Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems with "Skynet"


  • This topic is locked This topic is locked
15 replies to this topic

#1 Kennysside

Kennysside

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 25 July 2009 - 10:45 AM

I've already tried to fix this on " http://www.bleepingcomputer.com/forums/t/243979/problems-with-skynet/ ", but I was redirected over here :thumbup2:

Short description of the problem is, stuff closing down, MSN Messenger and such, Mcafee not working 100%, loads of stuff found when I scan with Spybot, Mcafee, Kaspersky.

---------------------------------------------------------------------------------


DDS (Ver_09-06-26.01) - NTFSx86
Run by Kofoed at 17:31:36,93 on 25-07-2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.3327.2247 [GMT 2:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\steam\steam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\3\3Connect\AutoUpdateSrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Kofoed\My Documents\Hentede filer\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Cognac] c:\docume~1\kofoed\locals~1\temp\b.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Six Engine] "c:\program files\asus\epu-4 engine\FourEngine.exe" -r
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 5.0\apdproxy.exe"
mRun: [Skype Recorder] "c:\program files\skype recorder\Skype Recorder.exe"
mRun: [CM108Sound] RunDll32 CM108.cpl,CMICtrlWnd
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [jswtrayutil] "c:\program files\netgear\wn111v2\jswtrayutil.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Anti Trojan Elite] c:\program files\anti trojan elite\TJEnder.exe :NO
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\3\3connect\AutoUpdateSrv.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: danid.dk
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D02604D1-13FA-4A05-BF3E-A3055C69647C} = 193.162.153.164,194.239.134.83
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kofoed\applic~1\mozilla\firefox\profiles\yzlgwye6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-23 64160]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-3-25 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-3-14 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-5-11 206112]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-5-11 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-5-11 144704]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [2009-4-23 10240]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2009-1-21 2749736]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-2-12 57440]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2009-1-12 36864]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-5-11 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-5-11 79880]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-5-11 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-5-11 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2007-12-14 57408]
S2 6to4ACS;IPv6 Helper Service 6to4ACS;c:\windows\temp\bvndskholg.exe service --> c:\windows\temp\bvndskholg.exe service [?]
S2 abgyymrdbrsa;abgyymrdbrsa;\??\c:\windows\system32\drivers\uxvpcsrd.sys --> c:\windows\system32\drivers\uxvpcsrd.sys [?]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\anti trojan elite\atepmon.sys --> c:\program files\anti trojan elite\ATEPMon.sys [?]
S2 McNASvcALG;McAfee Network Agent McNASvcALG;c:\windows\system32\3076e.exe srv --> c:\windows\system32\3076e.exe srv [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-5-26 16512]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [2009-2-10 1294336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-5-11 34216]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\screamingbaudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-1-22 15656]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-5-31 434688]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-07-25 17:20 -cd-h--- c:\windows\ie8
2009-07-24 18:27 --d----- c:\program files\iPod
2009-07-24 18:27 --d----- c:\program files\iTunes
2009-07-24 16:34 23,040 a--sh--- c:\windows\system32\12520850k.dll
2009-07-24 03:26 --d----- c:\program files\RootRepeal
2009-07-24 00:50 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-24 00:50 --d----- c:\program files\SUPERAntiSpyware
2009-07-24 00:50 --d----- c:\docume~1\kofoed\applic~1\SUPERAntiSpyware.com
2009-07-24 00:26 672 a------- c:\windows\wininit.ini
2009-07-22 06:08 --d----- c:\docume~1\kofoed\applic~1\McAfee
2009-07-21 01:28 2,365 a--s---- c:\windows\system32\2179174694.dat
2009-07-21 01:28 59,904 ---shr-- c:\windows\system32\3076e.exe
2009-07-15 22:52 127 a------- c:\windows\system32\MRT.INI
2009-07-15 11:31 129,784 -------- c:\windows\system32\pxafs.dll
2009-07-15 11:31 9,464 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-07-15 11:31 9,336 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-15 11:30 --d----- c:\program files\DivX
2009-07-15 11:30 --d----- c:\program files\common files\DivX Shared
2009-07-14 22:35 --d----- c:\program files\Curse
2009-07-06 14:01 --d----- c:\docume~1\kofoed\applic~1\Acreon
2009-07-06 12:30 --d----- c:\program files\WinPcap
2009-06-27 00:42 --d----- c:\docume~1\alluse~1\applic~1\espionServerData

==================== Find3M ====================

2009-07-15 14:12 189,104 a------- c:\windows\system32\PnkBstrB.exe
2009-07-15 13:22 139,584 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-23 16:52 15,688 a------- c:\windows\system32\lsdelete.exe
2009-06-23 16:52 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-16 16:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 16:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-05 23:32 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-03 21:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-26 13:16 413,696 a------- c:\windows\system32\wrap_oal.dll
2009-05-26 13:16 110,592 a------- c:\windows\system32\OpenAL32.dll
2009-05-18 21:38 35,197 a------- c:\windows\DIIUnin.dat
2009-05-18 21:35 21,840 a------t c:\windows\system32\SIntfNT.dll
2009-05-18 21:35 17,212 a------t c:\windows\system32\SIntf32.dll
2009-05-18 21:35 12,067 a------t c:\windows\system32\SIntf16.dll
2009-05-17 16:26 22,328 a------- c:\docume~1\kofoed\applic~1\PnkBstrK.sys
2009-05-17 14:13 682,280 a------- c:\windows\system32\pbsvc.exe
2009-05-14 16:58 94,208 a------- c:\windows\DIIUnin.exe
2009-05-14 16:58 2,829 a------- c:\windows\DIIUnin.pif
2009-05-11 17:40 66,936 a--sh--- c:\windows\dlinfo_0.drv
2009-05-11 16:13 52,736 a------- c:\windows\ipuninst.exe
2009-05-11 16:08 19,840 a------- c:\windows\W2BNEUnin.dat
2009-05-11 16:08 98,304 a------- c:\windows\W2BNEUnin.exe
2009-05-11 16:08 2,829 a------- c:\windows\W2BNEUnin.pif
2009-05-11 16:06 86,528 a------- c:\windows\bnetunin.exe
2009-05-11 16:06 61,440 a------- c:\windows\diabunin.exe
2009-05-07 17:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 23:03 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-01 23:03 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-01 23:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 23:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 23:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 23:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 23:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 23:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 23:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-29 11:34 4,096 a------- c:\windows\d3dx.dat
2009-03-21 16:05 0 a------- c:\documents and settings\kofoed\temp.dat
2006-06-25 00:48 32,768 a----r-- c:\windows\inf\UpdateUSB.exe
2009-03-19 20:43 0 a--sh--- c:\windows\system32\sys_drv.dat
2009-01-19 21:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011220090119\index.dat
2009-01-19 21:39 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011920090120\index.dat

============= FINISH: 17:34:16,59 ===============

Attached Files



BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 July 2009 - 11:03 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".

After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Kennysside

Kennysside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 25 July 2009 - 12:17 PM

ComboFix 09-07-24.01 - Kofoed 25-07-2009 18:52.1.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.3327.2787 [GMT 2:00]
Running from: c:\documents and settings\Kofoed\My Documents\Hentede filer\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kofoed\Application Data\.#
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\3076e.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\drivers\SKYNETipxexmow.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\SKYNETbigrnodk.dat
c:\windows\system32\SKYNETqjoenqth.dll
c:\windows\system32\SKYNETskltpqrt.dat
c:\windows\system32\SKYNETsrujovmy.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETnkvrttop
-------\Legacy_MCNASVCALG
-------\Legacy_NPF
-------\Service_McNASvcALG
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 16:51 . 2009-07-25 16:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\WTablet
2009-07-25 15:20 . 2009-07-25 15:21 -------- dc-h--w- c:\windows\ie8
2009-07-24 16:27 . 2009-07-24 16:27 -------- d-----w- c:\program files\iPod
2009-07-24 16:27 . 2009-07-24 16:27 -------- d-----w- c:\program files\iTunes
2009-07-24 16:24 . 2009-07-24 16:24 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-24 01:26 . 2009-07-24 09:35 -------- d-----w- c:\program files\RootRepeal
2009-07-23 23:02 . 2009-07-23 23:02 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 23:01 . 2009-07-23 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-23 22:51 . 2009-07-25 17:08 117760 ----a-w- c:\documents and settings\Kofoed\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 22:50 . 2009-07-23 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-23 22:50 . 2009-07-23 22:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-23 22:50 . 2009-07-23 22:50 -------- d-----w- c:\documents and settings\Kofoed\Application Data\SUPERAntiSpyware.com
2009-07-22 04:10 . 2009-07-12 23:42 286880 ----a-r- c:\documents and settings\Kofoed\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-07-22 04:08 . 2009-07-22 04:08 -------- d-----w- c:\documents and settings\Kofoed\Application Data\McAfee
2009-07-22 04:08 . 2009-07-22 04:08 49152 ----a-r- c:\documents and settings\Kofoed\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-07-22 04:08 . 2009-07-22 04:08 49152 ----a-r- c:\documents and settings\Kofoed\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-07-21 23:33 . 2009-07-21 23:35 -------- d-----w- c:\documents and settings\Kofoed\Local Settings\Application Data\CurseClient
2009-07-20 23:28 . 2009-07-24 14:34 2365 --s-a-w- c:\windows\system32\2179174694.dat
2009-07-15 20:52 . 2009-07-15 20:52 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-15 09:31 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-15 09:31 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-15 09:31 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-15 09:30 . 2009-07-15 09:31 -------- d-----w- c:\program files\DivX
2009-07-15 09:30 . 2009-07-15 09:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-14 20:35 . 2009-07-15 08:47 -------- d-----w- c:\program files\Curse
2009-07-06 12:01 . 2009-07-06 12:01 272384 ----a-w- c:\documents and settings\Kofoed\Application Data\Acreon\WowMatrix\Modules\curl.exe
2009-07-06 12:01 . 2009-07-06 12:01 258048 ----a-w- c:\documents and settings\Kofoed\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2009-07-06 12:01 . 2009-07-06 12:01 192512 ----a-w- c:\documents and settings\Kofoed\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2009-07-06 12:01 . 2009-07-06 12:01 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Acreon
2009-07-06 12:01 . 2009-07-21 23:33 -------- d-----w- c:\documents and settings\Kofoed\Local Settings\Application Data\._Revolution_
2009-06-26 22:42 . 2009-06-26 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 17:09 . 2009-01-22 19:12 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Skype
2009-07-25 17:08 . 2009-04-24 19:01 -------- d-----w- c:\program files\DNA
2009-07-25 17:08 . 2009-04-24 19:01 -------- d-----w- c:\documents and settings\Kofoed\Application Data\DNA
2009-07-25 17:07 . 2009-01-12 09:39 -------- d-----w- c:\program files\Steam
2009-07-25 17:07 . 2009-01-21 00:48 -------- d-----w- c:\documents and settings\Kofoed\Application Data\WTablet
2009-07-25 07:06 . 2009-05-11 10:50 -------- d-----w- c:\program files\Warcraft III
2009-07-24 16:27 . 2009-06-05 10:54 -------- d-----w- c:\program files\Common Files\Apple
2009-07-23 22:50 . 2009-01-12 09:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-22 04:08 . 2009-05-11 16:59 -------- d-----w- c:\program files\McAfee
2009-07-22 04:08 . 2009-05-11 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-22 03:07 . 2009-03-14 14:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 13:55 . 2009-01-13 17:00 -------- d-----w- c:\program files\World of Warcraft
2009-07-15 20:52 . 2009-05-11 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 12:12 . 2009-01-12 19:48 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-15 11:22 . 2009-01-12 19:48 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-13 12:10 . 2009-06-24 21:21 -------- d-----w- c:\program files\Trillian
2009-07-07 14:52 . 2009-06-23 14:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 14:52 . 2009-06-23 14:52 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 18:07 . 2009-06-24 20:41 -------- d-----w- c:\program files\Pidgin
2009-06-26 18:07 . 2009-06-24 22:32 -------- d-----w- c:\program files\Miranda IM
2009-06-24 21:47 . 2009-06-24 21:39 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Miranda
2009-06-24 21:37 . 2009-06-24 20:41 -------- d-----w- c:\documents and settings\Kofoed\Application Data\.purple
2009-06-24 21:16 . 2009-06-24 21:14 -------- d-----w- c:\documents and settings\Kofoed\Application Data\gtk-2.0
2009-06-24 21:16 . 2009-06-24 21:16 2165 ----a-w- c:\documents and settings\Kofoed\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-06-24 21:16 . 2009-06-24 21:16 2141 ----a-w- c:\documents and settings\Kofoed\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-06-24 20:42 . 2009-06-24 20:42 2099 ----a-w- c:\documents and settings\Kofoed\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-06-24 20:41 . 2009-06-24 20:41 -------- d-----w- c:\program files\Common Files\GTK
2009-06-24 20:05 . 2009-03-14 13:57 -------- d-----w- c:\program files\Windows Live
2009-06-24 19:53 . 2009-06-24 18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 18:37 . 2009-06-24 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 18:21 . 2009-06-24 17:36 -------- d-----w- c:\program files\Anti Trojan Elite
2009-06-23 18:48 . 2009-06-23 10:46 -------- d-----w- c:\program files\Image-Line
2009-06-23 18:47 . 2009-06-23 10:48 -------- d-----w- c:\program files\VstPlugins
2009-06-23 14:56 . 2009-06-23 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-23 14:52 . 2009-06-23 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-23 14:52 . 2009-06-23 17:29 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-23 14:52 . 2009-06-23 14:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-23 14:52 . 2009-06-23 14:52 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-23 14:52 . 2009-06-23 14:52 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-23 14:48 . 2009-06-23 14:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-23 14:48 . 2009-06-23 14:48 -------- d-----w- c:\program files\Lavasoft
2009-06-23 11:07 . 2009-04-24 19:01 -------- d-----w- c:\documents and settings\Kofoed\Application Data\BitTorrent
2009-06-23 10:47 . 2009-06-23 10:47 -------- d-----w- c:\program files\Outsim
2009-06-22 19:59 . 2009-06-22 11:39 -------- d-----w- c:\program files\WC3Banlist
2009-06-20 13:22 . 2009-06-20 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-20 09:27 . 2009-06-20 09:27 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-16 14:36 . 2001-08-23 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-07 21:20 . 2009-05-14 14:39 -------- d-----w- c:\program files\Diablo II
2009-06-07 11:15 . 2009-06-07 10:59 25 ----a-w- c:\windows\popcinfot.dat
2009-06-07 01:53 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\Kofoed\Application Data\SaintXi
2009-06-06 09:42 . 2009-04-23 12:05 -------- d-----w- c:\documents and settings\Kofoed\Application Data\DAEMON Tools Lite
2009-06-06 09:41 . 2009-06-05 21:35 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-05 21:35 . 2009-04-23 12:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-05 21:32 . 2009-04-23 12:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-05 10:55 . 2009-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-05 10:54 . 2009-06-05 10:54 -------- d-----w- c:\program files\Bonjour
2009-06-05 10:48 . 2009-06-05 10:48 -------- d-----w- c:\program files\QuickTime
2009-06-05 10:48 . 2009-06-05 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-03 19:09 . 2005-08-30 08:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 15:39 . 2009-05-17 12:30 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Hamachi
2009-05-28 12:32 . 2009-01-12 09:53 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-26 14:31 . 2009-01-12 19:36 91336 ----a-w- c:\documents and settings\Kofoed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 11:16 . 2009-05-26 11:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-26 11:16 . 2009-05-26 11:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-18 19:38 . 2009-05-14 14:58 35197 ----a-w- c:\windows\DIIUnin.dat
2009-05-18 19:35 . 2009-05-14 15:44 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-18 19:35 . 2009-05-14 15:44 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-18 19:35 . 2009-05-14 15:44 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-05-17 14:26 . 2009-01-12 19:48 22328 ----a-w- c:\documents and settings\Kofoed\Application Data\PnkBstrK.sys
2009-05-17 14:26 . 2009-01-12 19:48 22328 ----a-w- c:\documents and settings\Kofoed\Application Data\PnkBstrK.sys
2009-05-17 12:32 . 2009-05-17 12:30 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-17 12:13 . 2009-01-12 19:47 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-14 14:58 . 2009-05-14 14:58 94208 ----a-w- c:\windows\DIIUnin.exe
2009-05-14 14:58 . 2009-05-14 14:58 2829 ----a-w- c:\windows\DIIUnin.pif
2009-05-11 15:40 . 2009-05-11 15:40 66936 --sha-w- c:\windows\dlinfo_0.drv
2009-05-11 14:13 . 2009-05-11 14:13 52736 ----a-w- c:\windows\ipuninst.exe
2009-05-11 14:08 . 2009-05-11 14:08 19840 ----a-w- c:\windows\W2BNEUnin.dat
2009-05-11 14:08 . 2009-05-11 14:08 98304 ----a-w- c:\windows\W2BNEUnin.exe
2009-05-11 14:08 . 2009-05-11 14:08 2829 ----a-w- c:\windows\W2BNEUnin.pif
2009-05-11 14:06 . 2009-05-11 14:06 86528 ----a-w- c:\windows\bnetunin.exe
2009-05-11 14:06 . 2009-05-11 14:06 61440 ----a-w- c:\windows\diabunin.exe
2009-05-07 15:32 . 2002-08-29 02:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:03 . 2009-01-21 00:53 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 21:03 . 2009-01-21 00:53 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2009-01-21 00:53 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 09:34 . 2009-04-29 09:34 4096 ----a-w- c:\windows\d3dx.dat
2009-07-15 21:26 . 2009-01-12 09:40 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-31 20:47 . 2009-01-13 14:39 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-19 18:43 . 2009-03-19 18:23 0 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-24 321344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-12-25 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-12 805392]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2008-10-23 442368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\rainbow six vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 2\\reckoning.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 2\\ground_zero.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom interceptor\\Interceptor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen\\hexen.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen deathkings of the dark citadel\\HexenDK.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout\\flatout.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\heretic shadow of the serpent riders\\heretic.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom enforcer\\System\\XCom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war gold\\W40kWA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal ii the awakening\\System\\Unreal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal gold\\System\\Unreal.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war gold\\W40k.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\wolfenstein 3d\\Wolf3d.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war dark crusade\\darkcrusade.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ultimate doom\\ultimate.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\last remnant - demo sel\\Binaries\\TLRDemo.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\raycatcher demo\\Raycatcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\elven legacy - demo\\ElvenLegacy_demo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\wallace and gromit demo\\WallaceGromitDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the maw\\TheMaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war ii - spd\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battleforge\\Bootstrapper.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\smashingtoys_demo\\SmashingToys.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flock demo\\Flock.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe demo\\launcher.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\necrovision - demo\\Bin\\NecroVisioN.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\light of altair demo\\Altair.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force vs. the 3rd reich demo\\ffvt3rd.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\yosumin - demo\\Yosumin.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war - demo\\mow_demo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter 2 reloaded demo\\AlienShooter.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlestations pacific - demo\\bspdemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\zombie shooter demo\\ZombieShooterDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mrrobot\\MrRobot.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord ii - demo\\Overlord2Demo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord ii - demo\\Config.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaW.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaWmp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23-06-2009 16:52 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23-06-2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23-06-2009 11:01 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14-03-2009 16:01 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09-03-2009 21:06 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11-05-2009 19:01 206112]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [23-04-2009 21:40 10240]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24-11-2008 22:31 29263712]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [21-01-2009 02:47 2749736]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12-02-2008 18:05 57440]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [12-01-2009 11:33 36864]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23-06-2009 11:01 7408]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [14-12-2007 04:31 57408]
S2 6to4ACS;IPv6 Helper Service 6to4ACS;c:\windows\TEMP\bvndskholg.exe service --> c:\windows\TEMP\bvndskholg.exe service [?]
S2 abgyymrdbrsa;abgyymrdbrsa;\??\c:\windows\system32\drivers\uxvpcsrd.sys --> c:\windows\system32\drivers\uxvpcsrd.sys [?]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [26-05-2009 10:24 16512]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [10-02-2009 18:36 1294336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-07-2003 12:10 17149]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06-02-2009 19:08 533360]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-02-2008 11:54 360547]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [22-01-2009 19:56 15656]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [31-05-2008 14:46 434688]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:54]

2009-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-11 08:53]

2009-05-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-11 08:53]

2009-07-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Skype Recorder - c:\program files\Skype Recorder\Skype Recorder.exe
HKLM-Run-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
HKLM-Run-Anti Trojan Elite - c:\program files\Anti Trojan Elite\TJEnder.exe
HKLM-Run-CM108Sound - CM108.cpl


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {D02604D1-13FA-4A05-BF3E-A3055C69647C} = 193.162.153.164,194.239.134.83
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kofoed\Application Data\Mozilla\Firefox\Profiles\yzlgwye6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 19:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:f5,7b,eb,22,10,34,64,8c,ef,12,e3,8d,aa,04,13,5e,9f,f0,ef,4b,09,
cd,50,fe,3d,08,a0,b4,57,67,e8,04,42,c5,a0,56,50,8e,c8,30,40,a5,9d,ed,f3,57,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-07-25 19:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 17:14

Pre-Run: 258.704.523.264 bytes free
Post-Run: 259.021.144.064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

517 --- E O F --- 2009-07-22 01:00

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 July 2009 - 12:25 PM

1. Please open Notepad
  • If you don't know how, just go to Start >> Run >> copy/paste notepad.exe >> Enter
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

Driver::
abgyymrdbrsa
6to4ACS

File::
c:\windows\system32\2179174694.dat
c:\windows\TEMP\bvndskholg.exe
c:\windows\system32\drivers\uxvpcsrd.sys

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"=-

RegLock::
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Kennysside

Kennysside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 25 July 2009 - 01:08 PM

Haven't got Hijackthis, so all I got for now is the log I've just received from doing what you told me to.


ComboFix 09-07-24.01 - Kofoed 25-07-2009 19:52.2.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.45.1033.18.3327.2475 [GMT 2:00]
Running from: c:\documents and settings\Kofoed\My Documents\Hentede filer\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kofoed\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\system32\2179174694.dat"
"c:\windows\system32\drivers\uxvpcsrd.sys"
"c:\windows\TEMP\bvndskholg.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\2179174694.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4ACS
-------\Legacy_ABGYYMRDBRSA
-------\Service_6to4ACS
-------\Service_abgyymrdbrsa


((((((((((((((((((((((((( Files Created from 2009-06-25 to 2009-07-25 )))))))))))))))))))))))))))))))
.

2009-07-25 16:51 . 2009-07-25 16:51 -------- d-----w- c:\documents and settings\NetworkService\Application Data\WTablet
2009-07-25 15:20 . 2009-07-25 15:21 -------- dc-h--w- c:\windows\ie8
2009-07-24 16:27 . 2009-07-24 16:27 -------- d-----w- c:\program files\iPod
2009-07-24 16:27 . 2009-07-24 16:27 -------- d-----w- c:\program files\iTunes
2009-07-24 16:24 . 2009-07-24 16:24 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-24 01:26 . 2009-07-24 09:35 -------- d-----w- c:\program files\RootRepeal
2009-07-23 23:02 . 2009-07-23 23:02 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 23:01 . 2009-07-23 23:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-07-23 22:51 . 2009-07-25 17:59 117760 ----a-w- c:\documents and settings\Kofoed\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 22:50 . 2009-07-23 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-23 22:50 . 2009-07-23 22:50 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-23 22:50 . 2009-07-23 22:50 -------- d-----w- c:\documents and settings\Kofoed\Application Data\SUPERAntiSpyware.com
2009-07-22 04:10 . 2009-07-12 23:42 286880 ----a-r- c:\documents and settings\Kofoed\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2009-07-22 04:08 . 2009-07-22 04:08 -------- d-----w- c:\documents and settings\Kofoed\Application Data\McAfee
2009-07-22 04:08 . 2009-07-22 04:08 49152 ----a-r- c:\documents and settings\Kofoed\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-07-22 04:08 . 2009-07-22 04:08 49152 ----a-r- c:\documents and settings\Kofoed\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-07-21 23:33 . 2009-07-21 23:35 -------- d-----w- c:\documents and settings\Kofoed\Local Settings\Application Data\CurseClient
2009-07-15 20:52 . 2009-07-15 20:52 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-07-15 09:31 . 2009-05-01 21:03 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-07-15 09:31 . 2009-05-01 21:03 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-15 09:31 . 2009-05-01 21:03 129784 ------w- c:\windows\system32\pxafs.dll
2009-07-15 09:30 . 2009-07-15 09:31 -------- d-----w- c:\program files\DivX
2009-07-15 09:30 . 2009-07-15 09:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-07-14 20:35 . 2009-07-15 08:47 -------- d-----w- c:\program files\Curse
2009-07-06 12:01 . 2009-07-06 12:01 272384 ----a-w- c:\documents and settings\Kofoed\Application Data\Acreon\WowMatrix\Modules\curl.exe
2009-07-06 12:01 . 2009-07-06 12:01 258048 ----a-w- c:\documents and settings\Kofoed\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2009-07-06 12:01 . 2009-07-06 12:01 192512 ----a-w- c:\documents and settings\Kofoed\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2009-07-06 12:01 . 2009-07-06 12:01 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Acreon
2009-07-06 12:01 . 2009-07-21 23:33 -------- d-----w- c:\documents and settings\Kofoed\Local Settings\Application Data\._Revolution_
2009-06-26 22:42 . 2009-06-26 22:42 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-25 17:59 . 2009-01-22 19:12 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Skype
2009-07-25 17:58 . 2009-01-12 09:39 -------- d-----w- c:\program files\Steam
2009-07-25 17:57 . 2009-01-21 00:48 -------- d-----w- c:\documents and settings\Kofoed\Application Data\WTablet
2009-07-25 17:57 . 2009-04-24 19:01 -------- d-----w- c:\program files\DNA
2009-07-25 17:57 . 2009-04-24 19:01 -------- d-----w- c:\documents and settings\Kofoed\Application Data\DNA
2009-07-25 07:06 . 2009-05-11 10:50 -------- d-----w- c:\program files\Warcraft III
2009-07-24 16:27 . 2009-06-05 10:54 -------- d-----w- c:\program files\Common Files\Apple
2009-07-23 22:50 . 2009-01-12 09:53 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-22 04:08 . 2009-05-11 16:59 -------- d-----w- c:\program files\McAfee
2009-07-22 04:08 . 2009-05-11 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-07-22 03:07 . 2009-03-14 14:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 13:55 . 2009-01-13 17:00 -------- d-----w- c:\program files\World of Warcraft
2009-07-15 20:52 . 2009-05-11 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-15 12:12 . 2009-01-12 19:48 189104 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-07-15 11:22 . 2009-01-12 19:48 139584 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-07-13 12:10 . 2009-06-24 21:21 -------- d-----w- c:\program files\Trillian
2009-07-07 14:52 . 2009-06-23 14:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 14:52 . 2009-06-23 14:52 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 18:07 . 2009-06-24 20:41 -------- d-----w- c:\program files\Pidgin
2009-06-26 18:07 . 2009-06-24 22:32 -------- d-----w- c:\program files\Miranda IM
2009-06-24 21:47 . 2009-06-24 21:39 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Miranda
2009-06-24 21:37 . 2009-06-24 20:41 -------- d-----w- c:\documents and settings\Kofoed\Application Data\.purple
2009-06-24 21:16 . 2009-06-24 21:14 -------- d-----w- c:\documents and settings\Kofoed\Application Data\gtk-2.0
2009-06-24 21:16 . 2009-06-24 21:16 2165 ----a-w- c:\documents and settings\Kofoed\Application Data\.purple\certificates\x509\tls_peers\rsi.hotmail.com
2009-06-24 21:16 . 2009-06-24 21:16 2141 ----a-w- c:\documents and settings\Kofoed\Application Data\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
2009-06-24 20:42 . 2009-06-24 20:42 2099 ----a-w- c:\documents and settings\Kofoed\Application Data\.purple\certificates\x509\tls_peers\login.live.com
2009-06-24 20:41 . 2009-06-24 20:41 -------- d-----w- c:\program files\Common Files\GTK
2009-06-24 20:05 . 2009-03-14 13:57 -------- d-----w- c:\program files\Windows Live
2009-06-24 19:53 . 2009-06-24 18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-24 18:37 . 2009-06-24 18:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-24 18:21 . 2009-06-24 17:36 -------- d-----w- c:\program files\Anti Trojan Elite
2009-06-23 18:48 . 2009-06-23 10:46 -------- d-----w- c:\program files\Image-Line
2009-06-23 18:47 . 2009-06-23 10:48 -------- d-----w- c:\program files\VstPlugins
2009-06-23 14:56 . 2009-06-23 14:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-23 14:52 . 2009-06-23 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-23 14:52 . 2009-06-23 17:29 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-23 14:52 . 2009-06-23 14:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-23 14:52 . 2009-06-23 14:52 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-23 14:52 . 2009-06-23 14:52 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-23 14:48 . 2009-06-23 14:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-23 14:48 . 2009-06-23 14:48 -------- d-----w- c:\program files\Lavasoft
2009-06-23 11:07 . 2009-04-24 19:01 -------- d-----w- c:\documents and settings\Kofoed\Application Data\BitTorrent
2009-06-23 10:47 . 2009-06-23 10:47 -------- d-----w- c:\program files\Outsim
2009-06-22 19:59 . 2009-06-22 11:39 -------- d-----w- c:\program files\WC3Banlist
2009-06-20 13:22 . 2009-06-20 13:22 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-06-20 09:27 . 2009-06-20 09:27 -------- d-----w- c:\program files\Common Files\DirectX
2009-06-16 14:36 . 2001-08-23 11:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-23 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-07 21:20 . 2009-05-14 14:39 -------- d-----w- c:\program files\Diablo II
2009-06-07 11:15 . 2009-06-07 10:59 25 ----a-w- c:\windows\popcinfot.dat
2009-06-07 01:53 . 2009-06-07 01:53 -------- d-----w- c:\documents and settings\Kofoed\Application Data\SaintXi
2009-06-06 09:42 . 2009-04-23 12:05 -------- d-----w- c:\documents and settings\Kofoed\Application Data\DAEMON Tools Lite
2009-06-06 09:41 . 2009-06-05 21:35 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-06-05 21:35 . 2009-04-23 12:08 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-06-05 21:32 . 2009-04-23 12:05 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-06-05 10:55 . 2009-06-05 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-06-05 10:54 . 2009-06-05 10:54 -------- d-----w- c:\program files\Bonjour
2009-06-05 10:48 . 2009-06-05 10:48 -------- d-----w- c:\program files\QuickTime
2009-06-05 10:48 . 2009-06-05 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-03 19:09 . 2005-08-30 08:14 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-28 15:39 . 2009-05-17 12:30 -------- d-----w- c:\documents and settings\Kofoed\Application Data\Hamachi
2009-05-28 12:32 . 2009-01-12 09:53 -------- d-----w- c:\program files\AGEIA Technologies
2009-05-26 14:31 . 2009-01-12 19:36 91336 ----a-w- c:\documents and settings\Kofoed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-26 11:16 . 2009-05-26 11:16 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-26 11:16 . 2009-05-26 11:16 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-18 19:38 . 2009-05-14 14:58 35197 ----a-w- c:\windows\DIIUnin.dat
2009-05-18 19:35 . 2009-05-14 15:44 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-05-18 19:35 . 2009-05-14 15:44 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-05-18 19:35 . 2009-05-14 15:44 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-05-17 14:26 . 2009-01-12 19:48 22328 ----a-w- c:\documents and settings\Kofoed\Application Data\PnkBstrK.sys
2009-05-17 14:26 . 2009-01-12 19:48 22328 ----a-w- c:\documents and settings\Kofoed\Application Data\PnkBstrK.sys
2009-05-17 12:32 . 2009-05-17 12:30 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-05-17 12:13 . 2009-01-12 19:47 682280 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-14 14:58 . 2009-05-14 14:58 94208 ----a-w- c:\windows\DIIUnin.exe
2009-05-14 14:58 . 2009-05-14 14:58 2829 ----a-w- c:\windows\DIIUnin.pif
2009-05-11 15:40 . 2009-05-11 15:40 66936 --sha-w- c:\windows\dlinfo_0.drv
2009-05-11 14:13 . 2009-05-11 14:13 52736 ----a-w- c:\windows\ipuninst.exe
2009-05-11 14:08 . 2009-05-11 14:08 19840 ----a-w- c:\windows\W2BNEUnin.dat
2009-05-11 14:08 . 2009-05-11 14:08 98304 ----a-w- c:\windows\W2BNEUnin.exe
2009-05-11 14:08 . 2009-05-11 14:08 2829 ----a-w- c:\windows\W2BNEUnin.pif
2009-05-11 14:06 . 2009-05-11 14:06 86528 ----a-w- c:\windows\bnetunin.exe
2009-05-11 14:06 . 2009-05-11 14:06 61440 ----a-w- c:\windows\diabunin.exe
2009-05-07 15:32 . 2002-08-29 02:41 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 21:03 . 2009-01-21 00:53 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 21:03 . 2009-01-21 00:53 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-05-01 21:03 . 2009-01-21 00:53 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-29 09:34 . 2009-04-29 09:34 4096 ----a-w- c:\windows\d3dx.dat
2009-07-15 21:26 . 2009-01-12 09:40 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-03-31 20:47 . 2009-01-13 14:39 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-03-19 18:43 . 2009-03-19 18:23 0 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-07-25_17.07.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-25 17:57 . 2009-07-25 17:57 16384 c:\windows\Temp\Perflib_Perfdata_348.dat
+ 2009-01-12 15:57 . 2009-07-25 17:09 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-12 15:57 . 2009-07-25 17:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-12 15:57 . 2009-07-25 17:09 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-12 15:57 . 2009-07-25 17:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-12 15:57 . 2009-07-25 17:09 147456 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-12 15:57 . 2009-07-25 17:08 147456 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-14 13:21 . 2009-07-25 17:09 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-06-14 13:21 . 2009-07-25 17:08 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-06-12 1217784]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-04-24 321344]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-07-23 5625344]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2008-12-25 13680640]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2008-12-25 86016]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-12-22 67752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-03-25 645328]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-1-12 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-12 805392]
NETGEAR WN111v2 Smart Wizard.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2008-5-9 1474631]
Update Agent.lnk - c:\program files\3\3Connect\AutoUpdateSrv.exe [2008-10-23 442368]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3sp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\Winquake.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\qwcl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\Glquake.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake\\glqwcl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\rainbow six vegas 2\\Binaries\\R6Vegas2_Game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 2\\reckoning.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 2\\ground_zero.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom interceptor\\Interceptor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfSP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\return to castle wolfenstein\\WolfMP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen\\hexen.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen deathkings of the dark citadel\\HexenDK.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout\\flatout.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom ufo defense\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\heretic shadow of the serpent riders\\heretic.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom enforcer\\System\\XCom.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3\\Doom3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war gold\\W40kWA.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\hexen 2\\glh2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal ii the awakening\\System\\Unreal2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 3 arena\\quake3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 2004\\System\\UT2004.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament\\System\\UnrealTournament.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Overlord.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord\\Config.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal gold\\System\\Unreal.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\master levels of doom\\master.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\trials 2 second edition\\launcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war gold\\W40k.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp3.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp4.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\commander keen\\testapp5.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\wolfenstein 3d\\Wolf3d.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\x-com terror from the deep\\runme.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war dark crusade\\darkcrusade.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ultimate doom\\ultimate.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war soulstorm\\soulstorm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\xcom apocalypse\\dosbox.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\final doom\\plutonia.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\final doom\\tnt.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\bioshock\\Builds\\Release\\Bioshock.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 2\\doom2.bat"=
"c:\\Program Files\\Steam\\steamapps\\common\\last remnant - demo sel\\Binaries\\TLRDemo.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\raycatcher demo\\Raycatcher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\elven legacy - demo\\ElvenLegacy_demo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\wallace and gromit demo\\WallaceGromitDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the maw\\TheMaw.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\fear2spdemo\\FEAR2SPDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\dawn of war ii - spd\\DOW2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battleforge\\Bootstrapper.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\smashingtoys_demo\\SmashingToys.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\flock demo\\Flock.exe"=
"c:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\crayon physics deluxe demo\\launcher.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\s2gs.exe"=
"c:\\Program Files\\Deep Silver\\Sacred 2 - Fallen Angel\\system\\sacred2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\quake 2\\quake2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\necrovision - demo\\Bin\\NecroVisioN.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\light of altair demo\\Altair.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force vs. the 3rd reich demo\\ffvt3rd.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\yosumin - demo\\Yosumin.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war - demo\\mow_demo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\alien shooter 2 reloaded demo\\AlienShooter.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlestations pacific - demo\\bspdemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\zombie shooter demo\\ZombieShooterDemo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\monster trucks nitro demo\\MonsterTrucksNitro.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mrrobot\\MrRobot.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord ii - demo\\Overlord2Demo.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\overlord ii - demo\\Config.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaW.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of duty world at war\\CoDWaWmp.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23-06-2009 16:52 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23-06-2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23-06-2009 11:01 72944]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [14-03-2009 16:01 55152]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09-03-2009 21:06 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11-05-2009 19:01 206112]
R2 mdvrmng;Mobile IP Route Manager;c:\windows\system32\drivers\mdvrmng.sys [23-04-2009 21:40 10240]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24-11-2008 22:31 29263712]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [21-01-2009 02:47 2749736]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [12-02-2008 18:05 57440]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [12-01-2009 11:33 36864]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23-06-2009 11:01 7408]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [14-12-2007 04:31 57408]
S2 ATE_PROCMON;ATE_PROCMON;\??\c:\program files\Anti Trojan Elite\ATEPMon.sys --> c:\program files\Anti Trojan Elite\ATEPMon.sys [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [26-05-2009 10:24 16512]
S3 CM1083264;C-Media CM108 Like Sound UDAX Interface;c:\windows\system32\drivers\CM108.sys [10-02-2009 18:36 1294336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-07-2003 12:10 17149]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06-02-2009 19:08 533360]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-02-2008 11:54 360547]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys --> c:\windows\system32\drivers\ScreamingBAudio.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [22-01-2009 19:56 15656]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [31-05-2008 14:46 434688]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:54]

2009-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-11 08:53]

2009-05-11 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-05-11 08:53]

2009-07-25 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-25 21:18]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
Trusted Zone: danid.dk
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: {D02604D1-13FA-4A05-BF3E-A3055C69647C} = 193.162.153.164,194.239.134.83
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kofoed\Application Data\Mozilla\Firefox\Profiles\yzlgwye6.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".dk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-25 19:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1960408961-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:f5,7b,eb,22,10,34,64,8c,ef,12,e3,8d,aa,04,13,5e,9f,f0,ef,4b,09,
cd,50,fe,3d,08,a0,b4,57,67,e8,04,42,c5,a0,56,50,8e,c8,30,40,a5,9d,ed,f3,57,\
"rkeysecu"=hex:b2,ce,31,15,b2,ac,40,2e,d7,2e,22,89,fe,50,38,18
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1044)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3672)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2009-07-25 20:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-25 18:06
ComboFix2.txt 2009-07-25 17:14

Pre-Run: 259.064.848.384 bytes free
Post-Run: 259.033.493.504 bytes free

494 --- E O F --- 2009-07-22 01:00

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 July 2009 - 01:35 PM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 July 2009 - 04:34 PM

Got your pm.. Lets do this :thumbup2:

Go HERE and download Dr.Web CureIt to the Desktop. It will be download as random filename.
  • Run Dr.Web CureIt (random filename) and let it run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, please do a re-scan.. This time, choose Complete Scan
  • Click the green arrow button at the right, and the scan will start.
  • After the scan finished, click Select all
  • Click on Cure and choose Move incurable
  • When the scan has finished, in the menu, click File and choose Save report list
  • Save the report to your Desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit. Reboot your PC in Normal Mode, and post DrWeb.csv in your next reply (Open it as Notepad)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 Kennysside

Kennysside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 25 July 2009 - 04:35 PM

whenever i accept the terms of use, it pops to a loading screen and then after 20-30 secs, it put me back to the agreement screen... I don't get to install the activeX!

any ideas?

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 July 2009 - 04:41 PM

I already post the new instruction above :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 Kennysside

Kennysside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 25 July 2009 - 04:42 PM

oh crabcake... didn't see that! ^^

#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 July 2009 - 05:48 PM

Ok, I will be unavailable for about 48 hrs or so due to some outstation job.. Don't forget to post your Dr.Web result here :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 Kennysside

Kennysside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 26 July 2009 - 09:33 AM

RegUBP2b-Kofoed.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
mcinst.exe;C:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;Incurable.Moved.;
VBE6.DLL;C:\Program Files\Common Files\Microsoft Shared\VBA\VBA6;Probably Trojan.Packed.189;Incurable.Moved.;
DialogEditor.exe;C:\Program Files\Steam\steamapps\common\unreal ii the awakening\Dialog;Probably Trojan.Packed.189;Incurable.Moved.;

Edited by Kennysside, 26 July 2009 - 09:34 AM.


#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 26 July 2009 - 11:03 PM

Looks good.. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#14 Kennysside

Kennysside
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:12 PM

Posted 27 July 2009 - 08:35 AM

I can actually log onto MSN Messenger without it throwing me off... Can it really be? Is it cured?! :thumbup2:

#15 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 27 July 2009 - 10:33 AM

I can actually log onto MSN Messenger without it throwing me off... Can it really be? Is it cured?! :thumbup2:


Looks good to me.. Lets do some cleanup...


Please download OTC and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTC
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :)



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users