Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected with something?


  • This topic is locked This topic is locked
6 replies to this topic

#1 DonutUK

DonutUK

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 February 2009 - 06:16 PM

Has Kaspersky installed, which detected a Trojan (Win32 something) and "fixed" it. Since then had a couple of random Blue Screens for "Page_Unpaged" fault. Then yesterday morning computer would boot up so far, would load Windows, but then when it came to load Kaspersky (at least i think) it just Blue screened, 3 times in a row. Booted in Safe mode, disabled Kaspersky, and it worked fine. Have now uninstalled Kaspersky and gone to Avira and no more problems.
Just a bit concerned in case anything else is lurking.

DDS LOG:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Phil at 21:25:46.81 on 15/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.898 [GMT 0:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
FW: COMODO Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\BandwidthMonitor\BWMonitor.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Dell Support Center\gs_agent\dsc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Startup Faster\sfAgent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Phil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\Documents and Settings\Phil\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070912
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 83.105.26.98:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\windows\system32\twext.exe
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Ask Search Assistant BHO: {0579b4b1-0293-4d73-b02d-5ebb0ba0f0a2} - c:\program files\asksbar\srchastt\1.bin\A2SRCHAS.DLL
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: Ask Toolbar BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Ask Toolbar: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\asksbar\bar\1.bin\ASKSBAR.DLL
TB: {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
mRun: [StartupFaster] "c:\program files\startup faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
StartupFolder: c:\docume~1\phil\startm~1\programs\startup\startu~1\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\phil\startm~1\programs\startup\startu~1\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\documents and settings\phil\start menu\programs\startup\startupfaster\StartupFaster.ini
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\post-i~1.lnk - c:\program files\3m\pdnotes\PDNotes.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\startupfaster\StartupFaster.ini
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-system: Email Killer = 1 (0x1)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.euro.dell.com/systemprofiler/SysPro.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.shockwave.com/content/bookwormadventures/sis/popcaploader_v10_en.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - c:\program files\tiscali\tiscali internet\dlls\tiscalifilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\phil\applic~1\mozilla\firefox\profiles\i93khk08.default\
FF - prefs.js: browser.search.defaulturl - hxxp://uk.search.yahoo.com/search/?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search/?fr=ffds1&p=
FF - component: c:\documents and settings\phil\application data\idm\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\phil\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\gobit games\browserplugin\npgobitgamesplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgobitgamesplugin.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlc\npvlc.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: general.useragent.extra.zencast -
============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-2-15 11840]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-15 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-15 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-21 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-21 51440]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-2-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-2-15 151297]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-2-15 700152]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-2-15 52032]
R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\drivers\MovRVDrv32.sys [2009-1-24 2688]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S1 NDISRD;NDISRD;\??\c:\windows\system32\drivers\ndisrd.sys --> c:\windows\system32\drivers\NDISRD.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\documents and settings\phil\my documents\downloads\compressed\e-ultimate450__psp786\everestultimate450\kerneld.wnt --> c:\documents and settings\phil\my documents\downloads\compressed\e-ultimate450__psp786\everestultimate450\kerneld.wnt [?]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2007-11-28 141056]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2008-5-27 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2008-5-27 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2008-5-27 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2008-5-27 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2008-5-27 98568]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-1-15 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-1-15 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-1-15 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-1-15 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-1-15 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-1-15 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-1-15 97704]
S3 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [2009-1-24 184320]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-02-15 12:23 155,384 a------- c:\windows\system32\guard32.dll
2009-02-15 12:23 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-02-15 12:23 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-02-15 12:19 <DIR> --d----- c:\program files\CCleaner
2009-02-15 11:35 <DIR> --d----- c:\program files\Avira
2009-02-15 11:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-02-11 22:37 <DIR> --d----- c:\windows\F20A984B9B304A9EA3AC918AF0D85A48.TMP
2009-02-11 20:33 1,366 a------- c:\windows\system32\vttimer
2009-02-07 17:49 <DIR> --d----- c:\docume~1\phil\applic~1\NASA
2009-02-07 17:46 <DIR> --d----- c:\program files\NASA
2009-02-05 22:15 <DIR> --d----- C:\Casino
2009-01-31 00:50 230,424 a------- C:\img2-001.raw
2009-01-30 23:31 <DIR> --d----- c:\program files\ValuSoft
2009-01-30 20:15 <DIR> --d----- c:\program files\Training Manager 2008 Enterprise
2009-01-30 20:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TrainingManager
2009-01-29 17:18 27,902,256 a------- c:\windows\snagit.exe
2009-01-27 13:34 <DIR> --d----- c:\program files\Drug Wars
2009-01-27 13:19 <DIR> --d----- c:\program files\Drug Lord 2
2009-01-26 00:05 <DIR> --d----- c:\program files\SD EnterNET
2009-01-25 23:41 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-01-25 23:32 <DIR> --d----- c:\program files\Skype
2009-01-25 09:44 23,392 a------- c:\windows\system32\nscompat.tlb
2009-01-25 09:44 16,832 a------- c:\windows\system32\amcompat.tlb
2009-01-24 16:57 <DIR> --d----- C:\Converted
2009-01-24 16:30 184,320 a------- c:\windows\system32\snmvtsvc.exe
2009-01-24 16:30 513,152 a------- c:\windows\system32\SndTDriverV32.sys
2009-01-24 16:30 513,152 a------- c:\windows\system32\drivers\SndTDriverV32.sys
2009-01-24 16:30 9,472 a------- c:\windows\system32\MovRVDrv32.dll
2009-01-24 16:30 3,993 a------- c:\windows\system32\SndTDriverV32.inf
2009-01-24 16:30 2,688 a------- c:\windows\system32\MovRVDrv32.sys
2009-01-24 16:30 2,688 a------- c:\windows\system32\drivers\MovRVDrv32.sys
2009-01-24 16:30 2,584 a------- c:\windows\system32\MovRVDrv32.inf
2009-01-24 16:30 <DIR> --d----- c:\program files\SoundTaxi
2009-01-24 16:14 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-23 21:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-01-23 20:29 <DIR> --d----- c:\program files\common files\PCSuite
2009-01-23 20:29 <DIR> --d----- c:\program files\common files\Nokia
2009-01-23 20:29 18,816 a------- c:\windows\system32\drivers\pccsmcfd.sys
2009-01-23 20:28 <DIR> --d----- c:\program files\PC Connectivity Solution
2009-01-23 20:28 91,136 a------- c:\windows\system32\nmwcdcls.dll
2009-01-23 20:28 <DIR> --d----- c:\program files\Nokia
2009-01-17 15:50 <DIR> --d----- c:\windows\Carriers At War
2009-01-17 15:50 <DIR> --d----- C:\Matrix Games

==================== Find3M ====================

2009-02-06 20:10 2,984 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-02-06 20:10 88 ---shr-- c:\docume~1\alluse~1\applic~1\AF8EFDE784.sys
2009-01-30 23:33 36,734 a------- c:\windows\system32\OggDSuninst.exe
2009-01-27 13:57 20,480 a------- c:\windows\system32\H@tKeysH@@k.DLL
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2009-01-01 14:23 2,855 a------- c:\windows\pif\setup.PIF
2009-01-01 11:52 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-19 09:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 10:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2008-12-04 14:29 46 a------- C:\p2hhr.bat
2007-11-08 16:10 560 a------- c:\program files\Global.sw
2007-09-25 19:40 422 ac------ c:\docume~1\phil\applic~1\wklnhst.dat
2008-05-27 11:19 88 ---shr-- c:\windows\system32\EF51CBA58D.sys
2006-05-03 10:06 163,328 ---shr-- c:\windows\system32\flvDX.dll
2008-05-27 22:53 952 a--sh--- c:\windows\system32\KGyGaAvL.sys
2007-02-21 11:47 31,232 ---shr-- c:\windows\system32\msfDX.dll
2007-12-17 13:43 27,648 ---sh--- c:\windows\system32\Smab0.dll
2008-09-06 21:12 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 21:26:45.29 ===============

Attached Files


Edited by DonutUK, 15 February 2009 - 04:28 PM.


BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 26 February 2009 - 08:00 AM

Hi DonutUK,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 DonutUK

DonutUK
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 26 February 2009 - 07:11 PM

I don't think i have made any major changes apart from installing a new game (Bully from Rockstar).

I have had some intermittent blue screens with the same error, but nowhere the level of the problem when Kaspersky was installed.

Logfile of random's system information tool 1.05 (written by random/random)
Run by Phil at 2009-02-27 00:05:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 244 GB (52%) free of 474 GB
Total RAM: 2046 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:06:33, on 27/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\BandwidthMonitor\BWMonitor.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\3M\PDNotes\PDNotes.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Startup Faster\sfAgent.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Phil\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\progra~1\micros~3\office12\outlook.exe
C:\WINDOWS\System32\wudfhost.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Documents and Settings\Phil\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Phil.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070912
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=2070912
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 83.105.26.98:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\system32\twext.exe
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [StartupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
O4 - Startup: StartupFaster
O4 - Global Startup: StartupFaster
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave.com/content/burgersho...esPlayer_v4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/bookworma...ader_v10_en.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15035/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMovieServer - SoundMovieServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 15662 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2504423656-2502796315-3357643751-1006.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\SDMsgUpdate (SD).job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2007-09-28 95664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
Ask Search Assistant BHO - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [2007-09-15 66912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-01-22 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-18 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-18 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-18 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
Ask Toolbar BHO - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-09-15 267592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2006-06-09 552960]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-04-18 352256]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-18 251504]
{F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - Ask Toolbar - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2007-09-15 267592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartupFaster"=C:\Program Files\Startup Faster\startuploader.exe [2007-12-07 1631456]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
StartupFaster

C:\Documents and Settings\Phil\Start Menu\Programs\Startup
StartupFaster

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= []
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Email Killer"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\MSN Messenger\MsnMsgr .Exe"="C:\Program Files\MSN Messenger\MsnMsgr .Exe:*:Enabled:Messenger"
"C:\Documents and Settings\Phil\My Documents\Downloads\Compressed\TDU\TDU\TestDriveUnlimited.exe"="C:\Documents and Settings\Phil\My Documents\Downloads\Compressed\TDU\TDU\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:Torrent"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Documents and Settings\Phil\My Documents\Downloads\Compressed\PES2009\P9.www.arab-gb.com.By.FUA\P9.www.arab-gb.com.By.FUA\pes2009.exe"="C:\Documents and Settings\Phil\My Documents\Downloads\Compressed\PES2009\P9.www.arab-gb.com.By.FUA\P9.www.arab-gb.com.By.FUA\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty® - World at War™"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty® - World at War™"
"C:\WINDOWS\system32\winver.exe"="C:\WINDOWS\system32\winver.exe:*:Enabled:winver"
"C:\Program Files\PPStream\PPStream.exe"="C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPS"
"C:\Program Files\PPStream\PPSAP.exe"="C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS "
"C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe"="C:\Program Files\2K Games\Firaxis Games\Sid Meier's Civilization IV Colonization\Colonization.exe:*:Enabled:Sid Meier's Civilization IV Colonization"
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"="C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application"
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe"="C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
shell\AutoRun\command - P:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{35bb538c-c280-11dc-9f70-00025b00f19a}]
shell\AutoRun\command - O:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9bc2e445-6472-11dc-9ebf-00025b00f19a}]
shell\AutoRun\command - P:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver2.exe","%1"
.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 3 months======

2009-02-27 00:05:33 ----D---- C:\rsit
2009-02-25 23:05:11 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-24 20:53:41 ----RSH---- C:\WINDOWS\system32\nbDX.dll
2009-02-24 20:53:41 ----RSH---- C:\WINDOWS\system32\msfDX.dll
2009-02-24 20:53:41 ----RSH---- C:\WINDOWS\system32\flvDX.dll
2009-02-22 12:38:09 ----D---- C:\Program Files\Rockstar Games
2009-02-21 19:32:30 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2009-02-21 15:32:50 ----N---- C:\WINDOWS\system32\spmsgXP_2k3.dll
2009-02-21 15:32:40 ----HDC---- C:\WINDOWS\$NtUninstallWdf01007$
2009-02-21 15:14:40 ----D---- C:\Documents and Settings\Phil\Application Data\Nseries
2009-02-21 14:53:46 ----D---- C:\Program Files\FMA 2
2009-02-20 17:36:28 ----D---- C:\Program Files\Bigben Interactive
2009-02-16 09:29:40 ----D---- C:\Program Files\Silent Hunter 4
2009-02-15 12:23:25 ----A---- C:\WINDOWS\system32\guard32.dll
2009-02-15 12:19:58 ----D---- C:\Program Files\CCleaner
2009-02-15 11:35:18 ----D---- C:\Program Files\Avira
2009-02-15 11:35:18 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-02-14 22:57:56 ----D---- C:\Program Files\HijackThis
2009-02-12 00:30:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 22:37:23 ----D---- C:\WINDOWS\F20A984B9B304A9EA3AC918AF0D85A48.TMP
2009-02-07 17:49:45 ----D---- C:\Documents and Settings\Phil\Application Data\NASA
2009-02-07 17:46:07 ----D---- C:\Program Files\NASA
2009-02-05 22:15:12 ----D---- C:\Casino
2009-01-31 16:37:11 ----A---- C:\WINDOWS\Carriers At War Uninstall Log.txt
2009-01-30 23:31:51 ----D---- C:\Program Files\ValuSoft
2009-01-30 20:15:56 ----D---- C:\Program Files\Training Manager 2008 Enterprise
2009-01-30 20:15:56 ----D---- C:\Documents and Settings\All Users\Application Data\TrainingManager
2009-01-29 17:18:02 ----A---- C:\WINDOWS\snagit.exe
2009-01-27 13:34:19 ----D---- C:\Program Files\Drug Wars
2009-01-27 13:19:49 ----D---- C:\Program Files\Drug Lord 2
2009-01-26 00:05:17 ----D---- C:\Program Files\SD EnterNET
2009-01-25 23:41:50 ----D---- C:\Documents and Settings\Phil\Application Data\skypePM
2009-01-25 23:32:31 ----D---- C:\Documents and Settings\Phil\Application Data\Skype
2009-01-25 23:32:07 ----D---- C:\Program Files\Skype
2009-01-25 23:32:06 ----D---- C:\Program Files\Common Files\Skype
2009-01-25 23:31:44 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-01-25 01:54:51 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-25 01:50:44 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-25 01:50:17 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-24 16:57:55 ----D---- C:\Converted
2009-01-24 16:30:26 ----A---- C:\WINDOWS\system32\snmvtsvc.exe
2009-01-24 16:30:25 ----A---- C:\WINDOWS\system32\MovRVDrv32.dll
2009-01-24 16:30:23 ----D---- C:\Program Files\SoundTaxi
2009-01-24 16:15:11 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-24 16:15:10 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-24 16:14:01 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-24 16:13:52 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-23 22:13:42 ----A---- C:\WINDOWS\ModemLog_Nokia 3109 classic Bluetooth Modem.txt
2009-01-23 21:51:23 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-23 20:36:35 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$
2009-01-23 20:31:57 ----D---- C:\Documents and Settings\Phil\Application Data\PC Suite
2009-01-23 20:31:54 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite
2009-01-23 20:31:53 ----D---- C:\Documents and Settings\Phil\Application Data\Nokia
2009-01-23 20:29:25 ----D---- C:\Program Files\Common Files\PCSuite
2009-01-23 20:29:19 ----D---- C:\Program Files\Common Files\Nokia
2009-01-23 20:28:42 ----D---- C:\Program Files\PC Connectivity Solution
2009-01-23 20:28:31 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-01-23 20:28:31 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-01-23 20:28:23 ----A---- C:\WINDOWS\system32\nmwcdcls.dll
2009-01-23 20:28:14 ----D---- C:\Program Files\Nokia
2009-01-23 20:26:57 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-01-17 15:50:05 ----D---- C:\WINDOWS\Carriers At War
2009-01-17 15:50:05 ----D---- C:\Matrix Games
2009-01-17 15:49:41 ----A---- C:\WINDOWS\Carriers At War Setup Log.txt
2009-01-17 09:29:53 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-01-07 19:52:58 ----D---- C:\Program Files\UltimateBet
2009-01-02 11:20:18 ----D---- C:\Documents and Settings\All Users\Application Data\Fallout3
2009-01-02 11:20:15 ----D---- C:\Program Files\Bethesda Softworks
2009-01-02 11:17:23 ----D---- C:\WINDOWS\system32\xlive
2009-01-01 15:44:50 ----D---- C:\Program Files\2K Games
2009-01-01 14:28:29 ----D---- C:\Program Files\CureROM
2009-01-01 14:25:03 ----D---- C:\Fallout
2009-01-01 12:03:55 ----D---- C:\Documents and Settings\Phil\Application Data\DAEMON Tools
2009-01-01 12:03:08 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2009-01-01 11:59:12 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-01-01 11:57:55 ----D---- C:\Program Files\DAEMON Tools Lite
2009-01-01 11:52:01 ----D---- C:\Documents and Settings\Phil\Application Data\DAEMON Tools Lite
2008-12-31 15:45:53 ----D---- C:\Documents and Settings\Phil\Application Data\DAEMON Tools Pro
2008-12-31 15:45:44 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2008-12-31 15:44:14 ----D---- C:\Program Files\DAEMON Tools Pro
2008-12-30 12:49:56 ----A---- C:\WINDOWS\system32\XAudio2_2.dll
2008-12-30 12:49:56 ----A---- C:\WINDOWS\system32\XAPOFX1_1.dll
2008-12-30 12:49:56 ----A---- C:\WINDOWS\system32\xactengine3_2.dll
2008-12-30 12:49:55 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2008-12-30 12:49:55 ----A---- C:\WINDOWS\system32\d3dx10_39.dll
2008-12-30 12:49:55 ----A---- C:\WINDOWS\system32\D3DCompiler_39.dll
2008-12-28 16:24:41 ----D---- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-12-28 15:18:12 ----A---- C:\WINDOWS\Powerplayer.ini
2008-12-28 15:16:38 ----A---- C:\WINDOWS\msgtn.ini
2008-12-28 15:15:56 ----D---- C:\Documents and Settings\Phil\Application Data\ppstream
2008-12-28 15:15:56 ----A---- C:\WINDOWS\psnetwork.ini
2008-12-28 15:15:42 ----D---- C:\Program Files\PPStream
2008-12-27 15:02:31 ----D---- C:\Documents and Settings\Phil\Application Data\Ludia
2008-12-27 15:02:31 ----D---- C:\Documents and Settings\All Users\Application Data\Ludia
2008-12-26 17:02:14 ----A---- C:\WINDOWS\system32\msvcr71d.dll
2008-12-26 17:02:14 ----A---- C:\WINDOWS\system32\msvcp71d.dll
2008-12-23 18:36:34 ----D---- C:\Program Files\Groove Games
2008-12-22 13:22:32 ----D---- C:\Documents and Settings\Phil\Application Data\ValuSoft
2008-12-22 13:19:30 ----D---- C:\Program Files\Prison Tycoon 4
2008-12-19 16:49:15 ----D---- C:\Documents and Settings\Phil\Application Data\Unity
2008-12-19 16:36:06 ----D---- C:\Program Files\Unity
2008-12-17 17:15:28 ----D---- C:\Program Files\Microsoft Games
2008-12-15 15:04:23 ----D---- C:\Program Files\ColinMcrae 4
2008-12-12 17:24:22 ----D---- C:\Program Files\Virtual Sailor
2008-12-12 00:37:51 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-12 00:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-12 00:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 00:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-10 22:16:12 ----D---- C:\Program Files\Gutterball 2
2008-12-07 13:29:51 ----D---- C:\WINDOWS\system32\EWS
2008-12-07 13:29:16 ----D---- C:\Program Files\Radar Screensaver
2008-12-07 10:19:51 ----D---- C:\Program Files\FarsightCalc
2008-12-04 14:29:12 ----A---- C:\p2hhr.bat
2008-12-04 14:23:05 ----D---- C:\Documents and Settings\Phil\Application Data\Gamelab
2008-12-04 14:18:54 ----D---- C:\Program Files\Games
2008-12-04 12:57:01 ----D---- C:\Program Files\JFK Reloaded
2008-11-30 19:13:13 ----D---- C:\WINDOWS\system32\embedded
2008-11-30 19:13:13 ----D---- C:\Program Files\Real Bowling
2008-11-29 16:12:55 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2008-11-29 16:12:16 ----D---- C:\Program Files\WorldOfGoo

======List of files/folders modified in the last 3 months======

2024-03-21 12:44:18 ----AC---- C:\WINDOWS\UNINST16.EXE
2009-02-27 00:06:34 ----D---- C:\WINDOWS\Temp
2009-02-27 00:06:33 ----D---- C:\Program Files\Trend Micro
2009-02-27 00:00:00 ----A---- C:\Documents and Settings\Phil\Application Data\alarms.ini
2009-02-26 18:10:29 ----D---- C:\Program Files\Mozilla Firefox
2009-02-26 17:50:51 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-26 17:48:54 ----D---- C:\Documents and Settings\Phil\Application Data\DMCache
2009-02-26 17:47:10 ----D---- C:\WINDOWS
2009-02-26 17:43:42 ----A---- C:\Documents and Settings\Phil\Application Data\AtomicAlarmClock.ini
2009-02-26 17:43:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-26 17:42:23 ----A---- C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link #5.txt
2009-02-26 17:42:18 ----A---- C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link #4.txt
2009-02-26 17:42:13 ----A---- C:\WINDOWS\ModemLog_Standard Modem over Bluetooth link #3.txt
2009-02-26 17:40:36 ----D---- C:\WINDOWS\system32
2009-02-25 23:05:37 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-25 23:05:26 ----HD---- C:\WINDOWS\inf
2009-02-25 23:05:16 ----SHD---- C:\WINDOWS\system32\dllcache
2009-02-25 14:20:58 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-24 20:54:32 ----RSD---- C:\WINDOWS\Fonts
2009-02-23 22:39:55 ----D---- C:\WINDOWS\Minidump
2009-02-22 12:45:17 ----SHD---- C:\WINDOWS\Installer
2009-02-22 12:45:17 ----SHD---- C:\Config.Msi
2009-02-22 12:45:17 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 12:38:09 ----D---- C:\Program Files
2009-02-22 12:37:33 ----RSD---- C:\WINDOWS\assembly
2009-02-22 12:37:09 ----D---- C:\WINDOWS\system32\DirectX
2009-02-22 12:23:37 ----A---- C:\WINDOWS\ntbtlog.txt
2009-02-22 12:10:10 ----A---- C:\WINDOWS\system.ini
2009-02-22 10:21:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-21 19:40:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-02-21 15:33:07 ----D---- C:\WINDOWS\system32\drivers
2009-02-21 15:33:03 ----A---- C:\WINDOWS\imsins.BAK
2009-02-21 14:56:34 ----D---- C:\WINDOWS\Help
2009-02-17 09:35:25 ----D---- C:\WINDOWS\system32\en-US
2009-02-17 09:35:24 ----D---- C:\Program Files\Windows Desktop Search
2009-02-17 00:08:32 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-02-15 16:13:04 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2009-02-15 16:11:06 ----D---- C:\Program Files\Tall Emu
2009-02-15 12:23:20 ----D---- C:\Program Files\Comodo
2009-02-15 10:37:53 ----D---- C:\Program Files\SUPERAntiSpyware
2009-02-13 23:40:18 ----D---- C:\MDT
2009-02-12 08:28:18 ----SD---- C:\WINDOWS\Tasks
2009-02-12 00:31:44 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-12 00:31:10 ----AC---- C:\WINDOWS\vbaddin.ini
2009-02-12 00:29:36 ----D---- C:\Program Files\Internet Explorer
2009-02-11 22:38:32 ----D---- C:\WINDOWS\system32\config
2009-02-11 22:37:47 ----D---- C:\WINDOWS\system32\wbem
2009-02-11 22:37:47 ----D---- C:\WINDOWS\Registration
2009-02-11 20:38:28 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-07 14:16:25 ----D---- C:\Program Files\BandwidthMonitor
2009-02-03 23:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-03 23:10:55 ----D---- C:\Documents and Settings\Phil\Application Data\EssentialPIM Pro
2009-01-31 16:52:54 ----D---- C:\Program Files\LeeGTs Games
2009-01-31 11:39:28 ----D---- C:\vBulletin
2009-01-30 23:33:30 ----A---- C:\WINDOWS\system32\OggDSuninst.exe
2009-01-28 20:53:41 ----D---- C:\WINDOWS\Microsoft.NET
2009-01-28 01:32:01 ----A---- C:\WINDOWS\win.ini
2009-01-28 01:30:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-01-28 01:29:49 ----D---- C:\WINDOWS\pchealth
2009-01-27 13:57:33 ----A---- C:\WINDOWS\system32\H@tKeysH@@k.DLL
2009-01-25 23:32:06 ----D---- C:\Program Files\Common Files
2009-01-25 09:42:28 ----D---- C:\Program Files\Windows Media Player
2009-01-24 16:33:09 ----D---- C:\WINDOWS\Debug
2009-01-24 09:03:30 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 115 USB WMC Modem.txt
2009-01-24 09:03:30 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 115 USB WMC Data Modem.txt
2009-01-23 20:31:40 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-01-23 20:29:05 ----D---- C:\Program Files\DIFX
2009-01-19 00:56:40 ----D---- C:\Program Files\QuickTime
2009-01-19 00:41:30 ----D---- C:\Program Files\Internet Download Manager
2009-01-18 19:04:17 ----D---- C:\Program Files\Google
2009-01-18 19:03:49 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-01 14:23:42 ----HD---- C:\WINDOWS\PIF
2009-01-01 12:13:23 ----A---- C:\WINDOWS\system32\BASSMOD.dll
2009-01-01 11:51:35 ----D---- C:\Program Files\DAEMON Tools
2008-12-26 15:00:27 ----D---- C:\Program Files\Ubisoft
2008-12-20 23:15:41 ----A---- C:\WINDOWS\system32\wininet.dll
2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\webcheck.dll
2008-12-20 23:15:40 ----A---- C:\WINDOWS\system32\urlmon.dll
2008-12-20 23:15:39 ----A---- C:\WINDOWS\system32\url.dll
2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\pngfilt.dll
2008-12-20 23:15:38 ----A---- C:\WINDOWS\system32\occache.dll
2008-12-20 23:15:32 ----A---- C:\WINDOWS\system32\mstime.dll
2008-12-20 23:15:31 ----A---- C:\WINDOWS\system32\msrating.dll
2008-12-20 23:15:30 ----A---- C:\WINDOWS\system32\mshtmled.dll
2008-12-20 23:15:24 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\msfeeds.dll
2008-12-20 23:15:23 ----A---- C:\WINDOWS\system32\jsproxy.dll
2008-12-20 23:15:22 ----A---- C:\WINDOWS\system32\iertutil.dll
2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\iernonce.dll
2008-12-20 23:15:21 ----A---- C:\WINDOWS\system32\ieframe.dll
2008-12-20 23:15:16 ----A---- C:\WINDOWS\system32\iedkcs32.dll
2008-12-20 23:15:15 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieaksie.dll
2008-12-20 23:15:14 ----A---- C:\WINDOWS\system32\ieakeng.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\icardie.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\extmgr.dll
2008-12-20 23:15:13 ----A---- C:\WINDOWS\system32\dxtrans.dll
2008-12-20 23:15:12 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2008-12-20 23:15:11 ----A---- C:\WINDOWS\system32\advpack.dll
2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ieudinit.exe
2008-12-19 09:10:15 ----A---- C:\WINDOWS\system32\ie4uinit.exe
2008-12-19 05:23:56 ----A---- C:\WINDOWS\system32\ieakui.dll
2008-12-16 17:01:55 ----D---- C:\Program Files\PopCap Games
2008-12-13 23:44:24 ----D---- C:\Program Files\Code Red
2008-12-13 16:08:44 ----D---- C:\Program Files\3IABWL
2008-12-12 17:32:32 ----D---- C:\games
2008-12-12 17:29:57 ----D---- C:\WINDOWS\Lhsp
2008-12-12 00:37:06 ----D---- C:\WINDOWS\ie7updates
2008-12-09 15:55:30 ----A---- C:\WINDOWS\MaterialsDlg.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-02-22 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-02-15 24336]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2006-08-11 12920]
R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2006-08-11 28184]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\DLA\DLABMFSM.SYS [2006-08-18 35096]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2006-08-18 32472]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\DLA\DLADResM.SYS [2006-08-18 9400]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2006-08-18 104472]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2006-08-18 26008]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2006-08-18 14520]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2006-08-18 97848]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2006-08-18 94648]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2006-08-11 51768]
R2 dsunidrv;DellSupport UniDriver; C:\WINDOWS\system32\DRIVERS\dsunidrv.sys [2007-02-25 5376]
R2 pnarp;Pure Networks Device Discovery Driver; C:\WINDOWS\system32\DRIVERS\pnarp.sys [2008-05-16 23992]
R2 purendis;Pure Networks Wireless Driver; C:\WINDOWS\system32\DRIVERS\purendis.sys [2008-05-16 25272]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
R3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-06-26 254872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidBth;Microsoft Bluetooth HID Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2008-04-13 25600]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-13 4403712]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 MovRVDrv32;MovRVDrv32; C:\WINDOWS\system32\DRIVERS\MovRVDrv32.sys [2007-10-09 2688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-10-04 6854464]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 SndTDriverV32;SndTDriverV32; C:\WINDOWS\system32\drivers\SndTDriverV32.sys [2007-10-09 513152]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
R3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S1 NDISRD;NDISRD; \??\C:\WINDOWS\system32\drivers\NDISRD.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 a6ow30v9;a6ow30v9; C:\WINDOWS\system32\drivers\a6ow30v9.sys []
S3 aqfhsyjh;aqfhsyjh; C:\WINDOWS\system32\drivers\aqfhsyjh.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 awjyzc67;awjyzc67; C:\WINDOWS\system32\drivers\awjyzc67.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSproct;DSproct; \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys []
S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Documents and Settings\Phil\My Documents\Downloads\Compressed\E-ultimate450__psp786\everestultimate450\kerneld.wnt []
S3 ICAM3NT5;Intel USB Video Camera III; C:\WINDOWS\System32\Drivers\Icam3.sys [2001-08-17 141056]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 s816bus;Sony Ericsson Device 816 driver (WDM); C:\WINDOWS\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS); C:\WINDOWS\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM); C:\WINDOWS\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-03-27 10252544]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe [2009-02-15 700152]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288]
R2 nmservice;Pure Networks Platform Service; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [2008-05-16 648504]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-10-04 155716]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 PSI_SVC_2;Protexis Licensing V2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-02-13 202544]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-04-19 658432]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 DSBrokerService;DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [2007-03-19 70656]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-18 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248]
S3 nmraapache;Pure Networks Net2Go Service; C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe [2008-05-21 12800]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 SoundMovieServer;SoundMovieServer; C:\WINDOWS\system32\snmvtsvc.exe [2007-10-09 184320]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 27 February 2009 - 05:35 AM

Hi again,

Note 1:
One or more of the identified infections is a backdoor trojan.

A backdoor Trojan can allow an attacker to gain control of the system, log keystrokes, steal passwords, access personal data, send malevolent outgoing traffic, and close the security warning messages displayed by some anti-virus and security programs.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the Operating System. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still try to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Note 2:
Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Note 3:
Before we proceed I need to clear something. It seems this is not a home computer:

* There is a proxy setting: 83.105.26.98:8080. Then the setting is disabled and let to be overridden. This might be because the computer is used both at office and at home. But for me it is difficult to know who has disabled the setting, the user or the malware.
* Most of the tools we use need administrator's privileges to be able to remove the infection.
* On work computers there are usually restrictions set by an administrators and sometime they are hard to distinguish from the restrictions set by the malware.
So knowing all that, either the computer should be cleaned by your IT workers, or you should should have administrative privileges to be able to clean the computer and should provide sufficient information on the above settings so that I can not only clean the computer but also remove the restrictions set by the malware without doing any harm to the settings added by the administrators or the script run by default.


Knowing all that if you decide to go please please proceed with the following steps.

Removal Instructions
  • Empty uTorrent download folder. They might contain infected files. Please avoid using these p2p applications or uninstall them. Using these applications at this stage might lead to reinfection or infecting other users.

  • I see on the log the DAEMON Tools Toolbar is installed on your computer:
    This program is known to be bundled with spyware. You may read more about it here:
    http://vil.mcafeesecurity.com/vil/content/v_133312.htm

    To uninstall DAEMON Tools Toolbar:
    Click "start" on the taskbar and then click on the "Control Panel" icon.
    Please doubleclick the "Add or Remove Programs" icon.
    A list of programs installed will be "populated" this may take a bit of time.
    If they exist, uninstall the following by clicking on the following entries and selecting "remove":

    DAEMON Tools Toolbar

    Also remove the folder in bold: C:\Program Files\DAEMON Tools Toolbar

  • I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    To uninstall Ask Toolbar go to "Add or Remove Programs" and remove the following application:

    Ask Toolbar

    Also remove the folder in bold: C:\Program Files\AskSBar

  • Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

    Please download SDFix by AndyManchesta and save it to your desktop.
    When using this tool, you must use the Administrator's account or an account with "Administrative rights"
    • Double click SDFix.exe and it will extract the files to %systemdrive%
    • (this is the drive that contains the Windows Directory, typically C:\SDFix).
    • DO NOT use it just yet.
    Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

    Open the SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
    • Copy and paste the contents of the results file Report.txt in your next reply.
  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Your Haijakthis version is outdated. Uninstall HijackThis 1.99.1
    You don't need to install a Hijackthis as RSIT has already downloaded one.
    Run Hijackthis. If you don't know how go to start > Run and copy and paste the following and click OK:

    "C:\Program Files\trend micro\Phil.exe"

    Click "Do a system scan and safe a logfile". Post the content of the log.

Please include in your next reply:
  • The SDFix log.
  • The log of MBAM.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 05 March 2009 - 02:24 PM

This thread will now be closed due to lack of activity.

If you should have a new issue, please start a new topic.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 05 March 2009 - 06:11 PM

Topic reopened as requested.

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:55 AM

Posted 20 March 2009 - 12:28 PM

Seems there is no time left in your life to clean this computer.

Sorry, I couldn't keep this open any more, it adds an unpredictable variable to my time management.

If you still needed assistance please don't send me a PM and open a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users