Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloaded a movie and it did some weird stuff


  • This topic is locked This topic is locked
10 replies to this topic

#1 Winnin813

Winnin813

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 07 March 2009 - 07:54 PM

I downloaded a movie off of rapidshare, it was around 100 or so megabytes so I figured it was legit.

But when the download finished I noticed that some files off my USB drive were being corrupted or deleted. Vista on a reboot took longer than usual as well.

Anyways, here's my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:51:42 PM, on 3/7/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 6160 bytes
I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:11 AM

Posted 19 March 2009 - 09:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 Winnin813

Winnin813
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 20 March 2009 - 12:09 AM

The bottom 2 links for download say they don't run on my operating system )Vista 64-bit. The first and top download link for dds just doesn't load.


Thank you for helping me by the way!
I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:06:11 AM

Posted 20 March 2009 - 12:13 AM

Hang on. Another will provide other instructions.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 20 March 2009 - 08:58 AM

Hello.

Let's see what we can do.

Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check both the Scan All Users and Use Whitelist checkboxes. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized. A new Extra.txt will not be created if one exists already.
Copy and Paste the logs into your next reply.

Please give me an update on the symptoms.

With Regards,
The Panda

#6 Winnin813

Winnin813
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 20 March 2009 - 02:09 PM

Ah thank you! Here are the results

OTViewIt logfile created on: 3/20/2009 2:35:30 PM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\Harvey\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.87 Gb Available Physical Memory | 71.70% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 90.23 Gb Free Space | 77.49% Space Free | Partition Type: NTFS
Drive D: | 105.70 Gb Total Space | 92.12 Gb Free Space | 87.15% Space Free | Partition Type: NTFS
Drive E: | 699.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TECHNO
Current User Name: Harvey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/03 00:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
[2007/08/08 03:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
[2009/03/18 14:40:01 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
[2007/08/03 15:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
[2008/06/18 01:10:24 | 00,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
[2008/07/15 14:29:00 | 07,651,328 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
[2008/06/24 22:01:08 | 00,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
[2009/02/21 21:31:15 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
[2008/07/15 14:22:46 | 00,217,088 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
[2007/11/28 18:26:00 | 00,294,912 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
[2008/06/23 23:16:24 | 02,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
[2007/08/15 14:20:16 | 00,106,496 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
[2008/01/23 13:51:28 | 00,151,552 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
[2009/03/20 14:34:45 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Harvey\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/03 00:53:00 | 00,094,208 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService [Auto | Running])
[2007/08/08 03:08:40 | 00,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008/01/20 22:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/20 22:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Stopped])
[2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [Disabled | Stopped])
[2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [Disabled | Stopped])
[2008/01/20 22:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (gpsvc [Unknown | Running])
[2006/11/02 05:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Running])
[2008/06/09 13:21:58 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
[2006/10/27 01:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006/11/02 09:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/20 22:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/20 22:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
File not found -- -- (nvsvc [Auto | Running])
[2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/20 22:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2009/03/18 14:40:01 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2009/01/26 16:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService [Disabled | Stopped])
[2008/01/20 22:49:11 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2007/08/03 15:24:54 | 00,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr [Auto | Running])
[2009/02/13 22:39:24 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [Disabled | Stopped])
[2006/11/02 02:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2006/11/02 02:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Stopped])
[2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Disabled | Stopped])
[2008/05/27 01:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/01/20 22:46:53 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/20 22:46:54 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/20 22:46:54 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/20 22:47:27 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008/01/20 22:46:50 | 00,015,976 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/20 22:46:52 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008/01/20 22:47:00 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
[2007/07/24 14:11:32 | 00,014,904 | ---- | M] () -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64 [Auto | Running])
[2008/01/20 22:46:56 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2008/01/20 22:46:56 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2008/01/20 22:46:50 | 00,018,024 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\cmdide.sys -- (cmdide [Disabled | Stopped])
[2008/01/20 22:46:56 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/20 22:46:59 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
[2007/08/03 00:26:47 | 00,017,464 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio [Auto | Running])
[2008/01/20 22:46:59 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
File not found -- -- (iaStor [Boot | Running])
[2008/01/20 22:46:59 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
File not found -- -- (IntcAzAudAddService [On_Demand | Running])
[2008/09/20 17:43:25 | 00,000,000 | ---D | M] -- C:\Windows\ITECIR -- (itecir [On_Demand | Running])
File not found -- -- (kbfiltr [On_Demand | Running])
[2008/01/20 22:46:51 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/20 22:46:56 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/20 22:47:01 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/20 22:46:59 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2008/01/20 22:46:56 | 00,438,328 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\WinSxS\amd64_megasr.inf_31bf3856ad364e35_6.0.6001.18000_none_44b889fdb37f3d14\MegaSR.sys -- (MegaSR [Disabled | Stopped])
[2006/09/18 17:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
File not found -- -- (MTsensor [On_Demand | Running])
File not found -- -- (NETw5v64 [On_Demand | Running])
File not found -- -- (NVHDA [On_Demand | Running])
[2008/01/20 22:47:26 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008/01/20 22:46:54 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/20 22:46:54 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008/01/20 22:46:52 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
File not found -- -- (rimmptsk [Auto | Running])
File not found -- -- (rimsptsk [Auto | Running])
File not found -- -- (rismxdp [Auto | Running])
File not found -- -- (RTL8169 [On_Demand | Running])
File not found -- -- (SCDEmu [System | Running])
[2006/09/29 19:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/20 22:47:26 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
File not found -- -- (SNP2UVC [On_Demand | Running])
File not found -- -- (SynTP [On_Demand | Running])
[2006/09/18 17:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2006/09/18 17:44:13 | 00,144,862 | ---- | M] () -- C:\Windows\System32\tpm.msc -- (TPM [On_Demand | Stopped])
[2008/01/20 22:46:56 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2008/01/20 22:46:52 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/01/20 22:46:50 | 00,018,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/20 22:47:25 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2307401489-2643506472-2222847080-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157
"StartPageCache"=

[HKEY_USERS\S-1-5-21-2307401489-2643506472-2222847080-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2307401489-2643506472-2222847080-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (302817 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
10437 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe ()
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2307401489-2643506472-2222847080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2307401489-2643506472-2222847080-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Send to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: S&end to OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2009/01/26 16:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
55 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2307401489-2643506472-2222847080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
55 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_12

========== (O17) DNS Name Servers ==========

{5E62F60D-B345-4CBF-A3CC-9996155F318A} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{9416DF44-CF91-4D96-9446-2F28F4B74845} (Servers: | Description: Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{DD87358E-855E-40A7-89A0-4AFB2F4297A3} (Servers: | Description: Intel® WiFi Link 5100 AGN)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 02:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/20 22:50:00 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/20 22:50:00 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

Autorun.exe [MZ | ]
[2005/11/01 06:44:42 | 01,187,840 | R--- | M] () -- E:\Autorun.exe -- [ CDFS ]

Autorun.inf [[autorun] | icon=BF2.ico | open=Autorun.exe | ]
[2005/11/01 06:44:42 | 00,000,043 | R--- | M] () -- E:\Autorun.inf -- [ CDFS ]

autorun []
[2005/11/01 06:44:42 | 01,187,840 | R--- | M] () -- E:\autorun.exe -- [ CDFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b2b325-e29c-11dd-acdd-806e6f6e6963}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02b2b325-e29c-11dd-acdd-806e6f6e6963}\Shell\AutoRun\command]
""=F:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c8ebbd3-875c-11dd-9c44-806e6f6e6963}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1c8ebbd3-875c-11dd-9c44-806e6f6e6963}\Shell\AutoRun\command]
""=E:\Autorun.exe -- [2005/11/01 06:44:42 | 01,187,840 | R--- | M] ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9a7d38a-db9c-11dd-b394-00235415407b}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9a7d38a-db9c-11dd-b394-00235415407b}\Shell\AutoRun\command]
""=H:\LaunchU3.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\Shell\AutoRun\command]
""=J:\AutoRunMorrowind.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\Shell\install\command]
""=J:\Setup.exe -- File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command]
""=K:\AutoRunBloodmoon.exe -- File not found


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\install\command]
""=K:\Setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/03/20 14:34:43 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\Harvey\Desktop\OTViewIt.exe
[2009/03/20 00:49:07 | 00,189,784 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/03/18 14:38:05 | 00,000,000 | ---D | C] -- C:\ProgramData\id Software
[2009/03/12 20:16:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2009/03/12 19:20:38 | 00,000,000 | ---D | C] -- C:\Users\Harvey\AppData\Roaming\FLV Extract
[2009/03/12 18:46:03 | 00,000,000 | ---D | C] -- C:\Users\Harvey\Documents\FrostWire
[2009/03/12 18:45:59 | 00,000,000 | ---D | C] -- C:\Users\Harvey\AppData\Roaming\FrostWire
[2009/03/12 18:45:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\FrostWire
[2009/03/12 18:32:26 | 00,000,000 | ---D | C] -- C:\Users\Harvey\Documents\Sansa and DS tools
[2009/03/10 17:47:03 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/08 11:18:33 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/03/02 18:57:27 | 00,001,104 | ---- | C] () -- C:\Users\Harvey\Desktop\Spybot - Search & Destroy.lnk
[2009/03/02 18:57:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/03/02 18:57:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/02/28 00:45:07 | 00,000,000 | ---D | C] -- C:\Users\Harvey\AppData\Roaming\vlc
[2009/02/28 00:43:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2009/02/27 13:21:39 | 02,246,144 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/02/24 19:19:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2009/02/23 22:04:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2009/02/23 19:19:03 | 00,000,000 | ---D | C] -- C:\Users\Harvey\AppData\Local\Criterion Games
[2009/02/23 19:18:12 | 00,000,866 | ---- | C] () -- C:\Users\Harvey\Desktop\Burnout Paradise.lnk
[2009/02/23 01:16:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2009/02/23 01:15:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009/02/23 01:15:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2009/02/23 01:15:26 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009/02/23 01:15:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2009/02/23 01:14:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009/02/23 01:13:24 | 00,000,000 | ---D | C] -- C:\Users\Harvey\AppData\Local\Microsoft Help
[2009/02/23 01:13:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2009/02/23 01:13:11 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/02/23 01:07:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MS Office
[2009/02/22 11:39:33 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/02/22 11:39:33 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/02/22 11:39:32 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/02/22 11:39:32 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009/02/22 11:39:32 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009/02/22 11:39:32 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009/02/22 11:39:32 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009/02/22 11:39:31 | 01,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2009/02/22 11:39:31 | 00,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2009/02/22 11:39:31 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2009/02/22 11:39:31 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2009/02/22 11:39:31 | 00,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2009/02/22 11:39:30 | 03,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2009/02/22 11:39:30 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2009/02/22 11:39:30 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2009/02/22 11:39:30 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2009/02/22 11:39:29 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2009/02/22 11:39:29 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2009/02/22 11:39:29 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2009/02/22 11:39:29 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2009/02/22 11:39:28 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2009/02/22 11:39:28 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2009/02/22 11:39:28 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2009/02/22 11:39:28 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2009/02/22 11:39:28 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2009/02/22 11:39:27 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2009/02/22 11:39:27 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2009/02/22 11:39:26 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2009/02/22 11:39:26 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2009/02/22 11:39:26 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2009/02/22 11:39:25 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2009/02/22 11:39:25 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2009/02/22 11:39:25 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2009/02/22 11:39:24 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2009/02/22 11:39:24 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2009/02/22 11:39:24 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2009/02/22 11:39:24 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2009/02/22 11:39:24 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2009/02/22 11:39:23 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2009/02/22 11:39:23 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2009/02/22 11:39:23 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/02/22 11:39:22 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2009/02/22 11:39:22 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2009/02/22 11:39:22 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2009/02/22 11:39:22 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2009/02/22 11:39:21 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2009/02/22 11:39:21 | 00,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2009/02/22 11:39:21 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2009/02/22 11:39:20 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/02/22 11:39:20 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/02/22 11:39:20 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/02/22 11:39:19 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/02/22 11:39:19 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/02/22 11:39:19 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/02/22 11:39:19 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/02/22 11:39:18 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/02/22 11:39:17 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2009/02/22 11:39:17 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/02/22 11:39:17 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/02/22 11:39:17 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/02/22 11:39:16 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2009/02/22 11:39:16 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/02/22 11:36:59 | 00,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2009/02/22 11:36:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\directx
[2009/02/22 11:08:45 | 00,000,000 | ---D | C] -- C:\Users\Harvey\AppData\Roaming\WinRAR
[2009/02/22 11:08:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2009/02/21 21:31:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/03/20 14:34:45 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\Harvey\Desktop\OTViewIt.exe
[2009/03/20 14:27:17 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/03/20 14:27:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/03/20 14:27:02 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/03/20 01:09:26 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2009/03/20 01:09:23 | 03,886,354 | -H-- | M] () -- C:\Users\Harvey\AppData\Local\IconCache.db
[2009/03/20 01:00:44 | 00,027,934 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/03/20 00:49:35 | 00,189,784 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009/03/20 00:49:35 | 00,189,784 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009/03/20 00:45:34 | 00,001,805 | ---- | M] () -- C:\Users\Harvey\Desktop\Trillian.lnk
[2009/03/18 14:40:01 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2009/03/18 14:38:06 | 02,246,144 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2009/03/02 18:57:27 | 00,001,104 | ---- | M] () -- C:\Users\Harvey\Desktop\Spybot - Search & Destroy.lnk
[2009/02/28 00:52:17 | 00,006,144 | ---- | M] () -- C:\Users\Harvey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/23 19:18:12 | 00,000,866 | ---- | M] () -- C:\Users\Harvey\Desktop\Burnout Paradise.lnk
[2009/02/23 18:31:03 | 00,105,312 | ---- | M] () -- C:\Users\Harvey\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/02/23 01:13:54 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
< End of report >

Attached Files


Edited by PropagandaPanda, 20 March 2009 - 04:30 PM.

I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

#7 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 20 March 2009 - 04:35 PM

Hello.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case FrostWire/b]). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Run ESET Online Scan
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please go to ESET OnlineScan (NOD32)
  • You will then see the Terms of Use, tick the check-box infront of YES, I accept the Terms of Use
  • Now click Start. If you see a "Security Warning" that asks if you want to install and run a file called "OnlineScanner.cab", click Yes.
  • Click Start. The online scanner will now prepare itself for running on your pc.
  • To do a full-scan, tick: Remove found threats and Scan potentially unwanted applications.
  • Press Scan. The Onlinescan will now start and scan your computer. Please be patient as this a while.
  • When the scan has finished, it will show a screen with two tabs "overview" and "details" and the option to get information or buy software, just close the window.
  • Click Start, then Run.... The the box that appears type with the quotes:
    "C:\Program Files\EsetOnlineScanner\log.txt"
  • The scan results will now open in Notepad
  • Click into the text area, right-click and chose select all. Right-click again and chose Copy.
  • Post back with the log.txt in your next reply.
Note: For [b]Vista Users
: Eset is compatible but Internet Explorer must be run as Administrator. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select "Run as Administrator" from the context menu.)

Please give me an update on the symptoms.

With Regards,
The Panda

#8 Winnin813

Winnin813
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 21 March 2009 - 10:50 PM

Thanks guys! Here's the log:

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3953 (20090321)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=700b59dd6a1188479aaff75e09a3e607
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-03-22 03:45:49
# local_time=2009-03-21 11:45:49 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.0.6001 NT Service Pack 1
# scanned=268521
# found=0
# scan_time=1324

Attached Files

  • Attached File  log.txt   597bytes   1 downloads

I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 22 March 2009 - 09:39 AM

Hello.

I do not see any signs of infection in your logs. Are there any symptoms that would suggest there is?

With Regards,
The Panda

#10 Winnin813

Winnin813
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:11 AM

Posted 22 March 2009 - 11:39 AM

At around the sametime some of the files in my folder were being deleted randomly (I do not share this computer with anyone) and I also noticed considerable slowdowns.

I will look into it more on my own, there are other people that could use help from this talented crew.

Thank you once again though for all your help PropagandaPanda!
I been scared and battered.
My hopes the wind done scattered.
Snow has friz me,
Sun has baked me,

Looks like between 'em they done
Tried to make me

Stop laughin', stop lovin', stop livin'--
But I don't care!
I'm still here!

-Langston Hughes

#11 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:11 AM

Posted 08 April 2009 - 05:27 PM

Welcome.

Since this issue appears to be resolved, this topic is now closed.
If you are the topic starter and need this topic reopened, send me a message.

Everyone else, please begin a new topic.

With Regards,
The Panda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users