think point aftermath

View previous topic View next topic Go down

think point aftermath

Post by badseed84 on Sat Oct 23, 2010 6:37 am

ok i thought i might help myself only by doing a bit of research on the net but no it wont be possible i need the pro help. Ok i had the think point junk yesterday managed to get rid of it using rkill then superantispyware then malwarebytes. The scans i do now show everything is ok but i have a problem with the internet. When i start windows my internet is workin like 10 minutes then it stops. I switch my router on and off and the internet is working for another 15 minutes and then i have to restart my router again i tried winsock fix but it didnt help i did all the updates and here is my log below.


OTL logfile created on: 10/23/2010 4:53:27 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDA | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 13.47 Gb Free Space | 3.61% Space Free | Partition Type: NTFS
Drive D: | 281.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIELHERDZIK | User Name: daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/23 16:28:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads\OTL.com
PRC - [2010/10/08 16:44:03 | 007,458,816 | ---- | M] () -- C:\Program Files\Full Tilt Poker\FullTiltPoker.exe
PRC - [2010/10/08 14:00:10 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010/09/29 01:04:57 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/04/03 16:01:41 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/11/24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/10/30 22:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDA\explorer.exe
PRC - [2006/06/27 05:34:58 | 000,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2006/06/27 05:34:40 | 000,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/06/27 05:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/27 05:33:32 | 000,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/27 04:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2002/08/21 05:13:12 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\WINDA\system32\WISPTIS.EXE


========== Modules (SafeList) ==========

MOD - [2010/10/23 16:28:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads\OTL.com
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDA\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDA\system32\msscript.ocx
MOD - [2006/06/27 05:33:42 | 000,091,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/06/27 05:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2006/06/27 05:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDA\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - [2010/05/11 05:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 18:28:09 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/23 18:28:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/18 05:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 21:00:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDA\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 19:23:37 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDA\gdrv.sys -- (gdrv)
DRV - [2009/10/12 22:15:30 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/09/30 15:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/02/19 22:13:42 | 000,084,320 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/10/29 15:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/03/28 18:45:38 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 19:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/23 09:29:46 | 000,038,960 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/23 09:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LV302AV.SYS -- (PID_08A0) Logitech QuickCam IM(PID_08A0)
DRV - [2006/06/23 09:29:27 | 000,012,080 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2006/02/07 22:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\JGOGO.sys -- (JGOGO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDA\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.17.123.186:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {8C025A67-C8E7-4771-8812-1B3483BAB445}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Firefox\extensions\\{8C025A67-C8E7-4771-8812-1B3483BAB445}: C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445} [2010/10/22 22:12:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/26 20:37:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/23 16:15:43 | 000,000,000 | ---D | M]

[2010/03/22 11:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Extensions
[2010/10/23 16:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions
[2010/10/23 15:47:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/23 16:25:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 20:38:20 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/23 16:15:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/23 16:15:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/23 15:32:51 | 000,000,736 | ---- | M]) - C:\WINDA\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDA\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDA\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDA\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [LVCOMSX] C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [kamsoft] C:\WINDA\System32\kamsoft.exe File not found
O4 - HKCU..\Run: [MHqW] C:\WINDA\drweb.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDA\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDA\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDA\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/11 18:49:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/30 14:07:12 | 000,000,038 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3d5119e5-3d8d-11df-b751-001a4d454fef}\Shell\AutoRun\command - "" = F:\.\garbage\pizdec.exe -- File not found
O33 - MountPoints2\{3d5119e5-3d8d-11df-b751-001a4d454fef}\Shell\explore\command - "" = F:\garbage\\pizdec.exe -- File not found
O33 - MountPoints2\{3d5119e5-3d8d-11df-b751-001a4d454fef}\Shell\open\command - "" = F:\garbage\\pizdec.exe -- File not found
O33 - MountPoints2\{d9258ee6-bfe5-11df-b75e-001a4d454fef}\Shell\AutoRun\command - "" = F:\m9ma.exe -- File not found
O33 - MountPoints2\{d9258ee6-bfe5-11df-b75e-001a4d454fef}\Shell\explore\Command - "" = F:\m9ma.exe -- File not found
O33 - MountPoints2\{d9258ee6-bfe5-11df-b75e-001a4d454fef}\Shell\open\Command - "" = F:\m9ma.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rootrepeal.sys - Reg Error: Value error.
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDA\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDA\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDA\system32\Rundll32.exe c:\WINDA\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDA\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDA\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDA\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDA\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDA\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDA\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDA\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDA\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDA\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDA\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDA\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDA\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDA\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDA\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDA\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDA\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDA\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDA\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDA\System32\yv12vfw.dll ([You must be registered and logged in to see this link.]

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/10/23 16:28:51 | 027,634,824 | ---- | C] ( ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\AdbeRdr940_en_US.exe
[2010/10/23 16:15:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Sun
[2010/10/23 16:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/10/23 16:15:43 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\deployJava1.dll
[2010/10/23 16:15:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaws.exe
[2010/10/23 16:15:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaw.exe
[2010/10/23 16:15:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\java.exe
[2010/10/23 16:15:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javacpl.cpl
[2010/10/23 16:13:06 | 000,000,000 | ---D | C] -- C:\WINDA\System32\appmgmt
[2010/10/23 16:03:22 | 016,308,000 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/23 15:59:25 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-iftw-rv.exe
[2010/10/23 12:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\SUPERAntiSpyware.com
[2010/10/23 12:46:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\SUPERAntiSpyware.com
[2010/10/23 12:42:06 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\sdasd.exe
[2010/10/23 02:01:35 | 000,000,000 | ---D | C] -- C:\Program Files\pizdeczkumioa
[2010/10/23 01:57:54 | 006,259,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\duparules.exe
[2010/10/23 01:55:26 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\dupa.exe
[2010/10/23 00:14:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdfkjkl
[2010/10/22 23:22:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdf
[2010/10/22 23:18:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Malwarebytes
[2010/10/22 23:18:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDA\System32\drivers\mbamswissarmy.sys
[2010/10/22 23:18:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDA\System32\drivers\mbam.sys
[2010/10/22 23:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Malwarebytes
[2010/10/22 23:10:18 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\guj.exe
[2010/10/22 22:38:24 | 000,000,000 | -HSD | C] -- C:\WINDA\CSC
[2010/10/22 22:12:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}
[2010/10/22 19:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\PartyPoker_Installer
[2010/10/16 05:45:57 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\mfc42.dll
[2010/10/16 05:45:57 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\mfc40u.dll
[2010/10/16 05:44:34 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\comctl32.dll
[2010/10/16 05:39:56 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\helpsvc.exe
[2010/10/16 05:34:07 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\jscript.dll
[2010/10/13 01:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Codemasters
[2010/10/13 01:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\My Games
[2010/10/13 01:01:42 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\WINDA\System32\mkl_blueripple.dll
[2010/10/13 01:01:42 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\WINDA\System32\rapture3d_oal.dll
[2010/10/13 01:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2010/10/13 01:01:40 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\D3DCompiler_43.dll
[2010/10/13 01:01:40 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAudio2_7.dll
[2010/10/13 01:01:40 | 000,445,016 | ---- | C] (Creative Labs) -- C:\WINDA\System32\wrap_oal.dll
[2010/10/13 01:01:40 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xactengine3_7.dll
[2010/10/13 01:01:40 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDA\System32\OpenAL32.dll
[2010/10/13 01:01:40 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAPOFX1_5.dll
[2010/10/13 01:01:39 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\D3DX9_43.dll
[2010/10/13 01:01:39 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dcsx_43.dll
[2010/10/13 01:01:39 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAudio2_6.dll
[2010/10/13 01:01:39 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dx10_43.dll
[2010/10/13 01:01:39 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dx11_43.dll
[2010/10/13 01:01:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xactengine3_6.dll
[2010/10/13 01:01:39 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAPOFX1_4.dll
[2010/10/13 01:01:38 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\X3DAudio1_7.dll
[2010/10/13 01:01:37 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dcsx_42.dll
[2010/10/13 01:01:37 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\D3DCompiler_42.dll
[2010/10/13 01:01:37 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\XAudio2_5.dll
[2010/10/13 01:01:37 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xactengine3_5.dll
[2010/10/13 01:01:37 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\d3dx11_42.dll
[2010/10/13 01:00:28 | 000,000,000 | ---D | C] -- C:\WINDA\System32\XPSViewer
[2010/10/13 00:59:15 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\printfilterpipelinesvc.exe
[2010/10/13 00:59:15 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\xpsshhdr.dll
[2010/10/13 00:59:15 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\prntvpt.dll
[2010/10/13 00:59:15 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\filterpipelineprintproc.dll
[2010/10/13 00:59:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\xpssvcs.dll
[2010/10/13 00:59:14 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\xpssvcs.dll
[2010/10/13 00:59:14 | 000,000,000 | ---D | C] -- C:\ec6c142c762ddb50a225997fc0
[2010/10/13 00:58:49 | 000,000,000 | R-SD | C] -- C:\WINDA\assembly
[2010/10/13 00:58:37 | 000,000,000 | ---D | C] -- C:\WINDA\Microsoft.NET
[2010/10/13 00:23:50 | 000,000,000 | ---D | C] -- C:\WINDA\Minidump
[2010/10/13 00:21:22 | 000,000,000 | ---D | C] -- C:\WINDA\Prefetch
[2010/10/12 23:57:11 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\msxml6.dll
[2010/10/12 23:57:11 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\dpcdll.dll
[2010/10/12 23:57:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\msxml6r.dll
[2010/10/12 23:57:11 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dllcache\msxml6r.dll
[2010/10/12 23:57:06 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\irbus.sys
[2010/10/12 23:57:06 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\smtpapi.dll
[2010/10/12 23:57:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\rwnh.dll
[2010/10/12 23:57:06 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\comsdupd.exe
[2010/10/12 23:57:04 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDA\System32\ati3d1ag.dll
[2010/10/12 23:57:04 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ati2dvaa.dll
[2010/10/12 23:57:04 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\azroles.dll
[2010/10/12 23:57:04 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\aaclient.dll
[2010/10/12 23:57:04 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ativtmxx.dll
[2010/10/12 23:57:04 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ativmvxx.ax
[2010/10/12 23:57:04 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\ativdaxx.ax
[2010/10/12 23:57:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\bitsprx4.dll
[2010/10/12 23:57:03 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3ui.dll
[2010/10/12 23:57:03 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3cfg.dll
[2010/10/12 23:57:03 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3msm.dll
[2010/10/12 23:57:03 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dhcpqec.dll
[2010/10/12 23:57:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3gpclnt.dll
[2010/10/12 23:57:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dimsroam.dll
[2010/10/12 23:57:03 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3api.dll
[2010/10/12 23:57:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\dot3dlg.dll
[2010/10/12 23:57:02 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapp3hst.dll
[2010/10/12 23:57:02 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapphost.dll
[2010/10/12 23:57:02 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eappcfg.dll
[2010/10/12 23:57:02 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eappgnui.dll
[2010/10/12 23:57:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapqec.dll
[2010/10/12 23:57:02 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eappprxy.dll
[2010/10/12 23:57:02 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDA\System32\hsfcisp2.dll
[2010/10/12 23:57:02 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\eapolqec.dll
[2010/10/12 23:57:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdbhc.dll
[2010/10/12 23:57:01 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDA\System32\mtxparhd.dll
[2010/10/12 23:57:01 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mmcex.dll
[2010/10/12 23:57:01 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\napmontr.dll
[2010/10/12 23:57:01 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\microsoft.managementconsole.dll
[2010/10/12 23:57:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\napstat.exe
[2010/10/12 23:57:01 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mssha.dll
[2010/10/12 23:57:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mmcfxcommon.dll
[2010/10/12 23:57:01 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDA\System32\mdmxsdk.dll
[2010/10/12 23:57:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\msshavmsg.dll
[2010/10/12 23:57:01 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\l2gpstore.dll
[2010/10/12 23:57:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\mmcperf.exe
[2010/10/12 23:57:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\napipsec.dll
[2010/10/12 23:57:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdpash.dll
[2010/10/12 23:57:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdnepr.dll
[2010/10/12 23:57:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\kbdiultn.dll
[2010/10/12 23:57:00 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDA\System32\nv4_disp.dll
[2010/10/12 23:57:00 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\photometadatahandler.dll
[2010/10/12 23:57:00 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDA\System32\s3gnb.dll
[2010/10/12 23:57:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\rhttpaa.dll
[2010/10/12 23:57:00 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDA\System32\slextspk.dll
[2010/10/12 23:57:00 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDA\System32\slgen.dll
[2010/10/12 23:57:00 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\qagent.dll
[2010/10/12 23:57:00 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\onex.dll
[2010/10/12 23:57:00 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\qutil.dll
[2010/10/12 23:57:00 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDA\System32\slcoinst.dll
[2010/10/12 23:57:00 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDA\System32\slserv.exe
[2010/10/12 23:57:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\qcliprov.dll
[2010/10/12 23:57:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\rasqec.dll
[2010/10/12 23:57:00 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\tsgqec.dll
[2010/10/12 23:57:00 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDA\System32\slrundll.exe
[2010/10/12 23:57:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\setupn.exe
[2010/10/12 23:57:00 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\verclsid.exe
[2010/10/12 23:56:59 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\windowscodecs.dll
[2010/10/12 23:56:59 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\windowscodecsext.dll
[2010/10/12 23:56:59 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\wmphoto.dll
[2010/10/12 23:56:59 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\wlanapi.dll
[2010/10/12 23:56:59 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDA\slrundll.exe
[2010/10/12 23:56:59 | 000,000,000 | ---D | C] -- C:\WINDA\System32\en-us
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\System32\scripting
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\l2schemas
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\System32\en
[2010/10/12 23:56:58 | 000,000,000 | ---D | C] -- C:\WINDA\System32\bits
[2010/10/12 23:52:52 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1rvxx.sys
[2010/10/12 23:52:52 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1btxx.sys
[2010/10/12 23:52:52 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDA\System32\drivers\amdagp.sys
[2010/10/12 23:52:52 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1tuxx.sys
[2010/10/12 23:52:52 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1xsxx.sys
[2010/10/12 23:52:52 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1raxx.sys
[2010/10/12 23:52:52 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1xbxx.sys
[2010/10/12 23:52:52 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1snxx.sys
[2010/10/12 23:52:52 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1ttxx.sys
[2010/10/12 23:52:52 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1pdxx.sys
[2010/10/12 23:52:52 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati1mdxx.sys
[2010/10/12 23:52:52 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv01nt5.dll
[2010/10/12 23:52:52 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv02nt5.dll
[2010/10/12 23:52:52 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv11nt5.dll
[2010/10/12 23:52:52 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv09nt5.dll
[2010/10/12 23:52:52 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv07nt5.dll
[2010/10/12 23:52:52 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv05nt5.dll
[2010/10/12 23:52:52 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\adv08nt5.dll
[2010/10/12 23:52:52 | 000,000,000 | ---D | C] -- C:\WINDA\network diagnostic
[2010/10/12 23:52:51 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\ati2mtaa.sys
[2010/10/12 23:52:51 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinrvxx.sys
[2010/10/12 23:52:51 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atintuxx.sys
[2010/10/12 23:52:51 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinbtxx.sys
[2010/10/12 23:52:51 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinraxx.sys
[2010/10/12 23:52:51 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinsnxx.sys
[2010/10/12 23:52:51 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinpdxx.sys
[2010/10/12 23:52:51 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinttxx.sys
[2010/10/12 23:52:51 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinmdxx.sys
[2010/10/12 23:52:50 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinxsxx.sys
[2010/10/12 23:52:50 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\bthprint.sys
[2010/10/12 23:52:50 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDA\System32\drivers\atinxbxx.sys
[2010/10/12 23:52:50 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv04nt5.dll
[2010/10/12 23:52:50 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv01nt5.dll
[2010/10/12 23:52:50 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv10nt5.dll
[2010/10/12 23:52:50 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\ch7xxnt5.dll
[2010/10/12 23:52:50 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv06nt5.dll
[2010/10/12 23:52:50 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\atv02nt5.dll
[2010/10/12 23:52:49 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\mtlmnt5.sys
[2010/10/12 23:52:48 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDA\System32\drivers\nv4_mini.sys
[2010/10/12 23:52:48 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\mtlstrm.sys
[2010/10/12 23:52:48 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDA\System32\drivers\mtxparhm.sys
[2010/10/12 23:52:48 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\ntmtlfax.sys
[2010/10/12 23:52:48 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDA\System32\drivers\s3gnbm.sys
[2010/10/12 23:52:48 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\rndismpx.sys
[2010/10/12 23:52:48 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\recagent.sys
[2010/10/12 23:52:48 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\mutohpen.sys
[2010/10/12 23:52:48 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\siint5.dll
[2010/10/12 23:52:47 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slntamr.sys
[2010/10/12 23:52:47 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slnt7554.sys
[2010/10/12 23:52:47 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slnthal.sys
[2010/10/12 23:52:47 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDA\System32\drivers\sisagp.sys
[2010/10/12 23:52:47 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDA\System32\drivers\slwdmsup.sys
[2010/10/12 23:52:47 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\vchnt5.dll
[2010/10/12 23:52:47 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDA\System32\drivers\smbali.sys
[2010/10/12 23:52:46 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\watv10nt.sys
[2010/10/12 23:52:46 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\watv06nt.sys
[2010/10/12 23:52:46 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv11nt.sys
[2010/10/12 23:52:46 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv09nt.sys
[2010/10/12 23:52:46 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv07nt.sys
[2010/10/12 23:52:46 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDA\System32\drivers\wadv08nt.sys
[2010/10/12 23:50:36 | 000,000,000 | -H-D | C] -- C:\WINDA\$NtServicePackUninstall$
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/23 16:55:17 | 000,845,824 | ---- | M] () -- C:\WINDA\System32\drivers\hxizv.sys
[2010/10/23 16:52:17 | 000,001,766 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Adobe Reader 9.lnk
[2010/10/23 16:51:32 | 027,634,824 | ---- | M] ( ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\AdbeRdr940_en_US.exe
[2010/10/23 16:36:00 | 000,001,014 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
[2010/10/23 16:25:22 | 000,000,256 | ---- | M] () -- C:\WINDA\tasks\WGASetup.job
[2010/10/23 16:25:15 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At17.job
[2010/10/23 16:25:13 | 000,002,048 | --S- | M] () -- C:\WINDA\bootstat.dat
[2010/10/23 16:15:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\deployJava1.dll
[2010/10/23 16:15:32 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaws.exe
[2010/10/23 16:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javaw.exe
[2010/10/23 16:15:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\java.exe
[2010/10/23 16:15:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDA\System32\javacpl.cpl
[2010/10/23 16:07:45 | 016,308,000 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-s.exe
[2010/10/23 15:59:38 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\jre-6u22-windows-i586-iftw-rv.exe
[2010/10/23 15:34:59 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At16.job
[2010/10/23 15:32:51 | 000,000,736 | ---- | M] () -- C:\WINDA\System32\drivers\etc\hosts
[2010/10/23 15:04:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At14.job
[2010/10/23 14:17:55 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/23 14:09:01 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At15.job
[2010/10/23 12:46:31 | 000,001,719 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/23 12:46:07 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\sdasd.exe
[2010/10/23 12:34:21 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At13.job
[2010/10/23 12:16:38 | 000,000,120 | ---- | M] () -- C:\WINDA\Qmecunepozanij.dat
[2010/10/23 01:59:37 | 006,259,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\duparules.exe
[2010/10/23 01:57:26 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\dupa.exe
[2010/10/23 01:52:57 | 000,000,000 | ---- | M] () -- C:\WINDA\Ibizus.bin
[2010/10/22 23:27:24 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 23:25:09 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At24.job
[2010/10/22 23:14:47 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\ssssss.com
[2010/10/22 23:13:04 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\guj.exe
[2010/10/22 22:50:28 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\install
[2010/10/22 22:49:44 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At23.job
[2010/10/22 22:22:13 | 000,002,206 | ---- | M] () -- C:\WINDA\System32\wpa.dbl
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At9.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At8.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At7.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At6.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At5.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At4.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At3.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At22.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At21.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At20.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At2.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At19.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At18.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At12.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At11.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At10.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | M] () -- C:\WINDA\tasks\At1.job
[2010/10/22 19:33:33 | 000,000,851 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Install PartyPoker.lnk
[2010/10/22 19:30:52 | 000,609,488 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PartyPokerSetup.exe
[2010/10/22 04:36:00 | 000,000,962 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
[2010/10/18 03:01:56 | 000,435,260 | ---- | M] () -- C:\WINDA\System32\perfh009.dat
[2010/10/18 03:01:56 | 000,068,156 | ---- | M] () -- C:\WINDA\System32\perfc009.dat
[2010/10/17 03:31:26 | 000,194,568 | ---- | M] () -- C:\WINDA\System32\FNTCACHE.DAT
[2010/10/17 03:14:16 | 000,001,393 | ---- | M] () -- C:\WINDA\imsins.BAK
[2010/10/13 19:38:09 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/13 19:38:09 | 000,000,633 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Opera.lnk
[2010/10/13 19:31:58 | 000,000,664 | ---- | M] () -- C:\WINDA\System32\d3d9caps.dat
[2010/10/13 01:01:40 | 000,445,016 | ---- | M] (Creative Labs) -- C:\WINDA\System32\wrap_oal.dll
[2010/10/13 01:01:40 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDA\System32\OpenAL32.dll
[2010/10/13 00:40:09 | 000,029,715 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__PC_DVD__Multi5__Spanish__www_consolasatope_com_.torrent
[2010/10/13 00:22:00 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/12 23:44:09 | 571,322,368 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
[2010/10/08 22:40:35 | 000,029,546 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__2010___PC_DVD9__MULTi5_.torrent
[2010/10/04 01:25:18 | 000,021,714 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\33_New_Poker_Books.torrent
[2010/10/03 21:38:03 | 000,020,803 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Your SKYCOMP.COM.AU - Order Details.mht
[2010/10/01 22:15:22 | 000,018,232 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\M_I_A__Complete_Discography.torrent
[2010/09/26 00:21:10 | 000,000,833 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/23 16:52:17 | 000,001,766 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Adobe Reader 9.lnk
[2010/10/23 12:46:31 | 000,001,719 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/22 23:27:24 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/22 23:18:13 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/22 23:14:47 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\ssssss.com
[2010/10/22 22:50:28 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\install
[2010/10/22 22:12:09 | 000,000,120 | ---- | C] () -- C:\WINDA\Qmecunepozanij.dat
[2010/10/22 22:12:09 | 000,000,000 | ---- | C] () -- C:\WINDA\Ibizus.bin
[2010/10/22 22:11:16 | 000,845,824 | ---- | C] () -- C:\WINDA\System32\drivers\hxizv.sys
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At24.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At23.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At22.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At21.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At20.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At19.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At18.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At17.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At16.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At15.job
[2010/10/22 22:10:19 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At14.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At9.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At8.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At7.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At6.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At5.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At4.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At3.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At2.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At13.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At12.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At11.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At10.job
[2010/10/22 22:10:18 | 000,000,402 | ---- | C] () -- C:\WINDA\tasks\At1.job






badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sat Oct 23, 2010 6:38 am

[2010/10/22 19:31:15 | 000,000,851 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Install PartyPoker.lnk
[2010/10/22 19:30:48 | 000,609,488 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PartyPokerSetup.exe
[2010/10/13 19:30:25 | 000,000,664 | ---- | C] () -- C:\WINDA\System32\d3d9caps.dat
[2010/10/13 00:40:09 | 000,029,715 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__PC_DVD__Multi5__Spanish__www_consolasatope_com_.torrent
[2010/10/12 23:52:50 | 000,129,045 | ---- | C] () -- C:\WINDA\System32\drivers\cxthsfs2.cty
[2010/10/12 23:52:50 | 000,064,352 | ---- | C] () -- C:\WINDA\System32\drivers\ativmc20.cod
[2010/10/12 23:52:48 | 000,067,866 | ---- | C] () -- C:\WINDA\System32\drivers\netwlan5.img
[2010/10/12 21:04:34 | 571,322,368 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\xpsp3_5512.080413-2113_usa_x86fre_spcd.iso
[2010/10/08 22:40:35 | 000,029,546 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\F1_2010__2010___PC_DVD9__MULTi5_.torrent
[2010/10/04 01:25:18 | 000,021,714 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\33_New_Poker_Books.torrent
[2010/10/03 21:38:03 | 000,020,803 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\Your SKYCOMP.COM.AU - Order Details.mht
[2010/10/01 22:15:22 | 000,018,232 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\M_I_A__Complete_Discography.torrent
[2010/09/26 00:21:10 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/09/20 21:15:03 | 000,005,077 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Application Data\bltofzsb.qlf
[2010/08/28 00:58:04 | 000,022,334 | R--- | C] () -- C:\WINDA\System32\lvcoinst.ini
[2010/05/23 18:11:58 | 000,192,512 | ---- | C] () -- C:\WINDA\System32\SaXPWIA.dll
[2010/05/23 18:11:58 | 000,140,288 | ---- | C] () -- C:\WINDA\System32\SaXPEH.dll
[2010/05/23 18:11:58 | 000,138,240 | ---- | C] () -- C:\WINDA\System32\SaXPUIEx.dll
[2010/05/23 18:11:58 | 000,117,248 | ---- | C] () -- C:\WINDA\System32\SaXPIPH.dll
[2010/05/23 18:11:58 | 000,087,552 | ---- | C] () -- C:\WINDA\System32\SaXPSTI.dll
[2010/03/28 21:02:07 | 000,022,723 | ---- | C] () -- C:\WINDA\System32\sugw2l3.dll
[2010/02/23 18:28:09 | 000,281,760 | ---- | C] () -- C:\WINDA\System32\drivers\atksgt.sys
[2010/02/23 18:28:07 | 000,025,888 | ---- | C] () -- C:\WINDA\System32\drivers\lirsgt.sys
[2010/02/12 19:06:29 | 000,000,370 | ---- | C] () -- C:\WINDA\ODBC.INI
[2010/02/12 05:26:48 | 000,004,073 | ---- | C] () -- C:\WINDA\ODBCINST.INI
[2010/02/11 21:00:16 | 000,691,696 | ---- | C] () -- C:\WINDA\System32\drivers\sptd.sys
[2010/02/11 20:53:55 | 000,171,008 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 20:51:42 | 000,178,176 | ---- | C] () -- C:\WINDA\System32\unrar.dll
[2010/02/11 20:51:42 | 000,000,038 | ---- | C] () -- C:\WINDA\avisplitter.ini
[2010/02/11 20:51:41 | 000,881,664 | ---- | C] () -- C:\WINDA\System32\xvidcore.dll
[2010/02/11 20:51:41 | 000,205,824 | ---- | C] () -- C:\WINDA\System32\xvidvfw.dll
[2010/02/11 20:51:40 | 003,596,288 | ---- | C] () -- C:\WINDA\System32\qt-dx331.dll
[2010/02/11 20:51:39 | 000,085,504 | ---- | C] () -- C:\WINDA\System32\ff_vfw.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDA\System32\xlive.dll.cat
[2006/06/26 11:33:40 | 000,023,472 | ---- | C] () -- C:\WINDA\System32\drivers\LVPr2Mon.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDA\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2010/02/11 18:49:53 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/11 18:43:20 | 000,000,317 | -HS- | M] () -- C:\boot.ini
[2009/09/17 15:49:22 | 000,015,714 | ---- | M] () -- C:\ComboFix.txt
[2010/02/11 18:49:53 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/11 19:25:29 | 000,000,197 | ---- | M] () -- C:\csb.log
[2009/10/18 20:09:01 | 000,000,319 | ---- | M] () -- C:\drmHeader.bin
[2007/11/08 17:06:53 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/10/23 16:18:10 | 000,006,295 | ---- | M] () -- C:\JavaRa.log
[2010/08/28 01:19:42 | 000,008,300 | ---- | M] () -- C:\lvcoinst.log
[2009/09/17 16:05:18 | 000,107,761 | ---- | M] () -- C:\MGlogs.zip
[2007/11/08 17:06:53 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 23:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/05/18 15:55:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/10/23 16:25:06 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/02/11 19:25:17 | 000,000,423 | ---- | M] () -- C:\RHDSetup.log
[2010/10/23 12:40:01 | 000,000,411 | ---- | M] () -- C:\rkill.log
[2010/10/23 02:00:22 | 000,074,682 | ---- | M] () -- C:\TDSSKiller.2.4.4.0_23.10.2010_01.58.20_log.txt

< %PROGRAMFILES%*. >
[2007/11/22 16:05:51 | 000,000,000 | ---D | M] -- C:\Program Files\AC3Filter
[2008/10/31 17:36:05 | 000,000,000 | ---D | M] -- C:\Program Files\Acro Software
[2009/04/28 14:37:56 | 000,000,000 | ---D | M] -- C:\Program Files\Activision
[2010/04/08 21:49:25 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2008/11/10 11:19:00 | 000,000,000 | ---D | M] -- C:\Program Files\AGEIA Technologies
[2009/12/04 19:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\Alarm
[2009/12/04 19:05:24 | 000,000,000 | ---D | M] -- C:\Program Files\Alarm Clock
[2009/08/31 12:53:22 | 000,000,000 | ---D | M] -- C:\Program Files\Alawar
[2010/02/12 19:16:53 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/11/18 15:43:34 | 000,000,000 | ---D | M] -- C:\Program Files\Atari
[2010/01/13 11:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2008/02/15 17:41:30 | 000,000,000 | ---D | M] -- C:\Program Files\BackStreet Browser 3.1
[2008/02/18 11:46:25 | 000,000,000 | ---D | M] -- C:\Program Files\Bobyte
[2010/02/12 19:17:50 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/10/13 01:01:43 | 000,000,000 | ---D | M] -- C:\Program Files\BRS
[2009/09/17 13:31:03 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2010/10/13 00:46:45 | 000,000,000 | ---D | M] -- C:\Program Files\Codemasters
[2010/10/23 16:15:52 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2007/11/08 17:04:45 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/11/30 17:36:17 | 000,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/04/27 13:02:47 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools
[2010/02/11 21:01:55 | 000,000,000 | ---D | M] -- C:\Program Files\DAEMON Tools Lite
[2008/02/18 12:39:58 | 000,000,000 | ---D | M] -- C:\Program Files\DebugMode
[2009/04/26 14:37:05 | 000,000,000 | ---D | M] -- C:\Program Files\Deluxe Ski Jump 3
[2010/02/11 19:52:55 | 000,000,000 | ---D | M] -- C:\Program Files\Device Doctor
[2009/09/18 17:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2009/10/25 17:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\DigiDNA
[2009/07/15 08:12:54 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/05/10 15:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\Driver-Soft
[2009/06/04 07:26:15 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2008/12/25 08:53:56 | 000,000,000 | ---D | M] -- C:\Program Files\EA Sports
[2009/11/02 07:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\Eidos
[2008/04/27 12:51:39 | 000,000,000 | ---D | M] -- C:\Program Files\Electronic Arts
[2009/10/22 12:36:06 | 000,000,000 | ---D | M] -- C:\Program Files\FreeRIP3
[2010/10/23 16:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Full Tilt Poker
[2007/11/25 20:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\Gadu-Gadu
[2010/09/05 20:26:35 | 000,000,000 | ---D | M] -- C:\Program Files\Gadu-Gadu 10
[2008/08/12 14:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2009/06/16 12:54:47 | 000,000,000 | ---D | M] -- C:\Program Files\GPLGS
[2010/04/11 22:04:31 | 000,000,000 | ---D | M] -- C:\Program Files\Guitar Pro 5
[2008/12/19 02:47:00 | 000,000,000 | ---D | M] -- C:\Program Files\Handbrake
[2010/06/01 20:34:55 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2007/11/12 18:42:49 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/10/13 00:20:58 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/10/25 16:55:44 | 000,000,000 | ---D | M] -- C:\Program Files\iPhoneBrowser
[2010/02/12 19:18:20 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/02/12 19:18:35 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2007/11/16 16:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\IZArc
[2010/04/04 22:46:00 | 000,000,000 | ---D | M] -- C:\Program Files\Jamorama
[2010/10/23 16:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/04/30 13:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\JoWood
[2010/02/11 20:51:40 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2009/11/06 13:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\KONAMI
[2008/12/28 11:13:15 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2010/02/11 20:00:06 | 000,000,000 | ---D | M] -- C:\Program Files\LSI SoftModem
[2009/04/26 14:38:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mafia
[2010/10/22 23:18:13 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/22 23:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdf
[2010/10/23 14:17:55 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malwarefdfdfkjkl
[2009/04/26 14:38:30 | 000,000,000 | ---D | M] -- C:\Program Files\McDonaldsDragons
[2007/11/25 18:15:04 | 000,000,000 | ---D | M] -- C:\Program Files\Media Player Classic
[2008/07/16 16:06:39 | 000,000,000 | ---D | M] -- C:\Program Files\MediaCoder
[2010/10/13 00:00:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/11/23 15:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2007/11/08 17:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/05/18 16:40:44 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/05/11 09:36:12 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliType Pro
[2007/11/23 15:35:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/03/21 14:47:50 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2007/11/23 15:35:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/05/02 14:08:40 | 000,000,000 | ---D | M] -- C:\Program Files\Midway Games
[2008/10/04 14:08:21 | 000,000,000 | ---D | M] -- C:\Program Files\Monte Cristo
[2010/10/17 03:05:00 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/10/23 16:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2009/05/18 14:37:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2007/11/08 17:03:56 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2007/11/08 17:04:37 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2007/11/14 13:13:54 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/05/11 09:35:40 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/12/15 09:29:38 | 000,000,000 | ---D | M] -- C:\Program Files\NAVIGON
[2007/11/28 14:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2010/10/12 23:54:27 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/05/01 14:55:58 | 000,000,000 | ---D | M] -- C:\Program Files\Ninja Reflex
[2009/12/19 13:36:18 | 000,000,000 | ---D | M] -- C:\Program Files\Nokia
[2009/06/04 13:03:25 | 000,000,000 | ---D | M] -- C:\Program Files\NovaLogic
[2010/01/13 14:11:01 | 000,000,000 | ---D | M] -- C:\Program Files\obj
[2007/11/08 17:04:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/10/13 01:01:40 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2010/10/22 23:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/10/17 03:31:24 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/09/01 00:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\PartyGaming
[2009/12/19 13:36:11 | 000,000,000 | ---D | M] -- C:\Program Files\PC Connectivity Solution
[2009/05/10 14:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\PC Drivers HeadQuarters
[2008/04/06 13:25:25 | 000,000,000 | ---D | M] -- C:\Program Files\Pirate Poppers
[2008/07/21 12:52:13 | 000,000,000 | ---D | M] -- C:\Program Files\PIXELA
[2010/10/23 02:01:38 | 000,000,000 | ---D | M] -- C:\Program Files\pizdeczkumioa
[2009/08/02 15:09:13 | 000,000,000 | ---D | M] -- C:\Program Files\PKR
[2010/10/22 19:33:21 | 000,000,000 | ---D | M] -- C:\Program Files\PokerStars
[2010/10/18 23:21:04 | 000,000,000 | ---D | M] -- C:\Program Files\PokerTracker 3
[2010/09/20 21:28:06 | 000,000,000 | ---D | M] -- C:\Program Files\PostgreSQL
[2010/02/12 19:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/11/23 15:50:11 | 000,000,000 | ---D | M] -- C:\Program Files\Readiris
[2007/11/25 18:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\Real Alternative
[2010/02/11 19:24:36 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/05/18 14:36:28 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2008/04/06 13:25:12 | 000,000,000 | ---D | M] -- C:\Program Files\ReflexiveArcade
[2009/09/12 13:55:26 | 000,000,000 | ---D | M] -- C:\Program Files\Rockstar Games
[2007/11/12 15:33:50 | 000,000,000 | ---D | M] -- C:\Program Files\Samsung
[2010/01/28 12:15:53 | 000,000,000 | ---D | M] -- C:\Program Files\Sega
[2008/10/06 16:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\Sierra
[2010/08/28 00:13:43 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2007/11/23 15:50:24 | 000,000,000 | ---D | M] -- C:\Program Files\SmarThru 4
[2008/07/21 13:06:18 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Corporation
[2009/12/29 20:21:30 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek
[2010/10/23 12:46:34 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2008/02/18 12:21:42 | 000,000,000 | ---D | M] -- C:\Program Files\t@b
[2010/01/12 17:28:02 | 000,000,000 | ---D | M] -- C:\Program Files\Techland
[2010/01/28 11:39:39 | 000,000,000 | ---D | M] -- C:\Program Files\The Alawar Compendium
[2009/12/13 10:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Tournament Indicator
[2008/10/31 17:00:49 | 000,000,000 | ---D | M] -- C:\Program Files\Twins Software
[2010/06/01 20:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2007/11/08 17:10:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/09/18 17:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\USB TV
[2010/03/29 20:18:33 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2008/02/19 16:10:21 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2008/12/25 08:51:01 | 000,000,000 | ---D | M] -- C:\Program Files\Warblade
[2010/02/11 20:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/10/12 23:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/10/12 23:54:25 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2007/11/08 17:06:16 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/04/13 22:23:00 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/10/25 17:14:41 | 000,000,000 | ---D | M] -- C:\Program Files\WinSCP
[2008/03/04 16:26:42 | 000,000,000 | ---D | M] -- C:\Program Files\WM Converter
[2007/11/08 17:07:01 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/11/18 12:07:14 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid

< %appdata%*.* >
[2010/02/12 05:26:09 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\desktop.ini
[2010/10/22 22:50:28 | 000,000,010 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\install

< MD5 for: AGP440.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDA\ServicePackFiles\i386\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDA\system32\drivers\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDA\ServicePackFiles\i386\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDA\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDA\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDA\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDA\system32\ReinstallBackups\0017\DriverFiles\i386\atapi.sys
[2004/09/01 19:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:disk.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2004/09/01 19:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDA\$NtServicePackUninstall$\disk.sys
[2004/09/01 19:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDA\ServicePackFiles\i386\disk.sys
[2008/04/14 05:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\disk.sys
[2008/04/14 00:10:48 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDA\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDA\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDA\system32\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/09/01 19:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDA\$NtServicePackUninstall$\eventlog.dll
[2004/09/01 19:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDA\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDA\system32\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDA\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/07 05:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDA\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/09/01 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDA\$NtServicePackUninstall$\netlogon.dll
[2004/09/01 19:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/09/01 19:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDA\$NtServicePackUninstall$\scecli.dll
[2004/09/01 19:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDA\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDA\system32\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp2.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\Driver Cache\i386\sp3.cab:usbstor.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDA\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2004/09/01 19:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2004/08/03 23:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDA\$NtServicePackUninstall$\usbstor.sys
[2004/09/01 19:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDA\ServicePackFiles\i386\usbstor.sys
[2008/04/14 05:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDA\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\usbstor.sys
[2008/04/14 00:15:40 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDA\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sat Oct 23, 2010 6:40 am

OTL Extras logfile created on: 10/23/2010 4:53:27 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDA | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 13.47 Gb Free Space | 3.61% Space Free | Partition Type: NTFS
Drive D: | 281.06 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DANIELHERDZIK | User Name: daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- ()
"C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = C:\Program Files\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:ANNO 1404 Web -- ()
"C:\Documents and Settings\dan\Application Data\uTorrent\uTorrent.exe" = C:\Documents and Settings\dan\Application Data\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\uTorrent.exe" = C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Codemasters\DiRT\DiRT.exe" = C:\Program Files\Codemasters\DiRT\DiRT.exe:*:Disabled:DiRT Executable -- (Codemasters)
"C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe" = C:\Program Files\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 -- (Codemasters)
"c:\documents and settings\daniel.homw-20fd2517c1\local settings\application data\asam.exe" = c:\documents and settings\daniel.homw-20fd2517c1\local settings\application data\asam.exe:*:Enabled:enable -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CDC3396-0169-41FC-B7E8-C7AE080DB3E8}" = Jamorama Software
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{58F58158-8DFE-31DA-AC1F-7E5D89A0F74F}" = Google Talk Plugin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC049F7-1383-45C3-9E7D-F93CA667F9E1}" = UMVPLStandalone
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D575FBAA-D6D6-4221-A2C4-67541DB7AB5E}_is1" = Device Doctor 1.0.0.1
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EC42ED6A-751D-45C0-A4F9-8CD00E4690FC}" = Logitech QuickCam
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"69083DC58646DE46A09847A522A1CC487F918039" = Windows Driver Package - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows Driver Package - Advanced Micro Devices, Inc. (USB28xxBGA) Media (08/31/2007 5.7.0831.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Gadu-Gadu 10" = Gadu-Gadu 10
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"Guitar Pro 5_is1" = Guitar Pro 5.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"OpenAL" = OpenAL
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"QcDrv" = Logitech® Camera Driver
"Samsung SCX-4x21 Series" = Samsung SCX-4x21 Series
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/13/2010 5:48:53 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application f1_2010_game.exe, version 1.0.0.0, faulting module
xlive.dll, version 3.1.99.0, fault address 0x00488baf.

Error - 10/13/2010 6:11:05 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application f1_2010_game.exe, version 1.0.0.0, faulting module
f1_2010_game.exe, version 1.0.0.0, fault address 0x00c581f3.

Error - 10/20/2010 7:41:30 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application pokertrackerhud.exe, version 3.6.0.2, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 10/21/2010 7:40:06 AM | Computer Name = DANIELHERDZIK | Source = Application Hang | ID = 1002
Description = Hanging application gg.exe, version 10.1.1.11119, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2010 4:30:08 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application pprekop.exe, version 4.2.0.172, faulting module
ole32.dll, version 5.1.2600.2182, fault address 0x10017bed.

Error - 10/22/2010 6:05:37 AM | Computer Name = DANIELHERDZIK | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 9.0.3.15, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/22/2010 7:30:59 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application cax4ne.exe, version 0.0.0.0, faulting module
cax4ne.exe, version 0.0.0.0, fault address 0x00001d54.

Error - 10/22/2010 7:50:10 AM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application cax4ne.exe, version 0.0.0.0, faulting module
cax4ne.exe, version 0.0.0.0, fault address 0x00001d54.

Error - 10/22/2010 9:46:37 PM | Computer Name = DANIELHERDZIK | Source = Application Error | ID = 1000
Description = Faulting application sdasd.exe, version 4.44.0.1000, faulting module
sdasd.exe, version 4.44.0.1000, fault address 0x0006deac.

Error - 10/23/2010 1:02:36 AM | Computer Name = DANIELHERDZIK | Source = Application Hang | ID = 1002
Description = Hanging application jre-6u22-windows-i586-iftw-rv.exe, version 6.0.220.4,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 10/12/2010 1:44:39 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 1:56:05 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 1:57:58 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 2:22:40 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199A
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 2:33:04 AM | Computer Name = DANIELHERDZIK | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address C4:2C:03:7A:A5:3F. Network operations
on this system may be disrupted as a result.

Error - 10/12/2010 5:48:43 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/12/2010 9:21:48 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7028
Description = The Cfg Registry key denied access to SYSTEM account programs so the
Service Control Manager took ownership of the Registry key.

Error - 10/12/2010 9:21:48 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/12/2010 9:24:20 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 10/12/2010 9:27:48 AM | Computer Name = DANIELHERDZIK | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2


< End of report >

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Sun Oct 24, 2010 12:06 am

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun Oct 24, 2010 1:44 am

okay heres the log but it feels like theres something still hidden deep. Whenever i try to do malwarebytes update my comp crushes which i forgot to mention before

ComboFix 10-10-22.05 - daniel 10/24/2010 12:06:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1656 [GMT 11:00]
Running from: c:\documents and settings\daniel.HOMW-20FD2517C1\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\chrome.manifest
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\chrome\content\_cfg.js
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\chrome\content\overlay.xul
c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{8C025A67-C8E7-4771-8812-1B3483BAB445}\install.rdf
c:\winda\OPTIONS\CABS\_desktop.ini
c:\winda\Tasks\At1.job
c:\winda\Tasks\At10.job
c:\winda\Tasks\At11.job
c:\winda\Tasks\At12.job
c:\winda\Tasks\At13.job
c:\winda\Tasks\At14.job
c:\winda\Tasks\At15.job
c:\winda\Tasks\At16.job
c:\winda\Tasks\At17.job
c:\winda\Tasks\At18.job
c:\winda\Tasks\At19.job
c:\winda\Tasks\At2.job
c:\winda\Tasks\At20.job
c:\winda\Tasks\At21.job
c:\winda\Tasks\At22.job
c:\winda\Tasks\At23.job
c:\winda\Tasks\At24.job
c:\winda\Tasks\At3.job
c:\winda\Tasks\At4.job
c:\winda\Tasks\At5.job
c:\winda\Tasks\At6.job
c:\winda\Tasks\At7.job
c:\winda\Tasks\At8.job
c:\winda\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-23 07:06 . 2010-10-23 07:06 -------- d-----w- c:\program files\ESET
2010-10-23 05:15 . 2010-10-23 05:15 -------- d-----w- c:\program files\Common Files\Java
2010-10-23 05:15 . 2010-10-23 05:15 73728 ----a-w- c:\winda\system32\javacpl.cpl
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\winda\system32\deployJava1.dll
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\SUPERAntiSpyware.com
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\SUPERAntiSpyware.com
2010-10-22 15:01 . 2010-10-22 15:01 -------- d-----w- c:\program files\pizdeczkumioa
2010-10-22 12:30 . 2010-10-22 12:30 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.001
2010-10-22 12:22 . 2010-10-22 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwarefdfdf
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 38224 ----a-w- c:\winda\system32\drivers\mbamswissarmy.sys
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 20952 ----a-w- c:\winda\system32\drivers\mbam.sys
2010-10-22 11:38 . 2010-10-22 11:38 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.000
2010-10-22 11:12 . 2010-10-22 14:52 0 ----a-w- c:\winda\Ibizus.bin
2010-10-22 11:11 . 2010-10-24 01:25 845824 ----a-w- c:\winda\system32\drivers\hxizv.sys
2010-10-22 08:31 . 2010-10-22 08:31 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\PartyPoker_Installer
2010-10-15 18:45 . 2010-09-18 06:53 974848 -c----w- c:\winda\system32\dllcache\mfc42.dll
2010-10-15 18:45 . 2010-09-18 06:53 953856 -c----w- c:\winda\system32\dllcache\mfc40u.dll
2010-10-15 18:44 . 2010-08-23 16:12 617472 -c----w- c:\winda\system32\dllcache\comctl32.dll
2010-10-15 18:39 . 2010-06-14 14:31 744448 -c----w- c:\winda\system32\dllcache\helpsvc.exe
2010-10-15 18:34 . 2009-08-13 15:16 512000 -c----w- c:\winda\system32\dllcache\jscript.dll
2010-10-12 14:03 . 2010-10-12 14:03 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Codemasters
2010-10-12 14:00 . 2010-10-12 14:00 -------- d-----w- c:\winda\system32\XPSViewer
2010-10-12 13:59 . 2008-07-06 12:06 89088 ----a-w- c:\winda\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 89088 -c----w- c:\winda\system32\dllcache\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 -c----w- c:\winda\system32\dllcache\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 ------w- c:\winda\system32\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 117760 ------w- c:\winda\system32\prntvpt.dll
2010-10-12 13:59 . 2008-07-06 10:50 597504 -c----w- c:\winda\system32\dllcache\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2008-07-06 10:50 597504 ------w- c:\winda\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2010-10-12 14:00 -------- d-----w- C:\ec6c142c762ddb50a225997fc0
2010-10-12 13:59 . 2008-07-06 12:06 1676288 -c----w- c:\winda\system32\dllcache\xpssvcs.dll
2010-10-12 13:59 . 2008-07-06 12:06 1676288 ------w- c:\winda\system32\xpssvcs.dll
2010-10-12 13:22 . 2004-09-01 08:00 221184 ----a-w- c:\winda\system32\wmpns.dll
2010-10-12 12:56 . 2008-04-13 18:42 32866 ------w- c:\winda\slrundll.exe
2010-10-12 12:56 . 2008-04-13 18:42 712704 ------w- c:\winda\system32\windowscodecs.dll
2010-10-12 12:56 . 2008-04-13 18:42 69120 ------w- c:\winda\system32\wlanapi.dll
2010-10-12 12:56 . 2008-04-13 18:42 346112 ------w- c:\winda\system32\windowscodecsext.dll
2010-10-12 12:56 . 2008-04-13 18:42 276992 ------w- c:\winda\system32\wmphoto.dll
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\scripting
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\en
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\bits
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 06:53 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-01 08:00 954368 ----a-w- c:\winda\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-01 08:00 953856 ----a-w- c:\winda\system32\mfc40u.dll
2010-09-18 01:23 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42u.dll
2010-09-09 14:16 . 2004-09-01 08:00 667136 ----a-w- c:\winda\system32\wininet.dll
2010-09-09 14:16 . 2004-09-01 08:00 61952 ----a-w- c:\winda\system32\tdc.ocx
2010-09-09 14:16 . 2004-09-01 08:00 81920 ----a-w- c:\winda\system32\ieencode.dll
2010-09-08 16:49 . 2004-09-01 08:00 369664 ----a-w- c:\winda\system32\html.iec
2010-09-01 11:51 . 2004-09-01 08:00 285824 ----a-w- c:\winda\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-01 08:00 1852800 ----a-w- c:\winda\system32\win32k.sys
2010-08-27 08:02 . 2004-09-01 08:00 119808 ----a-w- c:\winda\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-01 08:00 99840 ----a-w- c:\winda\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-01 08:00 357248 ----a-w- c:\winda\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-11 16:34 5120 ----a-w- c:\winda\system32\xpsp4res.dll
2010-08-26 09:34 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4d45.tmp
2010-08-26 09:32 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP5beb.tmp
2010-08-25 07:50 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP57a5.tmp
2010-08-25 06:49 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4a95.tmp
2010-08-23 16:12 . 2004-09-01 08:00 617472 ----a-w- c:\winda\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-01 08:00 58880 ----a-w- c:\winda\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-01 08:00 590848 ----a-w- c:\winda\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\winda\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\winda\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]
S4 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]

--- Other Services/Drivers In Memory ---

*Deregistered* - hxizv
.
Contents of the 'Scheduled Tasks' folder

2010-10-23 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-24 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-24 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MHqW - c:\winda\drweb.exe
HKU-Default-Run-ikodxxnb - c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\hlqxrkqco\rntivvntssd.exe
HKU-Default-Run-xniwlvan - c:\documents and settings\NetworkService.NT AUTHORITY.000\Local Settings\Application Data\ymhamrrub\jsylcnrtssd.exe
AddRemove-Agere Systems Soft Modem - c:\winda\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-24 12:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hxizv]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
.
Completion time: 2010-10-24 12:30:41
ComboFix-quarantined-files.txt 2010-10-24 01:30
ComboFix2.txt 2009-09-17 04:49

Pre-Run: 14,257,426,432 bytes free
Post-Run: 15,288,143,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDA
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDA="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AA4F9D9C46F6B0410388E4B99DB0AE51

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Mon Oct 25, 2010 12:11 am

Hello.


  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    Driver::
    hxizv

    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hxizv]
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Mon Oct 25, 2010 10:08 am

ok heres the log the thing is if i disable and enable again my network connection the computer has problem aquiring ip adress from the router but when i switch my router off on it works never had that problem before i thought might be something with the router so i reverted to factory settings put again my passwords and user ids the internet is not working but thats a normal occurence with my isp. Just have a question whether problems with my internet/router can have an effect on my computer having problems aquiring ip adress from the router or is it definately my computer. Even if its my internet i want to continue the cleanup to the end. Ok heres the log.


ComboFix 10-10-22.05 - daniel 10/25/2010 19:44:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.289 [GMT 11:00]
Running from: c:\documents and settings\daniel.HOMW-20FD2517C1\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\daniel.HOMW-20FD2517C1\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HXIZV
-------\Service_hxizv


((((((((((((((((((((((((( Files Created from 2010-09-25 to 2010-10-25 )))))))))))))))))))))))))))))))
.

2010-10-24 01:49 . 2010-10-23 01:46 9578056 ----a-w- C:\sdasd.exe
2010-10-24 01:49 . 2010-10-22 14:59 6259512 ----a-w- C:\duparules.exe
2010-10-24 01:49 . 2010-10-22 12:14 364032 ----a-w- C:\ssssss.com
2010-10-23 07:06 . 2010-10-23 07:06 -------- d-----w- c:\program files\ESET
2010-10-23 05:15 . 2010-10-23 05:15 -------- d-----w- c:\program files\Common Files\Java
2010-10-23 05:15 . 2010-10-23 05:15 73728 ----a-w- c:\winda\system32\javacpl.cpl
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\winda\system32\deployJava1.dll
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\SUPERAntiSpyware.com
2010-10-23 01:46 . 2010-10-23 01:46 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\SUPERAntiSpyware.com
2010-10-22 15:01 . 2010-10-22 15:01 -------- d-----w- c:\program files\pizdeczkumioa
2010-10-22 12:30 . 2010-10-22 12:30 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.001
2010-10-22 12:22 . 2010-10-22 12:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malwarefdfdf
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 38224 ----a-w- c:\winda\system32\drivers\mbamswissarmy.sys
2010-10-22 12:18 . 2010-10-22 12:18 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Malwarebytes
2010-10-22 12:18 . 2010-04-29 04:39 20952 ----a-w- c:\winda\system32\drivers\mbam.sys
2010-10-22 11:38 . 2010-10-22 11:38 -------- d-----w- c:\documents and settings\Administrator.DANIELHERDZIK.000
2010-10-22 11:12 . 2010-10-22 14:52 0 ----a-w- c:\winda\Ibizus.bin
2010-10-22 11:11 . 2010-10-25 08:54 845824 ----a-w- c:\winda\system32\drivers\hxizv.sys
2010-10-22 08:31 . 2010-10-22 08:31 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\PartyPoker_Installer
2010-10-15 18:45 . 2010-09-18 06:53 974848 -c----w- c:\winda\system32\dllcache\mfc42.dll
2010-10-15 18:45 . 2010-09-18 06:53 953856 -c----w- c:\winda\system32\dllcache\mfc40u.dll
2010-10-15 18:44 . 2010-08-23 16:12 617472 -c----w- c:\winda\system32\dllcache\comctl32.dll
2010-10-15 18:39 . 2010-06-14 14:31 744448 -c----w- c:\winda\system32\dllcache\helpsvc.exe
2010-10-15 18:34 . 2009-08-13 15:16 512000 -c----w- c:\winda\system32\dllcache\jscript.dll
2010-10-12 14:03 . 2010-10-12 14:03 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\Codemasters
2010-10-12 14:00 . 2010-10-12 14:00 -------- d-----w- c:\winda\system32\XPSViewer
2010-10-12 13:59 . 2008-07-06 12:06 89088 ----a-w- c:\winda\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 89088 -c----w- c:\winda\system32\dllcache\filterpipelineprintproc.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 -c----w- c:\winda\system32\dllcache\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 575488 ------w- c:\winda\system32\xpsshhdr.dll
2010-10-12 13:59 . 2008-07-06 12:06 117760 ------w- c:\winda\system32\prntvpt.dll
2010-10-12 13:59 . 2008-07-06 10:50 597504 -c----w- c:\winda\system32\dllcache\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2008-07-06 10:50 597504 ------w- c:\winda\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-10-12 13:59 . 2010-10-12 14:00 -------- d-----w- C:\ec6c142c762ddb50a225997fc0
2010-10-12 13:59 . 2008-07-06 12:06 1676288 -c----w- c:\winda\system32\dllcache\xpssvcs.dll
2010-10-12 13:59 . 2008-07-06 12:06 1676288 ------w- c:\winda\system32\xpssvcs.dll
2010-10-12 13:22 . 2004-09-01 08:00 221184 ----a-w- c:\winda\system32\wmpns.dll
2010-10-12 12:56 . 2008-04-13 18:42 32866 ------w- c:\winda\slrundll.exe
2010-10-12 12:56 . 2008-04-13 18:42 712704 ------w- c:\winda\system32\windowscodecs.dll
2010-10-12 12:56 . 2008-04-13 18:42 69120 ------w- c:\winda\system32\wlanapi.dll
2010-10-12 12:56 . 2008-04-13 18:42 346112 ------w- c:\winda\system32\windowscodecsext.dll
2010-10-12 12:56 . 2008-04-13 18:42 276992 ------w- c:\winda\system32\wmphoto.dll
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\scripting
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\en
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\system32\bits
2010-10-12 12:56 . 2010-10-12 12:56 -------- d-----w- c:\winda\l2schemas

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 04:24 . 2010-02-11 08:19 15600 ----a-w- c:\winda\gdrv.sys
2010-09-18 06:53 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-01 08:00 954368 ----a-w- c:\winda\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-01 08:00 953856 ----a-w- c:\winda\system32\mfc40u.dll
2010-09-18 01:23 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42u.dll
2010-09-09 14:16 . 2004-09-01 08:00 667136 ----a-w- c:\winda\system32\wininet.dll
2010-09-09 14:16 . 2004-09-01 08:00 61952 ----a-w- c:\winda\system32\tdc.ocx
2010-09-09 14:16 . 2004-09-01 08:00 81920 ----a-w- c:\winda\system32\ieencode.dll
2010-09-08 16:49 . 2004-09-01 08:00 369664 ----a-w- c:\winda\system32\html.iec
2010-09-01 11:51 . 2004-09-01 08:00 285824 ----a-w- c:\winda\system32\atmfd.dll
2010-08-31 13:42 . 2004-09-01 08:00 1852800 ----a-w- c:\winda\system32\win32k.sys
2010-08-27 08:02 . 2004-09-01 08:00 119808 ----a-w- c:\winda\system32\t2embed.dll
2010-08-27 05:57 . 2004-09-01 08:00 99840 ----a-w- c:\winda\system32\srvsvc.dll
2010-08-26 13:39 . 2004-09-01 08:00 357248 ----a-w- c:\winda\system32\drivers\srv.sys
2010-08-26 12:52 . 2010-02-11 16:34 5120 ----a-w- c:\winda\system32\xpsp4res.dll
2010-08-26 09:34 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4d45.tmp
2010-08-26 09:32 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP5beb.tmp
2010-08-25 07:50 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP57a5.tmp
2010-08-25 06:49 . 2010-02-11 18:19 102400 ----a-w- c:\winda\DUMP4a95.tmp
2010-08-23 16:12 . 2004-09-01 08:00 617472 ----a-w- c:\winda\system32\comctl32.dll
2010-08-17 13:17 . 2004-09-01 08:00 58880 ----a-w- c:\winda\system32\spoolsv.exe
2010-08-16 08:45 . 2004-09-01 08:00 590848 ----a-w- c:\winda\system32\rpcrt4.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-09-28 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\winda\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\winda\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\documents and settings\All Users.WINDA\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-10-24 81997]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Program Files\\Codemasters\\DiRT\\DiRT.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\Anno4.exe"=
"c:\\Program Files\\Ubisoft\\Related Designs\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]
S4 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-10-24 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-25 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-10-25 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {20773457-7612-462F-BEA7-6E4795CB4EE2} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-10-25 19:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
c:\winda\system32\CLBCATQ.DLL

- - - - - - - > 'explorer.exe'(6812)
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\winda\system32\WPDShServiceObj.dll
c:\winda\system32\PortableDeviceTypes.dll
c:\winda\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\winda\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\winda\system32\Ati2evxx.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\winda\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\iPod\bin\iPodService.exe
c:\winda\system32\wscntfy.exe
c:\program files\Logitech\QuickCam10\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-10-25 20:00:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-25 09:00
ComboFix2.txt 2010-10-24 01:30
ComboFix3.txt 2009-09-17 04:49

Pre-Run: 14,953,320,448 bytes free
Post-Run: 14,888,165,376 bytes free

- - End Of File - - B208FCEB83CDC2D490027AC30FE7AAD3

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Tue Oct 26, 2010 12:17 am

Hello.
This thing doesn't wanna die.

1. Please download The Avenger by Swandog46 to your Desktop
Link: [You must be registered and logged in to see this link.]

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):


Files to delete:
C:\sdasd.exe
C:\duparules.exe
C:\ssssss.com
c:\winda\Ibizus.bin
c:\winda\system32\drivers\hxizv.sys

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


3. Now, start The Avenger program by clicking on its icon on your desktop.

  • Under "Input script here:", paste in the script from the quote box above.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
4. Please copy/paste the content of c:\avenger.txt into your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Tue Oct 26, 2010 9:49 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\sdasd.exe" deleted successfully.
File "C:\duparules.exe" deleted successfully.
File "C:\ssssss.com" deleted successfully.
File "c:\winda\Ibizus.bin" deleted successfully.
File "c:\winda\system32\drivers\hxizv.sys" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Tue Oct 26, 2010 11:41 pm

Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun Oct 31, 2010 10:27 am

sry that its that late but i was really busy with work

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6308b9a9405c864b84a5864303ff8851
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-23 08:56:29
# local_time=2010-10-23 07:56:29 (+1000, AUS Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=201918
# found=15
# cleaned=15
# scan_time=5966
C:\Documents and Settings\Administrator\Desktop\MGtools.exe probably a variant of Win32/TrojanDropper.Agent.GDFRTBF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\Desktop\freeripmp3.exe Win32/Adware.ADON application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\Local Settings\temp\butTrue.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\Local Settings\Temporary Internet Files\Content.IE5\9BRIJCAM\load[1].exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Saved\one too many itches.mp3 WMA/TrojanDownloader.GetCodec.C trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\adobe_cs4_keygen_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\little_girl_sucks_cock_and_swallows.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\norton_antivirus_crack_all_versions.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\starcraft_keygen_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\f***.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\windows_xp_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\dan\My Documents\LimeWire\Shared\world_of_warcraft_keygen_crack.exe a variant of Win32/Injector.VW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDA\Temp\2295adf4.exe a variant of Win32/Kryptik.ETK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\drivers\jraid.sys Win32/Olmarik.RF trojan (cleaned - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6308b9a9405c864b84a5864303ff8851
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-27 09:07:54
# local_time=2010-10-27 08:07:54 (+1000, AUS Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=211077
# found=1
# cleaned=1
# scan_time=6337
C:\System Volume Information\_restore{6FEAFECF-E624-4F5F-9CAE-6A9C35917080}\RP873\A0298695.exe Win32/AutoRun.AFA worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=6308b9a9405c864b84a5864303ff8851
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-10-31 03:18:40
# local_time=2010-10-31 02:18:40 (+1000, AUS Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=211982
# found=0
# cleaned=0
# scan_time=5860

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun Oct 31, 2010 10:28 am

agr i think thats some old scan the recent one i did found 1 trojan

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Mon Nov 01, 2010 1:19 am

Hello.

Please download CKScanner by askey127 from [You must be registered and logged in to see this link.]
Save it to your desktop.

  • Doubleclick CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Wed Nov 03, 2010 9:25 am

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\dan\desktop\tiger_woods_pga_tour___ea_sports___cracked_for_iphone__ipod_tou.torrent
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f.001
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f.sfv
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cod4.nfo
c:\documents and settings\dan\desktop\emule\incoming\gry\call.of.duty.4.crackfix.and.keygen-razor1911.(osiolek.com)\call_of_duty_4_crackfix_and_keygen-razor1911\rzr-cd4f\iw3sp.exe
c:\documents and settings\dan\desktop\emule\incoming\gry\jungo.v1.0-te-km07.(osiolek.com)\jungo.v1.0-te-km07\crack\jungo.exe
c:\documents and settings\dan\desktop\emule\incoming\gry\pirate.poppers.(osiolek.com)\pirate poppers cracked.exe
c:\documents and settings\dan\desktop\emule\incoming\magic.ball.4.v1.0-delight\cracked.rar
c:\documents and settings\dan\desktop\emule\incoming\programy\anydvd&anydvd.hd.6.1.5.4.incl.keygen-res.(osiolek.com).rar
c:\documents and settings\dan\desktop\torrents\codemasters_f1_2009_iphone_ipod_touch_cracked_ipa_v1.0.5220288.tpb.torrent
c:\documents and settings\dan\desktop\torrents\need_for_speed_shift_[v._1.0.0]_cracked_for_iphone__ipod_touch.5231769.tpb.torrent
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack.rar
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack+patch 1.1 - christley\dirt.exe
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack+patch 1.1 - christley\dirt_1_1.exe
c:\documents and settings\dan\desktop\world_in_conflict-flt\colin mcrae dirt crack+patch 1.1 - christley\read me!.txt
c:\documents and settings\dan\desktop\zdjecia\call_of_duty_2_(_v_1.3_)_crack_pack_and_patch.4534182.tpb.torrent
c:\documents and settings\dan\desktop\zdjecia\call_of_duty_5__world_at_war_(no-cd)_crack___serial_[pc].4504505.tpb.torrent
c:\documents and settings\dan\desktop\zdjecia\colin_mcrae_dirt_crack_patch_1.1_-_christley.3723421.tpb.torrent
c:\documents and settings\dan\my documents\downloads\rockband-v1.1.38-cracked.ipa
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\ifunbox.exe
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\patched mobileinstallation\firmware 2.1\mobileinstallation
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\patched mobileinstallation\firmware 2.2\mobileinstallation
c:\documents and settings\dan\my documents\downloads\top 10 paid apps for iphone & ipod touch [27.04.2009]\crack\patched mobileinstallation\firmware 2.2.1\mobileinstallation
c:\documents and settings\dan\my documents\limewire\incomplete\e2u2wxbayjh3cla4wy5t6gnitsc7g43b\.datcall of duty 5 crack
c:\documents and settings\dan\my documents\limewire\incomplete\e2u2wxbayjh3cla4wy5t6gnitsc7g43b\call of duty 5 crack\codwaw.exe
c:\documents and settings\dan\my documents\my music\itunes\itunes music\mobile applications\rockband-v1.1.38-cracked.ipa
c:\program files\debugmode\wax 2.0\presets\vl presets\vl misc\cracked.wxpr
c:\program files\konami\pro evolution soccer 2008\crack\czytaj.txt
c:\program files\konami\pro evolution soccer 2008\crack\[1] patch 1.20\pes2008patch1_20.exe
c:\program files\konami\pro evolution soccer 2008\crack\[2] polonizacja\pes_2008_patch_polonizacyjny.exe
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\wazne!!!!.txt
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\1\pes2008.exe
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\1\vitality.nfo
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\2\battery.nfo
c:\program files\konami\pro evolution soccer 2008\crack\[3] crack\2\pes2008.exe
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno.swf
c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno_popup.swf
c:\program files\ubisoft\the settlers - narodziny imperium\crack\settlers6-15.exe
c:\program files\ubisoft\the settlers - narodziny imperium\crack\crack\settlers6.exe
c:\program files\ubisoft\tom clancy’s rainbow six vegas 2\binaries\crack\vegas2103.exe
c:\program files\ubisoft\tom clancy’s rainbow six vegas 2\binaries\crack\crack\r6vegas2_game.exe
scanner sequence 3.ZZ.11
----- EOF -----


badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Belahzur on Thu Nov 04, 2010 12:43 am

Hello.

Your computer has keygens, which is a form of software piracy. What is so bad about Cracks, Hacks, Pirated software, warez, or Keygens?

Most popular cracks or keygens I see, are for Adobe CS3, a lot of different games, Nero, Kaspersky antivirus, and much more. All of these cracks and keygens have what is called "cloaked malware," which is a form of spyware or viruses or trojans that hide themselves inside the keygen or crack files. Most hacks for games that come in the form of a program or installer, will also be infected. It is the opportunity for attackers to present a seemingly safe situation where the opportunity to steal something is in play, while the malware infects your system in the process. Yes, it will install what you were looking for, but also allow malware to potentially take control of your computer.

Lastly, it is illegal. I will counsel you that we do not report such incidents. However, it is not good practice to pirate software.

Your should also stop downloading porn, I noticed a few weird files in your ESET logs, please remove the cracks and keygens right now otherwise I wont help you.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun Nov 07, 2010 5:56 am

ok its all been deleted along with 100 gb of other stuff which i was to lazy to clean up. At least i got motivated to clean up my hard drive.

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Sun Nov 07, 2010 6:18 pm

Hi,

How is your computer running now?


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Sun Nov 28, 2010 8:35 am

im ashamed to say i thought it was good and then i caught something again browsing the net. I dont know if u wanna help me still but if u do here are the logs again


OTL logfile created on: 11/28/2010 7:33:18 PM - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDA | %ProgramFiles% = C:\Program Files
Drive C: | 372.60 Gb Total Space | 186.79 Gb Free Space | 50.13% Space Free | Partition Type: NTFS

Computer Name: DANIELHERDZIK | User Name: daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 19:33:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
PRC - [2010/11/25 13:47:59 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/11/20 14:27:12 | 005,703,512 | ---- | M] (PokerStars) -- C:\Program Files\PokerStars\PokerStars.exe
PRC - [2010/11/20 09:23:06 | 005,382,960 | ---- | M] (PokerTracker Software, LLC.) -- C:\Program Files\PokerTracker 3\PokerTracker.exe
PRC - [2010/11/20 09:23:06 | 002,026,288 | ---- | M] (PokerTracker Software, LLC.) -- C:\Program Files\PokerTracker 3\PokerTrackerHud.exe
PRC - [2010/11/02 20:10:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/11/02 20:10:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/21 11:33:36 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009/12/10 04:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009/10/30 22:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDA\explorer.exe
PRC - [2007/06/26 12:22:42 | 000,081,997 | ---- | M] () -- C:\Program Files\USB TV\EM28XX\BDARemote.exe
PRC - [2007/05/17 10:53:02 | 000,780,312 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2007/05/17 10:52:04 | 000,505,368 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LComMgr\Communications_Helper.exe
PRC - [2007/05/17 10:51:30 | 000,232,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007/05/11 17:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2007/05/11 17:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVCOMSER\LVComSer.exe


========== Modules (SafeList) ==========

MOD - [2010/11/28 19:33:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
MOD - [2010/08/24 03:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDA\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/05/11 17:30:38 | 000,113,440 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 04:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/08/26 14:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/04/14 11:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2007/05/11 17:32:22 | 000,142,112 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/05/11 17:30:50 | 000,133,920 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/11 17:28:56 | 000,187,168 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDA\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/10/24 15:24:38 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDA\gdrv.sys -- (gdrv)
DRV - [2010/05/11 05:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/23 18:28:09 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/02/23 18:28:07 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/02/18 05:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 21:00:16 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDA\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/11 18:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/10/12 22:15:30 | 000,038,400 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDA\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/02/19 22:13:42 | 000,084,320 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008/10/29 15:43:44 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/12 11:31:20 | 000,041,888 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007/05/11 17:30:16 | 000,025,888 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/05/11 17:29:54 | 002,142,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/05/11 17:27:58 | 002,107,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/05/10 15:46:58 | 001,276,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2007/05/10 15:46:46 | 000,014,112 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2007/03/28 18:45:38 | 004,395,008 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 19:05:38 | 000,090,496 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDA\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/06/23 09:29:28 | 000,720,176 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDA\system32\drivers\LV302AV.SYS -- (PID_08A0) Logitech QuickCam IM(PID_08A0)
DRV - [2006/02/07 22:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDA\system32\DRIVERS\JGOGO.sys -- (JGOGO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDA\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 83.17.123.186:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/02 20:10:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/02 20:10:41 | 000,000,000 | ---D | M]

[2010/03/22 11:22:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Extensions
[2010/11/28 13:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions
[2010/10/23 15:47:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/08/19 23:08:14 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\searchplugins\conduit.xml
[2010/11/27 21:27:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/26 20:38:20 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/23 16:15:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/23 16:15:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/27 16:37:56 | 000,000,027 | ---- | M]) - C:\WINDA\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDA\System32\JMRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDA\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam10\QuickCam10.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users.WINDA\Start Menu\Programs\Startup\BDARemote.lnk = C:\Program Files\USB TV\EM28XX\BDARemote.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDA\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDA\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDA\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDA\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/11 18:49:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 19:32:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
[2010/11/28 13:40:48 | 112,471,448 | ---- | C] (Agnitum, Ltd. ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OutpostSecuritySuiteInstall.exe
[2010/11/27 22:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachmeDFDFnts
[2010/11/27 21:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/27 21:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\avg9
[2010/11/27 21:10:12 | 079,383,048 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\avg_free_stf_en_90_716a1803.exe
[2010/11/27 16:25:37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDA\SWXCACLS.exe
[2010/11/27 16:25:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDA\SWREG.exe
[2010/11/27 16:25:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDA\SWSC.exe
[2010/11/27 16:25:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDA\NIRCMD.exe
[2010/11/27 16:25:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/26 20:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\LOGS
[2010/11/25 23:03:19 | 000,000,000 | ---D | C] -- C:\WINDA\pss
[2010/11/25 08:28:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Recent
[2010/11/25 08:21:35 | 000,000,000 | ---D | C] -- C:\3528a25f840bb5aa6ae2cb371b6f
[2010/11/23 23:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{25897A17-9C8F-4DAF-AD1B-914FB1C53D7B}
[2010/11/23 23:03:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users.WINDA\Documents\Server
[2010/11/23 23:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\935109F2C03AE81B78BC7B2534DDB2B8
[2010/11/19 18:07:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachments
[2010/11/07 15:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\TEMP
[2010/11/03 21:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\My Documents\ForceField Shared Files
[2010/11/03 21:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\CheckPoint
[2010/11/03 21:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/03 21:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Conduit
[2010/11/03 21:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/11/03 21:04:49 | 000,000,000 | ---D | C] -- C:\WINDA\Internet Logs
[2010/11/01 20:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Application Data\Real
[2010/10/31 00:33:03 | 001,276,832 | ---- | C] (Logitech Inc.) -- C:\WINDA\System32\drivers\LV302V32.SYS
[2010/10/31 00:33:03 | 000,195,360 | ---- | C] (Logitech Inc.) -- C:\WINDA\System32\lvci1100.dll
[2010/10/31 00:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDA\Application Data\Logishrd
[2010/10/31 00:22:00 | 047,075,528 | ---- | C] (Logitech, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\qc1100.exe
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/28 19:34:51 | 000,761,856 | ---- | M] () -- C:\WINDA\System32\drivers\irwaa.sys
[2010/11/28 19:33:03 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OTL.com
[2010/11/28 18:36:00 | 000,001,014 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
[2010/11/28 14:29:31 | 112,471,448 | ---- | M] (Agnitum, Ltd. ) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\OutpostSecuritySuiteInstall.exe
[2010/11/28 13:38:33 | 000,000,256 | ---- | M] () -- C:\WINDA\tasks\WGASetup.job
[2010/11/28 13:38:07 | 000,002,048 | --S- | M] () -- C:\WINDA\bootstat.dat
[2010/11/28 01:14:56 | 054,441,984 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-26.mp3
[2010/11/28 00:40:15 | 058,675,285 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-27.mp3
[2010/11/27 22:56:51 | 000,099,467 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachmeDFDFnts.zip
[2010/11/27 21:19:02 | 079,383,048 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\avg_free_stf_en_90_716a1803.exe
[2010/11/27 16:52:47 | 000,002,206 | ---- | M] () -- C:\WINDA\System32\wpa.dbl
[2010/11/27 16:37:56 | 000,000,027 | ---- | M] () -- C:\WINDA\System32\drivers\etc\hosts
[2010/11/27 04:36:00 | 000,000,962 | ---- | M] () -- C:\WINDA\tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
[2010/11/25 19:09:59 | 000,340,358 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\wdwd.rtf
[2010/11/25 08:22:09 | 000,061,440 | ---- | M] () -- C:\WINDA\System32\drivers\ouampou.sys
[2010/11/25 08:22:09 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2010/11/23 23:06:16 | 000,000,120 | ---- | M] () -- C:\WINDA\Qmecunepozanij.dat
[2010/11/23 23:06:16 | 000,000,000 | ---- | M] () -- C:\WINDA\Ibizus.bin
[2010/11/23 09:25:38 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PokerTracker 3.lnk
[2010/11/23 09:18:32 | 013,744,752 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PT-Install-v3.08.exe
[2010/11/19 18:07:42 | 000,247,310 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachments.zip
[2010/11/17 08:37:32 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PROUDS.doc
[2010/11/17 08:37:32 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\~$PROUDS.doc
[2010/11/13 22:14:40 | 000,205,312 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDA\MBR.exe
[2010/11/03 21:05:30 | 000,004,212 | -H-- | M] () -- C:\WINDA\System32\zllictbl.dat
[2010/11/03 20:20:40 | 046,957,056 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\zaSetup_92_076_000_en.exe
[2010/11/01 17:58:52 | 000,443,392 | ---- | M] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\CKScanner.exe
[2010/11/01 17:58:52 | 000,443,392 | ---- | M] () -- C:\CKScanner.exe
[2010/10/31 00:38:28 | 000,001,838 | ---- | M] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Logitech QuickCam.lnk
[2010/10/31 00:29:10 | 047,075,528 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\qc1100.exe
[8 C:\WINDA\*.tmp files -> C:\WINDA\*.tmp -> ]
[7 C:\WINDA\System32\*.tmp files -> C:\WINDA\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 01:00:46 | 054,441,984 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-26.mp3
[2010/11/28 00:23:13 | 058,675,285 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\KS_2010-11-27.mp3
[2010/11/27 22:56:49 | 000,099,467 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachmeDFDFnts.zip
[2010/11/27 16:25:37 | 000,256,512 | ---- | C] () -- C:\WINDA\PEV.exe
[2010/11/27 16:25:37 | 000,098,816 | ---- | C] () -- C:\WINDA\sed.exe
[2010/11/27 16:25:37 | 000,089,088 | ---- | C] () -- C:\WINDA\MBR.exe
[2010/11/27 16:25:37 | 000,080,412 | ---- | C] () -- C:\WINDA\grep.exe
[2010/11/27 16:25:37 | 000,068,096 | ---- | C] () -- C:\WINDA\zip.exe
[2010/11/25 19:09:59 | 000,340,358 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\wdwd.rtf
[2010/11/25 08:22:09 | 000,061,440 | ---- | C] () -- C:\WINDA\System32\drivers\ouampou.sys
[2010/11/25 08:22:09 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2010/11/23 23:06:16 | 000,000,000 | ---- | C] () -- C:\WINDA\Ibizus.bin
[2010/11/23 23:05:56 | 000,761,856 | ---- | C] () -- C:\WINDA\System32\drivers\irwaa.sys
[2010/11/23 09:17:08 | 013,744,752 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PT-Install-v3.08.exe
[2010/11/19 18:07:42 | 000,247,310 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\attachments.zip
[2010/11/17 08:37:32 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\~$PROUDS.doc
[2010/11/17 08:37:31 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\PROUDS.doc
[2010/11/03 21:05:30 | 000,004,212 | -H-- | C] () -- C:\WINDA\System32\zllictbl.dat
[2010/11/03 20:22:55 | 000,443,392 | ---- | C] () -- C:\CKScanner.exe
[2010/11/03 20:15:56 | 046,957,056 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\zaSetup_92_076_000_en.exe
[2010/11/01 17:58:46 | 000,443,392 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Desktop\CKScanner.exe
[2010/10/31 00:32:34 | 000,001,838 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Desktop\Logitech QuickCam.lnk
[2010/09/20 21:15:03 | 000,005,077 | ---- | C] () -- C:\Documents and Settings\All Users.WINDA\Application Data\bltofzsb.qlf
[2010/08/28 00:58:04 | 000,057,126 | ---- | C] () -- C:\WINDA\System32\lvcoinst.ini
[2010/05/23 18:11:58 | 000,192,512 | ---- | C] () -- C:\WINDA\System32\SaXPWIA.dll
[2010/05/23 18:11:58 | 000,140,288 | ---- | C] () -- C:\WINDA\System32\SaXPEH.dll
[2010/05/23 18:11:58 | 000,138,240 | ---- | C] () -- C:\WINDA\System32\SaXPUIEx.dll
[2010/05/23 18:11:58 | 000,117,248 | ---- | C] () -- C:\WINDA\System32\SaXPIPH.dll
[2010/05/23 18:11:58 | 000,087,552 | ---- | C] () -- C:\WINDA\System32\SaXPSTI.dll
[2010/03/28 21:02:07 | 000,022,723 | ---- | C] () -- C:\WINDA\System32\sugw2l3.dll
[2010/02/23 18:28:09 | 000,281,760 | ---- | C] () -- C:\WINDA\System32\drivers\atksgt.sys
[2010/02/23 18:28:07 | 000,025,888 | ---- | C] () -- C:\WINDA\System32\drivers\lirsgt.sys
[2010/02/12 19:06:29 | 000,000,370 | ---- | C] () -- C:\WINDA\ODBC.INI
[2010/02/12 05:26:48 | 000,004,073 | ---- | C] () -- C:\WINDA\ODBCINST.INI
[2010/02/11 21:00:16 | 000,691,696 | ---- | C] () -- C:\WINDA\System32\drivers\sptd.sys
[2010/02/11 20:53:55 | 000,205,312 | ---- | C] () -- C:\Documents and Settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/11 20:51:42 | 000,178,176 | ---- | C] () -- C:\WINDA\System32\unrar.dll
[2010/02/11 20:51:42 | 000,000,038 | ---- | C] () -- C:\WINDA\avisplitter.ini
[2010/02/11 20:51:41 | 000,881,664 | ---- | C] () -- C:\WINDA\System32\xvidcore.dll
[2010/02/11 20:51:41 | 000,205,824 | ---- | C] () -- C:\WINDA\System32\xvidvfw.dll
[2010/02/11 20:51:40 | 003,596,288 | ---- | C] () -- C:\WINDA\System32\qt-dx331.dll
[2010/02/11 20:51:39 | 000,085,504 | ---- | C] () -- C:\WINDA\System32\ff_vfw.dll
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDA\System32\xlive.dll.cat
[2007/05/11 17:30:16 | 000,025,888 | ---- | C] () -- C:\WINDA\System32\drivers\LVPr2Mon.sys
[2007/05/11 17:27:58 | 002,107,808 | ---- | C] () -- C:\WINDA\System32\drivers\Lvckap.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDA\System32\OUTLPERF.INI

========== Files - Unicode (All) ==========
[2007/11/16 15:08:58 | 000,000,000 | ---D | M](C:\????????) -- C:\●●●●●●●●
[2007/11/16 15:08:58 | 000,000,000 | ---D | C](C:\????????) -- C:\●●●●●●●●

< End of report >




badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Sun Nov 28, 2010 8:40 pm

Hi,

Please upload this to virustotal and please send the link to the results in your next reply.

File: C:\WINDA\System32\drivers\irwaa.sys


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Mon Nov 29, 2010 9:04 am

ok i tried to upload it to virustotal but i dont think it did it just came up with a window do not close until this upload finishes but after that nothing happened went back to the upload screen. I tried to copy it to a different location on the hard drive and i get the error message canot copy irwaa.sys cannnot read from source file. I tried to do it in safe mode but still the same error. It wont add as an atachement to an email as well.

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Tue Nov 30, 2010 5:42 pm

Hi,

Please download ComboFix from [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found [You must be registered and logged in to see this link.]
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console


Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Wed Dec 01, 2010 7:37 am

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-16 780312]

c:\documents and settings\All Users.WINDA\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-10-24 81997]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - irwaa
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-12-01 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-11-29 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irwaa]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
.
Completion time: 2010-12-01 18:24:06
ComboFix-quarantined-files.txt 2010-12-01 07:24
ComboFix2.txt 2010-11-27 05:44
ComboFix3.txt 2010-10-25 09:00

Pre-Run: 200,435,486,720 bytes free
Post-Run: 200,470,028,288 bytes free

- - End Of File - - 040A9D40F0510ACAD6422B47E8615881

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Wed Dec 01, 2010 6:23 pm

Hi,

You only gave half of the log. Please navigate to C:\ComboFix.txt and post the full contents of the log.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Thu Dec 02, 2010 6:11 am

ComboFix 10-11-30.04 - daniel 12/01/2010 18:14:08.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1508 [GMT 11:00]
Running from: c:\documents and settings\daniel.HOMW-20FD2517C1\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winda\system32\arp.exe

.
((((((((((((((((((((((((( Files Created from 2010-11-01 to 2010-12-01 )))))))))))))))))))))))))))))))
.

2010-11-29 08:32 . 2010-11-29 08:32 -------- d-----w- c:\program files\VirusTotalUploader2
2010-11-27 10:21 . 2010-11-27 10:21 -------- d-----w- c:\program files\AVG
2010-11-27 10:21 . 2010-11-28 02:36 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\avg9
2010-11-24 21:22 . 2010-11-24 21:22 61440 ----a-w- c:\winda\system32\drivers\ouampou.sys
2010-11-24 21:22 . 2010-11-24 21:22 574 ----a-w- C:\cleanup.bat
2010-11-24 21:21 . 2010-11-24 21:22 -------- d-----w- C:\3528a25f840bb5aa6ae2cb371b6f
2010-11-23 12:06 . 2010-11-23 12:06 0 ----a-w- c:\winda\Ibizus.bin
2010-11-23 12:06 . 2010-11-23 12:06 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{25897A17-9C8F-4DAF-AD1B-914FB1C53D7B}
2010-11-23 12:05 . 2010-12-01 07:23 761856 ----a-w- c:\winda\system32\drivers\irwaa.sys
2010-11-23 12:03 . 2010-11-27 10:09 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\935109F2C03AE81B78BC7B2534DDB2B8
2010-11-07 04:17 . 2010-11-07 04:17 -------- d-----w- c:\documents and settings\All Users.WINDA\Application Data\TEMP
2010-11-03 10:06 . 2010-11-03 10:06 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\CheckPoint
2010-11-03 10:05 . 2010-11-03 10:05 -------- d-----w- c:\program files\Conduit
2010-11-03 10:05 . 2010-11-03 10:05 -------- d-----w- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Conduit
2010-11-03 10:05 . 2010-11-03 10:05 -------- d-----w- c:\program files\CheckPoint
2010-11-03 10:04 . 2010-11-28 02:33 -------- d-----w- c:\winda\Internet Logs
2010-11-03 09:22 . 2010-11-01 06:58 443392 ----a-w- C:\CKScanner.exe
2010-11-02 09:10 . 2010-11-02 09:10 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-02 09:10 . 2010-11-02 09:10 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-24 04:24 . 2010-02-11 08:19 15600 ----a-w- c:\winda\gdrv.sys
2010-10-23 05:15 . 2010-10-23 05:15 73728 ----a-w- c:\winda\system32\javacpl.cpl
2010-10-23 05:15 . 2010-10-23 05:15 472808 ----a-w- c:\winda\system32\deployJava1.dll
2010-10-12 14:01 . 2010-10-12 14:01 445016 ----a-w- c:\winda\system32\wrap_oal.dll
2010-10-12 14:01 . 2010-10-12 14:01 109144 ----a-w- c:\winda\system32\OpenAL32.dll
2010-09-18 06:53 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42.dll
2010-09-18 06:53 . 2004-09-01 08:00 954368 ----a-w- c:\winda\system32\mfc40.dll
2010-09-18 06:53 . 2004-09-01 08:00 953856 ----a-w- c:\winda\system32\mfc40u.dll
2010-09-18 01:23 . 2004-09-01 08:00 974848 ----a-w- c:\winda\system32\mfc42u.dll
2010-09-09 14:16 . 2004-09-01 08:00 667136 ----a-w- c:\winda\system32\wininet.dll
2010-09-09 14:16 . 2004-09-01 08:00 61952 ----a-w- c:\winda\system32\tdc.ocx
2010-09-09 14:16 . 2004-09-01 08:00 81920 ----a-w- c:\winda\system32\ieencode.dll
2010-09-08 16:49 . 2004-09-01 08:00 369664 ----a-w- c:\winda\system32\html.iec
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Google Update"="c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-09-02 13351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-11-25 2424560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"JMB36X IDE Setup"="c:\winda\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\winda\system32\JMRaidSetup.exe" [2007-02-06 1953792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 153608]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-16 505368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-16 780312]

c:\documents and settings\All Users.WINDA\Start Menu\Programs\Startup\
BDARemote.lnk - c:\program files\USB TV\EM28XX\BDARemote.exe [2010-10-24 81997]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\dan\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Desktop\\uTorrent.exe"=
"c:\\Documents and Settings\\daniel.HOMW-20FD2517C1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\winda\system32\drivers\sptd.sys [2/11/2010 9:00 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 5:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 5:41 AM 67656]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [12/10/2009 4:39 AM 65536]
S2 SSPORT;SSPORT;\??\c:\winda\system32\Drivers\SSPORT.sys --> c:\winda\system32\Drivers\SSPORT.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - irwaa
.
Contents of the 'Scheduled Tasks' folder

2010-11-30 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003Core.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-12-01 c:\winda\Tasks\GoogleUpdateTaskUserS-1-5-21-1454471165-448539723-839522115-1003UA.job
- c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 10:26]

2010-11-29 c:\winda\Tasks\WGASetup.job
- c:\winda\system32\KB905474\wgasetup.exe [2010-02-12 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.17.123.186:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\All Users.WINDA\Application Data\Gadu-Gadu 10\_userdata\npgg.2.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: [You must be registered and logged in to see this link.] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\winda\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\Mozilla\Firefox\Profiles\fhedhcvm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irwaa]

.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winda\system32\Ati2evxx.dll
.
Completion time: 2010-12-01 18:24:06
ComboFix-quarantined-files.txt 2010-12-01 07:24
ComboFix2.txt 2010-11-27 05:44
ComboFix3.txt 2010-10-25 09:00

Pre-Run: 200,435,486,720 bytes free
Post-Run: 200,470,028,288 bytes free

- - End Of File - - 040A9D40F0510ACAD6422B47E8615881

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Sat Dec 04, 2010 11:37 pm

Hi,

Please download TDSSKiller from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Mon Dec 06, 2010 10:43 am

2010/12/06 21:41:39.0811 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01
2010/12/06 21:41:39.0811 ================================================================================
2010/12/06 21:41:39.0811 SystemInfo:
2010/12/06 21:41:39.0811
2010/12/06 21:41:39.0811 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/06 21:41:39.0811 Product type: Workstation
2010/12/06 21:41:39.0811 ComputerName: DANIELHERDZIK
2010/12/06 21:41:39.0811 UserName: daniel
2010/12/06 21:41:39.0811 Windows directory: C:\WINDA
2010/12/06 21:41:39.0811 System windows directory: C:\WINDA
2010/12/06 21:41:39.0811 Processor architecture: Intel x86
2010/12/06 21:41:39.0811 Number of processors: 2
2010/12/06 21:41:39.0811 Page size: 0x1000
2010/12/06 21:41:39.0811 Boot type: Normal boot
2010/12/06 21:41:39.0811 ================================================================================
2010/12/06 21:41:40.0749 Initialize success
2010/12/06 21:41:43.0530 ================================================================================
2010/12/06 21:41:43.0530 Scan started
2010/12/06 21:41:43.0530 Mode: Manual;
2010/12/06 21:41:43.0530 ================================================================================
2010/12/06 21:41:43.0795 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDA\system32\DRIVERS\ACPI.sys
2010/12/06 21:41:43.0858 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDA\system32\drivers\ACPIEC.sys
2010/12/06 21:41:43.0936 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDA\system32\drivers\aec.sys
2010/12/06 21:41:43.0983 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDA\System32\drivers\afd.sys
2010/12/06 21:41:44.0092 AgereSoftModem (35c391e40471a0b479328fc7b1b5f40f) C:\WINDA\system32\DRIVERS\AGRSM.sys
2010/12/06 21:41:44.0264 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDA\system32\DRIVERS\asyncmac.sys
2010/12/06 21:41:44.0280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDA\system32\DRIVERS\atapi.sys
2010/12/06 21:41:44.0420 ati2mtag (c0b86ecb324e50f6bbd529f9d5c6b24b) C:\WINDA\system32\DRIVERS\ati2mtag.sys
2010/12/06 21:41:44.0561 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDA\system32\DRIVERS\atksgt.sys
2010/12/06 21:41:44.0608 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDA\system32\DRIVERS\atmarpc.sys
2010/12/06 21:41:44.0670 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDA\system32\DRIVERS\audstub.sys
2010/12/06 21:41:44.0702 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDA\system32\drivers\Beep.sys
2010/12/06 21:41:44.0858 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDA\system32\drivers\cbidf2k.sys
2010/12/06 21:41:44.0874 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDA\system32\DRIVERS\CCDECODE.sys
2010/12/06 21:41:44.0905 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDA\system32\drivers\Cdaudio.sys
2010/12/06 21:41:44.0920 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDA\system32\drivers\Cdfs.sys
2010/12/06 21:41:44.0952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDA\system32\DRIVERS\cdrom.sys
2010/12/06 21:41:45.0061 DgiVecp (7f19dba1a467b838ccb23124a2c55568) C:\WINDA\system32\Drivers\DgiVecp.sys
2010/12/06 21:41:45.0108 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDA\system32\DRIVERS\disk.sys
2010/12/06 21:41:45.0155 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDA\system32\drivers\dmboot.sys
2010/12/06 21:41:45.0202 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDA\system32\drivers\dmio.sys
2010/12/06 21:41:45.0217 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDA\system32\drivers\dmload.sys
2010/12/06 21:41:45.0249 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDA\system32\drivers\DMusic.sys
2010/12/06 21:41:45.0280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDA\system32\drivers\drmkaud.sys
2010/12/06 21:41:45.0311 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDA\system32\drivers\Fastfat.sys
2010/12/06 21:41:45.0327 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDA\system32\DRIVERS\fdc.sys
2010/12/06 21:41:45.0342 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDA\system32\drivers\Fips.sys
2010/12/06 21:41:45.0358 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDA\system32\DRIVERS\flpydisk.sys
2010/12/06 21:41:45.0374 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDA\system32\drivers\fltmgr.sys
2010/12/06 21:41:45.0389 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDA\system32\drivers\Fs_Rec.sys
2010/12/06 21:41:45.0405 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDA\system32\DRIVERS\ftdisk.sys
2010/12/06 21:41:45.0452 gdrv (54789f9ba0d59072cdd4e7c200e122c4) C:\WINDA\gdrv.sys
2010/12/06 21:41:46.0889 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDA\system32\Drivers\GEARAspiWDM.sys
2010/12/06 21:41:46.0952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDA\system32\DRIVERS\msgpc.sys
2010/12/06 21:41:47.0014 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDA\system32\DRIVERS\HDAudBus.sys
2010/12/06 21:41:47.0045 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDA\system32\DRIVERS\hidusb.sys
2010/12/06 21:41:47.0124 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDA\system32\Drivers\HTTP.sys
2010/12/06 21:41:47.0170 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDA\system32\drivers\i8042prt.sys
2010/12/06 21:41:47.0202 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDA\system32\DRIVERS\imapi.sys
2010/12/06 21:41:47.0374 IntcAzAudAddService (83cc5fecfc2f91f91d9f7b019b8b9ce8) C:\WINDA\system32\drivers\RtkHDAud.sys
2010/12/06 21:41:47.0483 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDA\system32\DRIVERS\intelppm.sys
2010/12/06 21:41:47.0514 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDA\system32\drivers\ip6fw.sys
2010/12/06 21:41:47.0561 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDA\system32\DRIVERS\ipfltdrv.sys
2010/12/06 21:41:47.0577 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDA\system32\DRIVERS\ipinip.sys
2010/12/06 21:41:47.0608 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDA\system32\DRIVERS\ipnat.sys
2010/12/06 21:41:47.0624 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDA\system32\DRIVERS\ipsec.sys
2010/12/06 21:41:47.0655 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDA\system32\DRIVERS\irenum.sys
2010/12/06 21:41:47.0670 Suspicious service (NoAccess): irwaa
2010/12/06 21:41:47.0717 irwaa (170396510946f57ac895aaa2888a287c) C:\WINDA\system32\drivers\irwaa.sys
2010/12/06 21:41:47.0717 Suspicious file (NoAccess): C:\WINDA\system32\drivers\irwaa.sys. md5: 170396510946f57ac895aaa2888a287c
2010/12/06 21:41:47.0717 irwaa - detected Locked service (1)
2010/12/06 21:41:47.0764 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDA\system32\DRIVERS\isapnp.sys
2010/12/06 21:41:47.0780 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\WINDA\system32\DRIVERS\JGOGO.sys
2010/12/06 21:41:47.0795 JRAID (44b2aa8d7c28608e29eae6ddc64da7cd) C:\WINDA\system32\DRIVERS\jraid.sys
2010/12/06 21:41:47.0811 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDA\system32\DRIVERS\kbdclass.sys
2010/12/06 21:41:47.0827 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDA\system32\DRIVERS\kbdhid.sys
2010/12/06 21:41:47.0858 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDA\system32\drivers\kmixer.sys
2010/12/06 21:41:47.0874 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDA\system32\drivers\KSecDD.sys
2010/12/06 21:41:47.0967 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDA\system32\DRIVERS\lirsgt.sys
2010/12/06 21:41:48.0045 LVcKap (140fba3c639cf44648674cd11f697f37) C:\WINDA\system32\DRIVERS\LVcKap.sys
2010/12/06 21:41:48.0170 LVMVDrv (f52f3e700910518e3eb7a8b493ba2086) C:\WINDA\system32\DRIVERS\LVMVDrv.sys
2010/12/06 21:41:48.0233 LVPr2Mon (fbb46bc3cd3c7ff063178bf8e8bc7c67) C:\WINDA\system32\drivers\LVPr2Mon.sys
2010/12/06 21:41:48.0264 LVUSBSta (f7e15f2fe7790733df86e95a76556389) C:\WINDA\system32\drivers\LVUSBSta.sys
2010/12/06 21:41:48.0311 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDA\system32\drivers\mnmdd.sys
2010/12/06 21:41:48.0327 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDA\system32\drivers\Modem.sys
2010/12/06 21:41:48.0358 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDA\system32\DRIVERS\mouclass.sys
2010/12/06 21:41:48.0374 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDA\system32\DRIVERS\mouhid.sys
2010/12/06 21:41:48.0389 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDA\system32\drivers\MountMgr.sys
2010/12/06 21:41:48.0436 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDA\system32\DRIVERS\mrxdav.sys
2010/12/06 21:41:48.0499 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDA\system32\DRIVERS\mrxsmb.sys
2010/12/06 21:41:48.0530 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDA\system32\drivers\Msfs.sys
2010/12/06 21:41:48.0561 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDA\system32\drivers\MSKSSRV.sys
2010/12/06 21:41:48.0592 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDA\system32\drivers\MSPCLOCK.sys
2010/12/06 21:41:48.0608 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDA\system32\drivers\MSPQM.sys
2010/12/06 21:41:48.0624 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDA\system32\DRIVERS\mssmbios.sys
2010/12/06 21:41:48.0639 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDA\system32\drivers\MSTEE.sys
2010/12/06 21:41:48.0655 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDA\system32\drivers\Mup.sys
2010/12/06 21:41:48.0686 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDA\system32\DRIVERS\NABTSFEC.sys
2010/12/06 21:41:48.0717 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDA\system32\drivers\NDIS.sys
2010/12/06 21:41:48.0733 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDA\system32\DRIVERS\NdisIP.sys
2010/12/06 21:41:48.0749 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDA\system32\DRIVERS\ndistapi.sys
2010/12/06 21:41:48.0780 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDA\system32\DRIVERS\ndisuio.sys
2010/12/06 21:41:48.0795 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDA\system32\DRIVERS\ndiswan.sys
2010/12/06 21:41:48.0811 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDA\system32\drivers\NDProxy.sys
2010/12/06 21:41:48.0827 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDA\system32\DRIVERS\netbios.sys
2010/12/06 21:41:48.0858 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDA\system32\DRIVERS\netbt.sys
2010/12/06 21:41:48.0889 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDA\system32\drivers\Npfs.sys
2010/12/06 21:41:48.0936 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDA\system32\drivers\Ntfs.sys
2010/12/06 21:41:48.0999 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDA\system32\drivers\Null.sys
2010/12/06 21:41:49.0045 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDA\system32\DRIVERS\nwlnkflt.sys
2010/12/06 21:41:49.0061 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDA\system32\DRIVERS\nwlnkfwd.sys
2010/12/06 21:41:49.0092 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDA\system32\DRIVERS\parport.sys
2010/12/06 21:41:49.0124 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDA\system32\drivers\PartMgr.sys
2010/12/06 21:41:49.0155 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDA\system32\drivers\ParVdm.sys
2010/12/06 21:41:49.0170 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDA\system32\DRIVERS\pci.sys
2010/12/06 21:41:49.0217 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDA\system32\DRIVERS\pciide.sys
2010/12/06 21:41:49.0264 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDA\system32\drivers\Pcmcia.sys
2010/12/06 21:41:49.0374 pepifilter (d30eda6e1ab3c8c82f2ca085ab79040a) C:\WINDA\system32\DRIVERS\lv302af.sys
2010/12/06 21:41:49.0467 PID_08A0 (6b310de726e1a0defd66718a7f79b5d2) C:\WINDA\system32\DRIVERS\LV302AV.SYS
2010/12/06 21:41:49.0545 PID_PEPI (0da6c5e0c8da6cebe52daacfe7ae9de6) C:\WINDA\system32\DRIVERS\LV302V32.SYS
2010/12/06 21:41:49.0639 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDA\system32\DRIVERS\raspptp.sys
2010/12/06 21:41:49.0655 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDA\system32\DRIVERS\psched.sys
2010/12/06 21:41:49.0686 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDA\system32\DRIVERS\ptilink.sys
2010/12/06 21:41:49.0764 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDA\system32\DRIVERS\rasacd.sys
2010/12/06 21:41:49.0827 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDA\system32\DRIVERS\rasl2tp.sys
2010/12/06 21:41:49.0842 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDA\system32\DRIVERS\raspppoe.sys
2010/12/06 21:41:49.0858 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDA\system32\DRIVERS\raspti.sys
2010/12/06 21:41:49.0920 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDA\system32\DRIVERS\rdbss.sys
2010/12/06 21:41:49.0967 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDA\system32\DRIVERS\RDPCDD.sys
2010/12/06 21:41:49.0999 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDA\system32\DRIVERS\rdpdr.sys
2010/12/06 21:41:50.0061 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDA\system32\drivers\RDPWD.sys
2010/12/06 21:41:50.0124 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDA\system32\DRIVERS\redbook.sys
2010/12/06 21:41:50.0155 RTLE8023xp (098de621085d7f922871a99b0ec7ddd6) C:\WINDA\system32\DRIVERS\Rtenicxp.sys
2010/12/06 21:41:50.0233 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/12/06 21:41:50.0249 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/12/06 21:41:50.0295 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDA\system32\DRIVERS\secdrv.sys
2010/12/06 21:41:50.0327 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDA\system32\DRIVERS\serenum.sys
2010/12/06 21:41:50.0342 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDA\system32\DRIVERS\serial.sys
2010/12/06 21:41:50.0389 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDA\system32\drivers\Sfloppy.sys
2010/12/06 21:41:50.0436 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDA\system32\DRIVERS\SLIP.sys
2010/12/06 21:41:50.0499 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDA\system32\drivers\splitter.sys
2010/12/06 21:41:50.0577 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDA\system32\Drivers\sptd.sys
2010/12/06 21:41:50.0577 Suspicious file (NoAccess): C:\WINDA\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/12/06 21:41:50.0577 sptd - detected Locked file (1)
2010/12/06 21:41:50.0592 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDA\system32\DRIVERS\sr.sys
2010/12/06 21:41:50.0624 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDA\system32\DRIVERS\srv.sys
2010/12/06 21:41:50.0670 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDA\system32\DRIVERS\StreamIP.sys
2010/12/06 21:41:50.0686 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDA\system32\DRIVERS\swenum.sys
2010/12/06 21:41:50.0733 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDA\system32\drivers\swmidi.sys
2010/12/06 21:41:50.0827 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDA\system32\drivers\sysaudio.sys
2010/12/06 21:41:50.0905 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDA\system32\DRIVERS\tcpip.sys
2010/12/06 21:41:50.0936 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDA\system32\drivers\TDPIPE.sys
2010/12/06 21:41:50.0983 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDA\system32\drivers\TDTCP.sys
2010/12/06 21:41:50.0999 TermDD (88155247177638048422893737429d9e) C:\WINDA\system32\DRIVERS\termdd.sys
2010/12/06 21:41:51.0061 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDA\system32\drivers\Udfs.sys
2010/12/06 21:41:51.0108 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDA\system32\DRIVERS\update.sys
2010/12/06 21:41:51.0170 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDA\system32\Drivers\usbaapl.sys
2010/12/06 21:41:51.0202 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDA\system32\drivers\usbaudio.sys
2010/12/06 21:41:51.0217 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDA\system32\DRIVERS\usbccgp.sys
2010/12/06 21:41:51.0233 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDA\system32\DRIVERS\usbehci.sys
2010/12/06 21:41:51.0249 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDA\system32\DRIVERS\usbhub.sys
2010/12/06 21:41:51.0264 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDA\system32\DRIVERS\usbprint.sys
2010/12/06 21:41:51.0280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDA\system32\DRIVERS\usbscan.sys
2010/12/06 21:41:51.0311 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDA\system32\DRIVERS\USBSTOR.SYS
2010/12/06 21:41:51.0342 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDA\system32\DRIVERS\usbuhci.sys
2010/12/06 21:41:51.0358 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDA\System32\drivers\vga.sys
2010/12/06 21:41:51.0389 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDA\system32\drivers\VolSnap.sys
2010/12/06 21:41:51.0405 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDA\system32\DRIVERS\wanarp.sys
2010/12/06 21:41:51.0452 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDA\system32\drivers\wdmaud.sys
2010/12/06 21:41:51.0499 WmBEnum (84a90f13eebf4380345ef9474d30f10e) C:\WINDA\system32\drivers\WmBEnum.sys
2010/12/06 21:41:51.0530 WmFilter (eb0034ac02a44dc784a3174d2b81e764) C:\WINDA\system32\drivers\WmFilter.sys
2010/12/06 21:41:51.0545 WmHidLo (31d2906d59f127654964be334b615720) C:\WINDA\system32\drivers\WmHidLo.sys
2010/12/06 21:41:51.0577 WmVirHid (72c4f5a748c74d8d4016ccfa7367210f) C:\WINDA\system32\drivers\WmVirHid.sys
2010/12/06 21:41:51.0592 WmXlCore (eacdcced934a185e61ce0684f71c2dec) C:\WINDA\system32\drivers\WmXlCore.sys
2010/12/06 21:41:51.0639 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDA\system32\DRIVERS\wpdusb.sys
2010/12/06 21:41:51.0686 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDA\system32\DRIVERS\WSTCODEC.SYS
2010/12/06 21:41:51.0717 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDA\system32\DRIVERS\WudfPf.sys
2010/12/06 21:41:51.0749 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDA\system32\DRIVERS\wudfrd.sys
2010/12/06 21:41:52.0155 ================================================================================
2010/12/06 21:41:52.0155 Scan finished
2010/12/06 21:41:52.0155 ================================================================================
2010/12/06 21:41:52.0170 Detected object count: 2
2010/12/06 21:42:05.0420 Locked service(irwaa) - User select action: Skip
2010/12/06 21:42:05.0420 Locked file(sptd) - User select action: Skip

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by badseed84 on Mon Dec 06, 2010 10:45 am

i pressed kip as the default shall i press delete once the scan is finished?

badseed84
Novice
Novice

Posts Posts : 16
Joined Joined : 2010-10-23
OS OS : windows xp sp3
Points Points : 22578
# Likes # Likes : 0

View user profile

Back to top Go down

Re: think point aftermath

Post by Sneakyone on Tue Dec 07, 2010 4:08 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    File::
    c:\winda\system32\drivers\ouampou.sys
    C:\cleanup.bat
    c:\winda\Ibizus.bin

    Folder::
    C:\3528a25f840bb5aa6ae2cb371b6f
    c:\documents and settings\daniel.HOMW-20FD2517C1\Local Settings\Application Data\{25897A17-9C8F-4DAF-AD1B-914FB1C53D7B}
    c:\documents and settings\daniel.HOMW-20FD2517C1\Application Data\935109F2C03AE81B78BC7B2534DDB2B8

    Rootkit::
    c:\winda\system32\drivers\irwaa.sys

    Driver::
    irwaa

    Registry::
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\irwaa]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


I'm livin' life in the fast lane.

Sneakyone
Master
Master

Posts Posts : 2707
Joined Joined : 2010-01-10
Gender Gender : Male
OS OS : Windows 7 Ultimate 64-bit
Protection Protection : Avast, Comodo Firewall, and Malwarebytes' Anti-Malware
Points Points : 56074
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum