Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help with remaining infections.


  • This topic is locked This topic is locked
15 replies to this topic

#1 Sevenfold

Sevenfold

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 22 February 2010 - 12:42 PM

I have borrowed this computer to someone in my family for more than a year and it came back infected.

I have done my best to clean it, but something still does not feel right. Spybot takes forever to start and Teatimer uses a lot of memory (130MB+). Also I think taskmanager report more total memoryusage than it is possible to sum up by the processes listing.

Please help me with a checkup. Also is there something I don't need at startup?


DDS (Ver_09-12-01.01) - NTFSx86
Run by Minsin at 18:16:16,35 on 22.02.2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.383.124 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Outpost Firewall *enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Avira\AntiVir Desktop\sched.exe
C:\Programfiler\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\Programfiler\Avira\AntiVir Desktop\avgnt.exe
C:\Programfiler\Notebook Hardware Control\nhc.exe
C:\Programfiler\DynDNS Updater\DynDNS.exe
C:\Programfiler\TightVNC\WinVNC.exe
C:\Programfiler\a-squared Free\a2service.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programfiler\Opera 10 Beta\opera.exe
C:\Programfiler\BillP Studios\WinPatrol\WinPatrol.exe
C:\Documents and Settings\Minsin\Lokale innstillinger\Programdata\Opera\Opera 10 Beta\temporary_downloads\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\programfiler\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\programfiler\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Påloggingshjelp for Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programfiler\fellesfiler\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\programfiler\fellesfiler\symantec shared\adblocking\NISShExt.dll
BHO: {BA463437-C3DE-47da-8280-87596824388A} - No File
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\programfiler\norton internet security\norton antivirus\NavShExt.dll
BHO: {D0285C32-F09A-49bd-BA67-FDAB0A58675E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programfiler\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\programfiler\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programfiler\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\programfiler\windows live\toolbar\wltcore.dll
TB: Norton Internet Security: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\programfiler\fellesfiler\symantec shared\adblocking\NISShExt.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [DynDNS Updater] "c:\programfiler\dyndns updater\DynDNS.exe"
mRun: [avgnt] "c:\programfiler\avira\antivir desktop\avgnt.exe" /min
mRun: [OutpostMonitor] c:\progra~1\agnitum\outpos~1\op_mon.exe /tray /noservice
mRun: [OutpostFeedBack] "c:\programfiler\agnitum\outpost firewall\feedback.exe" /dump:os_startup
mRun: [NotebookHardwareControl] "c:\programfiler\notebook hardware control\nhc.exe" -quiet
mRun: [WinPatrol] c:\programfiler\billp studios\winpatrol\winpatrol.exe -expressboot
StartupFolder: c:\docume~1\alluse~1\start-~1\progra~1\oppstart\launch~1.lnk - c:\programfiler\tightvnc\WinVNC.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programfiler\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\felles~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\minsin\progra~1\mozilla\firefox\profiles\9bp1ugvg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://travian.fi/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\progra~1\mozill~1\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\programfiler\avira\antivir desktop\avgio.sys [2010-2-21 11608]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2010-2-22 704384]
R2 a2free;a-squared Free Service;c:\programfiler\a-squared free\a2service.exe [2010-2-19 1858144]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2010-2-22 1195008]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\avira\antivir desktop\sched.exe [2010-2-21 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\programfiler\avira\antivir desktop\avguard.exe [2010-2-21 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-21 56816]
R2 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [1979-12-31 13912]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2010-2-22 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2010-2-22 257432]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-9-24 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [1979-12-31 28160]
S4 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\symantec\liveupdate\aluschedulersvc.exe" --> c:\programfiler\symantec\liveupdate\ALUSchedulerSvc.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]

=============== Created Last 30 ================

2010-02-22 17:09:17 0 d-----w- c:\docume~1\minsin\progra~1\WinPatrol
2010-02-22 17:08:34 0 d-----w- c:\programfiler\BillP Studios
2010-02-22 03:22:35 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-02-22 03:22:10 0 d-----w- c:\programfiler\Notebook Hardware Control
2010-02-22 03:06:03 0 d-----w- c:\programfiler\CCleaner
2010-02-22 01:27:47 704384 ----a-w- c:\windows\system32\drivers\SandBox.sys
2010-02-22 01:27:18 257432 ----a-w- c:\windows\system32\drivers\afwcore.sys
2010-02-22 01:25:08 49 ----a-w- c:\windows\transp.gif
2010-02-22 01:25:02 31128 ----a-w- c:\windows\system32\drivers\afw.sys
2010-02-22 01:24:28 0 d-----w- c:\programfiler\Agnitum
2010-02-22 01:12:07 0 d-----w- c:\docume~1\alluse~1\progra~1\Agnitum
2010-02-21 22:53:29 306688 ----a-w- c:\windows\IsUn0414.exe
2010-02-21 22:53:28 264 ----a-w- c:\windows\_delis32.ini
2010-02-21 22:39:37 0 d-s---w- C:\combofix
2010-02-21 16:26:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-21 13:49:05 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-21 13:49:01 0 d-----w- c:\programfiler\Avira
2010-02-21 13:49:01 0 d-----w- c:\docume~1\alluse~1\progra~1\Avira
2010-02-21 13:18:15 98816 ----a-w- c:\windows\sed.exe
2010-02-21 13:18:15 77312 ----a-w- c:\windows\MBR.exe
2010-02-21 13:18:15 261632 ----a-w- c:\windows\PEV.exe
2010-02-21 13:18:15 161792 ----a-w- c:\windows\SWREG.exe
2010-02-21 13:17:58 0 d-----w- C:\navnsomikkegjenkjennes
2010-02-20 23:18:11 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-20 23:18:04 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-20 23:17:54 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-20 23:17:44 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-20 23:17:38 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-20 23:17:26 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-20 23:17:19 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-20 23:17:17 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-20 23:17:10 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-20 23:16:37 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-02-20 23:16:33 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-02-20 23:16:26 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-02-20 23:16:05 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-02-20 23:14:59 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2010-02-20 23:14:54 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2010-02-20 23:14:49 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys
2010-02-20 23:14:48 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2010-02-20 23:14:42 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2010-02-20 23:14:24 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-02-20 23:14:15 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2010-02-20 23:14:10 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2010-02-20 23:14:03 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2010-02-20 23:13:55 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-02-20 23:13:40 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2010-02-20 23:13:32 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2010-02-20 23:13:27 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-02-20 23:13:21 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-02-20 23:13:15 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-02-20 23:13:10 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2010-02-20 23:13:04 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-02-20 23:13:02 20608 ----a-w- c:\windows\system32\dllcache\usbuhci.sys
2010-02-20 23:13:01 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-02-20 23:12:59 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-20 23:12:52 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2010-02-20 23:12:40 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-02-20 23:12:34 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-02-20 23:12:30 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-02-20 23:12:25 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-02-20 23:12:20 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-02-20 23:12:15 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-02-20 23:12:10 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-02-20 23:12:05 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-02-20 23:12:00 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-02-20 23:11:55 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-20 23:11:47 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-02-20 23:11:44 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-02-20 23:11:33 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-02-20 23:11:28 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-02-20 23:11:23 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-02-20 23:11:18 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-02-20 23:11:12 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-02-20 23:11:07 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-02-20 23:11:02 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-02-20 23:10:56 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2010-02-20 23:10:54 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-02-20 23:10:41 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-02-20 23:10:28 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-02-20 23:10:22 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-02-20 23:10:17 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-02-20 23:10:10 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-02-20 23:10:05 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-02-20 23:09:58 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-02-20 23:09:46 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2010-02-20 23:09:43 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2010-02-20 23:09:39 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-02-20 23:09:35 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-02-20 23:09:35 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2010-02-20 23:09:34 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2010-02-20 23:09:28 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-02-20 23:09:22 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-02-20 23:09:18 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-02-20 23:09:12 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-02-20 23:09:02 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-02-20 23:08:57 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-02-20 23:08:53 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-02-20 23:08:48 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-02-20 23:08:39 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-02-20 23:08:29 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-02-20 23:08:19 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-02-20 23:08:12 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-02-20 23:08:08 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-02-20 23:08:03 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-02-20 23:07:58 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-02-20 23:07:52 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-02-20 23:07:47 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-02-20 23:07:46 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-02-20 23:07:39 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-02-20 23:07:29 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2010-02-20 23:07:25 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2010-02-20 23:07:15 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-02-20 23:07:10 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2010-02-20 23:07:06 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2010-02-20 23:07:02 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2010-02-20 23:05:55 6784 ----a-w- c:\windows\system32\dllcache\smbhc.sys
2010-02-20 23:04:55 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-02-20 23:04:43 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-02-20 23:04:30 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2010-02-20 23:04:26 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-02-20 23:04:22 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-02-20 23:04:18 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-02-20 23:04:13 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-02-20 23:04:09 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-02-20 23:04:04 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-02-20 23:04:03 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll
2010-02-20 23:03:42 161600 ----a-w- c:\windows\system32\dllcache\sgsmusb.sys
2010-02-20 23:03:38 18400 ----a-w- c:\windows\system32\dllcache\sgsmld.sys
2010-02-20 23:03:34 98080 ----a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-02-20 23:03:30 386560 ----a-w- c:\windows\system32\dllcache\sgiul50.dll
2010-02-20 23:03:26 36480 ----a-w- c:\windows\system32\dllcache\sfmanm.sys
2010-02-20 23:03:19 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2010-02-20 23:03:14 17664 ----a-w- c:\windows\system32\dllcache\sermouse.sys
2010-02-20 23:03:13 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-02-20 23:03:03 6912 ----a-w- c:\windows\system32\dllcache\seaddsmc.sys
2010-02-20 23:02:40 11520 ----a-w- c:\windows\system32\dllcache\scsiscan.sys
2010-02-20 23:02:35 57856 ----a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-02-20 23:02:35 11648 ----a-w- c:\windows\system32\dllcache\scsiprnt.sys
2010-02-20 23:02:30 17280 ----a-w- c:\windows\system32\dllcache\scr111.sys
2010-02-20 23:02:25 16640 ----a-w- c:\windows\system32\dllcache\scmstcs.sys
2010-02-20 23:02:20 23936 ----a-w- c:\windows\system32\dllcache\sccmusbm.sys
2010-02-20 23:02:15 23936 ----a-w- c:\windows\system32\dllcache\sccmn50m.sys
2010-02-20 23:02:12 43904 ----a-w- c:\windows\system32\dllcache\sbp2port.sys
2010-02-20 23:02:03 495616 ----a-w- c:\windows\system32\dllcache\sblfx.dll
2010-02-20 23:01:52 75392 ----a-w- c:\windows\system32\dllcache\s3savmxm.sys
2010-02-20 23:01:48 245632 ----a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-02-20 23:01:44 77824 ----a-w- c:\windows\system32\dllcache\s3sav4m.sys
2010-02-20 23:01:36 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2010-02-20 23:01:31 61504 ----a-w- c:\windows\system32\dllcache\s3sav3dm.sys
2010-02-20 23:01:27 179264 ----a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-02-20 23:01:18 210496 ----a-w- c:\windows\system32\dllcache\s3mvirge.dll
2010-02-20 23:01:12 62496 ----a-w- c:\windows\system32\dllcache\s3mtrio.dll
2010-02-20 23:01:08 41216 ----a-w- c:\windows\system32\dllcache\s3mt3d.sys
2010-02-20 23:01:03 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll
2010-02-20 23:00:59 166720 ----a-w- c:\windows\system32\dllcache\s3m.sys
2010-02-20 23:00:55 65664 ----a-w- c:\windows\system32\dllcache\s3legacy.sys
2010-02-20 23:00:50 82944 ----a-w- c:\windows\system32\dllcache\rwia450.dll
2010-02-20 23:00:45 80384 ----a-w- c:\windows\system32\dllcache\rwia430.dll
2010-02-20 23:00:44 80384 ----a-w- c:\windows\system32\dllcache\rwia330.dll
2010-02-20 23:00:43 80384 ----a-w- c:\windows\system32\dllcache\rwia001.dll
2010-02-20 23:00:42 29696 ----a-w- c:\windows\system32\dllcache\rw450ext.dll
2010-02-20 23:00:41 27648 ----a-w- c:\windows\system32\dllcache\rw430ext.dll
2010-02-20 23:00:23 20992 ----a-w- c:\windows\system32\dllcache\rtl8139.sys
2010-02-20 23:00:19 19017 ----a-w- c:\windows\system32\dllcache\rtl8029.sys
2010-02-20 23:00:11 30720 ----a-w- c:\windows\system32\dllcache\rthwcls.sys
2010-02-20 23:00:05 9728 ----a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2010-02-20 22:58:49 6016 ----a-w- c:\windows\system32\dllcache\qic157.sys
2010-02-20 22:58:40 130942 ----a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-02-20 22:58:36 112574 ----a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-02-20 22:58:32 128286 ----a-w- c:\windows\system32\dllcache\ptserli.sys
2010-02-20 22:58:31 159232 ----a-w- c:\windows\system32\dllcache\ptpusd.dll
2010-02-20 22:58:26 5632 ----a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-02-20 22:58:25 33280 ----a-w- c:\windows\system32\dllcache\psisrndr.ax
2010-02-20 22:58:20 35328 ----a-w- c:\windows\system32\dllcache\psisload.dll
2010-02-20 22:58:19 363520 ----a-w- c:\windows\system32\dllcache\psisdecd.dll
2010-02-20 22:58:14 16128 ----a-w- c:\windows\system32\dllcache\pscr.sys
2010-02-20 22:58:10 17664 ----a-w- c:\windows\system32\dllcache\ppa3.sys
2010-02-20 22:58:00 17792 ----a-w- c:\windows\system32\dllcache\ppa.sys
2010-02-20 22:57:48 8832 ----a-w- c:\windows\system32\dllcache\powerfil.sys
2010-02-20 22:57:43 7168 ----a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-02-20 22:57:42 6144 ----a-w- c:\windows\system32\dllcache\pmxgl.dll
2010-02-20 22:57:42 131584 ----a-w- c:\windows\system32\dllcache\pmxviceo.dll
2010-02-20 22:57:42 11264 ----a-w- c:\windows\system32\dllcache\pmxmcro.dll
2010-02-20 22:57:35 121344 ----a-w- c:\windows\system32\dllcache\phvfwext.dll
2010-02-20 22:57:30 19840 ----a-w- c:\windows\system32\dllcache\philtune.sys
2010-02-20 22:57:26 92416 ----a-w- c:\windows\system32\dllcache\phildec.sys
2010-02-20 22:57:22 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys
2010-02-20 22:57:18 75776 ----a-w- c:\windows\system32\dllcache\philcam1.sys
2010-02-20 22:57:14 16384 ----a-w- c:\windows\system32\dllcache\philcam1.dll
2010-02-20 22:55:53 41984 ----a-w- c:\windows\system32\dllcache\ovui2rc.dll
2010-02-20 22:55:46 44544 ----a-w- c:\windows\system32\dllcache\ovui2.dll
2010-02-20 22:55:41 25216 ----a-w- c:\windows\system32\dllcache\ovsound2.sys
2010-02-20 22:55:37 39424 ----a-w- c:\windows\system32\dllcache\ovcoms.exe
2010-02-20 22:55:33 20480 ----a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-02-20 22:55:28 351616 ----a-w- c:\windows\system32\dllcache\ovcodek2.sys
2010-02-20 22:55:24 116736 ----a-w- c:\windows\system32\dllcache\ovcodec2.dll
2010-02-20 22:55:20 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys
2010-02-20 22:55:16 28032 ----a-w- c:\windows\system32\dllcache\ovcd.sys
2010-02-20 22:55:12 48000 ----a-w- c:\windows\system32\dllcache\ovcam2.sys
2010-02-20 22:55:09 25088 ----a-w- c:\windows\system32\dllcache\ovca.sys
2010-02-20 22:55:05 54282 ----a-w- c:\windows\system32\dllcache\otcsercb.sys
2010-02-20 22:55:01 43689 ----a-w- c:\windows\system32\dllcache\otceth5.sys
2010-02-20 22:54:56 27209 ----a-w- c:\windows\system32\dllcache\otc06x5.sys
2010-02-20 22:54:48 54528 ----a-w- c:\windows\system32\dllcache\opl3sax.sys
2010-02-20 22:54:36 198144 ----a-w- c:\windows\system32\dllcache\nv3.sys
2010-02-20 22:54:30 123776 ----a-w- c:\windows\system32\dllcache\nv3.dll
2010-02-20 22:54:11 51552 ----a-w- c:\windows\system32\dllcache\ntgrip.sys
2010-02-20 22:54:11 38912 ----a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-02-20 22:54:03 9344 ----a-w- c:\windows\system32\dllcache\ntapm.sys
2010-02-20 22:53:55 7552 ----a-w- c:\windows\system32\dllcache\nsmmc.sys
2010-02-20 22:53:54 28672 ----a-w- c:\windows\system32\dllcache\nscirda.sys
2010-02-20 22:53:48 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys
2010-02-20 22:53:43 126080 ----a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2010-02-20 22:53:37 32840 ----a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-02-20 22:53:36 132695 ----a-w- c:\windows\system32\dllcache\netwlan5.sys
2010-02-20 22:53:28 65278 ----a-w- c:\windows\system32\dllcache\netflx3.sys
2010-02-20 22:53:22 39264 ----a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-02-20 22:53:17 60480 ----a-w- c:\windows\system32\dllcache\neo20xx.dll
2010-02-20 22:53:12 15872 ----a-w- c:\windows\system32\dllcache\ne2000.sys
2010-02-20 22:53:04 91488 ----a-w- c:\windows\system32\dllcache\n9i3disp.dll
2010-02-20 22:53:00 27936 ----a-w- c:\windows\system32\dllcache\n9i3d.sys
2010-02-20 22:52:57 33088 ----a-w- c:\windows\system32\dllcache\n9i128v2.sys
2010-02-20 22:52:53 59104 ----a-w- c:\windows\system32\dllcache\n9i128v2.dll
2010-02-20 22:52:49 13664 ----a-w- c:\windows\system32\dllcache\n9i128.sys
2010-02-20 22:52:45 35392 ----a-w- c:\windows\system32\dllcache\n9i128.dll
2010-02-20 22:52:42 128512 ----a-w- c:\windows\system32\dllcache\n100325.sys
2010-02-20 22:52:38 52255 ----a-w- c:\windows\system32\dllcache\n1000nt5.sys
2010-02-20 22:52:34 75776 ----a-w- c:\windows\system32\dllcache\mxport.sys
2010-02-20 22:52:30 7168 ----a-w- c:\windows\system32\dllcache\mxport.dll
2010-02-20 22:52:27 19968 ----a-w- c:\windows\system32\dllcache\mxnic.sys
2010-02-20 22:52:23 19968 ----a-w- c:\windows\system32\dllcache\mxicfg.dll
2010-02-20 22:52:19 22016 ----a-w- c:\windows\system32\dllcache\mxcard.sys
2010-02-20 22:52:13 103296 ----a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-02-20 22:51:54 49024 ----a-w- c:\windows\system32\dllcache\mstape.sys
2010-02-20 22:51:41 12416 ----a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-02-20 22:51:29 2944 ----a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-02-20 22:51:26 22016 ----a-w- c:\windows\system32\dllcache\msircomm.sys
2010-02-20 22:51:07 35200 ----a-w- c:\windows\system32\dllcache\msgame.sys
2010-02-20 22:50:46 6016 ----a-w- c:\windows\system32\dllcache\msfsio.sys
2010-02-20 22:50:45 56832 ----a-w- c:\windows\system32\dllcache\msdvbnp.ax
2010-02-20 22:50:44 51200 ----a-w- c:\windows\system32\dllcache\msdv.sys
2010-02-20 22:50:09 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys
2010-02-20 22:49:59 16128 ----a-w- c:\windows\system32\dllcache\modemcsa.sys
2010-02-20 22:49:43 6528 ----a-w- c:\windows\system32\dllcache\miniqic.sys
2010-02-20 22:49:33 34816 ----a-w- c:\windows\system32\dllcache\migisol.exe
2010-02-20 22:49:27 320384 ----a-w- c:\windows\system32\dllcache\mgaum.sys
2010-02-20 22:49:23 92416 ----a-w- c:\windows\system32\dllcache\mga.sys
2010-02-20 22:49:23 235648 ----a-w- c:\windows\system32\dllcache\mgaud.dll
2010-02-20 22:49:22 92032 ----a-w- c:\windows\system32\dllcache\mga.dll
2010-02-20 22:49:14 26112 ----a-w- c:\windows\system32\dllcache\memstpci.sys
2010-02-20 22:49:11 47616 ----a-w- c:\windows\system32\dllcache\memgrp.dll
2010-02-20 22:49:04 8320 ----a-w- c:\windows\system32\dllcache\memcard.sys
2010-02-20 22:48:54 164586 ----a-w- c:\windows\system32\dllcache\mdgndis5.sys
2010-02-20 22:48:41 7424 ----a-w- c:\windows\system32\dllcache\mammoth.sys
2010-02-20 22:48:39 65536 ----a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2010-02-20 22:48:34 48768 ----a-w- c:\windows\system32\dllcache\maestro.sys
2010-02-20 22:48:31 58880 ----a-w- c:\windows\system32\dllcache\m3092dc.dll
2010-02-20 22:48:27 58368 ----a-w- c:\windows\system32\dllcache\m3091dc.dll
2010-02-20 22:48:20 22848 ----a-w- c:\windows\system32\dllcache\lwusbhid.sys
2010-02-20 22:48:15 20864 ----a-w- c:\windows\system32\dllcache\lwadihid.sys
2010-02-20 22:48:05 797500 ----a-w- c:\windows\system32\dllcache\ltsmt.sys
2010-02-20 22:48:02 802683 ----a-w- c:\windows\system32\dllcache\ltsm.sys
2010-02-20 22:48:01 7040 ----a-w- c:\windows\system32\dllcache\ltotape.sys
2010-02-20 22:48:00 421248 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys
2010-02-20 22:47:53 576810 ----a-w- c:\windows\system32\dllcache\ltmdmntl.sys
2010-02-20 22:47:46 606780 ----a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2010-02-20 22:47:42 727882 ----a-w- c:\windows\system32\dllcache\ltck000c.sys
2010-02-20 22:47:37 4992 ----a-w- c:\windows\system32\dllcache\loop.sys
2010-02-20 22:47:27 70730 ----a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-02-20 22:47:07 20573 ----a-w- c:\windows\system32\dllcache\lne100.sys
2010-02-20 22:46:36 25065 ----a-w- c:\windows\system32\dllcache\lmndis3.sys
2010-02-20 22:46:13 15744 ----a-w- c:\windows\system32\dllcache\lit220p.sys
2010-02-20 22:46:06 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-02-20 22:45:34 26442 ----a-w- c:\windows\system32\dllcache\lanepic5.sys
2010-02-20 22:45:09 19016 ----a-w- c:\windows\system32\dllcache\ktc111.sys
2010-02-20 22:44:41 37376 ----a-w- c:\windows\system32\dllcache\kousd.dll
2010-02-20 22:44:33 253952 ----a-w- c:\windows\system32\dllcache\kdsusd.dll
2010-02-20 22:44:28 49152 ----a-w- c:\windows\system32\dllcache\kdsui.dll
2010-02-20 22:43:55 18432 ----a-w- c:\windows\system32\dllcache\jupiw.dll
2010-02-20 22:43:42 26624 ----a-w- c:\windows\system32\dllcache\irstusb.sys
2010-02-20 22:43:39 18688 ----a-w- c:\windows\system32\dllcache\irsir.sys
2010-02-20 22:43:13 23552 ----a-w- c:\windows\system32\dllcache\irmk7.sys
2010-02-20 22:43:05 88192 ----a-w- c:\windows\system32\dllcache\irda.sys
2010-02-20 22:42:43 45632 ----a-w- c:\windows\system32\dllcache\ip5515.sys
2010-02-20 22:42:38 90200 ----a-w- c:\windows\system32\dllcache\io8ports.dll
2010-02-20 22:42:32 38784 ----a-w- c:\windows\system32\dllcache\io8.sys
2010-02-20 22:42:14 13056 ----a-w- c:\windows\system32\dllcache\inport.sys
2010-02-20 22:39:48 28700 ----a-w- c:\windows\system32\dllcache\ibmexmp.sys
2010-02-20 22:39:39 161020 ----a-w- c:\windows\system32\dllcache\i81xnt5.sys
2010-02-20 22:39:33 702845 ----a-w- c:\windows\system32\dllcache\i81xdnt5.dll
2010-02-20 22:39:30 58592 ----a-w- c:\windows\system32\dllcache\i740nt5.sys
2010-02-20 22:39:10 353184 ----a-w- c:\windows\system32\dllcache\i740dnt5.dll
2010-02-20 22:37:48 488383 ----a-w- c:\windows\system32\dllcache\hsf_v124.sys
2010-02-20 22:37:45 50751 ----a-w- c:\windows\system32\dllcache\hsf_tone.sys
2010-02-20 22:37:42 73279 ----a-w- c:\windows\system32\dllcache\hsf_spkp.sys
2010-02-20 22:37:39 44863 ----a-w- c:\windows\system32\dllcache\hsf_soar.sys
2010-02-20 22:37:35 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
2010-02-20 22:37:32 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys
2010-02-20 22:37:29 391199 ----a-w- c:\windows\system32\dllcache\hsf_k56k.sys
2010-02-20 22:37:25 9759 ----a-w- c:\windows\system32\dllcache\hsf_inst.dll
2010-02-20 22:37:22 115807 ----a-w- c:\windows\system32\dllcache\hsf_fsks.sys
2010-02-20 22:37:18 199711 ----a-w- c:\windows\system32\dllcache\hsf_faxx.sys
2010-02-20 22:37:15 289887 ----a-w- c:\windows\system32\dllcache\hsf_fall.sys
2010-02-20 22:37:00 67167 ----a-w- c:\windows\system32\dllcache\hsf_bsc2.sys
2010-02-20 22:36:33 150239 ----a-w- c:\windows\system32\dllcache\hsf_amos.sys
2010-02-20 22:36:18 19456 ----a-w- c:\windows\system32\dllcache\hr1w.dll
2010-02-20 22:36:15 5760 ----a-w- c:\windows\system32\dllcache\hpt4qic.sys
2010-02-20 22:36:13 13312 ----a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2010-02-20 22:36:06 324608 ----a-w- c:\windows\system32\dllcache\hpojwia.dll
2010-02-20 22:36:02 32768 ----a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-02-20 22:35:59 68608 ----a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2010-02-20 22:35:56 165888 ----a-w- c:\windows\system32\dllcache\hpgt53.dll
2010-02-20 22:35:53 31232 ----a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2010-02-20 22:35:47 93696 ----a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-02-20 22:35:40 126976 ----a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2010-02-20 22:35:37 101376 ----a-w- c:\windows\system32\dllcache\hpgt34.dll
2010-02-20 22:35:33 48128 ----a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2010-02-20 22:35:31 89088 ----a-w- c:\windows\system32\dllcache\hpgt33.dll
2010-02-20 22:35:25 123392 ----a-w- c:\windows\system32\dllcache\hpgt21tk.dll
2010-02-20 22:35:22 83968 ----a-w- c:\windows\system32\dllcache\hpgt21.dll
2010-02-20 22:35:16 119296 ----a-w- c:\windows\system32\dllcache\hpdigwia.dll
2010-02-20 22:35:09 2688 ----a-w- c:\windows\system32\dllcache\hidswvd.sys
2010-02-20 22:34:55 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys
2010-02-20 22:34:51 20352 ----a-w- c:\windows\system32\dllcache\hidbatt.sys
2010-02-20 22:34:39 907456 ----a-w- c:\windows\system32\dllcache\hcf_msft.sys
2010-02-20 22:34:32 28160 ----a-w- c:\windows\system32\dllcache\grserial.sys
2010-02-20 22:34:30 82304 ----a-w- c:\windows\system32\dllcache\grclass.sys
2010-02-20 22:34:11 17408 ----a-w- c:\windows\system32\dllcache\gpr400.sys
2010-02-20 22:32:59 455680 ----a-w- c:\windows\system32\dllcache\fus2base.sys
2010-02-20 22:32:33 442240 ----a-w- c:\windows\system32\dllcache\fpnpbase.sys
2010-02-20 22:32:29 441728 ----a-w- c:\windows\system32\dllcache\fpcmbase.sys
2010-02-20 22:32:25 444416 ----a-w- c:\windows\system32\dllcache\fpcibase.sys
2010-02-20 22:32:18 34173 ----a-w- c:\windows\system32\dllcache\forehe.sys
2010-02-20 22:32:12 71680 ----a-w- c:\windows\system32\dllcache\fnfilter.dll
2010-02-20 22:32:10 14848 ----a-w- c:\windows\system32\dllcache\flattemp.exe
2010-02-20 22:31:59 27165 ----a-w- c:\windows\system32\dllcache\fetnd5.sys
2010-02-20 22:31:40 22090 ----a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-02-20 22:31:39 43520 ----a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2010-02-20 22:31:27 24618 ----a-w- c:\windows\system32\dllcache\fa410nd5.sys
2010-02-20 22:31:24 16074 ----a-w- c:\windows\system32\dllcache\fa312nd5.sys
2010-02-20 22:31:21 11850 ----a-w- c:\windows\system32\dllcache\f3ab18xj.sys
2010-02-20 22:31:18 12362 ----a-w- c:\windows\system32\dllcache\f3ab18xi.sys
2010-02-20 22:31:03 7040 ----a-w- c:\windows\system32\dllcache\exabyte2.sys
2010-02-20 22:31:00 16998 ----a-w- c:\windows\system32\dllcache\ex10.sys
2010-02-20 22:29:58 37120 ----a-w- c:\windows\system32\dllcache\es1370mp.sys
2010-02-20 22:28:59 634134 ----a-w- c:\windows\system32\dllcache\el656ct5.sys
2010-02-20 22:27:51 12928 ----a-w- c:\windows\system32\dllcache\dot4prt.sys
2010-02-20 22:27:49 206976 ----a-w- c:\windows\system32\dllcache\dot4.sys
2010-02-20 22:27:21 29696 ----a-w- c:\windows\system32\dllcache\dm9pci5.sys
2010-02-20 22:27:17 8320 ----a-w- c:\windows\system32\dllcache\dlttape.sys
2010-02-20 22:27:13 26698 ----a-w- c:\windows\system32\dllcache\dlh5xnd5.sys
2010-02-20 22:27:11 952007 ----a-w- c:\windows\system32\dllcache\diwan.sys
2010-02-20 22:27:09 29768 ----a-w- c:\windows\system32\dllcache\divasu.dll
2010-02-20 22:27:07 37962 ----a-w- c:\windows\system32\dllcache\divaprop.dll
2010-02-20 22:27:06 6216 ----a-w- c:\windows\system32\dllcache\divaci.dll
2010-02-20 22:27:04 236060 ----a-w- c:\windows\system32\dllcache\ditrace.exe
2010-02-20 22:27:02 38985 ----a-w- c:\windows\system32\dllcache\disrvsu.dll
2010-02-20 22:27:01 31305 ----a-w- c:\windows\system32\dllcache\disrvpp.dll
2010-02-20 22:25:58 20928 ----a-w- c:\windows\system32\dllcache\defpa.sys
2010-02-20 22:25:56 7424 ----a-w- c:\windows\system32\dllcache\ddsmc.sys
2010-02-20 22:25:52 110592 ----a-w- c:\windows\system32\dllcache\dc260usd.dll
2010-02-20 22:25:50 86016 ----a-w- c:\windows\system32\dllcache\dc240usd.dll
2010-02-20 22:25:49 63208 ----a-w- c:\windows\system32\dllcache\dc21x4.sys
2010-02-20 22:25:47 80896 ----a-w- c:\windows\system32\dllcache\dc210usd.dll
2010-02-20 22:25:37 25600 ----a-w- c:\windows\system32\dllcache\dc210_32.dll
2010-02-20 22:23:58 216064 ----a-w- c:\windows\system32\dllcache\cpscan.dll
2010-02-20 22:22:47 14848 ----a-w- c:\windows\system32\dllcache\chgusr.exe
2010-02-20 22:21:59 121856 ----a-w- c:\windows\system32\dllcache\camext30.dll
2010-02-20 22:20:59 185378 ----a-w- c:\windows\system32\dllcache\c_20003.nls
2010-02-20 22:19:53 102400 ----a-w- c:\windows\system32\dllcache\binlsvc.dll
2010-02-20 22:18:48 23552 ----a-w- c:\windows\system32\dllcache\atixbar.sys
2010-02-20 22:17:38 77696 ----a-w- c:\windows\system32\dllcache\ati.sys
2010-02-20 22:17:37 96128 ----a-w- c:\windows\system32\dllcache\ati.dll
2010-02-20 22:17:34 97354 ----a-w- c:\windows\system32\dllcache\aspndis3.sys
2010-02-20 22:17:26 45056 ----a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-02-20 22:17:20 6272 ----a-w- c:\windows\system32\dllcache\apmbatt.sys
2010-02-20 22:17:16 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2010-02-20 22:17:11 16969 ----a-w- c:\windows\system32\dllcache\amb8002.sys
2010-02-20 22:17:10 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2010-02-20 22:17:09 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2010-02-20 22:12:31 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-02-20 17:22:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-20 16:20:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-20 14:58:17 0 d-----w- c:\windows\pss
2010-02-20 14:54:16 64 ----a-w- c:\windows\system32\rp_stats.dat
2010-02-20 14:54:16 44 ----a-w- c:\windows\system32\rp_rules.dat
2010-02-20 14:43:23 0 dc-h--w- c:\docume~1\alluse~1\progra~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 14:40:16 0 d-----w- c:\programfiler\Lavasoft
2010-02-20 13:03:31 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-02-20 13:03:31 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-02-19 22:05:55 0 d-----w- c:\programfiler\a-squared Free
2010-02-19 20:48:30 0 d-----w- c:\docume~1\minsin\progra~1\Malwarebytes
2010-02-19 20:48:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-19 20:48:14 0 d-----w- c:\docume~1\alluse~1\progra~1\Malwarebytes
2010-02-19 20:48:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-19 20:48:12 0 d-----w- c:\programfiler\Malwarebytes' Anti-Malware
2010-02-19 13:28:03 0 d-----w- c:\programfiler\Spybot - Search & Destroy
2010-02-19 13:28:03 0 d-----w- c:\docume~1\alluse~1\progra~1\Spybot - Search & Destroy
2010-02-19 01:35:31 0 d-----w- c:\programfiler\ESET
2010-02-19 01:09:36 0 d-----w- c:\docume~1\minsin\progra~1\Kana Solution
2010-02-19 01:09:26 0 d-----w- c:\programfiler\DynDNS Updater
2010-02-19 01:05:28 0 d-----w- c:\programfiler\TightVNC
2010-02-19 00:00:47 0 d-----w- c:\programfiler\filmer
2010-02-18 23:43:00 0 d-----w- C:\ToolBar SD
2010-02-18 23:24:58 0 d-----w- C:\BFU
2010-02-18 21:44:09 0 d-----w- c:\programfiler\navnsomikkegjenkjennes
2010-01-24 23:05:05 0 d-----w- c:\programfiler\VideoLAN

==================== Find3M ====================

2010-02-21 16:25:57 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 13:01:54 510266 ----a-w- c:\windows\system32\perfh014.dat
2010-02-21 13:01:54 113002 ----a-w- c:\windows\system32\perfc014.dat
2010-01-05 09:59:59 6067200 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\dllcache\srv.sys
2009-12-31 15:34:54 70656 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2009-12-31 15:34:54 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2009-12-18 13:05:43 634648 ----a-w- c:\windows\system32\dllcache\iexplore.exe
2009-12-18 13:04:09 161792 ----a-w- c:\windows\system32\dllcache\ieakui.dll
2009-12-17 07:42:59 344064 ----a-w- c:\windows\system32\mspaint.exe
2009-12-17 07:42:59 344064 ----a-w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:10:20 33280 ----a-w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-14 07:10:20 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:12:21 2190976 ----a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-09 10:12:21 2190976 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:12:21 2067840 ----a-w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-09 10:12:21 2067840 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:12:16 2147328 ----a-w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-09 10:12:16 2025984 ----a-w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-08 09:25:46 474112 ----a-w- c:\windows\system32\dllcache\shlwapi.dll
2009-12-04 18:22:22 455424 ----a-w- c:\windows\system32\dllcache\mrxsmb.sys
2009-11-27 17:14:41 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14:41 1294848 ----a-w- c:\windows\system32\dllcache\quartz.dll
2009-11-27 17:14:40 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:14:40 17920 ----a-w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:10:08 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:10:08 8704 ----a-w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:10:08 84992 ----a-w- c:\windows\system32\dllcache\avifil32.dll
2009-11-27 16:10:08 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:10:08 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:10:08 48128 ----a-w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:10:08 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:10:08 28672 ----a-w- c:\windows\system32\dllcache\msvidc32.dll
2009-11-27 16:10:08 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:10:08 11264 ----a-w- c:\windows\system32\dllcache\msrle32.dll
2009-11-04 02:25:03 32768 --sha-w- c:\windows\system32\config\systemprofile\lokale innstillinger\logg\history.ie5\mshist012009110420091105\index.dat

============= FINISH: 18:17:50,09 ===============



Attached Files



BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 22 February 2010 - 02:20 PM

Please download ComboFix to your desktop from one of these locations. You must rename it before saving it. Save it to your desktop.
Link 1
Link 2
Link 3





IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on Combo-Fix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please advise.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 24 February 2010 - 12:42 PM

Hi.

Sorry about the delay.

Here is the Combofix-log. Attached is one that is a couple of days old.


ComboFix 10-02-23.04 - Minsin 24.02.2010 18:13:04.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.47.1044.18.383.76 [GMT 1:00]
Kjører fra: c:\documents and settings\Minsin\Skrivebord\cxbxfx.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((( Filer Opprettet Fra 2010-01-24 til 2010-02-24 )))))))))))))))))))))))))))))))))
.

2010-02-22 17:09 . 2010-02-22 17:09 -------- d-----w- c:\documents and settings\Minsin\Programdata\WinPatrol
2010-02-22 17:08 . 2010-02-22 17:08 -------- d-----w- c:\programfiler\BillP Studios
2010-02-22 03:22 . 2010-02-24 17:08 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2010-02-22 03:22 . 2010-02-22 03:22 -------- d-----w- c:\programfiler\Notebook Hardware Control
2010-02-22 03:06 . 2010-02-22 03:06 -------- d-----w- c:\programfiler\CCleaner
2010-02-21 22:53 . 1998-11-13 13:09 306688 ----a-w- c:\windows\IsUn0414.exe
2010-02-21 16:27 . 2010-02-21 16:27 503808 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18af8861-n\msvcp71.dll
2010-02-21 16:27 . 2010-02-21 16:27 348160 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18af8861-n\msvcr71.dll
2010-02-21 16:27 . 2010-02-21 16:27 499712 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-18af8861-n\jmc.dll
2010-02-21 16:27 . 2010-02-21 16:27 61440 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27489e3e-n\decora-sse.dll
2010-02-21 16:27 . 2010-02-21 16:27 12800 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-27489e3e-n\decora-d3d.dll
2010-02-21 16:25 . 2010-02-21 16:25 79488 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\jre1.6.0_18\gtapi.dll
2010-02-21 16:25 . 2010-02-21 16:25 152576 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\jre1.6.0_18\lzma.dll
2010-02-21 13:49 . 2010-02-21 23:27 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-21 13:49 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-21 13:49 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-02-21 13:49 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-02-21 13:49 . 2010-02-21 13:49 -------- d-----w- c:\programfiler\Avira
2010-02-21 13:49 . 2010-02-21 13:49 -------- d-----w- c:\documents and settings\All Users\Programdata\Avira
2010-02-21 13:17 . 2010-02-21 13:36 -------- d-----w- C:\navnsomikkegjenkjennes
2010-02-21 13:12 . 2010-02-21 13:12 -------- d-----w- c:\programfiler\ERUNT
2010-02-20 23:18 . 2008-04-14 16:22 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-02-20 23:18 . 2001-10-06 13:02 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-02-20 23:17 . 2008-04-14 16:22 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-02-20 23:17 . 2001-10-06 13:03 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-02-20 23:17 . 2001-10-06 13:03 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-02-20 23:17 . 2001-08-18 05:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe
2010-02-20 23:17 . 2001-08-17 19:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-02-20 23:17 . 2004-08-03 21:29 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-02-20 23:17 . 2004-08-03 21:29 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-02-20 23:16 . 2008-04-13 18:36 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-02-20 23:16 . 2004-08-03 21:31 154624 ----a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-02-20 23:16 . 2001-10-06 12:39 34890 ----a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-02-20 23:16 . 2001-08-17 20:28 771581 ----a-w- c:\windows\system32\dllcache\winacisa.sys
2010-02-20 23:14 . 2001-08-17 19:13 16925 ----a-w- c:\windows\system32\dllcache\w940nd.sys
2010-02-20 23:14 . 2001-08-17 19:13 19016 ----a-w- c:\windows\system32\dllcache\w926nd.sys
2010-02-20 23:14 . 2001-08-17 19:13 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys
2010-02-20 23:14 . 2004-08-04 12:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll
2010-02-20 23:14 . 2001-08-17 20:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys
2010-02-20 23:14 . 2001-08-17 20:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-02-20 23:14 . 2001-08-17 20:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys
2010-02-20 23:14 . 2001-08-17 19:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys
2010-02-20 23:14 . 2001-08-17 20:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys
2010-02-20 23:13 . 2001-08-17 20:28 687999 ----a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-02-20 23:13 . 2001-08-17 20:28 765884 ----a-w- c:\windows\system32\dllcache\usrti.sys
2010-02-20 23:13 . 2001-08-17 20:28 113762 ----a-w- c:\windows\system32\dllcache\usrpda.sys
2010-02-20 23:13 . 2001-08-17 20:28 7556 ----a-w- c:\windows\system32\dllcache\usroslba.sys
2010-02-20 23:13 . 2001-08-17 20:28 224802 ----a-w- c:\windows\system32\dllcache\usr1807a.sys
2010-02-20 23:13 . 2001-08-17 20:28 794399 ----a-w- c:\windows\system32\dllcache\usr1806v.sys
2010-02-20 23:13 . 2001-08-17 20:28 793598 ----a-w- c:\windows\system32\dllcache\usr1806.sys
2010-02-20 23:13 . 2001-08-17 20:28 794654 ----a-w- c:\windows\system32\dllcache\usr1801.sys
2010-02-20 23:13 . 2008-04-13 18:45 20608 ----a-w- c:\windows\system32\dllcache\usbuhci.sys
2010-02-20 23:13 . 2008-04-13 18:45 26112 ----a-w- c:\windows\system32\dllcache\usbser.sys
2010-02-20 23:12 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2010-02-20 23:12 . 2004-08-03 23:55 32384 ----a-w- c:\windows\system32\dllcache\usb101et.sys
2010-02-20 23:12 . 2001-10-06 13:02 94720 ----a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-02-20 23:12 . 2001-10-06 13:02 28160 ----a-w- c:\windows\system32\dllcache\umaxu40.dll
2010-02-20 23:12 . 2001-10-06 13:02 26624 ----a-w- c:\windows\system32\dllcache\umaxu22.dll
2010-02-20 23:12 . 2001-10-06 13:02 69632 ----a-w- c:\windows\system32\dllcache\umaxu12.dll
2010-02-20 23:12 . 2001-10-06 13:02 50688 ----a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-02-20 23:12 . 2001-08-17 20:58 22912 ----a-w- c:\windows\system32\dllcache\umaxpcls.sys
2010-02-20 23:12 . 2001-10-06 13:02 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-02-20 23:12 . 2001-10-06 13:02 47616 ----a-w- c:\windows\system32\dllcache\umaxcam.dll
2010-02-20 23:12 . 2001-10-06 13:02 211968 ----a-w- c:\windows\system32\dllcache\um54scan.dll
2010-02-20 23:11 . 2001-10-06 13:02 216064 ----a-w- c:\windows\system32\dllcache\um34scan.dll
2010-02-20 23:11 . 2001-08-17 20:48 11520 ----a-w- c:\windows\system32\dllcache\twotrack.sys
2010-02-20 23:11 . 2004-08-04 12:00 14336 ----a-w- c:\windows\system32\dllcache\tsprof.exe
2010-02-20 23:11 . 2001-08-17 19:51 166784 ----a-w- c:\windows\system32\dllcache\tridxpm.sys
2010-02-20 23:11 . 2001-10-06 13:02 525568 ----a-w- c:\windows\system32\dllcache\tridxp.dll
2010-02-20 23:11 . 2001-08-17 19:51 159232 ----a-w- c:\windows\system32\dllcache\tridkbm.sys
2010-02-20 23:11 . 2001-10-06 13:02 440576 ----a-w- c:\windows\system32\dllcache\tridkb.dll
2010-02-20 23:11 . 2001-08-17 19:51 222336 ----a-w- c:\windows\system32\dllcache\trid3dm.sys
2010-02-20 23:11 . 2001-10-06 13:02 315520 ----a-w- c:\windows\system32\dllcache\trid3d.dll
2010-02-20 23:11 . 2001-08-17 19:12 34375 ----a-w- c:\windows\system32\dllcache\tpro4.sys
2010-02-20 23:10 . 2001-10-06 13:01 42496 ----a-w- c:\windows\system32\dllcache\tp4res.dll
2010-02-20 23:10 . 2008-04-14 16:23 82944 ----a-w- c:\windows\system32\dllcache\tp4mon.exe
2010-02-20 23:10 . 2001-10-06 13:02 31744 ----a-w- c:\windows\system32\dllcache\tp4.dll
2010-02-20 23:10 . 2001-08-17 21:02 230912 ----a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-02-20 23:10 . 2001-08-17 21:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-02-20 23:10 . 2001-08-17 19:10 28232 ----a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-02-20 23:10 . 2001-08-17 19:14 123995 ----a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-02-20 23:10 . 2001-08-17 19:51 138528 ----a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2010-02-20 23:09 . 2001-10-06 13:02 81408 ----a-w- c:\windows\system32\dllcache\tgiul50.dll
2010-02-20 23:09 . 2008-04-13 18:40 149376 ----a-w- c:\windows\system32\dllcache\tffsport.sys
2010-02-20 23:09 . 2004-08-04 12:00 19464 ----a-w- c:\windows\system32\dllcache\tdspx.sys
2010-02-20 23:09 . 2001-08-17 19:13 17129 ----a-w- c:\windows\system32\dllcache\tdkcd31.sys
2010-02-20 23:09 . 2004-08-04 12:00 21896 ----a-w- c:\windows\system32\dllcache\tdipx.sys
2010-02-20 23:09 . 2001-08-17 19:13 37961 ----a-w- c:\windows\system32\dllcache\tdk100b.sys
2010-02-20 23:09 . 2004-08-04 12:00 13192 ----a-w- c:\windows\system32\dllcache\tdasync.sys
2010-02-20 23:09 . 2001-08-17 20:49 30464 ----a-w- c:\windows\system32\dllcache\tbatm155.sys
2010-02-20 23:09 . 2001-08-17 20:52 7040 ----a-w- c:\windows\system32\dllcache\tandqic.sys
2010-02-20 23:09 . 2001-08-17 19:50 36640 ----a-w- c:\windows\system32\dllcache\t2r4mini.sys
2010-02-20 23:09 . 2001-10-06 13:02 172768 ----a-w- c:\windows\system32\dllcache\t2r4disp.dll
2010-02-20 23:09 . 2001-10-06 13:02 94293 ----a-w- c:\windows\system32\dllcache\sxports.dll
2010-02-20 23:08 . 2001-08-17 20:50 103936 ----a-w- c:\windows\system32\dllcache\sx.sys
2010-02-20 23:08 . 2001-08-17 21:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-02-20 23:08 . 2001-10-06 13:02 10240 ----a-w- c:\windows\system32\dllcache\swpidflt.dll
2010-02-20 23:08 . 2001-10-06 13:02 10240 ----a-w- c:\windows\system32\dllcache\swpdflt2.dll
2010-02-20 23:08 . 2001-10-06 13:02 53760 ----a-w- c:\windows\system32\dllcache\sw_wheel.dll
2010-02-20 23:08 . 2001-10-06 13:02 41472 ----a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-02-20 23:08 . 2001-10-06 13:02 155648 ----a-w- c:\windows\system32\dllcache\stlnprop.dll
2010-02-20 23:08 . 2001-10-06 13:02 53248 ----a-w- c:\windows\system32\dllcache\stlncoin.dll
2010-02-20 23:08 . 2001-10-06 12:24 285760 ----a-w- c:\windows\system32\dllcache\stlnata.sys
2010-02-20 23:07 . 2001-10-06 12:23 16896 ----a-w- c:\windows\system32\dllcache\stcusb.sys
2010-02-20 23:07 . 2001-08-17 19:11 48736 ----a-w- c:\windows\system32\dllcache\srwlnd5.sys
2010-02-20 23:07 . 2001-10-06 13:02 99328 ----a-w- c:\windows\system32\dllcache\srusd.dll
2010-02-20 23:07 . 2004-08-04 12:00 101376 ----a-w- c:\windows\system32\dllcache\srusbusd.dll
2010-02-20 23:07 . 2001-10-06 13:02 24660 ----a-w- c:\windows\system32\dllcache\spxupchk.dll
2010-02-20 23:07 . 2001-08-17 20:51 61824 ----a-w- c:\windows\system32\dllcache\speed.sys
2010-02-20 23:07 . 2001-10-06 13:02 106584 ----a-w- c:\windows\system32\dllcache\spdports.dll
2010-02-20 23:07 . 2001-08-17 20:56 7552 ----a-w- c:\windows\system32\dllcache\sonypvu1.sys
2010-02-20 23:07 . 2001-08-17 19:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys
2010-02-20 23:07 . 2001-10-06 13:02 114688 ----a-w- c:\windows\system32\dllcache\sonypi.dll
2010-02-20 23:07 . 2001-08-17 19:51 20752 ----a-w- c:\windows\system32\dllcache\sonync.sys
2010-02-20 23:05 . 2001-08-17 20:57 6784 ----a-w- c:\windows\system32\dllcache\smbhc.sys
2010-02-20 23:04 . 2001-10-06 13:02 157696 ----a-w- c:\windows\system32\dllcache\sisv256.dll
2010-02-20 23:04 . 2001-08-17 19:50 50432 ----a-w- c:\windows\system32\dllcache\sisv.sys
2010-02-20 23:04 . 2004-08-03 21:31 32768 ----a-w- c:\windows\system32\dllcache\sisnic.sys
2010-02-20 23:04 . 2001-10-06 13:02 238592 ----a-w- c:\windows\system32\dllcache\sisgrv.dll
2010-02-20 23:04 . 2001-08-17 19:50 104064 ----a-w- c:\windows\system32\dllcache\sisgrp.sys
2010-02-20 23:04 . 2001-10-06 13:02 150144 ----a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-02-20 23:04 . 2001-08-17 19:50 68608 ----a-w- c:\windows\system32\dllcache\sis6306p.sys
2010-02-20 23:04 . 2001-10-06 13:02 252032 ----a-w- c:\windows\system32\dllcache\sis300iv.dll
2010-02-20 23:04 . 2001-08-17 19:50 101760 ----a-w- c:\windows\system32\dllcache\sis300ip.sys
2010-02-20 23:04 . 2004-08-04 12:00 18944 ----a-w- c:\windows\system32\dllcache\simptcp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-24 17:06 . 2006-07-15 14:02 12 ----a-w- c:\windows\bthservsdp.dat
2010-02-21 23:13 . 2006-05-01 22:11 -------- d-----w- c:\programfiler\Logitech
2010-02-21 23:07 . 2006-04-14 20:22 -------- d-----w- c:\programfiler\Creative
2010-02-21 23:00 . 2006-05-01 22:12 -------- d-----w- c:\programfiler\Fellesfiler\Logitech
2010-02-21 16:27 . 2006-03-14 19:32 -------- d-----w- c:\programfiler\Fellesfiler\Java
2010-02-21 16:25 . 2009-03-13 20:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-21 16:25 . 2006-03-14 19:32 -------- d-----w- c:\programfiler\Java
2010-02-21 13:01 . 2004-09-20 08:03 510266 ----a-w- c:\windows\system32\perfh014.dat
2010-02-21 13:01 . 2004-09-20 08:03 113002 ----a-w- c:\windows\system32\perfc014.dat
2010-02-21 12:52 . 2006-03-14 19:32 -------- d-----w- c:\programfiler\Symantec
2010-02-21 11:46 . 2009-11-23 15:25 79488 ----a-w- c:\documents and settings\Minsin\Programdata\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-20 16:20 . 2010-02-20 16:20 884176 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-20 16:20 . 2010-02-20 16:20 566608 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2010-02-20 16:20 . 2010-02-20 16:20 15880 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-20 16:20 . 2010-02-20 16:20 211064 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-20 16:20 . 2010-02-20 16:20 393896 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-20 16:20 . 2010-02-20 16:20 562272 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-20 16:20 . 2010-02-20 16:19 390320 ----a-w- c:\documents and settings\All Users\Programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-20 14:22 . 2006-03-14 19:32 -------- d--h--w- c:\programfiler\InstallShield Installation Information
2010-02-20 14:22 . 2009-03-11 21:32 -------- d-----w- c:\programfiler\Full Tilt Poker
2010-02-18 22:30 . 2010-01-21 15:15 -------- d-----w- c:\programfiler\Yahoo!
2010-02-18 22:30 . 2010-01-21 15:19 -------- d-----w- c:\documents and settings\All Users\Programdata\Yahoo!
2010-02-15 02:40 . 2010-01-24 23:33 -------- d-----w- c:\documents and settings\Minsin\Programdata\vlc
2010-01-24 23:05 . 2010-01-24 23:05 -------- d-----w- c:\programfiler\VideoLAN
2010-01-21 15:29 . 2010-01-21 15:21 -------- d-----w- c:\documents and settings\Minsin\Programdata\Yahoo!
2010-01-05 10:00 . 2004-09-20 08:03 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 09:59 . 2004-09-20 08:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:59 . 2004-09-20 08:02 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-09-20 08:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2004-09-20 08:20 344064 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2004-09-20 08:02 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:12 . 2004-09-20 08:03 2190976 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:12 . 2004-08-03 22:58 2067840 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-09-20 08:03 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2004-09-20 08:03 1294848 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:14 . 2004-08-03 23:03 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:10 . 2004-09-20 08:03 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:10 . 2004-09-20 08:03 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:10 . 2004-09-20 08:02 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:10 . 2004-08-03 23:03 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:10 . 2001-10-06 12:02 8704 ----a-w- c:\windows\system32\tsbyuv.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-02-21_16.42.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-29 08:58 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-02-28 18:51 . 2009-11-23 19:41 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2010-02-21 23:29 . 2010-02-21 23:29 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-07-11 23:02 . 2009-07-11 23:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-02-22 02:01 . 2010-02-22 02:01 195584 c:\windows\Installer\16434b.msi
+ 2010-02-22 02:46 . 2010-02-22 02:46 204800 c:\windows\ERDNT\22.02.2010-etter brannmur\Users\00000002\UsrClass.dat
+ 2010-02-22 02:46 . 2005-10-20 11:02 163328 c:\windows\ERDNT\22.02.2010-etter brannmur\ERDNT.EXE
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-02-22 02:46 . 2010-02-22 02:46 9039872 c:\windows\ERDNT\22.02.2010-etter brannmur\Users\00000001\NTUSER.DAT
+ 2010-02-22 04:24 . 2010-02-22 04:24 4878336 c:\windows\assembly\NativeImages_v2.0.50727_32\nhc\bffada68cba5be83e2d2e360e4044521\nhc.ni.exe
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DynDNS Updater"="c:\programfiler\DynDNS Updater\DynDNS.exe" [2006-09-17 1352704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programfiler\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NotebookHardwareControl"="c:\programfiler\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
"WinPatrol"="c:\programfiler\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]

c:\documents and settings\All Users\Start-meny\Programmer\Oppstart\
Launch TightVNC Server.lnk - c:\programfiler\TightVNC\WinVNC.exe [2010-2-19 585728]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-22 19:05 339968 ----a-w- c:\programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 16:23 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DynDNS Updater]
2006-09-17 09:32 1352704 ----a-w- c:\programfiler\DynDNS Updater\DynDNS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-05-11 11:48 127118 ----a-w- c:\apps\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-03-21 21:54 155648 ----a-w- c:\programfiler\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RMC]
2005-03-28 15:55 24576 ----a-w- c:\windows\system32\drivers\RMC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-04-12 21:21 14156800 ----a-w- c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snarvei til egenskapsside for High Definition Audio]
2005-01-07 15:07 61952 ----a-w- c:\windows\system32\HdAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\programfiler\Fellesfiler\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-03-04 09:12 708698 ----a-w- c:\programfiler\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-03-04 09:13 102490 ----a-w- c:\programfiler\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-09-24 09:35 180269 -c--a-w- c:\programfiler\Fellesfiler\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-15 09:46 204288 ------w- c:\programfiler\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"SLService"=2 (0x2)
"SeaPort"=3 (0x3)
"iPodService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GenericHidService"=2 (0x2)
"CyberLink Media Library Service"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"CLSched"=2 (0x2)
"CLCapSvc"=2 (0x2)
"Automatisk LiveUpdate-planlegging"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Lavasoft Ad-Aware Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programfiler\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programfiler\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programfiler\\Opera 10 Beta\\opera.exe"=
"c:\\Programfiler\\Skype\\Phone\\Skype.exe"=
"c:\\Programfiler\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programfiler\\TightVNC\\WinVNC.exe"=

R2 a2free;a-squared Free Service;c:\programfiler\a-squared Free\a2service.exe [19.02.2010 23:05 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programfiler\Avira\AntiVir Desktop\sched.exe [21.02.2010 14:49 108289]
R2 MTC0001_RMC;Remove Control Device;c:\windows\system32\drivers\RMC.sys [31.12.1979 23:00 13912]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [24.09.2005 10:16 226768]
R3 ULI5261;ULi Based Ethernet NT Driver;c:\windows\system32\drivers\ULILAN.SYS [31.12.1979 23:00 28160]
S4 Automatisk LiveUpdate-planlegging;Automatisk LiveUpdate-planlegging;"c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe" --> c:\programfiler\Symantec\LiveUpdate\ALUSchedulerSvc.exe [?]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programfiler\Lavasoft\Ad-Aware\AAWService.exe [04.02.2010 16:52 1229232]
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)

2010-02-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programfiler\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 16:19]

2006-03-20 c:\windows\Tasks\HDReg.job
- c:\apps\HDReg\HDRegRem.exe [2005-09-24 09:14]
.
.
------- Tilleggsskanning -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
FF - ProfilePath - c:\documents and settings\Minsin\Programdata\Mozilla\Firefox\Profiles\9bp1ugvg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://travian.fi/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.
- - - - TOMME PEKERE FJERNET - - - -

BHO-{BA463437-C3DE-47da-8280-87596824388A} - (no file)
BHO-{D0285C32-F09A-49bd-BA67-FDAB0A58675E} - (no file)
MSConfigStartUp-AVFX Engine - c:\programfiler\Creative\Creative Live! Cam\VideoFX\StartFX.exe
MSConfigStartUp-LogitechSoftwareUpdate - c:\programfiler\Logitech\Video\ManifestEngine.exe
MSConfigStartUp-LogitechVideoRepair - c:\programfiler\Logitech\Video\ISStart.exe
MSConfigStartUp-LogitechVideoTray - c:\programfiler\Logitech\Video\LogiTray.exe
MSConfigStartUp-LVCOMSX - c:\windows\system32\LVCOMSX.EXE
MSConfigStartUp-V0220Mon - c:\windows\V0220Mon.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-24 18:21
Windows 5.1.2600 Service Pack 3 NTFS

skanner skjulte prosesser ...

skanner skjulte autostart-oppføringer ...

skanner skjulte filer ...

skanning vellykket
skjulte filer: 0

**************************************************************************
.
--------------------- DLL'er Lastet Av Kjørende Prosesser ---------------------

- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3136)
c:\programfiler\TightVNC\VNCHooks.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Tidspunkt ferdig: 2010-02-24 18:28:29
ComboFix-quarantined-files.txt 2010-02-24 17:28
ComboFix2.txt 2010-02-21 16:48
ComboFix3.txt 2010-02-21 13:36

Pre-Run: 11 101 470 720 byte ledig
Post-Run: 11 044 917 248 byte ledig

- - End Of File - - F705F7A7CAC13F9AB8BCEAA03F9573A7

Attached Files



#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 24 February 2010 - 02:29 PM

Hi,

Open Control Panel and then Add/Remove Programs and remove this outdated Java version:
Java 2 Runtime Environment, SE v1.4.2_05

Do you have any Symantec products installed at the moment?


1. Please open Notepad
  • Click Start , then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

CODE
@echo off
del /Q "c:\windows\IsUn0414.exe"
del /Q "c:\windows\_delis32.ini"
echo -=Contents of "C:\navnsomikkegjenkjennes"=->"%userprofile%\Desktop\log.txt"
pev --custom##f #s bytes [#m]# C:\navnsomikkegjenkjennes\* >> "%userprofile%\Desktop\log.txt"
echo .>> "%userprofile%\Desktop\log.txt"
pev --custom##f #s bytes [#m]# "C:\WINDOWS\system32\drivers\etc\hosts" >>"%userprofile%\Desktop\log.txt"
start notepad "%userprofile%\Desktop\log.txt"
del /Q %0

3. Save the above as "fix.bat" (be sure to save with the quotes), saving to your Desktop.

4. Double-click fix.bat to run it. A logfile should pop-up, please post this in your next reply (called log.txt on your Desktop).

How are things running, still having problems?
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 24 February 2010 - 03:30 PM

Thanks for the quick replies. smile.gif

log.txt:

CODE
-=Contents of "C:\navnsomikkegjenkjennes"=-
.
C:\WINDOWS\system32\drivers\etc\hosts           380,137 bytes [2010-02-22 00:35:16]


No Symantec programs is installed. I ran the Norton removal tool.

The computer seems to behave, but it has the following entry in the registry.

CODE
[HKEY_CURRENT_USER\Software\XBTB01621]


I'm not sure why not any scans pick it up. I wonder what else poisonous are in there. dry.gif

I'm unsure, but are there really a lot of drivers loading?

Edited by Sevenfold, 24 February 2010 - 03:31 PM.


#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 24 February 2010 - 03:45 PM

You can delete this folder, if it exists:
C:\navnsomikkegjenkjennes

QUOTE
HKEY_CURRENT_USER\Software\XBTB01621
Is there anything under this registry key?

Please upload a couple of files to my BC Submission Channel:
C:\WINDOWS\system32\drivers\etc\hosts
c:\windows\system32\drivers\RMC.sys


You don't have particularly many drivers running from what I can see.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 24 February 2010 - 04:43 PM

That registry key is not empty. I have included the export at the end of this post.


I have also uploaded RMC.exe, UnRMC.bat and UnRMC.exe. I have no idea what they are. They all seem related to that RMC.sys file. There's also a HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run entry for RMC.exe which I have disabled along with many other Startup entries and services when I did a diagnostic startup to cut out most of the crap slowing down this computer. I have just enabled what I know I need again, so it's currently in "Selective startup". Can you take a look at my deactivated startups and services? (I have no idea how to show them to you).


Registry export:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\XBTB01621]

[HKEY_CURRENT_USER\Software\XBTB01621\SiteAllow]

[HKEY_CURRENT_USER\Software\XBTB01621\Toolbar]
"corruptedMsg"="One of the XML files is corrupted or invalid. Press OK to uninstall."
"uninstallMsg"="This will remove the BearShare MediaBar from your computer! Are you sure?"
"updateMsg"="This will try to update the BearShare MediaBar from the server. Continue?"
"autoUpdateMsg"="New version of BearShare MediaBar is available. Would you like to download and install new version?"
"versionError"="Can not find current version information."
"connectionError"="Can't establish a connection."
"lastVersionMsg"="You have the latest version of the BearShare MediaBar."
"contextMenuItemName"="BearShare MediaBar search"
"closeAllWindowsForUpdate"="All running IE Windows will be closed before updating the BearShare MediaBar. Continue?"
"firstURL"=""
"serverpath"="http://mediabar.bearshare.com/autoupdate/"
"updateUrl"="http://mediabar.bearshare.com/autoupdate/MediaBar.cab"
"urlAfterUpdate"="http://search.bearshare.com/search/index.html?src=tlb"
"urlAfterUninstall"=""
"contextSearch"="http://ms159.mysearch.com/jsp/GGmain.jsp?st=bar&searchfor=%selection"
"OpenNew"="0"
"AutoComplete"="1"
"KeepHistory"="1"
"RunSearchAutomatically"="0"
"RunSearchDragAutomatically"="1"
"DescriptiveText"="0"
"ShowHighlightButton"="0"
"ShowFindButtons"="0"
"UpdateAutomatically"="1"
"EditWidthcombo1"="1"
"#EditWidthcombo1#"="Widthcombo11"
"PopStop"="Untitled Toolbar has blocked a Pop-up window"
"ErrorMsg"="Error"
"AlertMsg"="Alert"
"FindWord"="Select %currentword on the page"
"AutoSearch"="http://search.bearshare.com/webResults.html?src=aus&q=%s"
"AutoWild"=""
"OldAssitant1"="http://search.bearshare.com/sidebar.html?src=ssb"
"OldAssitant2"="http://search.bearshare.com/sidebar.html?src=ssb"
"OldAssitant3"="http://search.bearshare.com/sidebar.html?src=ssb"
"OldAssitant4"="http://search.bearshare.com/sidebar.html?src=ssb"
"OldAssitant5"="no"
"toolbar_id"="{9C34FF76-9392-45fc-BE40-D61E8C6F524D}"
"toolbar_version"="BearShare MediaBar 1.0"
"firstTime"="0"
"TBShow"="1"
"CurrentFont"="Tahoma"
"FontSize"=dword:0000000d
"CurrentLayout"=dword:00000000
"ToolbarIsFailed"=dword:00000000
"blockPopups"=dword:00000000
"updateXML"="1"
"Scope"=dword:00000018
"TBBreak"=dword:00000001
"TBPos"=dword:00000002
"OldOS"=dword:00000000
"CountOS"=dword:00000000
"m_bWorking"="0"
"LastCheckTime"=dword:499b08e4
"TBWidth"=dword:000000e0

[HKEY_CURRENT_USER\Software\XBTB01621\Toolbar\Historycombo]
"www.srch-results.com/lm/imp_rxt.asp?si=19902"=dword:00000001
"www.qklinkserver.com/activity/in.asp?bid=6900"=dword:00000001
"Sk sas"=dword:00000001
"www.itslearning.no/"=dword:00000001
"www.tislearning.no/"=dword:00000001
"www.habbo.no/hotel/furniture/recycler?hotelclient=1"=dword:00000001
"www.kinooslo.no/"=dword:00000001
"www.habbo.no/500.html"=dword:00000001
"wwwja.no/"=dword:00000001
"www.habbo.uk/"=dword:00000001

[HKEY_CURRENT_USER\Software\XBTB01621\Toolbar\tb_items]
"Widthcombo11"=dword:00000001
"tbs_button_023048"=dword:00000001
"tbs_item_001241"=dword:00000001
"tbs_item_021030"=dword:00000001
"tbs_item_003792"=dword:00000001
"tbs_item_027854"=dword:00000001
"tbs_combo_013532"=dword:00000001
"tbs_button_010380"=dword:00000001
"tbs_item_007813"=dword:00000001
"tbs_item_017526"=dword:00000001
"tbs_item_004860"=dword:00000001
"tbs_item_012654"=dword:00000001
"tbs_item_008046"=dword:00000001
"tbs_item_029950"=dword:00000001



#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 24 February 2010 - 05:00 PM

You mentioned that someone else borrowed this computer, I think it would be a good idea to ask them exactly what they installed/did.

The registry key references "BearShare" a lot - this a P2P/File Sharing program. These can be dangerous, and could be a possible cause for infection. The RMC stuff appears to be some sort of remove access program. Its not being flagged as malware, but if you don't use it and didn't put it on there you may as well remove it. The .bat appears to be an uninstaller, and I can verify that it is safe, it does nothing malicious.

Regarding these selective startups, is this from msconfig? Are there any in particular you are unsure about?

Edited by jpshortstuff, 24 February 2010 - 05:01 PM.

Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#9 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 24 February 2010 - 09:34 PM

QUOTE(jpshortstuff @ Feb 24 2010, 11:00 PM) View Post
You mentioned that someone else borrowed this computer, I think it would be a good idea to ask them exactly what they installed/did.


I don't think that person remember. sad.gif

I have removed Bearshare earlier from this computer (after I got it back).

Yes I used msconfig to do the diagnostic startup and disable programs not needed to automatically load. I have taken another look at the remaining entries and I find them to be legitimate.

How do I handle those registry entries no scan will fix for me?

#10 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 25 February 2010 - 03:36 AM

Well, we'd best be on the safe side when removing them manually. I recommend you open regedit, right-click on that registry key and select Rename, and rename it to something like XBTB01621_old. Reboot your computer.

If ater a couple of days of general computer use you are not experiencing any trouble, you can go ahead and delete that key. We just need to make sure there isn't anything using it.

Any more problems/questions?
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#11 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 25 February 2010 - 07:14 PM

Those registry entries has mysteriously vanished! dry.gif

I'm sure it was there before I posted here and it was one of the reasons for posting too.

I did lots of scans but they wouldn't go away. I have no idea how and when they vanished.


I tested Spybot S&D again (forgot when you asked how the computer is behaving). It takes really a long time to load. Is there something I can do?

There's also a lot of reference to Bearshare and Full tilt poker in the registry. Is there a way to remove those unwanted entries?


#12 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 26 February 2010 - 03:46 AM

Unfortunately, you'll be hard pushed to find software that removes absolutely everything about itself when it uninstalls. Its often the case that software leaves stuff behind in the registry, particularly the HKEY_CURRENT_USER hive. This is sometimes deliberately, so that if the application is re-installed settings can be retrieved, sometimes out of laziness on the developers part, or sometimes because an uninstallation was not fully successful. This left over dross is not active, and should do no harm to you computer (other than taking up a bit of space).

Naturally, I can understand why you would want to get rid of them - I would to. Some would recommend a registry cleaner at this point. I'm not a fan of such tools, I guess I just don't like the idea of letting some automated program go through my registry and delete stuff for me. I'm sure you can get good and bad registry cleaners, but I'm not the person to ask on that subject since I don't use them.

Regarding Spybot, I can't offer any suggestions for that one, other than perhaps to try a re-install. Perhaps you may be able to get assistance on the Spybot Forum.

Are you having any more problems, other than the above?
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#13 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 07 March 2010 - 12:16 PM

Hello.

I have been away on a skitrip and forgot to tell you. Sorry.

Thanks you for your advice.

No further problems are present at the moment.

Are there anything else I should do?

Edited by Sevenfold, 07 March 2010 - 02:53 PM.


#14 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:11:31 PM

Posted 07 March 2010 - 02:10 PM

Hi,

Glad to hear things are running better thumbup2.gif

Click Start >> Run, and then type ComboFix /Uninstall and hit enter.
You can now delete any other tools I had you download and use, unless you wish to keep them.


Now that your system appears to be clean, there's just a few steps I'd like you to take to prevent any future infections.
  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • I notice you have WinPatrol installed - this an excellent program to help keep your computer secure, good stuff thumbup2.gif
Also, please read this great article by Tony Klein & BC: How Did I Get Infected?

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#15 Sevenfold

Sevenfold
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 11 March 2010 - 04:59 AM

The computer seems to still be bahaving nicely. thumbup.gif

You can mark this as resolved.

Thank you for your help, and keep up the good work! thumbup2.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users