think point aftermath

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

think point aftermath

Post by badseed84 on Sat 23 Oct 2010, 5:37 pm

ok i thought i might help myself only by doing a bit of research on the net but no it wont be possible i need the pro help. Ok i had the think point junk yesterday managed to get rid of it using rkill then superantispyware then malwarebytes. The scans i do now show everything is ok but i have a problem with the internet. When i start windows my internet is workin like 10 minutes then it stops. I switch my router on and off and the internet is working for another 15 minutes and then i have to restart my router again i tried winsock fix but it didnt help i did all the updates and here is my log below.


OTL logfile created on: 10/23/2010 4:53:27 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDA | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 13.47 Gb Free Space | 3.61% Space Free | Partition Type: NTFS
Drive D: | 281.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIELHERDZIK | User Name: daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 16:28:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads\OTL.com
PRC - [2010/10/08 16:44:03 | 007,458,816 | ---- | M] () -- C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
PRC - [2010/10/08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/09/29 01:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/03 16:01:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/11/24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/10/30 22:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDA\explorer.exe
PRC - [2006/06/27 05:34:58 | 000,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2006/06/27 05:34:40 | 000,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/06/27 05:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/27 05:33:32 | 000,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/27 04:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2002/08/21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDA\system32\WISPTIS.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/23 16:28:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads\OTL.com
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDA\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDA\system32\msscript.ocx
MOD - [2006/06/27 05:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/06/27 05:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/27 05:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDA\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/05/11 05:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 18:28:09 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/23 18:28:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/18 05:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 21:00:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDA\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 19:23:37 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDA\gdrv.sys -- (gdrv)
DRV - [2009/10/12 22:15:30 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/09/30 15:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/02/19 22:13:42 | 000,084,320 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/10/29 15:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/28 18:45:38 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 19:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/23 09:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/23 09:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LV302AV.SYS -- (PID_08A0) Logitech QuickCam IM(PID_08A0)
DRV - [2006/06/23 09:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/02/07 22:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\JGOGO.sys -- (JGOGO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDA\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.17.123.186:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8C025A67-C8E7-4771-8812-1B3483BAB445}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Firefox\extensions\\{8C025A67-C8E7-4771-8812-1B3483BAB445}: C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445} [2010/10/22 22:12:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 20:37:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 16:15:43 | 000,000,000 | ---D | M]

[2010/03/22 11:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Extensions
[2010/10/23 16:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions
[2010/10/23 15:47:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/23 16:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 20:38:20 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/23 16:15:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/23 16:15:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/23 15:32:51 | 000,000,736 | ---- | M]) - C:\WINDA\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDA\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDA\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDA\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [kamsoft] C:\WINDA\System32\kamsoft.exe File not found
O4 - HKCU..\Run: [MHqW] C:\WINDA\drweb.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDA\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDA\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDA\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/11 18:49:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/30 14:07:12 | 000,000,038 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3d5119e5-3d8d-11df-b751-001a4d454fef}\Shell\AutoRun\command - "" = F:\.\garbage\pizdec.exe -- File not found
O33 - MountPoints2\{3d5119e5-3d8d-11df-b751-001a4d454fef}\Shell\explore\command - "" = F:\garbage\\pizdec.exe -- File not found
O33 - MountPoints2\{3d5119e5-3d8d-11df-b751-001a4d454fef}\Shell\open\command - "" = F:\garbage\\pizdec.exe -- File not found
O33 - MountPoints2\{d9258ee6-bfe5-11df-b75e-001a4d454fef}\Shell\AutoRun\command - "" = F:\m9ma.exe -- File not found
O33 - MountPoints2\{d9258ee6-bfe5-11df-b75e-001a4d454fef}\Shell\explore\Command - "" = F:\m9ma.exe -- File not found
O33 - MountPoints2\{d9258ee6-bfe5-11df-b75e-001a4d454fef}\Shell\open\Command - "" = F:\m9ma.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rootrepeal.sys - Reg Error: Value error.
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDA\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDA\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDA\system32\Rundll32.exe c:\WINDA\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDA\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDA\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDA\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDA\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDA\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDA\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDA\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDA\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDA\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDA\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDA\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDA\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDA\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDA\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDA\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDA\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDA\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDA\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDA\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 16:28:51 | 027,634,824 | ---- | C] ( ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\AdbeRdr940_en_US.exe
[2010/10/23 16:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Sun
[2010/10/23 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/23 16:15:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\deployJava1.dll
[2010/10/23 16:15:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaws.exe
[2010/10/23 16:15:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaw.exe
[2010/10/23 16:15:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\java.exe
[2010/10/23 16:15:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javacpl.cpl
[2010/10/23 16:13:06 | 000,000,000 | ---D | C] -- C:\WINDA\System32\appmgmt
[2010/10/23 16:03:22 | 016,308,000 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/23 15:59:25 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-iftw-rv.exe
[2010/10/23 12:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\SUPERAntiSpyware.com
[2010/10/23 12:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\SUPERAntiSpyware.com
[2010/10/23 12:42:06 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\sdasd.exe
[2010/10/23 02:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\pizdeczkumioa
[2010/10/23 01:57:54 | 006,259,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\duparules.exe
[2010/10/23 01:55:26 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\dupa.exe
[2010/10/23 00:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdfkjkl
[2010/10/22 23:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdf
[2010/10/22 23:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Malwarebytes
[2010/10/22 23:18:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDA\System32\drivers\mbamswissarmy.sys
[2010/10/22 23:18:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDA\System32\drivers\mbam.sys
[2010/10/22 23:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Malwarebytes
[2010/10/22 23:10:18 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\guj.exe
[2010/10/22 22:38:24 | 000,000,000 | -HSD | C] -- C:\WINDA\CSC
[2010/10/22 22:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}
[2010/10/22 19:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\PartyPoker_Installer
[2010/10/16 05:45:57 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\mfc42.dll
[2010/10/16 05:45:57 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\mfc40u.dll
[2010/10/16 05:44:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\comctl32.dll
[2010/10/16 05:39:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\helpsvc.exe
[2010/10/16 05:34:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\jscript.dll
[2010/10/13 01:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Codemasters
[2010/10/13 01:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\My Games
[2010/10/13 01:01:42 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\WINDA\System32\mkl_blueripple.dll
[2010/10/13 01:01:42 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\WINDA\System32\rapture3d_oal.dll
[2010/10/13 01:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2010/10/13 01:01:40 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\D3DCompiler_43.dll
[2010/10/13 01:01:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAudio2_7.dll
[2010/10/13 01:01:40 | 000,445,016 | ---- | C] (Creative Labs) -- C:\WINDA\System32\wrap_oal.dll
[2010/10/13 01:01:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xactengine3_7.dll
[2010/10/13 01:01:40 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDA\System32\OpenAL32.dll
[2010/10/13 01:01:40 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAPOFX1_5.dll
[2010/10/13 01:01:39 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\D3DX9_43.dll
[2010/10/13 01:01:39 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dcsx_43.dll
[2010/10/13 01:01:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAudio2_6.dll
[2010/10/13 01:01:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dx10_43.dll
[2010/10/13 01:01:39 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dx11_43.dll
[2010/10/13 01:01:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xactengine3_6.dll
[2010/10/13 01:01:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAPOFX1_4.dll
[2010/10/13 01:01:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\X3DAudio1_7.dll
[2010/10/13 01:01:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dcsx_42.dll
[2010/10/13 01:01:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\D3DCompiler_42.dll
[2010/10/13 01:01:37 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAudio2_5.dll
[2010/10/13 01:01:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xactengine3_5.dll
[2010/10/13 01:01:37 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dx11_42.dll
[2010/10/13 01:00:28 | 000,000,000 | ---D | C] -- C:\WINDA\System32\XPSViewer
[2010/10/13 00:59:15 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\printfilterpipelinesvc.exe
[2010/10/13 00:59:15 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\xpsshhdr.dll
[2010/10/13 00:59:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\prntvpt.dll
[2010/10/13 00:59:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\filterpipelineprintproc.dll
[2010/10/13 00:59:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xpssvcs.dll
[2010/10/13 00:59:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\xpssvcs.dll
[2010/10/13 00:59:14 | 000,000,000 | ---D | C] -- C:\ec6c142c762ddb50a225997fc0
[2010/10/13 00:58:49 | 000,000,000 | R-SD | C] -- C:\WINDA\assembly
[2010/10/13 00:58:37 | 000,000,000 | ---D | C] -- C:\WINDA\Microsoft.NET
[2010/10/13 00:23:50 | 000,000,000 | ---D | C] -- C:\WINDA\Minidump
[2010/10/13 00:21:22 | 000,000,000 | ---D | C] -- C:\WINDA\Prefetch
[2010/10/12 23:57:11 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\msxml6.dll
[2010/10/12 23:57:11 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\dpcdll.dll
[2010/10/12 23:57:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\msxml6r.dll
[2010/10/12 23:57:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\msxml6r.dll
[2010/10/12 23:57:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\irbus.sys
[2010/10/12 23:57:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\smtpapi.dll
[2010/10/12 23:57:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\rwnh.dll
[2010/10/12 23:57:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\comsdupd.exe
[2010/10/12 23:57:04 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDA\System32\ati3d1ag.dll
[2010/10/12 23:57:04 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ati2dvaa.dll
[2010/10/12 23:57:04 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\azroles.dll
[2010/10/12 23:57:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\aaclient.dll
[2010/10/12 23:57:04 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ativtmxx.dll
[2010/10/12 23:57:04 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ativmvxx.ax
[2010/10/12 23:57:04 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ativdaxx.ax
[2010/10/12 23:57:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\bitsprx4.dll
[2010/10/12 23:57:03 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3ui.dll
[2010/10/12 23:57:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3cfg.dll
[2010/10/12 23:57:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3msm.dll
[2010/10/12 23:57:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dhcpqec.dll
[2010/10/12 23:57:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3gpclnt.dll
[2010/10/12 23:57:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dimsroam.dll
[2010/10/12 23:57:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3api.dll
[2010/10/12 23:57:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3dlg.dll
[2010/10/12 23:57:02 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapp3hst.dll
[2010/10/12 23:57:02 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapphost.dll
[2010/10/12 23:57:02 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eappcfg.dll
[2010/10/12 23:57:02 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eappgnui.dll
[2010/10/12 23:57:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapqec.dll
[2010/10/12 23:57:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eappprxy.dll
[2010/10/12 23:57:02 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDA\System32\hsfcisp2.dll
[2010/10/12 23:57:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapolqec.dll
[2010/10/12 23:57:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdbhc.dll
[2010/10/12 23:57:01 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDA\System32\mtxparhd.dll
[2010/10/12 23:57:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mmcex.dll
[2010/10/12 23:57:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\napmontr.dll
[2010/10/12 23:57:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\microsoft.managementconsole.dll
[2010/10/12 23:57:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\napstat.exe
[2010/10/12 23:57:01 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mssha.dll
[2010/10/12 23:57:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mmcfxcommon.dll
[2010/10/12 23:57:01 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDA\System32\mdmxsdk.dll
[2010/10/12 23:57:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\msshavmsg.dll
[2010/10/12 23:57:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\l2gpstore.dll
[2010/10/12 23:57:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mmcperf.exe
[2010/10/12 23:57:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\napipsec.dll
[2010/10/12 23:57:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdpash.dll
[2010/10/12 23:57:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdnepr.dll
[2010/10/12 23:57:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdiultn.dll
[2010/10/12 23:57:00 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDA\System32\nv4_disp.dll
[2010/10/12 23:57:00 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\photometadatahandler.dll
[2010/10/12 23:57:00 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDA\System32\s3gnb.dll
[2010/10/12 23:57:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\rhttpaa.dll
[2010/10/12 23:57:00 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDA\System32\slextspk.dll
[2010/10/12 23:57:00 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDA\System32\slgen.dll
[2010/10/12 23:57:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\qagent.dll
[2010/10/12 23:57:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\onex.dll
[2010/10/12 23:57:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\qutil.dll
[2010/10/12 23:57:00 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDA\System32\slcoinst.dll
[2010/10/12 23:57:00 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDA\System32\slserv.exe
[2010/10/12 23:57:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\qcliprov.dll
[2010/10/12 23:57:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\rasqec.dll
[2010/10/12 23:57:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\tsgqec.dll
[2010/10/12 23:57:00 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDA\System32\slrundll.exe
[2010/10/12 23:57:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\setupn.exe
[2010/10/12 23:57:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\verclsid.exe
[2010/10/12 23:56:59 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\windowscodecs.dll
[2010/10/12 23:56:59 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\windowscodecsext.dll
[2010/10/12 23:56:59 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\wmphoto.dll
[2010/10/12 23:56:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\wlanapi.dll
[2010/10/12 23:56:59 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDA\slrundll.exe
[2010/10/12 23:56:59 | 000,000,000 | ---D | C] -- C:\WINDA\System32\en-us
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\System32\scripting
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\l2schemas
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\System32\en
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\System32\bits
[2010/10/12 23:52:52 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1rvxx.sys
[2010/10/12 23:52:52 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1btxx.sys
[2010/10/12 23:52:52 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDA\System32\drivers\amdagp.sys
[2010/10/12 23:52:52 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1tuxx.sys
[2010/10/12 23:52:52 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1xsxx.sys
[2010/10/12 23:52:52 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1raxx.sys
[2010/10/12 23:52:52 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1xbxx.sys
[2010/10/12 23:52:52 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1snxx.sys
[2010/10/12 23:52:52 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1ttxx.sys
[2010/10/12 23:52:52 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1pdxx.sys
[2010/10/12 23:52:52 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1mdxx.sys
[2010/10/12 23:52:52 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv01nt5.dll
[2010/10/12 23:52:52 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv02nt5.dll
[2010/10/12 23:52:52 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv11nt5.dll
[2010/10/12 23:52:52 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv09nt5.dll
[2010/10/12 23:52:52 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv07nt5.dll
[2010/10/12 23:52:52 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv05nt5.dll
[2010/10/12 23:52:52 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv08nt5.dll
[2010/10/12 23:52:52 | 000,000,000 | ---D | C] -- C:\WINDA\network diagnostic
[2010/10/12 23:52:51 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati2mtaa.sys
[2010/10/12 23:52:51 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinrvxx.sys
[2010/10/12 23:52:51 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atintuxx.sys
[2010/10/12 23:52:51 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinbtxx.sys
[2010/10/12 23:52:51 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinraxx.sys
[2010/10/12 23:52:51 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinsnxx.sys
[2010/10/12 23:52:51 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinpdxx.sys
[2010/10/12 23:52:51 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinttxx.sys
[2010/10/12 23:52:51 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinmdxx.sys
[2010/10/12 23:52:50 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinxsxx.sys
[2010/10/12 23:52:50 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\bthprint.sys
[2010/10/12 23:52:50 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinxbxx.sys
[2010/10/12 23:52:50 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv04nt5.dll
[2010/10/12 23:52:50 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv01nt5.dll
[2010/10/12 23:52:50 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv10nt5.dll
[2010/10/12 23:52:50 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\ch7xxnt5.dll
[2010/10/12 23:52:50 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv06nt5.dll
[2010/10/12 23:52:50 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv02nt5.dll
[2010/10/12 23:52:49 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\mtlmnt5.sys
[2010/10/12 23:52:48 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDA\System32\drivers\nv4_mini.sys
[2010/10/12 23:52:48 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\mtlstrm.sys
[2010/10/12 23:52:48 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDA\System32\drivers\mtxparhm.sys
[2010/10/12 23:52:48 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\ntmtlfax.sys
[2010/10/12 23:52:48 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDA\System32\drivers\s3gnbm.sys
[2010/10/12 23:52:48 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\rndismpx.sys
[2010/10/12 23:52:48 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\recagent.sys
[2010/10/12 23:52:48 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\mutohpen.sys
[2010/10/12 23:52:48 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\siint5.dll
[2010/10/12 23:52:47 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slntamr.sys
[2010/10/12 23:52:47 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slnt7554.sys
[2010/10/12 23:52:47 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slnthal.sys
[2010/10/12 23:52:47 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDA\System32\drivers\sisagp.sys
[2010/10/12 23:52:47 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slwdmsup.sys
[2010/10/12 23:52:47 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\vchnt5.dll
[2010/10/12 23:52:47 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\smbali.sys
[2010/10/12 23:52:46 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\watv10nt.sys
[2010/10/12 23:52:46 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\watv06nt.sys
[2010/10/12 23:52:46 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv11nt.sys
[2010/10/12 23:52:46 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv09nt.sys
[2010/10/12 23:52:46 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv07nt.sys
[2010/10/12 23:52:46 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv08nt.sys
[2010/10/12 23:50:36 | 000,000,000 | -H-D | C] -- C:\WINDA\$NtServicePackUninstall$
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 16:55:17 | 000,845,824 | ---- | M] () -- C:\WINDA\System32\drivers\hxizv.sys
[2010/10/23 16:52:17 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Adobe Reader 9.lnk
[2010/10/23 16:51:32 | 027,634,824 | ---- | M] ( ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\AdbeRdr940_en_US.exe
[2010/10/23 16:36:00 | 000,001,014 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
[2010/10/23 16:25:22 | 000,000,256 | ---- | M] () -- C:\WINDA\tasks\WGASetup.job
[2010/10/23 16:25:15 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At17.job
[2010/10/23 16:25:13 | 000,002,048 | --S- | M] () -- C:\WINDA\bootstat.dat
[2010/10/23 16:15:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\deployJava1.dll
[2010/10/23 16:15:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaws.exe
[2010/10/23 16:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaw.exe
[2010/10/23 16:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\java.exe
[2010/10/23 16:15:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javacpl.cpl
[2010/10/23 16:07:45 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/23 15:59:38 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-iftw-rv.exe
[2010/10/23 15:34:59 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At16.job
[2010/10/23 15:32:51 | 000,000,736 | ---- | M] () -- C:\WINDA\System32\drivers\etc\hosts
[2010/10/23 15:04:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At14.job
[2010/10/23 14:17:55 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/23 14:09:01 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At15.job
[2010/10/23 12:46:31 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/23 12:46:07 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\sdasd.exe
[2010/10/23 12:34:21 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At13.job
[2010/10/23 12:16:38 | 000,000,120 | ---- | M] () -- C:\WINDA\Qmecunepozanij.dat
[2010/10/23 01:59:37 | 006,259,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\duparules.exe
[2010/10/23 01:57:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\dupa.exe
[2010/10/23 01:52:57 | 000,000,000 | ---- | M] () -- C:\WINDA\Ibizus.bin
[2010/10/22 23:27:24 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 23:25:09 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At24.job
[2010/10/22 23:14:47 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\ssssss.com
[2010/10/22 23:13:04 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\guj.exe
[2010/10/22 22:50:28 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\install
[2010/10/22 22:49:44 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At23.job
[2010/10/22 22:22:13 | 000,002,206 | ---- | M] () -- C:\WINDA\System32\wpa.dbl
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At9.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At8.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At7.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At6.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At5.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At4.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At3.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At22.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At21.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At20.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At2.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At19.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At18.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At12.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At11.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At10.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At1.job
[2010/10/22 19:33:33 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Install PartyPoker.lnk
[2010/10/22 19:30:52 | 000,609,488 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PartyPokerSetup.exe
[2010/10/22 04:36:00 | 000,000,962 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
[2010/10/18 03:01:56 | 000,435,260 | ---- | M] () -- C:\WINDA\System32\perfh009.dat
[2010/10/18 03:01:56 | 000,068,156 | ---- | M] () -- C:\WINDA\System32\perfc009.dat
[2010/10/17 03:31:26 | 000,194,568 | ---- | M] () -- C:\WINDA\System32\FNTCACHE.DAT
[2010/10/17 03:14:16 | 000,001,393 | ---- | M] () -- C:\WINDA\imsins.BAK
[2010/10/13 19:38:09 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/13 19:38:09 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Opera.lnk
[2010/10/13 19:31:58 | 000,000,664 | ---- | M] () -- C:\WINDA\System32\d3d9caps.dat
[2010/10/13 01:01:40 | 000,445,016 | ---- | M] (Creative Labs) -- C:\WINDA\System32\wrap_oal.dll
[2010/10/13 01:01:40 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDA\System32\OpenAL32.dll
[2010/10/13 00:40:09 | 000,029,715 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__PC_DVD__Multi5__Spanish__www_consolasatope_com_.torrent
[2010/10/13 00:22:00 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/12 23:44:09 | 571,322,368 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
[2010/10/08 22:40:35 | 000,029,546 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__2010___PC_DVD9__MULTi5_.torrent
[2010/10/04 01:25:18 | 000,021,714 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\33_New_Poker_Books.torrent
[2010/10/03 21:38:03 | 000,020,803 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Your SKYCOMP.COM.AU - Order Details.mht
[2010/10/01 22:15:22 | 000,018,232 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\M_I_A__Complete_Discography.torrent
[2010/09/26 00:21:10 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 16:52:17 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Adobe Reader 9.lnk
[2010/10/23 12:46:31 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/22 23:27:24 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/22 23:18:13 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 23:14:47 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\ssssss.com
[2010/10/22 22:50:28 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\install
[2010/10/22 22:12:09 | 000,000,120 | ---- | C] () -- C:\WINDA\Qmecunepozanij.dat
[2010/10/22 22:12:09 | 000,000,000 | ---- | C] () -- C:\WINDA\Ibizus.bin
[2010/10/22 22:11:16 | 000,845,824 | ---- | C] () -- C:\WINDA\System32\drivers\hxizv.sys
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At24.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At23.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At22.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At21.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At20.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At19.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At18.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At17.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At16.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At15.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At14.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At9.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At8.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At7.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At6.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At5.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At4.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At3.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At2.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At13.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At12.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At11.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At10.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At1.job






badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sat 23 Oct 2010, 5:38 pm

[2010/10/22 19:31:15 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Install PartyPoker.lnk
[2010/10/22 19:30:48 | 000,609,488 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PartyPokerSetup.exe
[2010/10/13 19:30:25 | 000,000,664 | ---- | C] () -- C:\WINDA\System32\d3d9caps.dat
[2010/10/13 00:40:09 | 000,029,715 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__PC_DVD__Multi5__Spanish__www_consolasatope_com_.torrent
[2010/10/12 23:52:50 | 000,129,045 | ---- | C] () -- C:\WINDA\System32\drivers\cxthsfs2.cty
[2010/10/12 23:52:50 | 000,064,352 | ---- | C] () -- C:\WINDA\System32\drivers\ativmc20.cod
[2010/10/12 23:52:48 | 000,067,866 | ---- | C] () -- C:\WINDA\System32\drivers\netwlan5.img
[2010/10/12 21:04:34 | 571,322,368 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
[2010/10/08 22:40:35 | 000,029,546 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__2010___PC_DVD9__MULTi5_.torrent
[2010/10/04 01:25:18 | 000,021,714 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\33_New_Poker_Books.torrent
[2010/10/03 21:38:03 | 000,020,803 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Your SKYCOMP.COM.AU - Order Details.mht
[2010/10/01 22:15:22 | 000,018,232 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\M_I_A__Complete_Discography.torrent
[2010/09/26 00:21:10 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/20 21:15:03 | 000,005,077 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Application Data\bltofzsb.qlf
[2010/08/28 00:58:04 | 000,022,334 | R--- | C] () -- C:\WINDA\System32\lvcoinst.ini
[2010/05/23 18:11:58 | 000,192,512 | ---- | C] () -- C:\WINDA\System32\SaXPWIA.dll
[2010/05/23 18:11:58 | 000,140,288 | ---- | C] () -- C:\WINDA\System32\SaXPEH.dll
[2010/05/23 18:11:58 | 000,138,240 | ---- | C] () -- C:\WINDA\System32\SaXPUIEx.dll
[2010/05/23 18:11:58 | 000,117,248 | ---- | C] () -- C:\WINDA\System32\SaXPIPH.dll
[2010/05/23 18:11:58 | 000,087,552 | ---- | C] () -- C:\WINDA\System32\SaXPSTI.dll
[2010/03/28 21:02:07 | 000,022,723 | ---- | C] () -- C:\WINDA\System32\sugw2l3.dll
[2010/02/23 18:28:09 | 000,281,760 | ---- | C] () -- C:\WINDA\System32\drivers\atksgt.sys
[2010/02/23 18:28:07 | 000,025,888 | ---- | C] () -- C:\WINDA\System32\drivers\lirsgt.sys
[2010/02/12 19:06:29 | 000,000,370 | ---- | C] () -- C:\WINDA\ODBC.INI
[2010/02/12 05:26:48 | 000,004,073 | ---- | C] () -- C:\WINDA\ODBCINST.INI
[2010/02/11 21:00:16 | 000,691,696 | ---- | C] () -- C:\WINDA\System32\drivers\sptd.sys
[2010/02/11 20:53:55 | 000,171,008 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 20:51:42 | 000,178,176 | ---- | C] () -- C:\WINDA\System32\unrar.dll
[2010/02/11 20:51:42 | 000,000,038 | ---- | C] () -- C:\WINDA\avisplitter.ini
[2010/02/11 20:51:41 | 000,881,664 | ---- | C] () -- C:\WINDA\System32\xvidcore.dll
[2010/02/11 20:51:41 | 000,205,824 | ---- | C] () -- C:\WINDA\System32\xvidvfw.dll
[2010/02/11 20:51:40 | 003,596,288 | ---- | C] () -- C:\WINDA\System32\qt-dx331.dll
[2010/02/11 20:51:39 | 000,085,504 | ---- | C] () -- C:\WINDA\System32\ff_vfw.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDA\System32\xlive.dll.cat
[2006/06/26 11:33:40 | 000,023,472 | ---- | C] () -- C:\WINDA\System32\drivers\LVPr2Mon.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDA\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2010/02/11 18:49:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/11 18:43:20 | 000,000,317 | -HS- | M] () -- C:\boot.ini
[2009/09/17 15:49:22 | 000,015,714 | ---- | M] () -- C:\ComboFix.txt
[2010/02/11 18:49:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/11 19:25:29 | 000,000,197 | ---- | M] () -- C:\csb.log
[2009/10/18 20:09:01 | 000,000,319 | ---- | M] () -- C:\drmHeader.bin
[2007/11/08 17:06:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/23 16:18:10 | 000,006,295 | ---- | M] () -- C:\JavaRa.log
[2010/08/28 01:19:42 | 000,008,300 | ---- | M] () -- C:\lvcoinst.log
[2009/09/17 16:05:18 | 000,107,761 | ---- | M] () -- C:\MGlogs.zip
[2007/11/08 17:06:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/18 15:55:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/23 16:25:06 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/02/11 19:25:17 | 000,000,423 | ---- | M] () -- C:\RHDSetup.log
[2010/10/23 12:40:01 | 000,000,411 | ---- | M] () -- C:\rkill.log
[2010/10/23 02:00:22 | 000,074,682 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_01.58.20_log.txt

< %PROGRAMFILES%*. >
[2007/11/22 16:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2008/10/31 17:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/04/28 14:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010/04/08 21:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/10 11:19:00 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/12/04 19:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\Alarm
[2009/12/04 19:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Alarm Clock
[2009/08/31 12:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\Alawar
[2010/02/12 19:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/11/18 15:43:34 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2010/01/13 11:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/02/15 17:41:30 | 000,000,000 | ---D | M] -- C:\Program Files\BackStreet Browser 3.1
[2008/02/18 11:46:25 | 000,000,000 | ---D | M] -- C:\Program Files\Bobyte
[2010/02/12 19:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/10/13 01:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\BRS
[2009/09/17 13:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/10/13 00:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Codemasters
[2010/10/23 16:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/11/08 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/11/30 17:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/04/27 13:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools
[2010/02/11 21:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2008/02/18 12:39:58 | 000,000,000 | ---D | M] -- C:\Program Files\DebugMode
[2009/04/26 14:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Deluxe Ski Jump 3
[2010/02/11 19:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Device Doctor
[2009/09/18 17:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/10/25 17:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\DigiDNA
[2009/07/15 08:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/05/10 15:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\Driver-Soft
[2009/06/04 07:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2008/12/25 08:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\EA Sports
[2009/11/02 07:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Eidos
[2008/04/27 12:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/10/22 12:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\FreeRIP3
[2010/10/23 16:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2007/11/25 20:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Gadu-Gadu
[2010/09/05 20:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Gadu-Gadu 10
[2008/08/12 14:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/16 12:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2010/04/11 22:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2008/12/19 02:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\Handbrake
[2010/06/01 20:34:55 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/11/12 18:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/13 00:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/25 16:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPhoneBrowser
[2010/02/12 19:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/12 19:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2007/11/16 16:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\IZArc
[2010/04/04 22:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Jamorama
[2010/10/23 16:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/30 13:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\JoWood
[2010/02/11 20:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/11/06 13:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\KONAMI
[2008/12/28 11:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/02/11 20:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2009/04/26 14:38:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mafia
[2010/10/22 23:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/22 23:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdf
[2010/10/23 14:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdfkjkl
[2009/04/26 14:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\McDonaldsDragons
[2007/11/25 18:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\Media Player Classic
[2008/07/16 16:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\MediaCoder
[2010/10/13 00:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/11/23 15:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/11/08 17:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/05/18 16:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/05/11 09:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2007/11/23 15:35:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/21 14:47:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/11/23 15:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/05/02 14:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Midway Games
[2008/10/04 14:08:21 | 000,000,000 | ---D | M] -- C:\Program Files\Monte Cristo
[2010/10/17 03:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/23 16:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/05/18 14:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/11/08 17:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/11/08 17:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/11/14 13:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/05/11 09:35:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/12/15 09:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\NAVIGON
[2007/11/28 14:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/10/12 23:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/05/01 14:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Ninja Reflex
[2009/12/19 13:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/06/04 13:03:25 | 000,000,000 | ---D | M] -- C:\Program Files\NovaLogic
[2010/01/13 14:11:01 | 000,000,000 | ---D | M] -- C:\Program Files\obj
[2007/11/08 17:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/13 01:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/10/22 23:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/10/17 03:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/01 00:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2009/12/19 13:36:11 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2009/05/10 14:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2008/04/06 13:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Pirate Poppers
[2008/07/21 12:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2010/10/23 02:01:38 | 000,000,000 | ---D | M] -- C:\Program Files\pizdeczkumioa
[2009/08/02 15:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\PKR
[2010/10/22 19:33:21 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010/10/18 23:21:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerTracker 3
[2010/09/20 21:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\PostgreSQL
[2010/02/12 19:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/11/23 15:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Readiris
[2007/11/25 18:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\Real Alternative
[2010/02/11 19:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/05/18 14:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/06 13:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009/09/12 13:55:26 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
[2007/11/12 15:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/01/28 12:15:53 | 000,000,000 | ---D | M] -- C:\Program Files\Sega
[2008/10/06 16:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra
[2010/08/28 00:13:43 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2007/11/23 15:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\SmarThru 4
[2008/07/21 13:06:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2009/12/29 20:21:30 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek
[2010/10/23 12:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2008/02/18 12:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\t@b
[2010/01/12 17:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\Techland
[2010/01/28 11:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\The Alawar Compendium
[2009/12/13 10:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Tournament Indicator
[2008/10/31 17:00:49 | 000,000,000 | ---D | M] -- C:\Program Files\Twins Software
[2010/06/01 20:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2007/11/08 17:10:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/18 17:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\USB TV
[2010/03/29 20:18:33 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/02/19 16:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/12/25 08:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Warblade
[2010/02/11 20:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/10/12 23:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/10/12 23:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/11/08 17:06:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/04/13 22:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/10/25 17:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2008/03/04 16:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\WM Converter
[2007/11/08 17:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/11/18 12:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid

< %appdata%*.* >
[2010/02/12 05:26:09 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\desktop.ini
[2010/10/22 22:50:28 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\install

< MD5 for: AGP440.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDA\ServicePackFiles\i386\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDA\system32\drivers\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDA\ServicePackFiles\i386\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDA\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDA\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDA\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDA\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys
[2004/09/01 19:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/09/01 19:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDA\$NtServicePackUninstall$\disk.sys
[2004/09/01 19:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDA\ServicePackFiles\i386\disk.sys
[2008/04/14 05:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDA\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDA\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDA\system32\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/09/01 19:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDA\$NtServicePackUninstall$\eventlog.dll
[2004/09/01 19:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDA\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDA\system32\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDA\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDA\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/09/01 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDA\$NtServicePackUninstall$\netlogon.dll
[2004/09/01 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/09/01 19:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDA\$NtServicePackUninstall$\scecli.dll
[2004/09/01 19:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDA\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDA\system32\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDA\$NtServicePackUninstall$\usbstor.sys
[2004/09/01 19:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDA\ServicePackFiles\i386\usbstor.sys
[2008/04/14 05:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDA\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sat 23 Oct 2010, 5:40 pm

OTL Extras logfile created on: 10/23/2010 4:53:27 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDA | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 13.47 Gb Free Space | 3.61% Space Free | Partition Type: NTFS
Drive D: | 281.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIELHERDZIK | User Name: daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web -- ()
"C:\Documents and Settings\dan\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\dan\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\uTorrent.exe" = C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Codemasters\DiRT\DiRT.exe" = C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Disabled:DiRT Executable -- (Codemasters)
"C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe" = C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 -- (Codemasters)
"c:\documents and settings\daniel.homw-20fd2517c1\local settings\application data\asam.exe" = c:\documents and settings\daniel.homw-20fd2517c1\local settings\application data\asam.exe:*:Enabled:enable -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CDC3396-0169-41FC-B7E8-C7AE080DB3E8}" = Jamorama Software
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Gadu-Gadu 10" = Gadu-Gadu 10
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Guitar Pro 5_is1" = Guitar Pro 5.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"QcDrv" = Logitech® Camera Driver
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2010 5:48:53 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application f1_2010_game.exe, version 1.0.0.0, faulting module
xlive.dll, version 3.1.99.0, fault address 0x00488baf.

Error - 10/13/2010 6:11:05 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application f1_2010_game.exe, version 1.0.0.0, faulting module
f1_2010_game.exe, version 1.0.0.0, fault address 0x00c581f3.

Error - 10/20/2010 7:41:30 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application pokertrackerhud.exe, version 3.6.0.2, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 10/21/2010 7:40:06 AM | Computer Name = DANIELHERDZIK | Source = Application Hang | ID = 1002
Description = Hanging application gg.exe, version 10.1.1.11119, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2010 4:30:08 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application pprekop.exe, version 4.2.0.172, faulting module
ole32.dll, version 5.1.2600.2182, fault address 0x10017bed.

Error - 10/22/2010 6:05:37 AM | Computer Name = DANIELHERDZIK | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.3.15, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2010 7:30:59 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application cax4ne.exe, version 0.0.0.0, faulting module
cax4ne.exe, version 0.0.0.0, fault address 0x00001d54.

Error - 10/22/2010 7:50:10 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application cax4ne.exe, version 0.0.0.0, faulting module
cax4ne.exe, version 0.0.0.0, fault address 0x00001d54.

Error - 10/22/2010 9:46:37 PM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application sdasd.exe, version 4.44.0.1000, faulting module
sdasd.exe, version 4.44.0.1000, fault address 0x0006deac.

Error - 10/23/2010 1:02:36 AM | Computer Name = DANIELHERDZIK | Source = Application Hang | ID = 1002
Description = Hanging application jre-6u22-windows-i586-iftw-rv.exe, version 6.0.220.4,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/12/2010 1:44:39 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 1:56:05 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 1:57:58 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 2:22:40 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199A
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 2:33:04 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 5:48:43 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/12/2010 9:21:48 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7028
Description = The Cfg Registry key denied access to SYSTEM account programs so the
Service Control Manager took ownership of the Registry key.

Error - 10/12/2010 9:21:48 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/12/2010 9:24:20 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/12/2010 9:27:48 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2


< End of report >

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Sun 24 Oct 2010, 11:06 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun 24 Oct 2010, 12:44 pm

okay heres the log but it feels like theres something still hidden deep. Whenever i try to do malwarebytes update my comp crushes which i forgot to mention before

ComboFix 10-10-22.05 - daniel 10/24/2010 12:06:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1656 [GMT 11:00]
Running from: c:\documents and settings\daniel.HOMW-20FD2517C1\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\chrome.manifest
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\chrome\content\_cfg.js
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\chrome\content\overlay.xul
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\install.rdf
c:\winda\OPTIONS\CABS\_desktop.ini
c:\winda\Tasks\At1.job
c:\winda\Tasks\At10.job
c:\winda\Tasks\At11.job
c:\winda\Tasks\At12.job
c:\winda\Tasks\At13.job
c:\winda\Tasks\At14.job
c:\winda\Tasks\At15.job
c:\winda\Tasks\At16.job
c:\winda\Tasks\At17.job
c:\winda\Tasks\At18.job
c:\winda\Tasks\At19.job
c:\winda\Tasks\At2.job
c:\winda\Tasks\At20.job
c:\winda\Tasks\At21.job
c:\winda\Tasks\At22.job
c:\winda\Tasks\At23.job
c:\winda\Tasks\At24.job
c:\winda\Tasks\At3.job
c:\winda\Tasks\At4.job
c:\winda\Tasks\At5.job
c:\winda\Tasks\At6.job
c:\winda\Tasks\At7.job
c:\winda\Tasks\At8.job
c:\winda\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-23 07:06 . 2010-10-23 07:06 -------- d-----w- c:\program files\ESET
2010-10-23 05:15 . 2010-10-23 05:15 -------- d-----w- c:\program files\Common Files\Java
2010-10-23 05:15 . 2010-10-23 05:15 73728 ----a-w- c:\winda\system32\javacpl.cpl
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\winda\system32\deployJava1.dll
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\SUPERAntiSpyware.com
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\SUPERAntiSpyware.com
2010-10-22 15:01 . 2010-10-22 15:01 -------- d-----w- c:\program files\pizdeczkumioa
2010-10-22 12:30 . 2010-10-22 12:30 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.001
2010-10-22 12:22 . 2010-10-22 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwarefdfdf
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 38224 ----a-w- c:\winda\system32\drivers\mbamswissarmy.sys
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 20952 ----a-w- c:\winda\system32\drivers\mbam.sys
2010-10-22 11:38 . 2010-10-22 11:38 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.000
2010-10-22 11:12 . 2010-10-22 14:52 0 ----a-w- c:\winda\Ibizus.bin
2010-10-22 11:11 . 2010-10-24 01:25 845824 ----a-w- c:\winda\system32\drivers\hxizv.sys
2010-10-22 08:31 . 2010-10-22 08:31 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\PartyPoker_Installer
2010-10-15 18:45 . 2010-09-18 06:53 974848 -c----w- c:\winda\system32\dllcache\mfc42.dll
2010-10-15 18:45 . 2010-09-18 06:53 953856 -c----w- c:\winda\system32\dllcache\mfc40u.dll
2010-10-15 18:44 . 2010-08-23 16:12 617472 -c----w- c:\winda\system32\dllcache\comctl32.dll
2010-10-15 18:39 . 2010-06-14 14:31 744448 -c----w- c:\winda\system32\dllcache\helpsvc.exe
2010-10-15 18:34 . 2009-08-13 15:16 512000 -c----w- c:\winda\system32\dllcache\jscript.dll
2010-10-12 14:03 . 2010-10-12 14:03 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Codemasters
2010-10-12 14:00 . 2010-10-12 14:00 -------- d-----w- c:\winda\system32\XPSViewer
2010-10-12 13:59 . 2008-07-06 12:06 89088 ----a-w- c:\winda\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 89088 -c----w- c:\winda\system32\dllcache\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 -c----w- c:\winda\system32\dllcache\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 ------w- c:\winda\system32\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 117760 ------w- c:\winda\system32\prntvpt.dll
2010-10-12 13:59 . 2008-07-06 10:50 597504 -c----w- c:\winda\system32\dllcache\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2008-07-06 10:50 597504 ------w- c:\winda\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2010-10-12 14:00 -------- d-----w- C:\ec6c142c762ddb50a225997fc0
2010-10-12 13:59 . 2008-07-06 12:06 1676288 -c----w- c:\winda\system32\dllcache\xpssvcs.dll
2010-10-12 13:59 . 2008-07-06 12:06 1676288 ------w- c:\winda\system32\xpssvcs.dll
2010-10-12 13:22 . 2004-09-01 08:00 221184 ----a-w- c:\winda\system32\wmpns.dll
2010-10-12 12:56 . 2008-04-13 18:42 32866 ------w- c:\winda\slrundll.exe
2010-10-12 12:56 . 2008-04-13 18:42 712704 ------w- c:\winda\system32\windowscodecs.dll
2010-10-12 12:56 . 2008-04-13 18:42 69120 ------w- c:\winda\system32\wlanapi.dll
2010-10-12 12:56 . 2008-04-13 18:42 346112 ------w- c:\winda\system32\windowscodecsext.dll
2010-10-12 12:56 . 2008-04-13 18:42 276992 ------w- c:\winda\system32\wmphoto.dll
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\scripting
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\en
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\bits
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-01 08:00 954368 ----a-w- c:\winda\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-01 08:00 953856 ----a-w- c:\winda\system32\mfc40u.dll
2010-09-18 01:23 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42u.dll
2010-09-09 14:16 . 2004-09-01 08:00 667136 ----a-w- c:\winda\system32\wininet.dll
2010-09-09 14:16 . 2004-09-01 08:00 61952 ----a-w- c:\winda\system32\tdc.ocx
2010-09-09 14:16 . 2004-09-01 08:00 81920 ----a-w- c:\winda\system32\ieencode.dll
2010-09-08 16:49 . 2004-09-01 08:00 369664 ----a-w- c:\winda\system32\html.iec
2010-09-01 11:51 . 2004-09-01 08:00 285824 ----a-w- c:\winda\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-01 08:00 1852800 ----a-w- c:\winda\system32\win32k.sys
2010-08-27 08:02 . 2004-09-01 08:00 119808 ----a-w- c:\winda\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-01 08:00 99840 ----a-w- c:\winda\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-01 08:00 357248 ----a-w- c:\winda\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-11 16:34 5120 ----a-w- c:\winda\system32\xpsp4res.dll
2010-08-26 09:34 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4d45.tmp
2010-08-26 09:32 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP5beb.tmp
2010-08-25 07:50 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP57a5.tmp
2010-08-25 06:49 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4a95.tmp
2010-08-23 16:12 . 2004-09-01 08:00 617472 ----a-w- c:\winda\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-01 08:00 58880 ----a-w- c:\winda\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-01 08:00 590848 ----a-w- c:\winda\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\winda\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\winda\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]
S4 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]

--- Other Services/Drivers In Memory ---

*Deregistered* - hxizv
.
Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-24 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-24 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MHqW - c:\winda\drweb.exe
HKU-Default-Run-ikodxxnb - c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\hlqxrkqco\rntivvntssd.exe
HKU-Default-Run-xniwlvan - c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\ymhamrrub\jsylcnrtssd.exe
AddRemove-Agere Systems Soft Modem - c:\winda\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-24 12:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hxizv]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
.
Completion time: 2010-10-24 12:30:41
ComboFix-quarantined-files.txt 2010-10-24 01:30
ComboFix2.txt 2009-09-17 04:49

Pre-Run: 14,257,426,432 bytes free
Post-Run: 15,288,143,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDA
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDA="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AA4F9D9C46F6B0410388E4B99DB0AE51

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Mon 25 Oct 2010, 11:11 am

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Driver::
    hxizv

    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hxizv]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Mon 25 Oct 2010, 9:08 pm

ok heres the log the thing is if i disable and enable again my network connection the computer has problem aquiring ip adress from the router but when i switch my router off on it works never had that problem before i thought might be something with the router so i reverted to factory settings put again my passwords and user ids the internet is not working but thats a normal occurence with my isp. Just have a question whether problems with my internet/router can have an effect on my computer having problems aquiring ip adress from the router or is it definately my computer. Even if its my internet i want to continue the cleanup to the end. Ok heres the log.


ComboFix 10-10-22.05 - daniel 10/25/2010 19:44:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.289 [GMT 11:00]
Running from: c:\documents and settings\daniel.HOMW-20FD2517C1\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\daniel.HOMW-20FD2517C1\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HXIZV
-------\Service_hxizv


((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
.

2010-10-24 01:49 . 2010-10-23 01:46 9578056 ----a-w- C:\sdasd.exe
2010-10-24 01:49 . 2010-10-22 14:59 6259512 ----a-w- C:\duparules.exe
2010-10-24 01:49 . 2010-10-22 12:14 364032 ----a-w- C:\ssssss.com
2010-10-23 07:06 . 2010-10-23 07:06 -------- d-----w- c:\program files\ESET
2010-10-23 05:15 . 2010-10-23 05:15 -------- d-----w- c:\program files\Common Files\Java
2010-10-23 05:15 . 2010-10-23 05:15 73728 ----a-w- c:\winda\system32\javacpl.cpl
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\winda\system32\deployJava1.dll
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\SUPERAntiSpyware.com
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\SUPERAntiSpyware.com
2010-10-22 15:01 . 2010-10-22 15:01 -------- d-----w- c:\program files\pizdeczkumioa
2010-10-22 12:30 . 2010-10-22 12:30 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.001
2010-10-22 12:22 . 2010-10-22 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwarefdfdf
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 38224 ----a-w- c:\winda\system32\drivers\mbamswissarmy.sys
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 20952 ----a-w- c:\winda\system32\drivers\mbam.sys
2010-10-22 11:38 . 2010-10-22 11:38 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.000
2010-10-22 11:12 . 2010-10-22 14:52 0 ----a-w- c:\winda\Ibizus.bin
2010-10-22 11:11 . 2010-10-25 08:54 845824 ----a-w- c:\winda\system32\drivers\hxizv.sys
2010-10-22 08:31 . 2010-10-22 08:31 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\PartyPoker_Installer
2010-10-15 18:45 . 2010-09-18 06:53 974848 -c----w- c:\winda\system32\dllcache\mfc42.dll
2010-10-15 18:45 . 2010-09-18 06:53 953856 -c----w- c:\winda\system32\dllcache\mfc40u.dll
2010-10-15 18:44 . 2010-08-23 16:12 617472 -c----w- c:\winda\system32\dllcache\comctl32.dll
2010-10-15 18:39 . 2010-06-14 14:31 744448 -c----w- c:\winda\system32\dllcache\helpsvc.exe
2010-10-15 18:34 . 2009-08-13 15:16 512000 -c----w- c:\winda\system32\dllcache\jscript.dll
2010-10-12 14:03 . 2010-10-12 14:03 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Codemasters
2010-10-12 14:00 . 2010-10-12 14:00 -------- d-----w- c:\winda\system32\XPSViewer
2010-10-12 13:59 . 2008-07-06 12:06 89088 ----a-w- c:\winda\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 89088 -c----w- c:\winda\system32\dllcache\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 -c----w- c:\winda\system32\dllcache\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 ------w- c:\winda\system32\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 117760 ------w- c:\winda\system32\prntvpt.dll
2010-10-12 13:59 . 2008-07-06 10:50 597504 -c----w- c:\winda\system32\dllcache\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2008-07-06 10:50 597504 ------w- c:\winda\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2010-10-12 14:00 -------- d-----w- C:\ec6c142c762ddb50a225997fc0
2010-10-12 13:59 . 2008-07-06 12:06 1676288 -c----w- c:\winda\system32\dllcache\xpssvcs.dll
2010-10-12 13:59 . 2008-07-06 12:06 1676288 ------w- c:\winda\system32\xpssvcs.dll
2010-10-12 13:22 . 2004-09-01 08:00 221184 ----a-w- c:\winda\system32\wmpns.dll
2010-10-12 12:56 . 2008-04-13 18:42 32866 ------w- c:\winda\slrundll.exe
2010-10-12 12:56 . 2008-04-13 18:42 712704 ------w- c:\winda\system32\windowscodecs.dll
2010-10-12 12:56 . 2008-04-13 18:42 69120 ------w- c:\winda\system32\wlanapi.dll
2010-10-12 12:56 . 2008-04-13 18:42 346112 ------w- c:\winda\system32\windowscodecsext.dll
2010-10-12 12:56 . 2008-04-13 18:42 276992 ------w- c:\winda\system32\wmphoto.dll
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\scripting
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\en
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\bits
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 04:24 . 2010-02-11 08:19 15600 ----a-w- c:\winda\gdrv.sys
2010-09-18 06:53 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-01 08:00 954368 ----a-w- c:\winda\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-01 08:00 953856 ----a-w- c:\winda\system32\mfc40u.dll
2010-09-18 01:23 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42u.dll
2010-09-09 14:16 . 2004-09-01 08:00 667136 ----a-w- c:\winda\system32\wininet.dll
2010-09-09 14:16 . 2004-09-01 08:00 61952 ----a-w- c:\winda\system32\tdc.ocx
2010-09-09 14:16 . 2004-09-01 08:00 81920 ----a-w- c:\winda\system32\ieencode.dll
2010-09-08 16:49 . 2004-09-01 08:00 369664 ----a-w- c:\winda\system32\html.iec
2010-09-01 11:51 . 2004-09-01 08:00 285824 ----a-w- c:\winda\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-01 08:00 1852800 ----a-w- c:\winda\system32\win32k.sys
2010-08-27 08:02 . 2004-09-01 08:00 119808 ----a-w- c:\winda\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-01 08:00 99840 ----a-w- c:\winda\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-01 08:00 357248 ----a-w- c:\winda\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-11 16:34 5120 ----a-w- c:\winda\system32\xpsp4res.dll
2010-08-26 09:34 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4d45.tmp
2010-08-26 09:32 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP5beb.tmp
2010-08-25 07:50 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP57a5.tmp
2010-08-25 06:49 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4a95.tmp
2010-08-23 16:12 . 2004-09-01 08:00 617472 ----a-w- c:\winda\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-01 08:00 58880 ----a-w- c:\winda\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-01 08:00 590848 ----a-w- c:\winda\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\winda\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\winda\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\documents and settings\All Users.WINDA\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-10-24 81997]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]
S4 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-10-24 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-25 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-25 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {20773457-7612-462F-BEA7-6E4795CB4EE2} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-25 19:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
c:\winda\system32\CLBCATQ.DLL

- - - - - - - > 'explorer.exe'(6812)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\winda\system32\WPDShServiceObj.dll
c:\winda\system32\PortableDeviceTypes.dll
c:\winda\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winda\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\winda\system32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winda\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\iPod\bin\iPodService.exe
c:\winda\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-10-25 20:00:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-25 09:00
ComboFix2.txt 2010-10-24 01:30
ComboFix3.txt 2009-09-17 04:49

Pre-Run: 14,953,320,448 bytes free
Post-Run: 14,888,165,376 bytes free

- - End Of File - - B208FCEB83CDC2D490027AC30FE7AAD3

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Tue 26 Oct 2010, 11:17 am

Hello.
This thing doesn't wanna die.

1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\sdasd.exe
C:\duparules.exe
C:\ssssss.com
c:\winda\Ibizus.bin
c:\winda\system32\drivers\hxizv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Tue 26 Oct 2010, 8:49 pm

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\sdasd.exe" deleted successfully.
File "C:\duparules.exe" deleted successfully.
File "C:\ssssss.com" deleted successfully.
File "c:\winda\Ibizus.bin" deleted successfully.
File "c:\winda\system32\drivers\hxizv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Wed 27 Oct 2010, 10:41 am

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun 31 Oct 2010, 9:27 pm

sry that its that late but i was really busy with work

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6308b9a9405c864b84a5864303ff8851
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-23 08:56:29
# local_time=2010-10-23 07:56:29 (+1000, AUS Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=201918
# found=15
# cleaned=15
# scan_time=5966
C:\Documents and Settings\Administrator\Desktop\MGtools.exe probably a variant of Win32/TrojanDropper.Agent.GDFRTBF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\Desktop\freeripmp3.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\Local Settings\temp\butTrue.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\Local Settings\Temporary Internet Files\Content.IE5\9BRIJCAM\load[1].exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Saved\one too many itches.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\adobe_cs4_keygen_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\little_girl_sucks_cock_and_swallows.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\norton_antivirus_crack_all_versions.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\starcraft_keygen_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\f***.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\windows_xp_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\world_of_warcraft_keygen_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDA\Temp\2295adf4.exe a variant of Win32/Kryptik.ETK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\jraid.sys Win32/Olmarik.RF trojan (cleaned - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6308b9a9405c864b84a5864303ff8851
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-27 09:07:54
# local_time=2010-10-27 08:07:54 (+1000, AUS Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=211077
# found=1
# cleaned=1
# scan_time=6337
C:\System Volume Information\_restore{6FEAFECF-E624-4F5F-9CAE-6A9C35917080}\RP873\A0298695.exe Win32/AutoRun.AFA worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6308b9a9405c864b84a5864303ff8851
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-31 03:18:40
# local_time=2010-10-31 02:18:40 (+1000, AUS Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=211982
# found=0
# cleaned=0
# scan_time=5860

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun 31 Oct 2010, 9:28 pm

agr i think thats some old scan the recent one i did found 1 trojan

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Mon 01 Nov 2010, 12:19 pm

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Wed 03 Nov 2010, 8:25 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\dan\desktop\tiger_woods_pga_tour___ea_sports___cracked_for_iphone__ipod_tou.torrent
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f.001
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f.sfv
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cod4.nfo
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f\iw3sp.exe
c:\documents and settings\dan\desktop\emule\incoming\gry\jungo.v1.0-te-km07.(osiolek.com)\jungo.v1.0-te-km07\crack\jungo.exe
c:\documents and settings\dan\desktop\emule\incoming\gry\pirate.poppers.(osiolek.com)\pirate poppers cracked.exe
c:\documents and settings\dan\desktop\emule\incoming\magic.ball.4.v1.0-delight\cracked.rar
c:\documents and settings\dan\desktop\emule\incoming\programy\anydvd&anydvd.hd.6.1.5.4.incl.keygen-res.(osiolek.com).rar
c:\documents and settings\dan\desktop\torrents\codemasters_f1_2009_iphone_ipod_touch_cracked_ipa_v1.0.5220288.tpb.torrent
c:\documents and settings\dan\desktop\torrents\need_for_speed_shift_[v._1.0.0]_cracked_for_iphone__ipod_touch.5231769.tpb.torrent
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack.rar
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack+patch 1.1 - christley\dirt.exe
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack+patch 1.1 - christley\dirt_1_1.exe
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack+patch 1.1 - christley\read me!.txt
c:\documents and settings\dan\desktop\zdjecia\call_of_duty_2_(_v_1.3_)_crack_pack_and_patch.4534182.tpb.torrent
c:\documents and settings\dan\desktop\zdjecia\call_of_duty_5__world_at_war_(no-cd)_crack___serial_[pc].4504505.tpb.torrent
c:\documents and settings\dan\desktop\zdjecia\colin_mcrae_dirt_crack_patch_1.1_-_christley.3723421.tpb.torrent
c:\documents and settings\dan\my documents\downloads\rockband-v1.1.38-cracked.ipa
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\ifunbox.exe
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\patched mobileinstallation\firmware 2.1\mobileinstallation
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\patched mobileinstallation\firmware 2.2\mobileinstallation
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\patched mobileinstallation\firmware 2.2.1\mobileinstallation
c:\documents and settings\dan\my documents\limewire\incomplete\e2u2wxbayjh3cla4wy5t6gnitsc7g43b\.datcall of duty 5 crack
c:\documents and settings\dan\my documents\limewire\incomplete\e2u2wxbayjh3cla4wy5t6gnitsc7g43b\call of duty 5 crack\codwaw.exe
c:\documents and settings\dan\my documents\my music\itunes\itunes music\mobile applications\rockband-v1.1.38-cracked.ipa
c:\program files\debugmode\wax 2.0\presets\vl presets\vl misc\cracked.wxpr
c:\program files\konami\pro evolution soccer 2008\crack\czytaj.txt
c:\program files\konami\pro evolution soccer 2008\crack\[1] patch 1.20\pes2008patch1_20.exe
c:\program files\konami\pro evolution soccer 2008\crack\[2] polonizacja\pes_2008_patch_polonizacyjny.exe
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\wazne!!!!.txt
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\1\pes2008.exe
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\1\vitality.nfo
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\2\battery.nfo
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\2\pes2008.exe
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno.swf
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno_popup.swf
c:\program files\ubisoft\the settlers - narodziny imperium\crack\settlers6-15.exe
c:\program files\ubisoft\the settlers - narodziny imperium\crack\crack\settlers6.exe
c:\program files\ubisoft\tom clancy’s rainbow six vegas 2\binaries\crack\vegas2103.exe
c:\program files\ubisoft\tom clancy’s rainbow six vegas 2\binaries\crack\crack\r6vegas2_game.exe
scanner sequence 3.ZZ.11
----- EOF -----


badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Thu 04 Nov 2010, 11:43 am

Hello.

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

Your should also stop downloading porn, I noticed a few weird files in your ESET logs, please remove the cracks and keygens right now otherwise I wont help you.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun 07 Nov 2010, 4:56 pm

ok its all been deleted along with 100 gb of other stuff which i was to lazy to clean up. At least i got motivated to clean up my hard drive.

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Mon 08 Nov 2010, 5:18 am

Hi,

How is your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun 28 Nov 2010, 7:35 pm

im ashamed to say i thought it was good and then i caught something again browsing the net. I dont know if u wanna help me still but if u do here are the logs again


OTL logfile created on: 11/28/2010 7:33:18 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDA | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 186.79 Gb Free Space | 50.13% Space Free | Partition Type: NTFS

Computer Name: DANIELHERDZIK | User Name: daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 19:33:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
PRC - [2010/11/25 13:47:59 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/11/20 14:27:12 | 005,703,512 | ---- | M] (PokerStars) -- C:\Program Files\PokerStars\PokerStars.exe
PRC - [2010/11/20 09:23:06 | 005,382,960 | ---- | M] (PokerTracker Software, LLC.) -- C:\Program Files\PokerTracker 3\PokerTracker.exe
PRC - [2010/11/20 09:23:06 | 002,026,288 | ---- | M] (PokerTracker Software, LLC.) -- C:\Program Files\PokerTracker 3\PokerTrackerHud.exe
PRC - [2010/11/02 20:10:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/02 20:10:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/21 11:33:36 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/10/30 22:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDA\explorer.exe
PRC - [2007/06/26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2007/05/17 10:53:02 | 000,780,312 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/05/17 10:52:04 | 000,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
PRC - [2007/05/17 10:51:30 | 000,232,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007/05/11 17:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/05/11 17:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 19:33:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDA\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/05/11 17:30:38 | 000,113,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/04/14 11:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2007/05/11 17:32:22 | 000,142,112 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/05/11 17:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/11 17:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDA\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/10/24 15:24:38 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDA\gdrv.sys -- (gdrv)
DRV - [2010/05/11 05:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 18:28:09 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/23 18:28:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/18 05:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 21:00:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDA\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 18:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/10/12 22:15:30 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/02/19 22:13:42 | 000,084,320 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/10/29 15:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/12 11:31:20 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/11 17:30:16 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/05/11 17:29:54 | 002,142,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/05/11 17:27:58 | 002,107,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/05/10 15:46:58 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/10 15:46:46 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/03/28 18:45:38 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 19:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/23 09:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDA\system32\drivers\LV302AV.SYS -- (PID_08A0) Logitech QuickCam IM(PID_08A0)
DRV - [2006/02/07 22:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\JGOGO.sys -- (JGOGO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDA\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.17.123.186:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 20:10:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 20:10:41 | 000,000,000 | ---D | M]

[2010/03/22 11:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Extensions
[2010/11/28 13:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions
[2010/10/23 15:47:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/19 23:08:14 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\searchplugins\conduit.xml
[2010/11/27 21:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 20:38:20 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/23 16:15:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/23 16:15:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/27 16:37:56 | 000,000,027 | ---- | M]) - C:\WINDA\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDA\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDA\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDA\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDA\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDA\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDA\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/11 18:49:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 19:32:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
[2010/11/28 13:40:48 | 112,471,448 | ---- | C] (Agnitum, Ltd. ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OutpostSecuritySuiteInstall.exe
[2010/11/27 22:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachmeDFDFnts
[2010/11/27 21:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/27 21:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\avg9
[2010/11/27 21:10:12 | 079,383,048 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\avg_free_stf_en_90_716a1803.exe
[2010/11/27 16:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDA\SWXCACLS.exe
[2010/11/27 16:25:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDA\SWREG.exe
[2010/11/27 16:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDA\SWSC.exe
[2010/11/27 16:25:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDA\NIRCMD.exe
[2010/11/27 16:25:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 20:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\LOGS
[2010/11/25 23:03:19 | 000,000,000 | ---D | C] -- C:\WINDA\pss
[2010/11/25 08:28:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Recent
[2010/11/25 08:21:35 | 000,000,000 | ---D | C] -- C:\3528a25f840bb5aa6ae2cb371b6f
[2010/11/23 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{25897A17-9C8F-4DAF-AD1B-914FB1C53D7B}
[2010/11/23 23:03:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDA\Documents\Server
[2010/11/23 23:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\935109F2C03AE81B78BC7B2534DDB2B8
[2010/11/19 18:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachments
[2010/11/07 15:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\TEMP
[2010/11/03 21:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\ForceField Shared Files
[2010/11/03 21:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\CheckPoint
[2010/11/03 21:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/03 21:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Conduit
[2010/11/03 21:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/11/03 21:04:49 | 000,000,000 | ---D | C] -- C:\WINDA\Internet Logs
[2010/11/01 20:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Real
[2010/10/31 00:33:03 | 001,276,832 | ---- | C] (Logitech Inc.) -- C:\WINDA\System32\drivers\LV302V32.SYS
[2010/10/31 00:33:03 | 000,195,360 | ---- | C] (Logitech Inc.) -- C:\WINDA\System32\lvci1100.dll
[2010/10/31 00:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Logishrd
[2010/10/31 00:22:00 | 047,075,528 | ---- | C] (Logitech, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\qc1100.exe
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/28 19:34:51 | 000,761,856 | ---- | M] () -- C:\WINDA\System32\drivers\irwaa.sys
[2010/11/28 19:33:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
[2010/11/28 18:36:00 | 000,001,014 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
[2010/11/28 14:29:31 | 112,471,448 | ---- | M] (Agnitum, Ltd. ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OutpostSecuritySuiteInstall.exe
[2010/11/28 13:38:33 | 000,000,256 | ---- | M] () -- C:\WINDA\tasks\WGASetup.job
[2010/11/28 13:38:07 | 000,002,048 | --S- | M] () -- C:\WINDA\bootstat.dat
[2010/11/28 01:14:56 | 054,441,984 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-26.mp3
[2010/11/28 00:40:15 | 058,675,285 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-27.mp3
[2010/11/27 22:56:51 | 000,099,467 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachmeDFDFnts.zip
[2010/11/27 21:19:02 | 079,383,048 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\avg_free_stf_en_90_716a1803.exe
[2010/11/27 16:52:47 | 000,002,206 | ---- | M] () -- C:\WINDA\System32\wpa.dbl
[2010/11/27 16:37:56 | 000,000,027 | ---- | M] () -- C:\WINDA\System32\drivers\etc\hosts
[2010/11/27 04:36:00 | 000,000,962 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
[2010/11/25 19:09:59 | 000,340,358 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\wdwd.rtf
[2010/11/25 08:22:09 | 000,061,440 | ---- | M] () -- C:\WINDA\System32\drivers\ouampou.sys
[2010/11/25 08:22:09 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010/11/23 23:06:16 | 000,000,120 | ---- | M] () -- C:\WINDA\Qmecunepozanij.dat
[2010/11/23 23:06:16 | 000,000,000 | ---- | M] () -- C:\WINDA\Ibizus.bin
[2010/11/23 09:25:38 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PokerTracker 3.lnk
[2010/11/23 09:18:32 | 013,744,752 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PT-Install-v3.08.exe
[2010/11/19 18:07:42 | 000,247,310 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachments.zip
[2010/11/17 08:37:32 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PROUDS.doc
[2010/11/17 08:37:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\~$PROUDS.doc
[2010/11/13 22:14:40 | 000,205,312 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDA\MBR.exe
[2010/11/03 21:05:30 | 000,004,212 | -H-- | M] () -- C:\WINDA\System32\zllictbl.dat
[2010/11/03 20:20:40 | 046,957,056 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\zaSetup_92_076_000_en.exe
[2010/11/01 17:58:52 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\CKScanner.exe
[2010/11/01 17:58:52 | 000,443,392 | ---- | M] () -- C:\CKScanner.exe
[2010/10/31 00:38:28 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Logitech QuickCam.lnk
[2010/10/31 00:29:10 | 047,075,528 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\qc1100.exe
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 01:00:46 | 054,441,984 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-26.mp3
[2010/11/28 00:23:13 | 058,675,285 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-27.mp3
[2010/11/27 22:56:49 | 000,099,467 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachmeDFDFnts.zip
[2010/11/27 16:25:37 | 000,256,512 | ---- | C] () -- C:\WINDA\PEV.exe
[2010/11/27 16:25:37 | 000,098,816 | ---- | C] () -- C:\WINDA\sed.exe
[2010/11/27 16:25:37 | 000,089,088 | ---- | C] () -- C:\WINDA\MBR.exe
[2010/11/27 16:25:37 | 000,080,412 | ---- | C] () -- C:\WINDA\grep.exe
[2010/11/27 16:25:37 | 000,068,096 | ---- | C] () -- C:\WINDA\zip.exe
[2010/11/25 19:09:59 | 000,340,358 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\wdwd.rtf
[2010/11/25 08:22:09 | 000,061,440 | ---- | C] () -- C:\WINDA\System32\drivers\ouampou.sys
[2010/11/25 08:22:09 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010/11/23 23:06:16 | 000,000,000 | ---- | C] () -- C:\WINDA\Ibizus.bin
[2010/11/23 23:05:56 | 000,761,856 | ---- | C] () -- C:\WINDA\System32\drivers\irwaa.sys
[2010/11/23 09:17:08 | 013,744,752 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PT-Install-v3.08.exe
[2010/11/19 18:07:42 | 000,247,310 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachments.zip
[2010/11/17 08:37:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\~$PROUDS.doc
[2010/11/17 08:37:31 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PROUDS.doc
[2010/11/03 21:05:30 | 000,004,212 | -H-- | C] () -- C:\WINDA\System32\zllictbl.dat
[2010/11/03 20:22:55 | 000,443,392 | ---- | C] () -- C:\CKScanner.exe
[2010/11/03 20:15:56 | 046,957,056 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\zaSetup_92_076_000_en.exe
[2010/11/01 17:58:46 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\CKScanner.exe
[2010/10/31 00:32:34 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Logitech QuickCam.lnk
[2010/09/20 21:15:03 | 000,005,077 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Application Data\bltofzsb.qlf
[2010/08/28 00:58:04 | 000,057,126 | ---- | C] () -- C:\WINDA\System32\lvcoinst.ini
[2010/05/23 18:11:58 | 000,192,512 | ---- | C] () -- C:\WINDA\System32\SaXPWIA.dll
[2010/05/23 18:11:58 | 000,140,288 | ---- | C] () -- C:\WINDA\System32\SaXPEH.dll
[2010/05/23 18:11:58 | 000,138,240 | ---- | C] () -- C:\WINDA\System32\SaXPUIEx.dll
[2010/05/23 18:11:58 | 000,117,248 | ---- | C] () -- C:\WINDA\System32\SaXPIPH.dll
[2010/05/23 18:11:58 | 000,087,552 | ---- | C] () -- C:\WINDA\System32\SaXPSTI.dll
[2010/03/28 21:02:07 | 000,022,723 | ---- | C] () -- C:\WINDA\System32\sugw2l3.dll
[2010/02/23 18:28:09 | 000,281,760 | ---- | C] () -- C:\WINDA\System32\drivers\atksgt.sys
[2010/02/23 18:28:07 | 000,025,888 | ---- | C] () -- C:\WINDA\System32\drivers\lirsgt.sys
[2010/02/12 19:06:29 | 000,000,370 | ---- | C] () -- C:\WINDA\ODBC.INI
[2010/02/12 05:26:48 | 000,004,073 | ---- | C] () -- C:\WINDA\ODBCINST.INI
[2010/02/11 21:00:16 | 000,691,696 | ---- | C] () -- C:\WINDA\System32\drivers\sptd.sys
[2010/02/11 20:53:55 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 20:51:42 | 000,178,176 | ---- | C] () -- C:\WINDA\System32\unrar.dll
[2010/02/11 20:51:42 | 000,000,038 | ---- | C] () -- C:\WINDA\avisplitter.ini
[2010/02/11 20:51:41 | 000,881,664 | ---- | C] () -- C:\WINDA\System32\xvidcore.dll
[2010/02/11 20:51:41 | 000,205,824 | ---- | C] () -- C:\WINDA\System32\xvidvfw.dll
[2010/02/11 20:51:40 | 003,596,288 | ---- | C] () -- C:\WINDA\System32\qt-dx331.dll
[2010/02/11 20:51:39 | 000,085,504 | ---- | C] () -- C:\WINDA\System32\ff_vfw.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDA\System32\xlive.dll.cat
[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\WINDA\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\WINDA\System32\drivers\Lvckap.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDA\System32\OUTLPERF.INI

========== Files - Unicode (All) ==========
[2007/11/16 15:08:58 | 000,000,000 | ---D | M](C:\????????) -- C:\●●●●●●●●
[2007/11/16 15:08:58 | 000,000,000 | ---D | C](C:\????????) -- C:\●●●●●●●●

< End of report >




badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Mon 29 Nov 2010, 7:40 am

Hi,

Please upload this to virustotal and please send the link to the results in your next reply.

File: C:\WINDA\System32\drivers\irwaa.sys


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: think point aftermath

Post by badseed84 on Mon 29 Nov 2010, 8:04 pm

ok i tried to upload it to virustotal but i dont think it did it just came up with a window do not close until this upload finishes but after that nothing happened went back to the upload screen. I tried to copy it to a different location on the hard drive and i get the error message canot copy irwaa.sys cannnot read from source file. I tried to do it in safe mode but still the same error. It wont add as an atachement to an email as well.

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Wed 01 Dec 2010, 4:42 am

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: think point aftermath

Post by badseed84 on Wed 01 Dec 2010, 6:37 pm

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-16 780312]

c:\documents and settings\All Users.WINDA\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-10-24 81997]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - irwaa
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-12-01 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-11-29 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irwaa]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
.
Completion time: 2010-12-01 18:24:06
ComboFix-quarantined-files.txt 2010-12-01 07:24
ComboFix2.txt 2010-11-27 05:44
ComboFix3.txt 2010-10-25 09:00

Pre-Run: 200,435,486,720 bytes free
Post-Run: 200,470,028,288 bytes free

- - End Of File - - 040A9D40F0510ACAD6422B47E8615881

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Thu 02 Dec 2010, 5:23 am

Hi,

You only gave half of the log. Please navigate to C:\ComboFix.txt and post the full contents of the log.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: think point aftermath

Post by badseed84 on Thu 02 Dec 2010, 5:11 pm

ComboFix 10-11-30.04 - daniel 12/01/2010 18:14:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1508 [GMT 11:00]
Running from: c:\documents and settings\daniel.HOMW-20FD2517C1\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winda\system32\arp.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-11-29 08:32 . 2010-11-29 08:32 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-27 10:21 . 2010-11-27 10:21 -------- d-----w- c:\program files\AVG
2010-11-27 10:21 . 2010-11-28 02:36 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\avg9
2010-11-24 21:22 . 2010-11-24 21:22 61440 ----a-w- c:\winda\system32\drivers\ouampou.sys
2010-11-24 21:22 . 2010-11-24 21:22 574 ----a-w- C:\cleanup.bat
2010-11-24 21:21 . 2010-11-24 21:22 -------- d-----w- C:\3528a25f840bb5aa6ae2cb371b6f
2010-11-23 12:06 . 2010-11-23 12:06 0 ----a-w- c:\winda\Ibizus.bin
2010-11-23 12:06 . 2010-11-23 12:06 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{25897A17-9C8F-4DAF-AD1B-914FB1C53D7B}
2010-11-23 12:05 . 2010-12-01 07:23 761856 ----a-w- c:\winda\system32\drivers\irwaa.sys
2010-11-23 12:03 . 2010-11-27 10:09 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\935109F2C03AE81B78BC7B2534DDB2B8
2010-11-07 04:17 . 2010-11-07 04:17 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\TEMP
2010-11-03 10:06 . 2010-11-03 10:06 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\CheckPoint
2010-11-03 10:05 . 2010-11-03 10:05 -------- d-----w- c:\program files\Conduit
2010-11-03 10:05 . 2010-11-03 10:05 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Conduit
2010-11-03 10:05 . 2010-11-03 10:05 -------- d-----w- c:\program files\CheckPoint
2010-11-03 10:04 . 2010-11-28 02:33 -------- d-----w- c:\winda\Internet Logs
2010-11-03 09:22 . 2010-11-01 06:58 443392 ----a-w- C:\CKScanner.exe
2010-11-02 09:10 . 2010-11-02 09:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-02 09:10 . 2010-11-02 09:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 04:24 . 2010-02-11 08:19 15600 ----a-w- c:\winda\gdrv.sys
2010-10-23 05:15 . 2010-10-23 05:15 73728 ----a-w- c:\winda\system32\javacpl.cpl
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\winda\system32\deployJava1.dll
2010-10-12 14:01 . 2010-10-12 14:01 445016 ----a-w- c:\winda\system32\wrap_oal.dll
2010-10-12 14:01 . 2010-10-12 14:01 109144 ----a-w- c:\winda\system32\OpenAL32.dll
2010-09-18 06:53 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-01 08:00 954368 ----a-w- c:\winda\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-01 08:00 953856 ----a-w- c:\winda\system32\mfc40u.dll
2010-09-18 01:23 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42u.dll
2010-09-09 14:16 . 2004-09-01 08:00 667136 ----a-w- c:\winda\system32\wininet.dll
2010-09-09 14:16 . 2004-09-01 08:00 61952 ----a-w- c:\winda\system32\tdc.ocx
2010-09-09 14:16 . 2004-09-01 08:00 81920 ----a-w- c:\winda\system32\ieencode.dll
2010-09-08 16:49 . 2004-09-01 08:00 369664 ----a-w- c:\winda\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\winda\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\winda\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-16 505368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-16 780312]

c:\documents and settings\All Users.WINDA\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-10-24 81997]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - irwaa
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-12-01 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-11-29 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irwaa]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
.
Completion time: 2010-12-01 18:24:06
ComboFix-quarantined-files.txt 2010-12-01 07:24
ComboFix2.txt 2010-11-27 05:44
ComboFix3.txt 2010-10-25 09:00

Pre-Run: 200,435,486,720 bytes free
Post-Run: 200,470,028,288 bytes free

- - End Of File - - 040A9D40F0510ACAD6422B47E8615881

badseed84

Newbie Surfer
Newbie Surfer

Posts : 16
Joined : 2010-10-23
Operating System : windows xp sp3

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Sun 05 Dec 2010, 10:37 am

Hi,

Please download TDSSKiller from here and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: think point aftermath

Post by Sponsored content Today at 1:09 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum