gen!a, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10
NIL.

Error - 14.09.2010 04:34:47 | Computer Name = NASA-X | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.6103.0, P3 unspecified, P4
1.89.1411.0, P5 trojan_win32_agentoff.gen!a, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10
NIL.

Error - 14.09.2010 04:34:51 | Computer Name = NASA-X | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 windefend, P2 1.1.6103.0, P3 unspecified, P4
1.89.1411.0, P5 trojan_win32_agentoff.gen!a, P6 NIL, P7 NIL, P8 NIL, P9 NIL, P10
NIL.

Error - 14.09.2010 04:37:29 | Computer Name = NASA-X | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 04:42:49 | Computer Name = NASA-X | Source = Google Update | ID = 20
Description =

Error - 14.09.2010 06:20:24 | Computer Name = NASA-X | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x00008434.

Error - 14.09.2010 15:13:50 | Computer Name = NASA-X | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 22.09.2010 09:38:20 | Computer Name = NASA-X | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 001FE1469B26 has been denied by the DHCP server 192.168.10.1 (The DHCP Server
sent a DHCPNACK message).

Error - 22.09.2010 13:29:54 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 22.09.2010 13:29:54 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 22.09.2010 13:30:31 | Computer Name = NASA-X | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: The embedded controller (EC) hardware didn't respond
within the timeout period. This may indicate an error in the EC hardware or firmware,
or possibly a poorly designed BIOS which accesses the EC in an unsafe manner.
The EC driver will retry the failed transaction if possible.

Error - 22.09.2010 14:33:04 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 22.09.2010 14:33:04 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 23.09.2010 03:39:18 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 23.09.2010 03:39:18 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058

Error - 23.09.2010 04:08:15 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 23.09.2010 04:08:15 | Computer Name = NASA-X | Source = Service Control Manager | ID = 7001
Description = The Universal Plug and Play Device Host service depends on the SSDP
Discovery Service service which failed to start because of the following error:
%%1058


< End of report >

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by Belahzur on Thu Sep 23, 2010 10:50 am

Hello.

I see that you are running µTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    µTorrent
    Adobe Reader 8.1.4
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Java(TM) 6 Update 20
    P2P_Torrent Toolbar
    RegCure
    Vuze

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Thu Sep 23, 2010 10:06 pm

Hello!
I have removed the programs you have recommended. I suppose P2P applications do not harm computer by themselves. This happens when I open downloaded programs. Am I wrong?
I have run online scan. Here is the log:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=1ab100b4394c0b4fb515d09765ecbaad
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-09-23 09:51:48
# local_time=2010-09-24 12:51:48 (+0200, E. Europe Daylight Time)
# country="Romania"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 19143 19143 0 0
# scanned=110127
# found=30
# cleaned=30
# scan_time=11131
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP50\A0041026.dll a variant of Win32/Kryptik.GVL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP50\A0041027.dll a variant of Win32/Kryptik.GVL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP50\A0041028.dll a variant of Win32/Kryptik.GVL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP50\A0041029.dll a variant of Win32/Kryptik.GVL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP50\A0041030.dll a variant of Win32/Kryptik.GVL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP50\A0041031.dll Win32/Pinit virus (cleaned - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Downloads\Hide IP Extreme Package 4.1 PreCrack Software\Hide IP Extreme Package 4.1.zip a variant of Win32/TrojanDropper.Small.NKU trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Downloads\Mail Password Recovery v1.3[H33T][NexTG]\Mail Password Recovery v1.3.rar a variant of MSIL/Injector.I trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Downloads\Super Hide IP 2.0.7.2 (32 and 64-bit) Software\Super.Hide.IP.2.0.7.2.zip Win32/TrojanDropper.Agent.OQP trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Downloads\ZD.Soft.Screen.Recorder.v4.1.3.0.Incl.Keygen\ZD.Soft.Screen.Recorder.v4.1.3.0.Incl.Keygen.rar probably a variant of Win32/Agent.MUYWDOG trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Java\Java Runtine Environment\Java Runtime Environment 1.6.0.20 (32-bit)_.exe a variant of Win32/TrojanDropper.Agent.OTR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Kituri\K\x\free_kgb_setup-422.exe probably a variant of Win32/Agent.GAXDJEU trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\KGB KeyLogger\KGB Key Logger 4.5.4 + Serial\kgb_setup-454.exe probably a variant of Win32/Agent.EUDBPIN trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\KGB KeyLogger\KGB Key Logger 4.5.4.831\kgb_setup-454.exe probably a variant of Win32/Agent.EUDBPIN trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole\De la Dan\Advanced Office Xp Password Recovery V2.40 Pro.ace probably a variant of Win32/Agent.EMRDXXZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\any-windows-password-recovery-3.0.exe a variant of Win32/Agent.QRF trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\Password Cracker - Tools.zip probably a variant of Win32/Agent.LQVIDGI trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\Wireless WEP Key Password Spy [maddog_speed].rar probably a variant of Win32/Agent.BERJBFB trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\Hide your IP\Altceva\Hide My IP 2009 + Serial.zip probably a variant of Win32/TrojanDropper.VB.DQZABHB trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\Hide your IP\Altceva\Hide My IP 2009 Patch.exe probably a variant of Win32/TrojanDropper.VB.DQZABHB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\Hide your IP\Hide Your IP Address v1.0\Hide.Your.IP.Address.v1.1 Inc Patch.zip probably a variant of Win32/TrojanDownloader.VB.OIY trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\Wireless Network Hacking 2010 (WEP WPA and WPA2)\Wireless Network Hacking 2010 (WEP WPA and WPA2).rar multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Parole, crack\[ZIP UNLOKER SOFTWARE] Rar Password Unlocker v3.2 + CRACK [h22t] [mahasonaz]\Your Software Here\setup.exe a variant of Win32/Injector.AWK trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Kituri\Repara AutoPlay\Repara XP\RegistryWinner_Setup.exe a variant of Win32/Adware.RegistryVictor application (deleted - quarantined) 00000000000000000000000000000000 C
E:\Torent Files\hide ip dadress [crack][fixed].zip a variant of Win32/Kryptik.GVL trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Torent Files\patch.exe a variant of Win32/Kryptik.FCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\Torent Files\vbscript complier [bnev][torrentdownloads.com].zip a variant of Win32/Kryptik.FCE trojan (deleted - quarantined) 00000000000000000000000000000000 C
E:\Torent Files\track001\play_mp3_setup.exe a variant of Win32/Kryptik.FCE trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\VB\Key logger\KL_D.exe probably a variant of Win32/VB.OSV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
E:\VBScript\Cautat in foldere si subfoldere\Teste\Alt virus de depanat.txt VBS/AutoRun.BK worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by Belahzur on Fri Sep 24, 2010 9:19 pm

Hello.

Yes, programs downloaded by P2P can be dangerous, not the P2P program itself.

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Instabil laptop after virus infection

Post by ivangu on Fri Sep 24, 2010 9:32 pm

Here is the log:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\ivangu\favorites\crack\hack password « wonder how to.url
c:\documents and settings\ivangu\favorites\crack\how to break into email accounts - the ethical hacking.url
c:\documents and settings\ivangu\favorites\crack\ophcrack get ophcrack at sourceforge.net.url
c:\documents and settings\ivangu\my documents\downloads\ashampoo winoptimizer 7.11 software + keygen + patch\ashampoo winoptimizer 7.11 software + keygen + patch.rar
c:\documents and settings\ivangu\my documents\downloads\ashampoo winoptimizer 7.11 software + keygen + patch\more\torrent downloaded from ahashare.com.txt
c:\documents and settings\ivangu\my documents\downloads\ashampoo winoptimizer 7.11 software + keygen + patch\more\torrent downloaded from demonoid.com.txt
c:\documents and settings\ivangu\my documents\downloads\ashampoo winoptimizer 7.11 software + keygen + patch\more\tracked_by_h33t_com.txt
c:\documents and settings\ivangu\my documents\downloads\av voice changer v 6.0.10 dr afndeenaa\keygen.exe
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\setupengpro.exe
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\skins\avast!_brushed.aswcs
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\skins\avist_by_szcraftec.aswcs
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\skins\flatnsimple_by_szcraftec.aswcs
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\skins\g5_by_szcraftec.aswcs
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\skins\iconic.aswcs
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\skins\macloveros x.aswcs
c:\documents and settings\ivangu\my documents\downloads\avast antivirus pro edition v4.8.1 + keygen works good\skins\wide_screen.aswcs
c:\documents and settings\ivangu\my documents\downloads\cartoon drawing software - toonboom pencil check pro 7.4.0.5217 retail + crack [h33t] [mahasonaz]\link to download more free softwares and apps.url
c:\documents and settings\ivangu\my documents\downloads\cartoon drawing software - toonboom pencil check pro 7.4.0.5217 retail + crack [h33t] [mahasonaz]\read me.txt
c:\documents and settings\ivangu\my documents\downloads\cartoon drawing software - toonboom pencil check pro 7.4.0.5217 retail + crack [h33t] [mahasonaz]\your software here\setup.msi
c:\documents and settings\ivangu\my documents\downloads\cartoon drawing software - toonboom pencil check pro 7.4.0.5217 retail + crack [h33t] [mahasonaz]\your software here\crack\pencilcheckpro.exe
c:\documents and settings\ivangu\my documents\downloads\cartoon drawing software - toonboom pencil check pro 7.4.0.5217 retail + crack [h33t] [mahasonaz]\your software here\crack\toonboomlicensing.dll
c:\documents and settings\ivangu\my documents\downloads\dictionary software - oxford advanced learner's dictionary, 8th edition (new edition) + crack [h33t] [mahasonaz]\link to download more free softwares and apps.url
c:\documents and settings\ivangu\my documents\downloads\dictionary software - oxford advanced learner's dictionary, 8th edition (new edition) + crack [h33t] [mahasonaz]\read me.txt
c:\documents and settings\ivangu\my documents\downloads\dictionary software - oxford advanced learner's dictionary, 8th edition (new edition) + crack [h33t] [mahasonaz]\your software here\oald8.iso
c:\documents and settings\ivangu\my documents\downloads\dictionary software - oxford advanced learner's dictionary, 8th edition (new edition) + crack [h33t] [mahasonaz]\your software here\crack\oald8.exe
c:\documents and settings\ivangu\my documents\downloads\hide ip extreme package 4.1 precrack software\more download stuff.txt
c:\documents and settings\ivangu\my documents\downloads\how to make homemade batteries\others\make money\latest secret crack-make easy money online now -ebay's most popular.torrent
c:\documents and settings\ivangu\my documents\downloads\kingconvert video convertor ultimate v5 software + crack\kingconvert video convertor ultimate v5 software + crack.rar
c:\documents and settings\ivangu\my documents\downloads\kingconvert video convertor ultimate v5 software + crack\useful stuff\more download stuff.txt
c:\documents and settings\ivangu\my documents\downloads\kingconvert video convertor ultimate v5 software + crack\useful stuff\torrent downloaded from ahashare.com.txt
c:\documents and settings\ivangu\my documents\downloads\kingconvert video convertor ultimate v5 software + crack\useful stuff\torrent downloaded from demonoid.com.txt
c:\documents and settings\ivangu\my documents\downloads\kingconvert video convertor ultimate v5 software + crack\useful stuff\tracked_by_h33t_com.txt
c:\documents and settings\ivangu\my documents\downloads\remote desktop manager 5.8.1.0 software + crack\remote desktop manager 5.8.1.0 software + crack.rar
c:\documents and settings\ivangu\my documents\downloads\remote desktop manager 5.8.1.0 software + crack\more\torrent downloaded from ahashare.com.txt
c:\documents and settings\ivangu\my documents\downloads\remote desktop manager 5.8.1.0 software + crack\more\torrent downloaded from demonoid.com.txt
c:\documents and settings\ivangu\my documents\downloads\remote desktop manager 5.8.1.0 software + crack\more\tracked_by_h33t_com.txt
c:\documents and settings\ivangu\my documents\downloads\zd.soft.screen.recorder.v4.1.3.0.incl.keygen\info.txt
scanner sequence 3.ZZ.11
----- EOF -----

ivangu
Novice
Novice

Posts Posts : 12
Joined Joined : 2010-09-19
OS OS : Windows XP
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum