Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Odd problems during startup


  • This topic is locked This topic is locked
9 replies to this topic

#1 Dragunslayer

Dragunslayer

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 15 February 2009 - 07:59 PM

Don't know what's going on, this is a very odd problem that I can't seem to find any info on at all.

Lately my computer has been loading up programs rather slowly. When I log in and let everything load normally it's almost impossible to get anything to load. When I try and open Task Manger I get the icon down in the task bar but the window won't open. The taskbar meter for Task Manager goes nuts, flashing green off and on at an insane rate. Clicking on it does nothing but open up a menu that can't be closed afterwards and won't even respond.

Now here comes the odd part, if, while everything is loading up, I open up Task Manager before everything has had a chance to load it opens fine and there's no problems, programs load again(although a few rather slowly).

When this started I ran every program I had. Adaware, Spybot, Malwarebyte's Anti-Malware, Avast Virus Scan, SuperAntispyware.

A few things were caught but the problem is still persisting. To top it off it seems as if the other computer on the network is having the similar issues now(Except with it Task Manager doesn't even pop up in the task bar). I currently have it set in safe mode and running Avast on it as well but I know that won't fix the problem and I have no clue how to do so since I can't even locate the problem.

This computer runs Vista while the other runs XP.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Michael at 19:39:10.58 on Sun 02/15/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.821 [GMT -5:00]

AV: avast! antivirus 4.8.1290 [VPS 081126-0] *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\dlcdcoms.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Windows\system32\UAService7.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\kxmixer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\msconfig.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\MICROS~2\OFFICE11\WORDVIEW.EXE
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Documents\My Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: SweetIM ToolbarURLSearchHook Class: {eee6c35d-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgHelper.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SweetIM Toolbar Helper: {eee6c35c-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: SweetIM Toolbar for Internet Explorer: {eee6c35b-6118-11dc-9c72-001320c79847} - c:\program files\sweetim\toolbars\internet explorer\mgToolbarIE.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
uRun: [Aim6] ~"c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [AIM] c:\program files\aim95\aim.exe -cnetwait.odl
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [Yahoo! Pager] ~"c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Launch PC Probe II] "c:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [kX Mixer] c:\windows\system32\kxmixer.exe --startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SweetIM] c:\program files\sweetim\messenger\SweetIM.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\michael\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: gscdn.com\rfonline-full
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\michael\appdata\roaming\mozilla\firefox\profiles\kfbrwpo1.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\kfbrwpo1.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\michael\appdata\roaming\mozilla\firefox\profiles\kfbrwpo1.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-4 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-9-3 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-9-3 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-4 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-1-31 51792]
R2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2008-2-21 70016]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-5 809296]
R2 TeamViewer;TeamViewer 3;c:\program files\teamviewer3\TeamViewer_Service.exe [2008-10-7 185640]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [2007-8-24 564864]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\system32\drivers\c6501.sys [2008-1-31 1298944]
S3 samhid;samhid;c:\windows\system32\drivers\Samhid.sys [2008-9-7 7548]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-9-3 7408]

=============== Created Last 30 ================

2009-02-15 18:28 96,760 a------- c:\windows\system32\dfshim.dll
2009-02-15 18:28 282,112 a------- c:\windows\system32\mscoree.dll
2009-02-15 18:28 41,984 a------- c:\windows\system32\netfxperf.dll
2009-02-15 18:28 158,720 a------- c:\windows\system32\mscorier.dll
2009-02-15 18:28 83,968 a------- c:\windows\system32\mscories.dll
2009-02-15 06:16 692,224 a------- c:\windows\system32\bsrmgcv.dll
2009-02-15 06:16 192,512 a------- c:\windows\system32\bsrmgps.dll
2009-02-15 06:16 585,728 a------- c:\windows\system32\bsratswf.dll
2009-02-15 06:16 147,456 a------- c:\windows\system32\bsratwmv.dll
2009-02-14 06:26 <DIR> --d----- c:\program files\ADRIFT
2009-02-14 06:26 249,856 -------- c:\windows\Setup1.exe
2009-02-14 06:26 73,216 a------- c:\windows\ST6UNST.EXE
2009-02-14 06:26 1,599 a------- c:\windows\ST6UNST.000
2009-02-12 20:08 <DIR> --d----- C:\CrashReport
2009-02-12 19:59 <DIR> --d----- c:\program files\Runes of Magic
2009-02-11 04:03 827,392 a------- c:\windows\system32\wininet.dll
2009-02-11 04:03 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-02-10 02:57 <DIR> --d----- c:\program files\THQ
2009-02-09 00:24 <DIR> --d----- c:\programdata\Messenger Plus!
2009-02-09 00:24 <DIR> --d----- c:\progra~2\Messenger Plus!
2009-02-09 00:22 <DIR> --d----- c:\program files\Messenger Plus! Live
2009-02-08 01:44 <DIR> --d----- c:\windows\Postal 2 Special Edition
2009-02-08 01:44 <DIR> --d----- c:\program files\Postal 2 Special Edition
2009-02-07 13:55 <DIR> --d----- c:\program files\Prey
2009-02-06 18:33 <DIR> --d----- c:\program files\2K Games
2009-02-06 14:29 92,592 a---h--- c:\windows\system32\mlfcache.dat
2009-02-06 02:35 <DIR> --d----- c:\users\michael\appdata\roaming\mIRC
2009-02-06 02:35 <DIR> --d----- c:\program files\mIRC
2009-02-05 02:02 <DIR> --d----- c:\windows\system32\directx
2009-02-05 01:44 <DIR> --d----- C:\CCR INC
2009-01-27 12:20 <DIR> -cd----- c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 12:20 <DIR> -cd----- c:\progra~2\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-25 03:15 <DIR> --d----- c:\programdata\YoYoGames
2009-01-25 03:15 <DIR> --d----- c:\progra~2\YoYoGames
2009-01-22 12:52 258,352 a------- c:\windows\system32\unicows.dll
2009-01-22 06:59 <DIR> --d----- c:\programdata\Trymedia
2009-01-22 06:59 <DIR> --d----- c:\progra~2\Trymedia
2009-01-20 07:29 <DIR> --d----- c:\program files\common files\xing shared
2009-01-20 07:29 <DIR> --d----- c:\program files\common files\Real
2009-01-20 00:26 <DIR> --d----- c:\program files\CCleaner
2009-01-18 19:18 <DIR> --d----- c:\program files\common files\INCA Shared
2009-01-18 19:17 4,682 a------- c:\windows\system32\npptNT2.sys
2009-01-18 19:17 5,174 a------- c:\windows\system32\nppt9x.vxd
2009-01-18 18:14 <DIR> --d----- C:\Rohan_USA
2009-01-18 17:24 <DIR> --d----- c:\program files\Neffy

==================== Find3M ====================

2009-02-06 18:23 108,144 a------- c:\windows\system32\CmdLineExt.dll
2009-02-05 16:06 51,792 a------- c:\windows\system32\drivers\aswMonFlt.sys
2009-01-14 16:11 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 16:11 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-21 19:12 17,298 a------- c:\windows\system32\ealregsnapshot1.reg
2008-12-19 08:36 22,328 a------- c:\windows\system32\drivers\PnkBstrK.sys
2008-12-19 08:36 22,328 a------- c:\users\michael\appdata\roaming\PnkBstrK.sys
2008-12-19 08:36 103,736 a------- c:\windows\system32\PnkBstrB.exe
2008-12-19 08:35 669,184 a------- c:\windows\system32\pbsvc.exe
2008-12-19 08:35 66,872 a------- c:\windows\system32\PnkBstrA.exe
2008-12-14 11:47 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-11-24 00:36 2,942,464 a------- c:\windows\Matrix_ks.SCR
2008-11-21 16:47 524,288 a------- c:\windows\system32\DivXsm.exe
2008-11-21 16:47 3,596,288 a------- c:\windows\system32\qt-dx331.dll
2008-11-21 16:46 1,044,480 a------- c:\windows\system32\libdivx.dll
2008-11-21 16:46 200,704 a------- c:\windows\system32\ssldivx.dll
2008-11-21 16:44 161,096 a------- c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 16:44 12,288 a------- c:\windows\system32\DivXWMPExtType.dll
2008-10-10 13:05 86,016 a------- c:\windows\inf\infstrng.dat
2008-10-10 13:05 86,016 a------- c:\windows\inf\infstor.dat
2008-10-10 13:05 51,200 a------- c:\windows\inf\infpub.dat
2008-06-24 11:39 349 a------- c:\program files\INSTALL.LOG
2008-06-11 06:57 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-19 15:08 174 a--sh--- c:\program files\desktop.ini
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2003-12-18 10:33 20,102 a------- c:\program files\Readme.txt
2003-09-03 06:46 10,960 a------- c:\program files\EULA.txt

============= FINISH: 19:39:41.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:03 AM

Posted 27 February 2009 - 08:00 AM

Hi Dragunslayer,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Tell me if you have run any tool or have made a major change to the system since your last post. Also tell me how is the current condition of your computer.

  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
    • Double click on RSIT.exe to run RSIT.
    • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
    • Once it has finished, two logs will open.
    • log.txt (<<will be maximized)
    • info.txt (<<will be minimized).
  • Please copy and paste the content of just log.txt to your reply. No need for info.txt

    Note 1: If you have difficulty finding the log, the logs is in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.

You might want to save this page on your favorites, so you can find it again when you return.

#3 Dragunslayer

Dragunslayer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 28 February 2009 - 05:55 PM

Well, recently I've installed and ran Auslogics BoostSpeed program. Things appear to be running a bit smoother after running all the functions it has but I still haven't really tested things thoroughly enough to really make sure.

Here's the log file from RSIT:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Michael at 2009-02-28 17:48:06
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 55 GB (12%) free of 477 GB
Total RAM: 2046 MB (44% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:48:49 PM, on 2/28/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\dlcdcoms.exe
C:\Windows\system32\LxrSII1s.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Service.exe
C:\Windows\system32\UAService7.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Windows\System32\kxmixer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Windows\System32\calc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Users\Michael\Documents\My Documents\Downloads\RSIT.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Documents\My Documents\Downloads\Michael.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [kX Mixer] C:\Windows\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://rfonline-full.gscdn.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: dlcd_device - - C:\Windows\system32\dlcdcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\Windows\system32\UAService7.exe

--
End of file - 12148 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button - C:\Program Files\Yahoo!\Common\yiesrvc.dll [2006-10-31 198136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-14 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2007-09-05 816400]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - Veoh Web Player Video Finder - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll [2008-12-16 429816]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-18 1008184]
"C6501Sound"=RunDll32 c6501.cpl []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-14 136600]
"Launch PC Probe II"=C:\Program Files\ASUS\PC Probe II\Probe2.exe [2007-05-09 2130432]
"kX Mixer"=C:\Windows\system32\kxmixer.exe [2007-08-24 500224]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832]
"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2008-11-17 111928]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-01-20 185872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AIM"=C:\Program Files\AIM95\aim.exe [2006-08-01 67112]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-18 202240]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-08 486856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-18 125952]
"VeohPlugin"=C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe [2008-12-16 3528440]
"Aim6"=~C:\Program Files\AIM6\aim6.exe /d locale=en-US ee://aol/imApp []
"Yahoo! Pager"=~C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet []
"msnmsgr"=~C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2008-12-15 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]

C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2008-12-30 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba84fcf0-d0f3-11dc-b57b-806e6f6e6963}]
shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc179be6-d042-11dc-ade6-806e6f6e6963}]
shell\AutoRun\command - D:\AutoRun.exe


======List of files/folders created in the last 3 months======

2009-02-28 17:48:06 ----D---- C:\rsit
2009-02-27 21:03:13 ----A---- C:\Windows\jestertb.dll
2009-02-26 06:49:57 ----A---- C:\Windows\system32\wmp.dll
2009-02-26 06:49:55 ----A---- C:\Windows\system32\spwmp.dll
2009-02-26 06:49:54 ----A---- C:\Windows\system32\wmploc.DLL
2009-02-26 06:49:54 ----A---- C:\Windows\system32\dxmasf.dll
2009-02-26 04:32:31 ----D---- C:\Windows\usgwmt
2009-02-25 17:27:42 ----D---- C:\Users\Michael\AppData\Roaming\Auslogics
2009-02-23 21:17:27 ----D---- C:\Users\Michael\AppData\Roaming\Touchstone
2009-02-22 19:04:47 ----D---- C:\Users\Michael\AppData\Roaming\Hamachi
2009-02-22 19:02:50 ----D---- C:\Program Files\Hamachi
2009-02-22 17:45:26 ----D---- C:\Program Files\Touchstone
2009-02-22 05:06:23 ----D---- C:\Users\Michael\AppData\Roaming\Leadertech
2009-02-21 17:44:36 ----D---- C:\Windows\A5B5A16D277A476B8F621029A2F23072.TMP
2009-02-21 17:43:43 ----A---- C:\Windows\disney.ini
2009-02-21 15:55:17 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-02-21 15:55:16 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2009-02-21 15:55:15 ----A---- C:\Windows\system32\XAudio2_3.dll
2009-02-21 15:55:15 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2009-02-20 03:56:13 ----D---- C:\Program Files\Auslogics
2009-02-15 18:36:35 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-02-15 18:36:35 ----A---- C:\Windows\system32\infocardapi.dll
2009-02-15 18:36:33 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-02-15 18:36:33 ----A---- C:\Windows\system32\icardres.dll
2009-02-15 18:36:33 ----A---- C:\Windows\system32\icardagt.exe
2009-02-15 18:36:32 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-02-15 18:36:29 ----A---- C:\Windows\system32\PresentationHost.exe
2009-02-15 18:28:35 ----A---- C:\Windows\system32\dfshim.dll
2009-02-15 18:28:32 ----A---- C:\Windows\system32\mscoree.dll
2009-02-15 18:28:31 ----A---- C:\Windows\system32\netfxperf.dll
2009-02-15 18:28:10 ----A---- C:\Windows\system32\mscorier.dll
2009-02-15 18:28:05 ----A---- C:\Windows\system32\mscories.dll
2009-02-15 12:32:27 ----A---- C:\Windows\system32\EncDec.dll
2009-02-15 12:32:25 ----A---- C:\Windows\system32\psisdecd.dll
2009-02-15 06:16:50 ----A---- C:\Windows\system32\bsrmgps.dll
2009-02-15 06:16:50 ----A---- C:\Windows\system32\bsrmgcv.dll
2009-02-15 06:16:41 ----A---- C:\Windows\system32\bsratwmv.dll
2009-02-15 06:16:41 ----A---- C:\Windows\system32\bsratswf.dll
2009-02-14 06:26:59 ----D---- C:\Program Files\ADRIFT
2009-02-14 06:26:30 ----N---- C:\Windows\Setup1.exe
2009-02-14 06:26:29 ----A---- C:\Windows\ST6UNST.EXE
2009-02-12 20:08:07 ----D---- C:\CrashReport
2009-02-12 19:59:22 ----D---- C:\Program Files\Runes of Magic
2009-02-11 04:03:42 ----A---- C:\Windows\system32\mshtml.dll
2009-02-11 04:03:41 ----A---- C:\Windows\system32\ieframe.dll
2009-02-11 04:03:40 ----A---- C:\Windows\system32\urlmon.dll
2009-02-11 04:03:39 ----A---- C:\Windows\system32\wininet.dll
2009-02-11 04:03:39 ----A---- C:\Windows\system32\msfeeds.dll
2009-02-11 04:03:37 ----A---- C:\Windows\system32\mstime.dll
2009-02-11 04:03:36 ----A---- C:\Windows\system32\iertutil.dll
2009-02-11 04:03:35 ----A---- C:\Windows\system32\jsproxy.dll
2009-02-10 02:57:34 ----D---- C:\Program Files\THQ
2009-02-09 00:24:06 ----D---- C:\ProgramData\Messenger Plus!
2009-02-09 00:22:01 ----D---- C:\Program Files\Messenger Plus! Live
2009-02-08 01:44:00 ----D---- C:\Windows\Postal 2 Special Edition
2009-02-08 01:44:00 ----D---- C:\Program Files\Postal 2 Special Edition
2009-02-06 18:33:11 ----D---- C:\Program Files\2K Games
2009-02-06 18:32:30 ----D---- C:\Users\Michael\AppData\Roaming\InstallShield
2009-02-06 02:35:47 ----D---- C:\Users\Michael\AppData\Roaming\mIRC
2009-02-06 02:35:47 ----D---- C:\Program Files\mIRC
2009-02-05 02:02:19 ----D---- C:\Windows\system32\directx
2009-02-05 01:44:45 ----D---- C:\CCR INC
2009-01-27 12:20:07 ----DC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-25 03:15:26 ----D---- C:\ProgramData\YoYoGames
2009-01-22 12:52:52 ----A---- C:\Windows\system32\unicows.dll
2009-01-22 06:59:02 ----D---- C:\ProgramData\Trymedia
2009-01-20 07:29:46 ----D---- C:\Program Files\Common Files\xing shared
2009-01-20 07:29:36 ----A---- C:\Windows\system32\rmoc3260.dll
2009-01-20 07:29:19 ----A---- C:\Windows\system32\pndx5032.dll
2009-01-20 07:29:19 ----A---- C:\Windows\system32\pndx5016.dll
2009-01-20 07:29:15 ----D---- C:\Program Files\Real
2009-01-20 07:29:15 ----A---- C:\Windows\system32\pncrt.dll
2009-01-20 07:29:12 ----D---- C:\Program Files\Common Files\Real
2009-01-20 07:29:11 ----D---- C:\Users\Michael\AppData\Roaming\Real
2009-01-20 00:26:13 ----D---- C:\Program Files\CCleaner
2009-01-18 19:18:52 ----D---- C:\Program Files\Common Files\INCA Shared
2009-01-18 18:14:56 ----D---- C:\Rohan_USA
2009-01-18 17:24:12 ----D---- C:\Program Files\Neffy
2009-01-16 06:24:39 ----A---- C:\Windows\system32\Iyvu9_32.dll
2009-01-16 06:24:39 ----A---- C:\Windows\system32\ir50_lcs.dll
2009-01-16 06:24:39 ----A---- C:\Windows\system32\iacenc.dll
2009-01-16 06:24:25 ----A---- C:\Windows\IsUninst.exe
2009-01-16 06:07:20 ----D---- C:\Users\Michael\AppData\Roaming\vlc
2009-01-16 05:47:51 ----D---- C:\Program Files\Bonjour
2009-01-15 01:06:09 ----D---- C:\Program Files\Veoh Networks
2009-01-14 17:00:38 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-01-06 06:20:59 ----D---- C:\Program Files\mu soft
2008-12-27 19:46:44 ----D---- C:\Program Files\Media Center Alarm Clock
2008-12-19 08:37:13 ----D---- C:\Program Files\GameSpy
2008-12-19 08:36:04 ----A---- C:\Windows\system32\PnkBstrB.exe
2008-12-19 08:35:59 ----A---- C:\Windows\system32\PnkBstrA.exe
2008-12-19 08:35:59 ----A---- C:\Windows\system32\pbsvc.exe
2008-12-16 19:47:26 ----D---- C:\Program Files\Lionhead Studios Ltd
2008-12-16 19:22:09 ----D---- C:\Program Files\Lionhead Studios
2008-12-14 11:48:24 ----A---- C:\Windows\system32\javaws.exe
2008-12-14 11:48:24 ----A---- C:\Windows\system32\javaw.exe
2008-12-14 11:48:24 ----A---- C:\Windows\system32\java.exe
2008-12-14 11:48:24 ----A---- C:\Windows\system32\deploytk.dll
2008-12-12 11:18:16 ----A---- C:\Windows\system32\dns-sd.exe
2008-12-12 11:11:46 ----A---- C:\Windows\system32\dnssd.dll
2008-12-11 03:02:43 ----A---- C:\Windows\system32\tzres.dll
2008-12-11 00:13:45 ----A---- C:\Windows\system32\gdi32.dll
2008-12-11 00:13:41 ----A---- C:\Windows\system32\Apphlpdm.dll
2008-12-11 00:13:40 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-12-11 00:13:34 ----A---- C:\Windows\system32\shell32.dll
2008-12-11 00:13:28 ----A---- C:\Windows\explorer.exe
2008-12-11 00:13:16 ----A---- C:\Windows\system32\mf.dll
2008-12-11 00:13:15 ----A---- C:\Windows\system32\WMVCORE.DLL
2008-12-11 00:13:14 ----A---- C:\Windows\system32\WMNetMgr.dll
2008-12-11 00:13:14 ----A---- C:\Windows\system32\logagent.exe
2008-12-02 05:15:59 ----D---- C:\Program Files\Dofus
2008-12-01 05:49:26 ----D---- C:\Windows\matrixfall
2008-12-01 05:45:29 ----D---- C:\Program Files\KellySoftware
2008-12-01 05:39:25 ----D---- C:\Program Files\ff Softworks
2008-11-30 20:31:17 ----D---- C:\Program Files\iPod
2008-11-30 20:31:11 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-30 20:31:11 ----D---- C:\Program Files\iTunes
2008-11-30 20:28:20 ----D---- C:\Program Files\QuickTime
2008-11-30 18:31:15 ----SHD---- C:\Config.Msi

======List of files/folders modified in the last 3 months======

2009-02-28 17:48:38 ----D---- C:\Windows\Prefetch
2009-02-28 17:48:30 ----D---- C:\Windows\Temp
2009-02-28 17:24:47 ----D---- C:\Program Files\Mozilla Firefox
2009-02-28 07:58:09 ----SHD---- C:\System Volume Information
2009-02-27 21:03:13 ----D---- C:\Windows
2009-02-27 08:29:44 ----D---- C:\Users\Michael\AppData\Roaming\Skype
2009-02-27 08:00:17 ----D---- C:\Users\Michael\AppData\Roaming\skypePM
2009-02-26 07:00:02 ----D---- C:\Windows\System32
2009-02-26 07:00:02 ----D---- C:\Windows\inf
2009-02-26 07:00:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-02-26 06:55:38 ----D---- C:\Windows\system32\LogFiles
2009-02-26 06:55:05 ----D---- C:\Windows\system32\config
2009-02-26 06:52:48 ----D---- C:\Program Files\Windows Media Player
2009-02-26 06:50:47 ----D---- C:\Windows\winsxs
2009-02-26 06:48:57 ----D---- C:\Windows\system32\catroot
2009-02-26 06:48:56 ----D---- C:\Windows\system32\catroot2
2009-02-26 03:01:11 ----SHD---- C:\Windows\Installer
2009-02-26 03:01:04 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-25 23:19:08 ----D---- C:\Program Files\Windows Live Safety Center
2009-02-25 18:47:12 ----D---- C:\Program Files\Guild Wars
2009-02-25 18:47:12 ----D---- C:\Program Files\BitTorrent
2009-02-25 18:47:12 ----D---- C:\ComboFix
2009-02-25 18:42:54 ----D---- C:\Windows\Debug
2009-02-25 18:38:33 ----RSD---- C:\Windows\Fonts
2009-02-22 19:02:55 ----D---- C:\Windows\system32\drivers
2009-02-22 19:02:50 ----RD---- C:\Program Files
2009-02-22 17:43:32 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-22 10:17:20 ----D---- C:\Users\Michael\AppData\Roaming\BitTorrent
2009-02-21 17:44:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-02-21 15:58:03 ----D---- C:\Program Files\Steam
2009-02-19 23:29:09 ----D---- C:\Program Files\SecondLife
2009-02-18 04:16:52 ----D---- C:\Program Files\LucasArts
2009-02-16 07:17:40 ----SD---- C:\Users\Michael\AppData\Roaming\Microsoft
2009-02-15 22:40:57 ----D---- C:\Windows\Microsoft.NET
2009-02-15 22:40:51 ----RSD---- C:\Windows\assembly
2009-02-15 21:11:48 ----D---- C:\Windows\rescache
2009-02-15 20:53:37 ----D---- C:\Windows\ehome
2009-02-15 20:53:34 ----D---- C:\Windows\system32\XPSViewer
2009-02-15 20:53:34 ----D---- C:\Windows\system32\wbem
2009-02-15 20:53:34 ----D---- C:\Windows\system32\en-US
2009-02-15 06:16:50 ----D---- C:\Program Files\BSR Screen Recorder 4
2009-02-15 04:04:46 ----D---- C:\Users\Michael\AppData\Roaming\Bioshock
2009-02-13 06:06:31 ----D---- C:\Program Files\WinRAR
2009-02-11 05:35:00 ----D---- C:\Program Files\Windows Mail
2009-02-10 05:26:56 ----A---- C:\Windows\WORDPAD.INI
2009-02-09 08:29:54 ----D---- C:\Program Files\Trillian
2009-02-09 00:24:06 ----HD---- C:\ProgramData
2009-02-06 19:05:45 ----D---- C:\ProgramData\Media Center Programs
2009-02-06 18:30:19 ----D---- C:\Program Files\Common Files
2009-02-06 18:23:18 ----A---- C:\Windows\system32\CmdLineExt.dll
2009-02-05 16:11:35 ----A---- C:\Windows\system32\aswBoot.exe
2009-02-05 02:02:24 ----HD---- C:\Windows\msdownld.tmp
2009-02-04 04:10:19 ----SD---- C:\Windows\Downloaded Program Files
2009-02-03 18:21:12 ----A---- C:\Windows\system32\mrt.exe
2009-01-27 22:11:54 ----D---- C:\Program Files\KCeasy
2009-01-27 12:16:20 ----SD---- C:\ProgramData\Microsoft
2009-01-27 12:16:20 ----D---- C:\Users\Michael\AppData\Roaming\Lavasoft
2009-01-27 12:01:09 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-01-27 11:59:35 ----D---- C:\Windows\Minidump
2009-01-27 11:30:45 ----D---- C:\Users\Michael\AppData\Roaming\DNA
2009-01-27 11:30:45 ----D---- C:\Program Files\DNA
2009-01-27 11:21:55 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-23 09:35:13 ----D---- C:\Program Files\NCH Swift Sound
2009-01-22 09:56:46 ----D---- C:\Users\Michael\AppData\Roaming\GetRightToGo
2009-01-21 16:00:08 ----D---- C:\Program Files\Electronic Arts
2009-01-20 13:44:04 ----D---- C:\Program Files\SUPERAntiSpyware
2009-01-20 00:24:45 ----D---- C:\Program Files\Sony
2009-01-16 06:24:39 ----D---- C:\Windows\Help
2008-12-15 05:42:42 ----D---- C:\Program Files\Bethesda Softworks
2008-12-14 11:47:52 ----D---- C:\Program Files\Java
2008-12-11 06:52:21 ----D---- C:\Windows\AppPatch
2008-12-08 09:51:15 ----D---- C:\Program Files\DivX
2008-12-03 04:51:18 ----D---- C:\Program Files\Common Files\Steam
2008-12-02 08:37:16 ----AD---- C:\ProgramData\TEMP
2008-11-30 20:31:16 ----D---- C:\Program Files\Common Files\Apple
2008-11-30 20:31:11 ----D---- C:\ProgramData\Apple Computer
2008-11-30 18:31:29 ----D---- C:\Program Files\SweetIM

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsIO;AsIO; C:\Windows\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-02-05 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2008-09-03 55024]
R2 Aspi32;Aspi32; C:\Windows\System32\drivers\aspi32.sys [2002-07-17 16877]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-02-05 51792]
R2 elagopro;GoProto Protocol Driver for LELA; C:\Windows\system32\DRIVERS\elagopro.sys [2007-03-22 28672]
R2 elaunidr;UniDriver for LELA; C:\Windows\system32\DRIVERS\elaunidr.sys [2007-03-22 5376]
R2 LxrSII1d;Secure II Driver; \??\C:\Windows\system32\Drivers\LxrSII1d.sys [2005-05-19 70016]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 kxwdmdrv;kX WDM Driver Service; C:\Windows\system32\drivers\kx.sys [2007-08-24 564864]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2006-10-18 7680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-11-18 1040544]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872]
R3 P1110VID;Creative WebCam NX; C:\Windows\system32\DRIVERS\P1110Vid.sys [2006-04-06 68608]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S3 aqkxs41d;aqkxs41d; C:\Windows\system32\drivers\aqkxs41d.sys []
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface; C:\Windows\system32\drivers\c6501.sys [2007-02-07 1298944]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-22 25280]
S3 krdpdre;krdpdre; \??\C:\Users\Michael\AppData\Local\Temp\krdpdre.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 samhid;samhid; C:\Windows\system32\drivers\samhid.sys [2006-01-07 7548]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\Windows\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 dlcd_device;dlcd_device; C:\Windows\system32\dlcdcoms.exe [2007-01-16 538096]
R2 LxrSII1s;Lexar Secure II; C:\Windows\system32\LxrSII1s.exe [2005-05-19 53248]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-12-19 66872]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 809296]
R2 TeamViewer;TeamViewer 3; C:\Program Files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]
R2 UserAccess7;SecuROM User Access Service (V7); C:\Windows\system32\UAService7.exe [2008-02-14 126976]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-12-03 104944]
S3 usprserv;User Privilege Service; C:\Windows\System32\svchost.exe [2008-01-18 21504]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:03 AM

Posted 01 March 2009 - 06:17 AM

Hi again,

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."


Removal Instructions

I see no apparent infection. To make sure we need a couple of reports.
  • You have the program Spybot S&D (Teatimer option) running on your machine. We need to disable TeaTimer so it does not interfere with the fixes we are about to do. This will only take a few seconds.
    • First disable TeaTimer:
      • Run Spybot-S&D
      • Go to the Mode menu, and make sure Advanced Mode is selected
      • On the left hand side, choose Tools -> Resident
      • Uncheck Resident TeaTimer and OK any prompts
      • Restart your computer.
      Instruction is also here: How to disable TeaTimer during HijackThis Cleanup

      Note:If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.

    • Then download ResetTeaTimer.exe to your desktop. (In case you use Firefox, rightclick the link and choose "Save Link As").
      • Doubleclick ResetTeaTimer.exe and let it run.
    Note: The Teatimer should be kept disabled until I give you the clean sign.


  • We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
    • Go to Start > Control Panel > Windows Defender.
    • Open Windows Defender.
    • Click on Tools, Options.
    • At the bottom of the Window Defender's page, under Administrator Options uncheck "use Windows Defender" and then Save.
    • Click Close.
    Note:When everything is done and your log is clean again, you can enable it again.

  • You have version 6 update 11 of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Program Features" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ 6 Update 5
    Java™ 6 Update 7


  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll


    Note: You may read more here: http://www.siteadvisor.com/sites/sweetim.com

    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • This small application you may want to keep and use to keep the computer clean.
    Download CCleaner from here http://www.ccleaner.com/
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
  • Please do a scan with Kaspersky Online Scanner

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    Click on the Accept button and install any components it needs.
    • The program will install and then begin downloading the latest definition files.
    • After the files have been downloaded on the left side of the page in the Scan section select My Computer
    • This will start the program and scan your system.
    • The scan will take a while, so be patient and let it run.
    • Once the scan is complete, click on View scan report
    • Now, click on the Save Report as button.
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  • Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.


#5 Dragunslayer

Dragunslayer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 02 March 2009 - 01:50 AM

Okay, did everything you mentioned, here's the Scan Report.

Monday, March 2, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 02, 2009 00:25:54
Records in database: 1860751
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan statistics
Files scanned 236667
Threat name 1
Infected objects 1
Suspicious objects 0
Duration of the scan 05:28:39

File name Threat name Threats count
C:\Users\Michael\Documents\My Documents\Downloads\Programs\gc2003.exe Infected: Trojan-Downloader.Win32.Agent.bexi 1


And here's the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:48:14 AM, on 3/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Windows\System32\kxmixer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Windows\system32\SndVol.exe
C:\Program Files\Winamp\winamp.exe
C:\Windows\System32\calc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Michael\Desktop\Tools\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [kX Mixer] C:\Windows\system32\kxmixer.exe --startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [Aim6] ~"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://rfonline-full.gscdn.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} (ccr_downloader Control) - http://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/in...l/installer.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15034/CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: dlcd_device - - C:\Windows\system32\dlcdcoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\Windows\SYSTEM32\LxrSII1s.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\Windows\system32\UAService7.exe

--
End of file - 10230 bytes

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:03 AM

Posted 02 March 2009 - 06:25 AM

  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @ECHO OFF
    ECHO Deleting files>>log.txt
    FOR %%g in (
    "C:\Users\Michael\Documents\My Documents\Downloads\Programs\gc2003.exe ") DO (
    IF EXIST %%g (
    ATTRIB -r -s -h %%g
    DEL /a /f  %%g
    IF EXIST %%g (
    ECHO %%g not deleted>>log.txt
    ) ELSE (
    ECHO %%g deleted successfully>>log.txt)
    ) ELSE (
    ECHO %%g not found>>log.txt))
    ) ELSE (
    ECHO %%I not found>>log.txt))
    NOTEPAD log.txt
    del %0
    • Select save in:desktop
    • Fill in File name: remove.bat
    • Save as type: All file types (*.*)
    • Click Save and close the Notepad.
    • Double-click remove.bat on the desktop.
    • Copy/paste the content of the log.txt which opens up.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications temporarily, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
    • Double click on ComboFix.exe & follow the prompts.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Tell me also how is your computer running.
Please include in your next reply:
  • The content of log.txt
  • The Combofix log.
  • Any comment or feedback about how it went and how is your computer running.


#7 Dragunslayer

Dragunslayer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 02 March 2009 - 08:35 PM

Deleting files
"C:\Users\Michael\Documents\My Documents\Downloads\Programs\gc2003.exe " deleted successfully


ComboFix 09-03-02.01 - Michael 2009-03-02 20:09:48.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.859 [GMT -5:00]
Running from: c:\users\Michael\Documents\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1290 [VPS 081126-0] *On-access scanning enabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
G:\AUTORUN.INF

.
((((((((((((((((((((((((( Files Created from 2009-02-03 to 2009-03-03 )))))))))))))))))))))))))))))))
.

2009-03-02 05:35 . 2009-03-02 05:35 <DIR> d-------- c:\program files\illusion
2009-03-02 05:23 . 2009-03-02 05:24 187 --a------ c:\windows\RELATION.INI
2009-02-28 17:48 . 2009-02-28 17:48 <DIR> d-------- C:\rsit
2009-02-26 06:49 . 2008-12-15 22:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-02-26 06:49 . 2008-12-16 00:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-02-26 06:49 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-02-26 06:49 . 2008-12-16 00:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-02-26 04:32 . 2009-02-26 04:32 <DIR> d-------- c:\windows\usgwmt
2009-02-25 17:27 . 2009-02-25 20:08 <DIR> d-------- c:\users\Michael\AppData\Roaming\Auslogics
2009-02-23 21:32 . 2009-02-23 21:32 65,530 --a------ C:\TurokGame.dmp
2009-02-23 21:17 . 2009-02-23 21:17 <DIR> d-------- c:\users\Michael\AppData\Roaming\Touchstone
2009-02-22 19:04 . 2009-03-02 16:29 <DIR> d-------- c:\users\Michael\AppData\Roaming\Hamachi
2009-02-22 19:02 . 2009-02-22 19:04 <DIR> d-------- c:\program files\Hamachi
2009-02-22 19:02 . 2009-02-22 19:02 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-02-22 17:45 . 2009-02-22 17:45 <DIR> d-------- c:\program files\Touchstone
2009-02-22 05:06 . 2009-02-22 05:06 <DIR> d-------- c:\users\Michael\AppData\Roaming\Leadertech
2009-02-21 17:44 . 2009-02-21 17:44 <DIR> d-------- c:\windows\A5B5A16D277A476B8F621029A2F23072.TMP
2009-02-21 17:43 . 2009-02-22 18:45 926 --a------ c:\windows\disney.ini
2009-02-21 15:55 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\System32\D3DX9_40.dll
2009-02-21 15:55 . 2008-10-27 10:04 514,384 --a------ c:\windows\System32\XAudio2_3.dll
2009-02-21 15:55 . 2008-10-27 10:04 70,992 --a------ c:\windows\System32\XAPOFX1_2.dll
2009-02-21 15:55 . 2008-10-27 10:04 23,376 --a------ c:\windows\System32\X3DAudio1_5.dll
2009-02-20 03:56 . 2009-02-25 18:38 <DIR> d-------- c:\program files\Auslogics
2009-02-15 18:36 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-15 18:36 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-15 18:36 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-15 18:36 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-15 18:36 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-15 18:36 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-15 18:36 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-15 18:36 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-15 18:28 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-15 18:28 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-15 18:28 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-15 18:28 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-15 18:28 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-15 18:10 . 2009-02-15 18:10 <DIR> d-------- c:\users\Mary\AppData\Roaming\Yahoo!
2009-02-15 12:32 . 2008-12-04 23:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 12:32 . 2008-12-04 23:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 12:32 . 2008-12-04 23:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 12:32 . 2008-12-04 23:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 12:32 . 2008-12-04 23:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-15 06:16 . 2009-02-15 06:16 692,224 --a------ c:\windows\System32\bsrmgcv.dll
2009-02-15 06:16 . 2009-02-15 06:16 585,728 --a------ c:\windows\System32\bsratswf.dll
2009-02-15 06:16 . 2009-02-15 06:16 192,512 --a------ c:\windows\System32\bsrmgps.dll
2009-02-15 06:16 . 2009-02-15 06:16 147,456 --a------ c:\windows\System32\bsratwmv.dll
2009-02-14 06:26 . 2009-02-14 06:27 <DIR> d-------- c:\program files\ADRIFT
2009-02-14 06:26 . 2009-02-14 06:26 249,856 --------- c:\windows\Setup1.exe
2009-02-14 06:26 . 2009-02-14 06:26 73,216 --a------ c:\windows\ST6UNST.EXE
2009-02-14 06:26 . 2009-02-14 06:26 1,599 --a------ c:\windows\ST6UNST.000
2009-02-12 20:08 . 2009-02-12 20:08 <DIR> d-------- C:\CrashReport
2009-02-12 19:59 . 2009-02-26 20:12 <DIR> d-------- c:\program files\Runes of Magic
2009-02-11 04:03 . 2009-01-14 22:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 04:03 . 2009-01-15 01:11 827,392 --a------ c:\windows\System32\wininet.dll
2009-02-09 00:24 . 2009-02-09 00:24 <DIR> d-------- c:\users\All Users\Messenger Plus!
2009-02-09 00:24 . 2009-02-09 00:24 <DIR> d-------- c:\programdata\Messenger Plus!
2009-02-09 00:22 . 2009-02-09 01:30 <DIR> d-------- c:\program files\Messenger Plus! Live
2009-02-08 01:44 . 2009-02-08 01:44 <DIR> d-------- c:\windows\Postal 2 Special Edition
2009-02-08 01:44 . 2009-02-08 03:53 <DIR> d-------- c:\program files\Postal 2 Special Edition
2009-02-06 18:33 . 2009-02-06 18:33 <DIR> d-------- c:\program files\2K Games
2009-02-06 18:32 . 2009-02-06 18:32 <DIR> d-------- c:\users\Michael\AppData\Roaming\InstallShield
2009-02-06 14:29 . 2009-02-06 14:29 92,592 --ah----- c:\windows\System32\mlfcache.dat
2009-02-06 02:35 . 2009-02-06 14:20 <DIR> d-------- c:\users\Michael\AppData\Roaming\mIRC
2009-02-06 02:35 . 2009-02-17 05:52 <DIR> d-------- c:\program files\mIRC
2009-02-05 01:44 . 2009-02-05 01:44 <DIR> d-------- C:\CCR INC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 00:29 --------- d-----w c:\users\Michael\AppData\Roaming\Skype
2009-03-02 21:18 --------- d-----w c:\users\Michael\AppData\Roaming\skypePM
2009-03-01 23:59 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-01 23:48 --------- d-----w c:\program files\Java
2009-03-01 23:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-01 22:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-01 22:20 --------- d-----w c:\program files\LucasArts
2009-02-26 08:01 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 04:19 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-25 23:47 --------- d-----w c:\program files\Guild Wars
2009-02-25 23:47 --------- d-----w c:\program files\BitTorrent
2009-02-22 15:17 --------- d-----w c:\users\Michael\AppData\Roaming\BitTorrent
2009-02-21 22:44 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-21 20:58 --------- d-----w c:\program files\Steam
2009-02-20 04:29 --------- d-----w c:\program files\SecondLife
2009-02-15 23:11 --------- d-----w c:\users\Mary\AppData\Roaming\DNA
2009-02-15 11:16 --------- d-----w c:\program files\BSR Screen Recorder 4
2009-02-15 09:04 --------- d-----w c:\users\Michael\AppData\Roaming\Bioshock
2009-02-11 10:35 --------- d-----w c:\program files\Windows Mail
2009-02-09 13:29 --------- d-----w c:\program files\Trillian
2009-02-07 00:05 --------- d-----w c:\programdata\Media Center Programs
2009-02-06 23:23 108,144 ----a-w c:\windows\System32\CmdLineExt.dll
2009-02-05 21:06 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys
2009-01-29 14:12 --------- d-----w c:\program files\Neffy
2009-01-28 03:11 --------- d-----w c:\program files\KCeasy
2009-01-27 17:20 --------- dc----w c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-27 17:16 --------- d-----w c:\users\Michael\AppData\Roaming\Lavasoft
2009-01-27 16:30 --------- d-----w c:\users\Michael\AppData\Roaming\DNA
2009-01-27 16:30 --------- d-----w c:\program files\DNA
2009-01-27 16:21 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-25 08:16 --------- d-----w c:\programdata\YoYoGames
2009-01-23 14:35 --------- d-----w c:\program files\NCH Swift Sound
2009-01-22 14:56 --------- d-----w c:\users\Michael\AppData\Roaming\GetRightToGo
2009-01-22 11:59 --------- d-----w c:\programdata\Trymedia
2009-01-21 21:00 --------- d-----w c:\program files\Electronic Arts
2009-01-20 18:44 --------- d-----w c:\program files\SUPERAntiSpyware
2009-01-20 12:29 --------- d-----w c:\program files\Real
2009-01-20 12:29 --------- d-----w c:\program files\Common Files\xing shared
2009-01-20 12:29 --------- d-----w c:\program files\Common Files\Real
2009-01-20 05:26 --------- d-----w c:\program files\CCleaner
2009-01-20 05:24 --------- d-----w c:\program files\Sony
2009-01-19 00:18 --------- d-----w c:\program files\Common Files\INCA Shared
2009-01-16 11:18 --------- d-----w c:\users\Michael\AppData\Roaming\vlc
2009-01-16 10:47 --------- d-----w c:\program files\Bonjour
2009-01-15 06:06 --------- d-----w c:\program files\Veoh Networks
2009-01-14 22:01 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2009-01-14 21:11 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 21:11 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-01-06 11:20 --------- d-----w c:\program files\mu soft
2008-12-22 00:12 17,298 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-12-19 13:36 22,328 ----a-w c:\users\Michael\AppData\Roaming\PnkBstrK.sys
2008-12-19 13:36 103,736 ----a-w c:\windows\System32\PnkBstrB.exe
2008-12-19 13:35 669,184 ----a-w c:\windows\System32\pbsvc.exe
2008-12-19 13:35 66,872 ----a-w c:\windows\System32\PnkBstrA.exe
2008-12-14 16:47 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-12 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-03-19 20:08 174 --sha-w c:\program files\desktop.ini
2003-12-18 15:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 11:46 10,960 ----a-w c:\program files\EULA.txt
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM95\aim.exe" [2006-08-01 67112]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-08 486856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Launch PC Probe II"="c:\program files\ASUS\PC Probe II\Probe2.exe" [2007-05-09 2130432]
"kX Mixer"="c:\windows\system32\kxmixer.exe" [2007-08-24 500224]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2008-11-17 111928]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-01-20 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]

c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2009-02-22 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-30 19:38 356352 c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-15 17:39 342848 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-11-20 13:20 290088 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3975951833-1013422275-1453822169-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{38C995C9-7876-456A-B69F-25488F0822CD}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{506ED04A-6719-4EA8-9635-FA388C92CC0E}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{F0616E0B-2013-4BD3-B93C-5D92736C7201}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{0791A5D8-3C3D-45DC-989F-60B589A137AF}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"{73BC2E5A-C0F4-4B2F-BA96-FBC1C2FCE19F}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{CCE4715F-E5CB-4A6D-9B53-A73EB1865A01}c:\\program files\\secondlifewindlight\\slvoice.exe"= UDP:c:\program files\secondlifewindlight\slvoice.exe:SLVoice
"UDP Query User{3833A6F9-E424-4763-97A3-12DD16FABD4D}c:\\program files\\secondlifewindlight\\slvoice.exe"= TCP:c:\program files\secondlifewindlight\slvoice.exe:SLVoice
"{E9D11A77-7C5B-424E-ACE5-CA620453769E}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EC7F418C-99B2-485D-BC1F-51C4618E04E9}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1285D102-A4BD-43B3-8145-C909114D5E3A}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{DF5C6254-B6EB-40DB-ACF2-CCA5B2AE0E4D}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{CEEDB2F3-56A1-469F-A013-7931DF359140}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{5E9C85DD-0C4B-4D3E-8524-F017464620A8}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{11CE38FA-01BF-457F-9848-002C7065EE8F}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{66DB8B4E-6DDC-49C9-B36B-D73A5E610061}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{62ABD4EC-E9DB-4C9F-A2CC-807DD8B65371}c:\\program files\\trillian\\trillian.exe"= UDP:c:\program files\trillian\trillian.exe:Trillian
"UDP Query User{65863123-291C-44F2-9DAF-8CA450C5157E}c:\\program files\\trillian\\trillian.exe"= TCP:c:\program files\trillian\trillian.exe:Trillian
"TCP Query User{FDF28033-9805-4C6F-A0AF-6AD8600B1DA6}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{0D145C87-8A7B-4452-AC84-A48023DADADF}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{229FC48A-A775-4A3B-9A2E-F2B46FB9E862}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= UDP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"UDP Query User{515A22F9-2CBC-47BC-A10F-4DBC8C976539}c:\\program files\\playonline\\squareenix\\playonlineviewer\\pol.exe"= TCP:c:\program files\playonline\squareenix\playonlineviewer\pol.exe:PlayOnline Viewer
"{7E037EA7-DBCC-48D1-84CB-B97CF8326D68}"= UDP:59049:KCAres
"{12EBB040-CA38-49D0-A47D-2C07FE31F1B3}"= UDP:6346:KCGnut
"{A40D9F12-1899-4CF3-A0A3-4CA3E14E2EEA}"= UDP:1215:KCFT
"{32D43029-EF53-4D26-9292-6EF8EAB156D6}"= UDP:1216:KCFT2
"TCP Query User{99F76D8E-873D-44C5-B8FF-F6E7A0C3542E}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= UDP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"UDP Query User{F367E705-9A27-4510-A35C-A8E087178F2B}c:\\program files\\turbine\\the lord of the rings online\\lotroclient.exe"= TCP:c:\program files\turbine\the lord of the rings online\lotroclient.exe:lotroclient
"TCP Query User{ED8D9D89-901E-42DF-91D4-2D80EC6FB80B}c:\\program files\\shoutcast\\sc_serv.exe"= UDP:c:\program files\shoutcast\sc_serv.exe:sc_serv
"UDP Query User{CADF05B0-6272-4FB9-BDDB-BC045536A541}c:\\program files\\shoutcast\\sc_serv.exe"= TCP:c:\program files\shoutcast\sc_serv.exe:sc_serv
"{1FBDB0A0-2D7B-40A6-990C-DBD7BD9386D4}"= Disabled:UDP:8000:Shoutcast
"{BEB49243-8A73-421C-8952-0B6DF8CD1402}"= Disabled:UDP:8001:Shoutcast2
"{950E4E12-26F0-4BE8-8427-C51E7A32CF12}"= UDP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"{3C5EB50E-8A05-4CCB-9EEE-F40AF2440AC8}"= TCP:c:\program files\Google\Google Talk\googletalk.exe:Google Talk
"TCP Query User{7302EB85-C2A2-4597-B11E-51B5F7DB9B8B}c:\\program files\\aim95\\aim.exe"= UDP:c:\program files\aim95\aim.exe:AOL Instant Messenger
"UDP Query User{E55BD6D6-B564-42AB-9362-FE7A8A93E4A1}c:\\program files\\aim95\\aim.exe"= TCP:c:\program files\aim95\aim.exe:AOL Instant Messenger
"TCP Query User{911F6D67-6FDB-40C8-944F-88DD031CF218}c:\\program files\\secondlifereleasecandidate\\slvoice.exe"= UDP:c:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"UDP Query User{3CE3F2D3-2FB7-448C-AAFD-B24B413217F5}c:\\program files\\secondlifereleasecandidate\\slvoice.exe"= TCP:c:\program files\secondlifereleasecandidate\slvoice.exe:SLVoice
"{7B2D6796-AACD-497C-99C1-C85C99E02161}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{8641BFF2-2FC1-487D-8404-18D18D77BF34}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{C354A712-EBAA-4D7B-9E2B-51207504F44D}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1517C672-8F5B-44B4-9920-BB23237E9F5B}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B223253B-E33F-44D3-890B-F32EF9ECFFF9}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{24A6A115-555C-4B7E-9E70-B975227626C8}"= TCP:c:\program files\DNA\btdna.exe:DNA
"{999EC8EA-C589-4D2D-A8C2-D739D12F6622}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{4DC1589A-B986-4507-87FF-45A2784AEDD1}c:\\program files\\secondlife\\secondlife.exe"= UDP:c:\program files\secondlife\secondlife.exe:Second Life
"UDP Query User{2724276C-0C71-4E7A-A25F-536D5AE8D9EF}c:\\program files\\secondlife\\secondlife.exe"= TCP:c:\program files\secondlife\secondlife.exe:Second Life
"TCP Query User{A7A1CBBA-6FEC-41F8-ADAD-EA36EF422E37}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{EE53D235-CF2A-4BB0-AD05-6F20643B5EDC}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{1120AF25-C59D-47DF-94C4-7F5A5F0DE10E}c:\\users\\public\\michael\\furbot wx\\furbotwx.exe"= UDP:c:\users\public\michael\furbot wx\furbotwx.exe:Furbot WX, http://www.furcadia.com/
"UDP Query User{6F79969A-A2D5-4112-911E-C9C5A064984A}c:\\users\\public\\michael\\furbot wx\\furbotwx.exe"= TCP:c:\users\public\michael\furbot wx\furbotwx.exe:Furbot WX, http://www.furcadia.com/
"{6AD7258A-2921-4E50-9395-4C5617B120AC}"= UDP:c:\windows\System32\dlcdcoms.exe:Dell 944 Server
"{E2DF103C-E95F-4DCD-95A9-2D883935EB83}"= TCP:c:\windows\System32\dlcdcoms.exe:Dell 944 Server
"TCP Query User{01AC1785-A9E1-4D8A-9D47-344E45C4989D}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= UDP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"UDP Query User{5C4BFDD0-595E-46CD-9C28-BFC3D0FE6A4B}c:\\program files\\sony\\station\\launchpad\\launchpad.exe"= TCP:c:\program files\sony\station\launchpad\launchpad.exe:LaunchPad
"{E2903BDA-E8A5-4146-8C69-25B7CFF20B8D}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F48421B3-527F-48CA-AC3E-7241E26389A8}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{2A3755B9-1F2A-4188-9C33-DBC9DEFF66DA}c:\\users\\michael\\desktop\\copybot22alpha\\slbot.exe"= UDP:c:\users\michael\desktop\copybot22alpha\slbot.exe:slbot.exe
"UDP Query User{B2CDE484-11FB-4570-9CC9-DEB88B1AFE5B}c:\\users\\michael\\desktop\\copybot22alpha\\slbot.exe"= TCP:c:\users\michael\desktop\copybot22alpha\slbot.exe:slbot.exe
"TCP Query User{F9434726-9ACA-48E7-94D4-CBCB24E075D1}c:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= UDP:c:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"UDP Query User{072F8C10-5C55-4D20-B4FB-F54C046D2600}c:\\program files\\lucasarts\\swkotor2\\swupdate.exe"= TCP:c:\program files\lucasarts\swkotor2\swupdate.exe:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program
"TCP Query User{BF24B84C-D758-40E8-AB93-826F6CF4F4DB}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade™\\renegade\\game.exe"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer renegade™\renegade\game.exe:Renegade
"UDP Query User{63440E5C-C739-45A7-9D32-991D8ECEC42F}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer renegade™\\renegade\\game.exe"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer renegade™\renegade\game.exe:Renegade
"TCP Query User{010F8EAC-B100-4210-BF61-5B5B09CFB985}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= UDP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"UDP Query User{48B63B4E-EAE8-4D14-BA23-B8252F451AFE}c:\\program files\\java\\jre1.6.0_05\\bin\\javaw.exe"= TCP:c:\program files\java\jre1.6.0_05\bin\javaw.exe:Java™ Platform SE binary
"TCP Query User{60997D19-7B6B-46DB-9058-63C042514001}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ generals\\game.dat"= UDP:c:\program files\ea games\command & conquer the first decade\command & conquer™ generals\game.dat:game.dat
"UDP Query User{B47E802E-EF12-4B2C-8362-3731FAF419DF}c:\\program files\\ea games\\command & conquer the first decade\\command & conquer™ generals\\game.dat"= TCP:c:\program files\ea games\command & conquer the first decade\command & conquer™ generals\game.dat:game.dat
"TCP Query User{087683DC-3F30-4736-B463-A09F25687E48}c:\\westwood\\sun\\patchget.dat"= UDP:c:\westwood\sun\patchget.dat:patchgrabber
"UDP Query User{C1242FCD-DF8E-4652-AA13-4E695817BED1}c:\\westwood\\sun\\patchget.dat"= TCP:c:\westwood\sun\patchget.dat:patchgrabber
"{20B1D0E8-4471-4325-A58C-7123593F46A5}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{8A5538CA-5BD2-463E-9BF4-8DB431D61F4C}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{2191D534-8425-4EAF-8E28-30757EAE8878}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{4474A4D5-08EF-47CF-8B4F-9B026AC9CEA4}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{C5B8A4FE-AA46-4275-82B8-9FAF5451C6C3}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{A25F7AD4-FD37-437A-B794-4ADA07BA99A0}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{7407465B-FD1F-40AC-97FB-7EF18992D34C}"= UDP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{965D9773-59F5-47CB-8EC3-DA40D6246E6D}"= TCP:c:\program files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{5D9AD701-AB8D-40E9-BDFD-67B634321448}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{BADDEC18-1B81-455E-86EB-B2FB50982F4A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{E0CF05D4-B54F-4732-ADF9-F7B8858D1B97}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{8777625F-2C7D-4B7D-A32B-9986826751DD}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{F3CD6E1B-098C-49D8-A054-9458EA39FA6C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{4CC15949-74E4-4903-A4E0-E5D07D589D48}"= Disabled:UDP:c:\program files\Electronic Arts\Red Alert 3\RA3.exe:RA3
"{5A24E24E-9879-4559-91EC-4832F95BA786}"= Disabled:TCP:c:\program files\Electronic Arts\Red Alert 3\RA3.exe:RA3
"{5A707F8C-4F6D-405D-BB5F-994CC9B70902}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F6AC6741-8C47-48D0-BFD7-5A4511EA25C7}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{3E8FC89B-4893-4A46-9674-47CEBE6F5C29}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{C163D14B-47AE-4FB3-90FA-9439192E677E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{A9106971-2C98-4C4B-A43F-ABB4CC5832C9}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{3613CBD0-8BE6-4387-8C27-2248D10FB477}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{566883B0-BAC7-473E-B92F-E9D4172508CC}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9AAF8862-720E-46B9-AE70-61C6C80C6C70}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{4FE3B734-119C-45C6-8176-6BDA8A6DF66E}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{FB687EF9-AAF0-43A5-8218-EA745EF5B9D2}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{618BDA1B-694B-4013-B43B-15D67FFC1E01}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{03051890-8E07-42AB-8A89-AF7EB29F745C}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{74A81084-8E9F-4B8A-B01D-90451B5A2701}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{78C77BCB-F033-443D-83FF-CCD9CBB196C8}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{4CABF72E-8425-4970-9BDD-536AC4FB30AC}c:\\rohan_usa\\rohanclient.exe"= UDP:c:\rohan_usa\rohanclient.exe:Rohan Online Game
"UDP Query User{31A3F419-4E0E-42FC-BBAE-FFDDC62126D4}c:\\rohan_usa\\rohanclient.exe"= TCP:c:\rohan_usa\rohanclient.exe:Rohan Online Game
"TCP Query User{82E1751C-2CC1-4385-95E1-42299C8AFF7D}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{0A94EEEF-588A-4F73-A506-4174BD359187}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"{AC3577BD-AA86-414B-984F-49636EF1F249}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{95453D52-3E23-40BB-8067-7019A645CD19}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{6D4FB556-EF91-4F7D-A66C-DFA4938C1DB8}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{B83A1D13-4070-4BE9-B4C5-76EC31607C07}"= UDP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{CC59004C-B4E2-4803-A0C0-6FC2039E7A27}"= TCP:c:\program files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{C20EAF8F-FE64-4B02-9EC6-E4A623F90C3E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{DE42B59A-D50C-4238-AFF4-3A14FACE9DB9}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= UDP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"UDP Query User{7E8442FF-665E-4282-8BE9-1706EDBBB3D4}c:\\program files\\veoh networks\\veohwebplayer\\veohwebplayer.exe"= TCP:c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe:Veoh Web Player Beta
"TCP Query User{94A007B2-E496-4023-849B-04B52C300BC4}c:\\users\\michael\\documents\\my documents\\dungeon siege\\dungeon siege\\dsloa.exe"= UDP:c:\users\michael\documents\my documents\dungeon siege\dungeon siege\dsloa.exe:dsloa.exe
"UDP Query User{D453E06D-CE10-4F0B-86BE-0C3225671BE8}c:\\users\\michael\\documents\\my documents\\dungeon siege\\dungeon siege\\dsloa.exe"= TCP:c:\users\michael\documents\my documents\dungeon siege\dungeon siege\dsloa.exe:dsloa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2008-04-04 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-09-03 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-09-03 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2008-04-04 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2008-01-31 51792]
R2 dlcd_device;dlcd_device;c:\windows\system32\dlcdcoms.exe -service --> c:\windows\system32\dlcdcoms.exe -service [?]
R2 LxrSII1d;Secure II Driver;c:\windows\System32\drivers\LxrSII1d.sys [2008-02-21 70016]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-11-05 1153368]
R2 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Service.exe [2008-10-07 185640]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\System32\drivers\kx.sys [2007-08-24 564864]
S3 c65013264;C-Media CM6501 Like Sound UDAX Interface;c:\windows\System32\drivers\c6501.sys [2008-01-31 1298944]
S3 samhid;samhid;c:\windows\System32\drivers\Samhid.sys [2008-09-07 7548]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-09-03 7408]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba84fcf0-d0f3-11dc-b57b-806e6f6e6963}]
\shell\AutoRun\command - G:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cba46a7f-549c-11dd-b259-001d608e6011}]
\shell\AutoRun\command - F:\StartSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc179be6-d042-11dc-ade6-806e6f6e6963}]
\shell\AutoRun\command - D:\AutoRun.exe
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
HKCU-Run-Aim6 - ~c:\program files\AIM6\aim6.exe
HKCU-Run-Yahoo! Pager - ~c:\program files\Yahoo!\Messenger\YahooMessenger.exe
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-C6501Sound - c6501.cpl


.
------- Supplementary Scan -------
.
uStart Page = www.google.com
uInternet Settings,ProxyOverride = *.local
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: gscdn.com\rfonline-full
DPF: {8C292180-8BB2-495F-B94B-89FE9F2B530A} - hxxp://rfonline-full.gscdn.com/gscdn/ccr_downloader.cab
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kfbrwpo1.default\
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
1 file(s) moved.
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kfbrwpo1.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\kfbrwpo1.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 20:14:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-03-02 20:18:09
ComboFix-quarantined-files.txt 2009-03-03 01:17:24

Pre-Run: 95,182,188,544 bytes free
Post-Run: 95,246,266,368 bytes free

368 --- E O F --- 2009-02-26 11:50:50



Despite what it says, my AV was disabled, not sure why it was saying it was still active. Things seem to be going a bit faster than they were, startup is definitely faster.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:03 AM

Posted 03 March 2009 - 05:50 PM

The log looks good.
  • Go to start > run and copy and paste or type next command in the field then hit enter:

    ComboFix /u

    Note: There's a space between Combofix and /

    This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

    The first reboot might be a little slow, the next one will be faster.

  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. If you are not behind a router I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:

    Sunbelt-Kerio
    (Note: You install the Sunbelt trial version but after the trial period it will revert back to free version.)

    Online Armor Free edition

  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.

Please tell me if you Combofix is uninstalled properly, we can then close the topic.

#9 Dragunslayer

Dragunslayer
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 PM

Posted 03 March 2009 - 08:32 PM

Combofix was uninstalled without any problem.

Things seem to be running quite a bit smoother after all the help, thank you very much.

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:03 AM

Posted 03 March 2009 - 09:22 PM

You are welcome.

This thread will now be closed.

If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users