1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive iexplorer.exe problem

Discussion in 'Malware and Virus Removal Archive' started by adamexsa, 2010/07/02.

Thread Status:
Not open for further replies.
  1. 2010/07/02
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    [Inactive] iexplorer.exe problem

    DDS



    DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
    Run by Administrator at 3:27:39.03 on Fri 07/02/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3326.2887 [GMT 2:00]

    AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    svchost.exe 4
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe 4
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
    BHO: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    BHO: עוזר הכניסה של Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
    BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
    TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
    TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_1.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
    TB: myBabylon English Toolbar: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - c:\program files\mybabylon_english\tbmyB1.dll
    TB: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\zynga\tbZyng.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - c:\program files\icq6toolbar\ICQToolBar.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [%FP%012-L2TP fts.exe] "c:\program files\012net\012net-cable dialer\fts.exe "
    mRun: [%FP%012-L2TP FWPortal.exe] "c:\program files\012net\012net-cable dialer\FWPortal.exe" -no_dialog
    mRun: [PRISMSVR.EXE] Prismsvr.exe /apply
    mRun: [WiFiCFG.EXE] c:\program files\802.11g usb2.0 adapter\WiFiCFG.EXE
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    IE: {88EB38EF-4D2C-436D-ABD3-56B232674062} - c:\program files\icq7.0\ICQ.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\lyd6mmkz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15788&l=dis
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&apn_uid=BEB11100-3FDD-45AB-9674-BDAEE5E68E16&apn_ptnrs=HQ&apn_sauid=89B56A0A-BF91-4A96-9FC6-ECDC79E75127&apn_dtid=&q=
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
    FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-7 217032]
    R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2010-7-2 30320]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-3-24 95872]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2010-5-30 22784]
    R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-7-2 24400]
    S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-3-24 114984]
    S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-4-7 112592]
    S2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2010-7-2 6385616]
    S2 eins7295;Eset install launcher (7295);c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,rdservicestart eins7295 "c:\docume~1\admini~1\locals~1\temp\inxa.tmp" --> c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,rdservicestart eins7295 c:\docume~1\admini~1\locals~1\temp\inxA.tmp [?]
    S2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2010-3-24 810120]
    S2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-2-18 68136]
    S2 ICQ Service;ICQ Service;c:\program files\icq6toolbar\ICQ Service.exe [2010-3-4 246520]
    S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-7-1 304464]
    S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2010-7-2 61624]
    S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-4-7 366840]
    S2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-4-7 1142224]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
    S3 cmudaxu;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [2010-4-1 1391296]
    S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\common files\symantec shared\eengine\eraserutildrv10920.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilDrv10920.sys [?]
    S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [2010-3-2 24504]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-7-1 20952]
    S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\cm108.sys --> c:\windows\system32\drivers\CM108.sys [?]
    S3 Wirelecf;Friendly WI-FI Wirelesscfg Util Win2000 XP;c:\windows\system32\drivers\Wirelecf.SYS [2005-9-7 17230]

    =============== Created Last 30 ================

    2010-07-01 23:24:22 0 d-----w- c:\windows\system32\NtmsData
    2010-07-01 23:23:50 0 d-----w- c:\docume~1\admini~1\applic~1\Avira
    2010-07-01 23:22:39 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-07-01 23:22:39 0 d-----w- c:\program files\Avira
    2010-07-01 23:22:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-07-01 23:17:41 319840 ----a-w- c:\windows\eins1326.dll
    2010-07-01 23:06:35 0 d-----w- c:\program files\ESET
    2010-07-01 22:51:26 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-07-01 22:51:26 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com
    2010-07-01 22:51:22 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-07-01 22:26:48 69680 ----a-w- c:\windows\system32\PxSecure.dll
    2010-07-01 22:26:47 61624 ----a-w- c:\windows\system32\drivers\pxrts.sys
    2010-07-01 22:26:47 30320 ----a-w- c:\windows\system32\drivers\pxscan.sys
    2010-07-01 22:26:46 24400 ----a-w- c:\windows\system32\drivers\pxkbf.sys
    2010-07-01 22:26:45 0 d-----w- c:\program files\Prevx
    2010-07-01 22:26:35 51 ----a-w- c:\windows\wininit.ini
    2010-07-01 22:26:35 0 d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
    2010-07-01 21:46:22 0 d-----w- c:\docume~1\alluse~1\applic~1\SecTaskMan
    2010-07-01 21:46:18 0 d-----w- c:\program files\Security Task Manager
    2010-07-01 20:24:35 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
    2010-07-01 20:24:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-01 20:24:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-01 20:24:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-01 20:24:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-06-29 22:35:49 0 d-----w- c:\program files\LittleFighter2
    2010-06-29 18:27:47 482 ----a-r- c:\windows\system\CmcnfgU.ini
    2010-06-29 18:27:27 98304 ----a-r- c:\windows\system32\cmudau.dll
    2010-06-29 18:27:27 917504 ----a-r- c:\windows\system\cmds3du.dll
    2010-06-29 18:27:27 712704 ----a-r- c:\windows\system32\a3dpropu.dll
    2010-06-29 18:27:27 61440 ----a-r- c:\windows\system\cmsnxeye.exe
    2010-06-29 18:27:27 5341184 ----a-r- c:\windows\system\cmcnfgu.cpl
    2010-06-29 18:27:26 16384 ----a-r- c:\windows\system32\cmpropu.dll
    2010-06-29 18:27:18 2563 ------r- c:\windows\Cmudau.ini
    2010-06-29 17:33:51 4286 ------r- c:\windows\control.ico
    2010-06-29 17:33:51 1150 ------r- c:\windows\tray.ico
    2010-06-29 17:33:50 0 d-----w- c:\program files\Steel Sound 5H USB
    2010-06-28 16:07:43 101893 ----a-w- c:\documents and settings\administrator\AdobeFnt10.lst
    2010-06-27 23:43:35 3170352 ----a-w- C:\ProMS.exe
    2010-06-27 23:43:35 101 ----a-w- C:\settings.ini
    2010-06-24 23:53:57 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
    2010-06-13 17:17:24 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2010-06-13 17:17:24 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
    2010-06-10 10:59:38 285824 ------w- c:\windows\system32\dllcache\atmfd.dll
    2010-06-10 10:59:23 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-10 10:58:23 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
    2010-06-10 09:50:27 0 d-----w- c:\program files\Sony
    2010-06-04 21:04:14 0 d-----w- c:\windows\system32\RTCOM
    2010-06-04 21:03:53 315392 ----a-w- c:\windows\HideWin.exe

    ==================== Find3M ====================

    2010-07-02 00:54:40 16608 ----a-w- c:\windows\gdrv.sys
    2010-06-08 02:16:01 763832 ----a-w- c:\windows\BDTSupport.dll
    2010-06-08 00:21:02 1652664 ----a-w- c:\windows\PCTBDCore.dll
    2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-05-02 10:04:16 1860352 ----a-w- c:\windows\system32\win32k.sys
    2010-05-02 10:04:16 1860352 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-05-01 01:38:18 158 ----a-w- C:\ShockMS.zip
    2010-04-20 05:37:16 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-07 07:53:12 50 ----a-w- C:\ChilliStory.bat
    2010-04-06 02:52:46 2462720 ------w- c:\windows\system32\dllcache\WMVCore.dll
    2010-03-03 11:06:00 281 ----a-w- c:\program files\aequitas.ini
    2009-11-18 10:27:12 241664 ----a-w- c:\program files\aequitas.exe

    ============= FINISH: 3:28:05.71 ===============


    attach.txt



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 18/02/2010 21:46:14
    System Uptime: 07/02/2010 03:24:16 (3480 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA770-UD3
    Processor: AMD Phenom(tm) II X3 710 Processor | Socket M2 | 2611/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 98 GiB total, 22.958 GiB free.
    D: is FIXED (NTFS) - 200 GiB total, 139.285 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description: Audio Device on High Definition Audio Bus
    Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458E601&REV_1000\4&126B8476&0&0001
    Manufacturer:
    Name: Audio Device on High Definition Audio Bus
    PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_1458E601&REV_1000\4&126B8476&0&0001
    Service:

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: ESLvnic Virtual Network 32 Bit
    Device ID: ROOT\NET\0000
    Manufacturer: Turtle Entertainment GmbH
    Name: ESLvnic Virtual Network 32 Bit
    PNP Device ID: ROOT\NET\0000
    Service: ESLvnic1

    ==== System Restore Points ===================

    RP2: 18/02/2010 21:55:23 - Installed DirectX 9.0
    RP3: 18/02/2010 21:55:56 - Installed ATI AVIVO Codecs
    RP5: 18/02/2010 21:57:32 - Installed ATI Parental Control & Encoder
    RP6: 18/02/2010 21:57:46 - Installed ATI Problem Report Wizard
    RP7: 18/02/2010 22:01:47 - Installed EasySaver B9.0205.1
    RP8: 18/02/2010 22:02:03 - Installed Browser Configuration Utility
    RP12: 18/02/2010 22:10:22 - Installed Steam
    RP14: 18/02/2010 22:44:33 - Installed AVG 9.0
    RP15: 18/02/2010 23:11:59 - Installed sClient+ Anti-Cheat
    RP16: 19/02/2010 09:08:57 - Avg8 Update
    RP17: 19/02/2010 10:10:50 - Installed WonderKing.
    RP18: 19/02/2010 12:00:43 - Installed Microsoft Visual C++ 2005 Redistributable
    RP19: 19/02/2010 12:01:06 - Installed Sony Vegas Pro 8.0
    RP20: 19/02/2010 12:05:59 - Removed sClient+ Anti-Cheat
    RP21: 19/02/2010 12:06:15 - Installed sClient+ Anti-Cheat
    RP22: 20/02/2010 10:13:11 - Installed DirectX
    RP23: 23/02/2010 08:42:38 - נקודת ביקורת של המערכת
    RP24: 23/02/2010 19:40:05 - Removed sClient+ Anti-Cheat
    RP25: 23/02/2010 19:40:19 - Installed sClient+ Anti-Cheat
    RP26: 23/02/2010 19:40:46 - Removed sClient+ Anti-Cheat
    RP27: 23/02/2010 19:41:02 - Installed sClient+ Anti-Cheat
    RP28: 23/02/2010 19:54:32 - Removed sClient+ Anti-Cheat
    RP29: 23/02/2010 19:55:09 - Installed sClient+ Anti-Cheat
    RP30: 24/02/2010 18:59:02 - פעולת שחזור
    RP31: 24/02/2010 19:02:58 - Installed sClient+ Anti-Cheat
    RP32: 24/02/2010 19:05:36 - Restore Operation
    RP33: 24/02/2010 19:10:31 - פעולת שחזור
    RP34: 25/02/2010 09:36:47 - Avg8 Update
    RP35: 26/02/2010 12:05:15 - נקודת ביקורת של המערכת
    RP36: 28/02/2010 10:28:24 - נקודת ביקורת של המערכת
    RP37: 01/03/2010 12:57:42 - נקודת ביקורת של המערכת
    RP38: 03/03/2010 01:23:19 - נקודת ביקורת של המערכת
    RP39: 04/03/2010 02:00:26 - נקודת ביקורת של המערכת
    RP40: 05/03/2010 03:00:26 - נקודת ביקורת של המערכת
    RP41: 05/03/2010 08:32:44 - Avg8 Update
    RP42: 05/03/2010 08:34:50 - Avg Update
    RP43: 06/03/2010 09:00:21 - נקודת ביקורת של המערכת
    RP44: 07/03/2010 09:09:39 - נקודת ביקורת של המערכת
    RP45: 07/03/2010 18:32:44 - Installed Ventrilo Client
    RP46: 08/03/2010 23:05:17 - נקודת ביקורת של המערכת
    RP47: 09/03/2010 08:27:13 - Avg Update
    RP48: 10/03/2010 09:15:13 - נקודת ביקורת של המערכת
    RP49: 11/03/2010 10:14:08 - נקודת ביקורת של המערכת
    RP50: 12/03/2010 10:15:14 - נקודת ביקורת של המערכת
    RP51: 13/03/2010 11:06:53 - נקודת ביקורת של המערכת
    RP52: 13/03/2010 11:49:41 - Installed DirectX
    RP53: 13/03/2010 15:05:03 - Installed LogMeIn Hamachi
    RP54: 14/03/2010 23:42:46 - Installed Realtek High Definition Audio Driver
    RP55: 14/03/2010 23:58:12 - Removed Realtek High Definition Audio Driver
    RP56: 15/03/2010 00:14:17 - Installed Realtek High Definition Audio Driver
    RP57: 16/03/2010 01:27:23 - נקודת ביקורת של המערכת
    RP58: 17/03/2010 01:39:26 - נקודת ביקורת של המערכת
    RP59: 17/03/2010 09:07:58 - Avg Update
    RP60: 18/03/2010 09:40:31 - נקודת ביקורת של המערכת
    RP61: 19/03/2010 10:39:26 - נקודת ביקורת של המערכת
    RP62: 20/03/2010 10:39:54 - נקודת ביקורת של המערכת
    RP63: 21/03/2010 11:47:08 - נקודת ביקורת של המערכת
    RP64: 22/03/2010 12:39:54 - נקודת ביקורת של המערכת
    RP65: 23/03/2010 13:39:54 - נקודת ביקורת של המערכת
    RP66: 24/03/2010 14:12:48 - נקודת ביקורת של המערכת
    RP67: 25/03/2010 14:40:30 - נקודת ביקורת של המערכת
    RP68: 25/03/2010 17:38:48 - Installed Assassin's Creed II
    RP69: 25/03/2010 17:43:11 - Installed DirectX
    RP70: 25/03/2010 17:44:10 - Installed Ubisoft Game Launcher
    RP71: 25/03/2010 18:24:31 - Removed Assassin's Creed II
    RP72: 25/03/2010 18:24:44 - Installed Assassin's Creed II
    RP73: 25/03/2010 18:30:07 - Installed DirectX
    RP74: 25/03/2010 18:31:06 - Installed Ubisoft Game Launcher
    RP75: 25/03/2010 07:10:03 - נקודת ביקורת של המערכת
    RP76: 26/03/2010 07:22:47 - נקודת ביקורת של המערכת
    RP77: 26/03/2010 19:25:25 - Installed DirectX
    RP78: 26/03/2010 19:31:35 - Installed DirectX
    RP79: 26/03/2010 19:37:04 - Installed DirectX
    RP80: 26/03/2010 20:08:35 - Installed DirectX
    RP81: 26/03/2010 21:49:27 - SPTD setup V1.62
    RP82: 27/03/2010 23:05:23 - נקודת ביקורת של המערכת
    RP83: 29/03/2010 14:09:42 - נקודת ביקורת של המערכת
    RP84: 30/03/2010 20:42:29 - נקודת ביקורת של המערכת
    RP85: 31/03/2010 21:03:04 - נקודת ביקורת של המערכת

    ==== Installed Programs ======================

    %WS4_ARP_DISPLAY%
    012Net
    360WavesPatcher (Client setup)
    802.11g USB2.0 adapter
    abgx360 v1.0.2
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Flash Player 10 Plugin
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Stock Photos 1.0
    AMD Processor Driver
    Ask Toolbar
    Assassin's Creed II
    ATI - Software Uninstall Utility
    ATI AVIVO Codecs
    ATI Catalyst Control Center
    ATI Display Driver
    ATI HYDRAVISION
    ATI Parental Control & Encoder
    ATI Problem Report Wizard
    Avira AntiVir Personal - Free Antivirus
    Browser Configuration Utility
    Browser Defender 2.0.6.15
    BS.Player FREE
    BS_Player Toolbar
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-preinstall
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cheat-Defender
    Condition Zero Deleted Scenes
    Counter-Strike
    Counter-Strike: Source
    DAEMON Tools Toolbar
    EasySaver B9.0205.1
    ESL Wire 1.3
    Fraps
    Full Tilt Poker
    GameSpy Arcade
    Half-Life 2: Deathmatch
    Half-Life 2: Lost Coast
    HijackThis 1.99.1
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ICQ Toolbar
    ICQ7
    ImgBurn
    Java(TM) 6 Update 13
    Left 4 Dead
    Little Fighter 2 version 2.0a
    Madballs in... Babo:Invasion
    Malwarebytes' Anti-Malware
    MapleStory
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 1.1 Service Pack 1
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    mIRC
    Mozilla Firefox (3.6.4)
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    myBabylon_English Toolbar
    Octoshape add-in for Adobe Flash Player
    Octoshape Streaming Services
    Pando Media Booster
    Prevx
    R.U.S.E. Beta
    Razer DeathAdder(TM) Mouse
    REALTEK GbE & FE Ethernet PCI-E NIC Driver
    SAW - The Video Game
    sClient+ Anti-Cheat
    Security Task Manager 1.7h
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Segoe UI
    Skype Toolbars
    Skypeâ„¢ 4.2
    Sony Vegas Pro 8.0
    Spyware Doctor 7.0
    Steam
    Steel Sound 5H USB
    SUPERAntiSpyware
    SWAT 4
    Team Fortress 2
    TeamSpeak 3 Client
    TrackMania Nations Forever
    Ubisoft Game Launcher
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Ventrilo Client
    War Rock
    WebFldrs XP
    Windows Driver Package - Cypress (CyUsb) USB
    Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Media Player Firefox Plugin
    Windows Rights Management Client Backwards Compatibility SP2
    Windows Rights Management Client with Service Pack 2
    WinRAR archiver
    WonderKing
    Yahoo! Toolbar
    Zynga Toolbar
    כלי ההעלאה של Windows Live
    מסייע הכניסה של Windows Live

    ==== Event Viewer Messages From Past Week ========

    30/06/2010 22:47:34, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    30/06/2010 22:38:06, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    30/06/2010 16:59:40, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    29/06/2010 20:29:47, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    29/06/2010 20:28:20, warning: Windows File Protection [64008] - ‏‏בדיקה כי קובץ המערכת המוגן c:\windows\system32\drivers\stream.sys הוא חוקי לא הצליחה, מאחר שפעולת הגנת הקבצים של Windows‏ ‏מסתיימת. השתמש בכלי בודק קבצי המערכת (SFC) כדי לוודא את שלמות הקובץ מאוחר יותר.
    29/06/2010 20:28:20, warning: Windows File Protection [64008] - ‏‏בדיקה כי קובץ המערכת המוגן c:\windows\system32\drivers\portcls.sys הוא חוקי לא הצליחה, מאחר שפעולת הגנת הקבצים של Windows‏ ‏מסתיימת. השתמש בכלי בודק קבצי המערכת (SFC) כדי לוודא את שלמות הקובץ מאוחר יותר.
    29/06/2010 20:28:20, warning: Windows File Protection [64008] - ‏‏בדיקה כי קובץ המערכת המוגן c:\windows\system32\drivers\drmk.sys הוא חוקי לא הצליחה, מאחר שפעולת הגנת הקבצים של Windows‏ ‏מסתיימת. השתמש בכלי בודק קבצי המערכת (SFC) כדי לוודא את שלמות הקובץ מאוחר יותר.
    29/06/2010 20:13:30, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    29/06/2010 19:58:58, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    29/06/2010 19:51:59, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    29/06/2010 19:40:37, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    29/06/2010 19:37:09, error: Service Control Manager [7034] - The ICQ Service service terminated unexpectedly. It has done this 1 time(s).
    29/06/2010 19:37:07, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    28/06/2010 17:17:31, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    28/06/2010 16:36:07, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: ‏‏בוצע ניסיון לפעולת Socket במחשב מארח שאינו נגיש. (0x80072751)
    28/06/2010 16:36:04, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: ‏‏בוצע ניסיון לפעולת Socket במחשב מארח שאינו נגיש. (0x80072751)
    28/06/2010 16:21:31, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    26/06/2010 15:26:46, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    26/06/2010 00:38:38, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    02/07/2010 03:26:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM ehdrv Fips SASDIFSV SASKUTIL sptd sr
    02/07/2010 03:24:51, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
    02/07/2010 02:56:11, error: System Error [1003] - ‏‏קוד שגיאה 1000008e, פרמטר1 c0000005, פרמטר2 805bc215, פרמטר3 a486dc7c, פרמטר4 00000000.
    02/07/2010 02:55:18, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eset install launcher (7295) service to connect.
    02/07/2010 02:55:18, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    02/07/2010 02:55:18, error: Service Control Manager [7000] - The Eset install launcher (7295) service failed to start due to the following error: ‏‏השירות לא הגיב לבקשת ההפעלה או לבקשת השליטה בזמן.
    02/07/2010 02:46:40, error: System Error [1003] - ‏‏קוד שגיאה 1000008e, פרמטר1 c0000005, פרמטר2 805bc215, פרמטר3 a5e66634, פרמטר4 00000000.
    02/07/2010 02:44:02, error: System Error [1003] - ‏‏קוד שגיאה 1000008e, פרמטר1 c0000005, פרמטר2 805bc215, פרמטר3 a486dc7c, פרמטר4 00000000.
    02/07/2010 02:41:45, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    02/07/2010 01:27:34, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM avgio avipbb ehdrv Fips SASDIFSV SASKUTIL sptd sr
    02/07/2010 01:26:08, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
    02/07/2010 01:16:18, error: System Error [1003] - ‏‏קוד שגיאה 100000d1, פרמטר1 0000000c, פרמטר2 00000002, פרמטר3 00000000, פרמטר4 ba14bc5b.
    02/07/2010 01:15:09, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    02/07/2010 01:12:16, error: System Error [1003] - ‏‏קוד שגיאה 100000d1, פרמטר1 0000000c, פרמטר2 00000002, פרמטר3 00000000, פרמטר4 ba14bc5b.
    02/07/2010 01:11:02, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    02/07/2010 01:08:55, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
    02/07/2010 01:01:05, error: System Error [1003] - ‏‏קוד שגיאה 000000c2, פרמטר1 00000007, פרמטר2 00000cd4, פרמטר3 35383544, פרמטר4 8a3500f0.
    02/07/2010 00:59:57, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    02/07/2010 00:54:36, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments " " in order to run the server: {000C101C-0000-0000-C000-000000000046}
    01/07/2010 23:56:14, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
    01/07/2010 23:41:20, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 23:35:41, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 23:18:13, error: System Error [1003] - ‏‏קוד שגיאה 100000d1, פרמטר1 4633333d, פרמטר2 00000002, פרמטר3 00000000, פרמטר4 ba2bb5f3.
    01/07/2010 23:17:15, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 23:13:22, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdPPM BHDrvx86 ccHP eeCtrl Fips sptd sr SRTSPX SymIRON SYMTDI
    01/07/2010 23:11:57, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
    01/07/2010 23:09:25, error: Service Control Manager [7022] - The LogMeIn Hamachi 2.0 Tunneling Engine service hung on starting.
    01/07/2010 23:07:16, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 22:22:45, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments " " in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    01/07/2010 21:55:26, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.2.101 with the system having network hardware address 00:03:0D:A1:E2:0B. Network operations on this system may be disrupted as a result.
    01/07/2010 21:05:53, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdPPM aswSP aswTdi BHDrvx86 ccHP eeCtrl Fips sptd sr SRTSPX SymIRON SYMTDI
    01/07/2010 21:04:27, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
    01/07/2010 20:48:09, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 20:45:36, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM aswSP aswTdi BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss sptd sr SRTSPX SymIRON SYMTDI Tcpip
    01/07/2010 20:45:36, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
    01/07/2010 20:45:36, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
    01/07/2010 20:45:36, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
    01/07/2010 20:45:36, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: ‏‏התקן המצורף למערכת אינו פועל.
    01/07/2010 20:45:18, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    01/07/2010 20:45:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    01/07/2010 20:44:41, error: sptd [4] - ‏‏מנהל ההתקן זיהה שגיאה פנימית במבני נתונים של .
    01/07/2010 20:40:47, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 20:37:27, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 20:24:53, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
    01/07/2010 20:19:49, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 20:15:45, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 19:47:55, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 19:43:18, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 19:22:14, error: Service Control Manager [7034] - The LogMeIn Hamachi 2.0 Tunneling Engine service terminated unexpectedly. It has done this 1 time(s).
    01/07/2010 19:21:59, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sr
    01/07/2010 19:21:58, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.
    01/07/2010 00:49:55, error: Service Control Manager [7000] - The System Restore Service service failed to start due to the following error: ‏‏למערכת אין אפשרות לאתר את הנתיב שצוין.

    ==== End Of File ===========================


    HiJackthis


    Logfile of HijackThis v1.99.1
    Scan saved at 03:29:57, on 02/07/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: SafeOnline BHO - {69D72956-317C-44bd-B369-8E44D4EF9801} - C:\WINDOWS\system32\PxSecure.dll
    O2 - BHO: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
    O2 - BHO: עוזר הכניסה של Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
    O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
    O3 - Toolbar: Zynga Toolbar - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (file missing)
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [%FP%012-L2TP fts.exe] "C:\Program Files\012Net\012Net-Cable dialer\fts.exe "
    O4 - HKLM\..\Run: [%FP%012-L2TP FWPortal.exe] "C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe" -no_dialog
    O4 - HKLM\..\Run: [PRISMSVR.EXE] Prismsvr.exe /apply
    O4 - HKLM\..\Run: [WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
    O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International
    O13 - Gopher Prefix:
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    O23 - Service: CSIScanner - Unknown owner - C:\Program Files\Prevx\prevx.exe" /service (file missing)
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - Unknown owner - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe" -s (file missing)
    O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: System Restore Service (srservice) - Duplex Secure Ltd. - (no file)
     
    Last edited: 2010/07/02
  2. 2010/07/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What are your issues?
    What is your current AV program?
    I can see parts of Avira, Norton and Eset running.
     

  3. to hide this advert.

  4. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    there is IEXPLORE.exe runned on my task manager twice and there is a pops that comeup everytime
     
  5. 2010/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4271

    Windows 5.1.2600 Service Pack 3 (Safe Mode)
    Internet Explorer 8.0.6001.18702

    02/07/2010 20:20:44
    mbam-log-2010-07-02 (20-20-44).txt

    Scan type: Quick scan
    Objects scanned: 126430
    Time elapsed: 1 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    gmer

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-07-02 21:27:58
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\awnyrpob.sys


    ---- User code sections - GMER 1.0.15 ----

    .text C:\Program Files\Mozilla Firefox\firefox.exe[536] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[812] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0ED C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB1C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25467C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E480F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4741 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E47AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4612 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4674 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E4872 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E46D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] ole32.dll!CoCreateInstance 774FF1C4 5 Bytes JMP 3E2EDB78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] ole32.dll!OleLoadFromStream 775297FD 5 Bytes JMP 3E3E4B77 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1040] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\IEXPLORE.EXE[1660] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xF9 0x76 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x99 0x4D 0x2D ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x7B 0x3A 0xF4 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xA6 0x45 0x4D ...
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAF 0x4C 0x85 0xA7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xF9 0x76 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x99 0x4D 0x2D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x7B 0x3A 0xF4 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xA6 0x45 0x4D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAF 0x4C 0x85 0xA7 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xF9 0x76 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7D 0x99 0x4D 0x2D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x93 0x7B 0x3A 0xF4 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB2 0xA6 0x45 0x4D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xAF 0x4C 0x85 0xA7 ...
    Reg HKCU\Software\Microsoft\Windows Live\Communications Clients\Shared\1605871432\Groups@\x5c0\5א\5י\5\xf88d\5 \0ח\5י\5ט\5 \0א\5ױ\5ב\5ה\5\xf88d\5\xf891\5 0

    ---- Files - GMER 1.0.15 ----

    File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B2284C50-8608-11DF-A08D-00241D2FFB5B}.dat 4608 bytes
    File C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB1DDA8A-8608-11DF-A08D-00241D2FFB5B}.dat 4096 bytes
    File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\JOEKGXW5\background_gradient[1] 0 bytes


    [​IMG]

    Uploaded with ImageShack.us
     
  7. 2010/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    [color= "Blue"]**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**[/color]
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on [color= "Red"]this link[/color] to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • [color= "Red"]WARNING:[/color] Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    ComboFix 10-07-03.01 - Administrator 07/03/2010 1:20.1.3 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3326.2850 [GMT 2:00]
    Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
    AV: ESET Smart Security 4.2 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\BASSMOD.dll
    c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server
    c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\flags.ini
    c:\documents and settings\Administrator\Local Settings\Application Data\Windows Server\uses32.dat
    c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server
    c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
    c:\windows\system\VB40032.DLL
    c:\windows\system32\7177778.dll
    c:\windows\system32\zip32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Service_AtapiDrv


    ((((((((((((((((((((((((( Files Created from 2010-06-02 to 2010-07-02 )))))))))))))))))))))))))))))))
    .

    2010-07-02 22:38 . 2010-07-02 22:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help
    2010-07-02 22:38 . 2010-07-02 22:38 216 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_4BB1B6CC60E4B5A41A663B175B1523B4.dll
    2010-07-02 18:02 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-02 18:02 . 2010-07-02 18:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-02 18:02 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-02 03:09 . 2010-07-02 03:09 -------- d-----w- C:\VritualRoot
    2010-07-02 03:09 . 2010-07-02 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\COMODO
    2010-07-02 03:03 . 2010-07-02 03:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
    2010-07-01 23:24 . 2010-07-02 00:44 -------- d-----w- c:\windows\system32\NtmsData
    2010-07-01 23:17 . 2010-07-01 23:17 319840 ----a-w- c:\windows\eins1326.dll
    2010-07-01 23:06 . 2010-07-01 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
    2010-07-01 22:51 . 2010-07-01 22:51 63488 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-07-01 22:51 . 2010-07-01 22:51 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-07-01 22:51 . 2010-07-01 22:51 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-07-01 22:51 . 2010-07-01 22:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-07-01 22:51 . 2010-07-01 22:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
    2010-07-01 20:24 . 2010-07-01 20:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
    2010-07-01 20:24 . 2010-07-01 20:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-01 18:21 . 2010-07-01 18:21 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
    2010-07-01 17:48 . 2010-07-01 17:48 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Yahoo!
    2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Threat Expert
    2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\BS_Player
    2010-07-01 17:38 . 2010-07-02 23:17 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AskToolbar
    2010-07-01 17:38 . 2010-07-01 17:43 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\myBabylon_English
    2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Zynga
    2010-07-01 17:38 . 2010-07-01 17:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Conduit
    2010-07-01 17:22 . 2010-07-01 17:22 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
    2010-06-30 15:01 . 2010-06-30 15:01 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-06-30 15:00 . 2010-07-02 01:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\BS_Player
    2010-06-30 15:00 . 2010-06-30 15:00 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
    2010-06-30 15:00 . 2010-07-02 23:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AskToolbar
    2010-06-30 15:00 . 2010-07-02 01:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\myBabylon_English
    2010-06-30 15:00 . 2010-06-30 15:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit
    2010-06-30 15:00 . 2010-06-30 15:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Zynga
    2010-06-30 15:00 . 2010-06-30 15:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Threat Expert
    2010-06-29 22:35 . 2010-06-29 22:35 -------- d-----w- c:\program files\LittleFighter2
    2010-06-29 18:27 . 2005-01-19 01:52 61440 ----a-r- c:\windows\system\cmsnxeye.exe
    2010-06-29 18:27 . 2004-02-13 07:39 98304 ----a-r- c:\windows\system32\cmudau.dll
    2010-06-29 18:27 . 2002-04-29 07:04 917504 ----a-r- c:\windows\system\cmds3du.dll
    2010-06-29 18:27 . 2001-11-23 04:08 712704 ----a-r- c:\windows\system32\a3dpropu.dll
    2010-06-29 18:27 . 2004-02-18 06:19 16384 ----a-r- c:\windows\system32\cmpropu.dll
    2010-06-29 17:33 . 2010-06-29 18:27 -------- d-----w- c:\program files\Steel Sound 5H USB
    2010-06-27 23:43 . 2008-11-11 07:27 3170352 ----a-w- C:\ProMS.exe
    2010-06-24 23:53 . 2010-06-24 23:54 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
    2010-06-22 14:05 . 2010-06-22 17:28 4286 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3008CE00-F04D-47B6-B5DB-E11F7593754D}\_950D48DB97671A8238B0D2.exe
    2010-06-22 14:05 . 2010-06-22 17:28 4286 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3008CE00-F04D-47B6-B5DB-E11F7593754D}\_6FEFF9B68218417F98F549.exe
    2010-06-22 14:05 . 2010-06-22 17:28 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{3008CE00-F04D-47B6-B5DB-E11F7593754D}\_79D9B9396E11781C58F99A.exe
    2010-06-19 20:03 . 2010-06-19 20:03 706048 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\pmv307a-1006091-0-main.dll
    2010-06-19 18:59 . 2010-02-17 16:19 71960 ----a-w- c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll
    2010-06-19 18:59 . 2010-02-17 16:19 420352 ----a-w- c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-libOctoshapeClient.dll
    2010-06-19 18:59 . 2010-02-17 16:19 124184 ----a-w- c:\documents and settings\Administrator\Application Data\Octoshape\Octoshape Streaming Services\sua-1002170-0-apoctoshape.dll
    2010-06-13 17:17 . 2008-04-13 22:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
    2010-06-13 17:17 . 2008-04-13 22:48 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
    2010-06-10 10:59 . 2010-04-20 05:37 285824 ------w- c:\windows\system32\dllcache\atmfd.dll
    2010-06-10 10:59 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-10 10:58 . 2010-03-05 14:37 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
    2010-06-10 09:50 . 2010-06-10 09:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
    2010-06-10 09:50 . 2010-06-10 09:50 -------- d-----w- c:\program files\Sony
    2010-06-04 21:04 . 2010-06-29 18:24 -------- d-----w- c:\windows\system32\RTCOM
    2010-06-04 21:03 . 2010-06-04 21:03 315392 ----a-w- c:\windows\HideWin.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-07-02 23:26 . 2010-03-02 21:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-07-02 23:26 . 2010-02-18 19:59 16608 ----a-w- c:\windows\gdrv.sys
    2010-07-02 22:45 . 2010-07-01 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
    2010-07-02 22:41 . 2010-02-18 19:33 -------- d-----w- c:\program files\Windows Desktop Search
    2010-07-02 22:38 . 2010-07-01 21:46 -------- d-----w- c:\program files\Security Task Manager
    2010-07-02 22:28 . 2010-02-18 20:10 -------- d-----w- c:\program files\Steam
    2010-07-02 15:36 . 2010-02-18 19:54 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-07-02 15:30 . 2010-03-02 15:16 -------- d-----w- c:\program files\EslWire
    2010-07-02 15:26 . 2010-04-07 16:02 -------- d-----w- c:\program files\Spyware Doctor
    2010-07-02 15:24 . 2010-03-12 13:53 -------- d-----w- c:\program files\GameSpy Arcade
    2010-07-02 15:24 . 2010-03-26 20:04 -------- d-----w- c:\program files\DAEMON Tools Toolbar
    2010-07-01 22:59 . 2010-04-23 20:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-07-01 22:59 . 2010-04-23 20:38 -------- d-----w- c:\program files\NortonInstaller
    2010-07-01 22:41 . 2010-04-23 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-07-01 20:23 . 2010-04-17 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-06-30 15:07 . 2010-02-18 20:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\mIRC
    2010-06-30 15:06 . 2010-02-18 20:20 -------- d-----w- c:\program files\mIRC
    2010-06-30 00:36 . 2010-03-04 14:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\ICQ
    2010-06-29 01:15 . 2010-02-21 15:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
    2010-06-28 22:01 . 2010-02-21 15:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
    2010-06-28 20:06 . 2010-03-30 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
    2010-06-12 12:16 . 2010-03-04 14:14 -------- d-----w- c:\program files\ICQ7.0
    2010-06-10 09:50 . 2010-03-02 21:59 -------- d-----w- c:\program files\VSTplugins
    2010-06-10 09:49 . 2010-03-22 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\BSplayer
    2010-06-08 02:16 . 2010-04-07 16:08 763832 ----a-w- c:\windows\BDTSupport.dll
    2010-06-08 00:21 . 2010-04-07 16:08 1652664 ----a-w- c:\windows\PCTBDCore.dll
    2010-06-04 20:24 . 2010-02-18 19:33 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-06-04 20:01 . 2010-04-27 12:22 -------- d-----w- c:\program files\Ask.com
    2010-05-30 18:24 . 2010-05-30 18:24 -------- d-----w- c:\program files\DIFX
    2010-05-30 18:24 . 2010-05-30 18:24 -------- d-----w- c:\program files\Razer
    2010-05-22 16:11 . 2010-04-23 12:51 -------- d-----w- c:\program files\LogMeIn Hamachi
    2010-05-21 20:27 . 2010-02-18 21:11 -------- d-----w- c:\program files\Cheat-Defender
    2010-05-14 15:36 . 2010-03-29 11:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\TS3Client
    2010-05-13 19:08 . 2010-04-20 17:43 -------- d-----w- c:\program files\myBabylon_English
    2010-05-10 19:16 . 2010-02-18 19:36 -------- d-----w- c:\program files\Windows Media Connect 2
    2010-05-06 10:41 . 2009-03-08 02:34 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-05-02 10:04 . 2009-02-09 10:08 1860352 ----a-w- c:\windows\system32\win32k.sys
    2010-05-01 01:38 . 2010-03-27 18:04 158 ----a-w- C:\ShockMS.zip
    2010-04-24 19:57 . 2010-02-18 20:04 27848 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-20 05:37 . 2008-05-27 16:29 285824 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-19 20:43 . 2010-04-19 20:43 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    2010-04-19 20:43 . 2010-04-19 20:43 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
    2010-04-19 20:43 . 2010-04-19 20:43 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
    2010-04-19 20:43 . 2010-04-19 20:43 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
    2010-04-19 20:43 . 2010-04-19 20:43 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
    2010-04-19 20:43 . 2010-04-19 20:43 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
    2010-04-07 07:53 . 2010-05-07 10:28 50 ----a-w- C:\ChilliStory.bat
    2010-04-04 16:53 . 2010-04-04 16:53 0 ----a-w- c:\windows\nsreg.dat
    2010-03-03 11:06 . 2010-03-03 11:05 281 ----a-w- c:\program files\aequitas.ini
    2009-11-18 10:27 . 2010-03-02 15:23 241664 ----a-w- c:\program files\aequitas.exe
    .

    ------- Sigcheck -------

    [-] 2009-03-26 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
    2010-05-13 19:09 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} "= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-13 2515552]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} "= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-05-13 2515552]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

    [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC "= "c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-28 61440]
    "%FP%012-L2TP fts.exe "= "c:\program files\012Net\012Net-Cable dialer\fts.exe" [2005-08-11 83608]
    "%FP%012-L2TP FWPortal.exe "= "c:\program files\012Net\012Net-Cable dialer\FWPortal.exe" [2005-12-13 801280]
    "DeathAdder "= "c:\program files\Razer\DeathAdder\razerhid.exe" [2008-09-05 159744]
    "Malwarebytes' Anti-Malware "= "c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
    2010-06-08 11:39 133368 ----a-w- c:\program files\ICQ7.0\ICQ.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
    2010-03-30 09:16 1820040 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 14:43 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2010-02-22 10:42 26101032 ----a-r- c:\program files\Skype\Phone\Skype.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-06 15:54 1238352 ----a-w- c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride "=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Steam\\Steam.exe "=
    "c:\\Program Files\\mIRC\\mirc.exe "=
    "c:\\Program Files\\Cheat-Defender\\Cheat-Defender.exe "=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
    "c:\\Program Files\\ICQ7.0\\ICQ.exe "=
    "c:\\Program Files\\ICQ7.0\\aolload.exe "=
    "c:\\Program Files\\Ventrilo\\Ventrilo.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\r.u.s.e. beta\\Ruse.exe "=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe "=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\Assassin's Creed II\\server.exe "=
    "c:\\WINDOWS\\system32\\ftp.exe "=
    "c:\\Program Files\\Ubisoft\\server.exe "=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\Assassin's Creed II\\mitm.exe "=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe "=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe "=
    "c:\\Program Files\\Steam\\steamapps\\dxzit\\counter-strike\\hl.exe "=

    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [24/03/2010 20:31 114984]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24/03/2010 20:33 95872]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [07/04/2010 18:08 112592]
    R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [18/02/2010 22:01 68136]
    R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
    R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [04/03/2010 16:14 246520]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [02/07/2010 20:02 304464]
    R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [30/05/2010 20:24 22784]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [02/07/2010 20:02 20952]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
    S2 eins7295;Eset install launcher (7295);c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,RDServiceStart eins7295 "c:\docume~1\ADMINI~1\LOCALS~1\Temp\inxA.tmp" --> c:\windows\system32\rundll32.exe c:\windows\eins7295.dll,RDServiceStart eins7295 c:\docume~1\ADMINI~1\LOCALS~1\Temp\inxA.tmp [?]
    S2 ekrn;ESET Service; "c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys --> c:\windows\system32\drivers\Ambfilt.sys [?]
    S3 cmudaxu;C-Media USB Sound Interface;c:\windows\system32\drivers\cmudaxu.sys [01/04/2010 12:09 1391296]
    S3 EraserUtilDrv10920;EraserUtilDrv10920;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10920.sys [?]
    S3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [02/03/2010 17:16 24504]
    S3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM108.sys --> c:\windows\system32\drivers\CM108.sys [?]
    S3 Wirelecf;Friendly WI-FI Wirelesscfg Util Win2000 XP;c:\windows\system32\drivers\Wirelecf.SYS [07/09/2005 11:09 17230]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26/03/2010 21:49 691696]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-02 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
    - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    mStart Page = about:blank
    uInternet Connection Wizard,ShellNext = iexplore
    IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15788&l=dis
    FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&apn_uid=BEB11100-3FDD-45AB-9674-BDAEE5E68E16&apn_ptnrs=HQ&apn_sauid=89B56A0A-BF91-4A96-9FC6-ECDC79E75127&apn_dtid=&q=
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
    Toolbar-{7b13ec3e-999a-4b70-b9cb-2617b8323822} - c:\program files\Zynga\tbZyng.dll
    WebBrowser-{7B13EC3E-999A-4B70-B9CB-2617B8323822} - c:\program files\Zynga\tbZyng.dll
    HKLM-Run-PRISMSVR.EXE - Prismsvr.exe
    HKLM-Run-WiFiCFG.EXE - c:\program files\802.11g USB2.0 adapter\WiFiCFG.EXE
    HKLM-Run-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
    ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
    MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
    MSConfigStartUp-ESL Wire - c:\program files\EslWire\wire.exe
    AddRemove-abgx360 - c:\program files\abgx360\uninstall.exe
    AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
    AddRemove-ESL Wire_is1 - c:\program files\EslWire\unins000.exe
    AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
    AddRemove-Little Fighter 2 version 2.0a - D:\Uninstal.exe
    AddRemove-SAW - The Video Game_is1 - d:\saw - the video game\unins000.exe
    AddRemove-Yahoo! Toolbar - c:\progra~1\Yahoo!\Common\UNYT_W~1.EXE
    AddRemove-{C9BED750-1211-4480-B1A5-718A3BE15525} - c:\program files\InstallShield Installation Information\{C9BED750-1211-4480-B1A5-718A3BE15525}\SETUP.EXE
    AddRemove-{E8AEA11B-E60A-455E-B008-E4E763604612} - c:\program files\InstallShield Installation Information\{E8AEA11B-E60A-455E-B008-E4E763604612}\setup.exe
    AddRemove-360WAVESPATCHERCLT - c:\program files\360WavesPatcher\WDUNINST.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-07-03 01:26
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8f,f4,61,84,e3,4f,4b,a2,c9,55,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,4f,8f,f4,61,84,e3,4f,4b,a2,c9,55,\

    [HKEY_USERS\S-1-5-21-1202660629-515967899-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,eb,56,69,87,e0,3a,e2,4a,92,89,0a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,11,5b,f2,b2,50,1b,4c,9c,b4,d0,\
    "6256FFB019F8FDFBD36745B06F4540E9AEAF222A25 "=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,33,11,5b,f2,b2,50,1b,4c,9c,b4,d0,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(744)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(132)
    c:\windows\system32\WININET.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    c:\windows\system32\msiexec.exe
    c:\program files\Razer\DeathAdder\razertra.exe
    c:\program files\Razer\DeathAdder\razerofa.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\program files\Internet Explorer\IEXPLORE.EXE
    c:\windows\system32\taskmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-07-03 01:29:42 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-07-02 23:29

    Pre-Run: 30,594,441,216 bytes free
    Post-Run: 30,717,775,872 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

    - - End Of File - - 52BBED75C347D4F38B851F1BBD551B41


    [​IMG]

    Uploaded with ImageShack.us

    and what you think about that?
     
    Last edited: 2010/07/03
  9. 2010/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You never answered my question:
    You can run only 1 AV program.
    Let me know, which one you want to keep.

    ==============================================================

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    =============================================================

    Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below

    Download TDSSKiller and save it to your Desktop.
    Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
    Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

    If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
    When it is done, a log file should be created on your C: drive called TDSSKiller.txt please copy and paste the contents of that file here.
     
  10. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    I wanna keep avira av.

    and sorry but my windows is on hebrew
    קובץ Render bgm\main.wma
    ‏‏לקובץ יש סוג מדיה 0xe436eb83... סוג משנה 0x6b6d0801...
    ‏‏clsid של מסנן המקור הוא 0x187463a0...
    ‏‏מסנן המקור טען את קובץ המקור
    RenderFile: מסנן מקור נוסף: כתובת=38955c
    ‏‏RenderFile: Render פין מסנן מקור 15a7544
    ‏‏Render: לפין 15a7544 יש סוג ראשי 0x73647561...
    ‏‏Render: מנסה מסנן בכתובת 38955c
    ‏‏Render: בוחן מסנן בכתובת 38955c עבור פין קלט שיש לחבר לפין פלט 15a7544 אל
    ‏‏Render: אין יותר פינים - לא הצליח למצוא פין לשימוש במסנן 38955c
    ‏‏Render: מנסה מסנן חדש עם שם תצוגה @device:dmo:{2EEB4ADF-4578-4D10-BCA7-BB955F56320A}{57F2DB8B-E6BB-4513-9D43-DCD2A6593125}...
    ‏‏Render: מסנן חדש נוסף. לשם התצוגה @device:dmo:{2EEB4ADF-4578-4D10-BCA7-BB955F56320A}{57F2DB8B-E6BB-4513-9D43-DCD2A6593125}... יש כתובת 15a10a4, WMAudio Decoder DMO
    ‏‏Render: בוחן מסנן בכתובת 15a10a4 עבור פין קלט שיש לחבר לפין פלט 15a7544 אל
    ‏‏Render: שוקל לחבר פין פלט 15a7544 לפין 38e38c במסנן בכתובת 15a10a4
    ‏‏Render: פין פלט 15a7544 חובר לפין 38e38c במסנן ב- 15a10a4
    ‏‏Render: מחפש פלטים לביצוע render ממסנן בכתובת 15a10a4
    ‏‏Render: מנסה לבצע render לפין פלט 15a798c במסנן בכתובת 15a10a4
    ‏‏Render: לפין 15a798c יש סוג ראשי 0x73647561...
    ‏‏Render: מנסה מסנן בכתובת 15a10a4
    ‏‏Render: בוחן מסנן בכתובת 15a10a4 עבור פין קלט שיש לחבר לפין פלט 15a798c אל
    ‏‏Render: שוקל לחבר פין פלט 15a798c לפין 38e38c במסנן בכתובת 15a10a4
    ‏‏Render: פין 38e38c כבר מחובר
    ‏‏Render: אין יותר פינים - לא הצליח למצוא פין לשימוש במסנן 15a10a4
    ‏‏Render: מנסה מסנן בכתובת 38955c
    ‏‏Render: בוחן מסנן בכתובת 38955c עבור פין קלט שיש לחבר לפין פלט 15a798c אל
    ‏‏Render: אין יותר פינים - לא הצליח למצוא פין לשימוש במסנן 38955c
    ‏‏Render: מנסה מסנן חדש עם שם תצוגה @device:cm:{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device...
    ‏‏Render: מסנן חדש נוסף. לשם התצוגה @device:cm:{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device... יש כתובת 15a9b14, Default DirectSound Device
    ‏‏Render: בוחן מסנן בכתובת 15a9b14 עבור פין קלט שיש לחבר לפין פלט 15a798c אל
    ‏‏Render: שוקל לחבר פין פלט 15a798c לפין 15a9cf4 במסנן בכתובת 15a9b14
    ‏‏Render: פין פלט 15a798c חובר לפין 15a9cf4 במסנן ב- 15a9b14
    ‏‏Render: מחפש פלטים לביצוע render ממסנן בכתובת 15a9b14
    ‏‏Render: לא נמצא מסנן. המסנן בכתובת 15a9b14 הוא a renderer
    ‏‏Render: ביצוע rendering לפין יציאה 15a798c במסנן בכתובת 15a10a4 הצליח
    ‏‏RenderFile: הצליח בביצוע render לפין 15a7544 במסנן מקור בכתובת 38955c
    ‏‏RenderFile הסתיים - קוד החזרה 0
     
  11. 2010/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  12. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    hehehe sorry my bad

    02:55:58:750 3708 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
    02:55:58:750 3708 ================================================================================
    02:55:58:750 3708 SystemInfo:

    02:55:58:750 3708 OS Version: 5.1.2600 ServicePack: 3.0
    02:55:58:750 3708 Product type: Workstation
    02:55:58:750 3708 ComputerName: ANTON-220854676
    02:55:58:750 3708 UserName: Administrator
    02:55:58:750 3708 Windows directory: C:\WINDOWS
    02:55:58:750 3708 System windows directory: C:\WINDOWS
    02:55:58:750 3708 Processor architecture: Intel x86
    02:55:58:750 3708 Number of processors: 3
    02:55:58:750 3708 Page size: 0x1000
    02:55:58:765 3708 Boot type: Normal boot
    02:55:58:765 3708 ================================================================================
    02:55:59:046 3708 Initialize success
    02:55:59:062 3708
    02:55:59:062 3708 Scanning Services ...
    02:55:59:453 3708 Raw services enum returned 350 services
    02:55:59:453 3708
    02:55:59:453 3708 Scanning Drivers ...
    02:56:00:281 3708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    02:56:00:312 3708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    02:56:00:359 3708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    02:56:00:406 3708 AFD (38d7b715504da4741df35e3594fe2099) C:\WINDOWS\System32\drivers\afd.sys
    02:56:00:468 3708 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
    02:56:00:500 3708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    02:56:00:515 3708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    02:56:00:546 3708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    02:56:00:640 3708 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    02:56:00:687 3708 AtiHdmiService (1e82f05cff41316bcaa513909d99a004) C:\WINDOWS\system32\drivers\AtiHdmi.sys
    02:56:00:703 3708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    02:56:00:750 3708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    02:56:00:921 3708 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    02:56:01:000 3708 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    02:56:01:015 3708 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys
    02:56:01:031 3708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    02:56:01:078 3708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    02:56:01:078 3708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    02:56:01:125 3708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    02:56:01:140 3708 Cdrom (4b0a100eaf5c49ef3cca8c641431eacc) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    02:56:01:218 3708 cmudaxu (65cd0e639ddf9a98f14f784564bc2850) C:\WINDOWS\system32\drivers\cmudaxu.sys
    02:56:01:250 3708 DAdderFltr (cb90f77e21109ccfd114a17bd87a42a7) C:\WINDOWS\system32\drivers\dadder.sys
    02:56:01:265 3708 Disk (47b6aaec570f2c11d8bad80a064d8ed1) C:\WINDOWS\system32\DRIVERS\disk.sys
    02:56:01:296 3708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    02:56:01:312 3708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    02:56:01:343 3708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    02:56:01:375 3708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    02:56:01:625 3708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    02:56:01:718 3708 eamon (b7b3fbc5591358b89955c4189970269e) C:\WINDOWS\system32\DRIVERS\eamon.sys
    02:56:01:750 3708 ehdrv (a6823c79f80c1a76ab7f3f1f425e524c) C:\WINDOWS\system32\DRIVERS\ehdrv.sys
    02:56:01:796 3708 epfwtdir (efa0bbfbe9096e445961d18ef70317d8) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
    02:56:01:828 3708 ESLvnic1 (3f3126a8f73e92f8eb369d54977d9e15) C:\WINDOWS\system32\DRIVERS\ESLvnic.sys
    02:56:01:859 3708 exFat (4d893323dae445e34a4c9038b0551bc9) C:\WINDOWS\system32\drivers\exFat.sys
    02:56:01:875 3708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    02:56:01:906 3708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    02:56:01:937 3708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    02:56:01:953 3708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    02:56:01:968 3708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    02:56:02:000 3708 Fs_Rec (30d42943a54704ef13e2562911dbfcea) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    02:56:02:015 3708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    02:56:02:062 3708 gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
    02:56:02:078 3708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    02:56:02:109 3708 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
    02:56:02:140 3708 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    02:56:02:171 3708 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    02:56:02:234 3708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    02:56:02:281 3708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    02:56:02:281 3708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    02:56:02:328 3708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    02:56:02:343 3708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    02:56:02:343 3708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    02:56:02:359 3708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    02:56:02:375 3708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    02:56:02:390 3708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    02:56:02:421 3708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    02:56:02:468 3708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    02:56:02:500 3708 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    02:56:02:515 3708 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
    02:56:02:562 3708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    02:56:02:609 3708 KSecDD (c6ebf1d6ad71df30db49b8d3287e1368) C:\WINDOWS\system32\drivers\KSecDD.sys
    02:56:02:656 3708 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\WINDOWS\system32\drivers\mbam.sys
    02:56:02:687 3708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    02:56:02:718 3708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    02:56:02:750 3708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    02:56:02:796 3708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    02:56:02:812 3708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    02:56:02:828 3708 MRxDAV (65e818c473e220b6ab762e1966296fd1) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    02:56:02:859 3708 MRxSmb (d09b9f0b9960dd41e73127b7814c115f) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    02:56:02:859 3708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    02:56:02:890 3708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    02:56:02:890 3708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    02:56:02:906 3708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    02:56:02:906 3708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    02:56:02:921 3708 Mup (6546fe6639499fa4bef180bdf08266a1) C:\WINDOWS\system32\drivers\Mup.sys
    02:56:02:937 3708 NDIS (b5b1080d35974c0e718d64280761bcd5) C:\WINDOWS\system32\drivers\NDIS.sys
    02:56:02:953 3708 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    02:56:02:968 3708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    02:56:02:968 3708 NdisWan (b053a8411045fd0664b389a090cb2bbc) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    02:56:02:984 3708 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
    02:56:02:984 3708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    02:56:03:015 3708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    02:56:03:031 3708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    02:56:03:031 3708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    02:56:03:046 3708 Ntfs (4c51d5275ae8a16999edfe7e647d00de) C:\WINDOWS\system32\drivers\Ntfs.sys
    02:56:03:093 3708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    02:56:03:109 3708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    02:56:03:109 3708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    02:56:03:156 3708 ohci1394 (2553f7c60b8d291b5a812245e6d4da6e) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    02:56:03:218 3708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
    02:56:03:218 3708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    02:56:03:234 3708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    02:56:03:250 3708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    02:56:03:281 3708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    02:56:03:296 3708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    02:56:03:343 3708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    02:56:03:390 3708 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
    02:56:03:406 3708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    02:56:03:406 3708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    02:56:03:437 3708 pxrts (58617c7e795ef846677f24424e4c89b8) C:\WINDOWS\system32\drivers\pxrts.sys
    02:56:03:500 3708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    02:56:03:500 3708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    02:56:03:515 3708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    02:56:03:531 3708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    02:56:03:562 3708 Rdbss (77050c6615f6eb5402f832b27fd695e0) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    02:56:03:562 3708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    02:56:03:593 3708 rdpdr (c694a927eb7c354f7ae97955043a9641) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    02:56:03:640 3708 RDPWD (e8e3107243b16a549b88d145ec051b06) C:\WINDOWS\system32\drivers\RDPWD.sys
    02:56:03:687 3708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    02:56:03:718 3708 rspndr (743d7d59767073a617b1dcc6c546f234) C:\WINDOWS\system32\DRIVERS\rspndr.sys
    02:56:03:765 3708 RTLE8023xp (839141088ad7ee90f5b441b2d1afd22c) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
    02:56:03:812 3708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    02:56:03:828 3708 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
    02:56:03:859 3708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
    02:56:03:859 3708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    02:56:03:921 3708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    02:56:03:968 3708 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
    02:56:04:015 3708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    02:56:04:031 3708 Srv (30efed0c77d59ae0cacb0b5c756767ed) C:\WINDOWS\system32\DRIVERS\srv.sys
    02:56:04:062 3708 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
    02:56:04:078 3708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    02:56:04:093 3708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    02:56:04:140 3708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    02:56:04:187 3708 Tcpip (25a740d70e8007814a48d3fa1b34fa34) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    02:56:04:203 3708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    02:56:04:218 3708 TDTCP (c0578456f29e5f26285f81b7b71fe57d) C:\WINDOWS\system32\drivers\TDTCP.sys
    02:56:04:218 3708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    02:56:04:234 3708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    02:56:04:250 3708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    02:56:04:281 3708 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
    02:56:04:296 3708 usbccgp (c18d6c74953621346df6b0a11f80c1cc) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    02:56:04:312 3708 usbehci (152ee0baa614388273a0b9ae9c9fd5a0) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    02:56:04:328 3708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    02:56:04:359 3708 usbohci (c5e11cd822adf0019a5a862d9c4e2222) C:\WINDOWS\system32\DRIVERS\usbohci.sys
    02:56:04:390 3708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    02:56:04:406 3708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    02:56:04:437 3708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    02:56:04:437 3708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    02:56:04:468 3708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    02:56:04:515 3708 Wirelecf (b673d6acdc43b9c8b4f7a94e15b0a4b8) C:\WINDOWS\system32\DRIVERS\Wirelecf.SYS
    02:56:04:562 3708 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    02:56:04:562 3708 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    02:56:04:593 3708 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
    02:56:04:609 3708 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    02:56:04:609 3708
    02:56:04:609 3708 Completed
    02:56:04:609 3708
    02:56:04:609 3708 Results:
    02:56:04:609 3708 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
    02:56:04:609 3708 File objects infected / cured / cured on reboot: 0 / 0 / 0
    02:56:04:609 3708
    02:56:04:609 3708 KLMD(ARK) unloaded successfully
     
  13. 2010/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Did you run those two removal tools?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    ==========================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    no engough place



    OTL Extras logfile created on: 03/07/2010 03:25:52 - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97.65 Gb Total Space | 28.55 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
    Drive D: | 200.43 Gb Total Space | 141.59 Gb Free Space | 70.65% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ANTON-220854676
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
    "C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
    "C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
    "C:\Program Files\Cheat-Defender\Cheat-Defender.exe" = C:\Program Files\Cheat-Defender\Cheat-Defender.exe:*:Enabled:Cheat-Defender: Anti-Cheat -- (GlobalNet)
    "C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
    "C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
    "C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
    "C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
    "C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = C:\Program Files\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- ()
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
    "C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
    "C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe" = C:\Program Files\Steam\steamapps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\server.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\server.exe:*:Enabled:server -- ()
    "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
    "C:\Program Files\Ubisoft\server.exe" = C:\Program Files\Ubisoft\server.exe:*:Enabled:server -- ()
    "C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\mitm.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\Assassin's Creed II\mitm.exe:*:Enabled:mitm -- ()
    "C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
    "C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
    "C:\Program Files\Steam\steamapps\dxzit\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\dxzit\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
    "C:\Documents and Settings\Administrator\Local Settings\temp\7zSB.tmp\SymNRT.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\7zSB.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00C95D52-2172-B580-CDD3-695DDAA193BC}" = CCC Help English
    "{02B232C3-46A6-03C0-EEB6-2F518E329457}" = Catalyst Control Center HydraVision Full
    "{035D48BB-503E-4F09-9D52-EC57D3411DDC}" = Windows Live Essentials
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
    "{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0205.1
    "{0EC8FEB1-5F6C-C110-26E3-98688B131C7B}" = Catalyst Control Center Core Implementation
    "{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{1A4E71A5-643D-4536-B624-995F7E212272}" = WonderKing
    "{1C4B921A-724F-742D-A848-87BA42680DCA}" = CCC Help Korean
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = כלי ההעלאה של Windows Live
    "{21AA8C0C-0700-0434-A439-95A735A805D0}" = CCC Help Italian
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{234305B0-B206-26E0-263D-D62F89E58493}" = CCC Help Spanish
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{2AEB1EAF-9E1C-4361-8562-5AC7AE6AC177}" = ATI AVIVO Codecs
    "{3008CE00-F04D-47B6-B5DB-E11F7593754D}" = sClient+ Anti-Cheat
    "{318089B6-063F-5F09-F84E-742AAA512F3B}" = CCC Help Thai
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
    "{3794889D-F4E3-C5CD-D3B0-B605D137BD9E}" = CCC Help Polish
    "{3C105379-729D-992E-AFF1-3AD9D9CD5847}" = ccc-utility
    "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
    "{3F7022C8-0E0B-DD89-0424-4DDBBEAE9662}" = Catalyst Control Center Graphics Full Existing
    "{3F80E737-C04B-742F-39CF-16D472780D2F}" = CCC Help Greek
    "{4003780A-8579-4701-B397-C76725BB44B1}" = CCC Help Japanese
    "{47B02FDB-17F9-A8BE-23C9-B080313DA1BD}" = CCC Help Portuguese
    "{5192AB64-1154-5D5B-9292-E9DF51AE4759}" = Catalyst Control Center Localization All
    "{533EA890-F246-66D0-DBD2-C87078C5991B}" = CCC Help Chinese Standard
    "{54C1F42B-0BA1-7CB2-F175-C2B69D7FF74E}" = ccc-core-preinstall
    "{5797A1D5-2C08-4FF1-B4B4-EA25760CA543}" = 802.11g USB2.0 adapter
    "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
    "{634328D0-C948-4C4D-BDE9-58015B941648}" = Windows Live Messenger
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6E535222-B704-F8CB-C235-70CB58C362D9}" = CCC Help Swedish
    "{70B59829-7C8F-C378-B9F0-78E5C9879224}" = CCC Help Russian
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{77251F6F-90CB-C80D-D709-701517C6FF36}" = ccc-core-static
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{79A3E128-DE54-2E2A-99F8-37F7872A26FD}" = CCC Help Norwegian
    "{7AC64083-A73C-FA07-7BE9-BEFDBDCA393F}" = CCC Help Dutch
    "{80D12CA0-52A2-4E50-9379-3B101D53B8BA}" = CCC Help French
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{885A5214-9CDD-40E0-A89D-7672588748E1}" = Windows Live Call
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D05DE05-5FC1-6C0C-8DA1-807BE4EE72BB}" = CCC Help Finnish
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A083E0DD-212F-F991-EC8D-673DDD3BD9F5}" = Catalyst Control Center Graphics Light
    "{A1AEDF29-CC4F-CB06-227C-ACE1C3F92A8E}" = CCC Help Hungarian
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A409609F-E81D-B613-B7AE-89D28DAAFD26}" = CCC Help Danish
    "{ADF62610-0391-4ABA-E67C-8DF8F51F897E}" = CCC Help German
    "{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
    "{BAD68DAA-DA40-3681-996C-7B91959EC9CA}" = Catalyst Control Center Graphics Full New
    "{BCBA462D-3E1B-416C-89F8-492020D4BBF4}" = מסייע הכניסה של Windows Live
    "{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
    "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 Service Pack 1
    "{CC6B1BB4-4E06-4A5B-A166-B371B551324B}" = COMODO Internet Security
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CF7D89CA-6AB3-FD7E-903B-1821EE6453B5}" = CCC Help Chinese Traditional
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skypeâ„¢ 4.2
    "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{D8A6B20B-C028-9C52-41BF-CA706A666B45}" = CCC Help Czech
    "{E13FD48B-341E-0A3F-5306-C407E60AB28F}" = CCC Help Turkish
    "{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
    "{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{EF714D4E-B503-D848-73DD-2FE18ECA7BFB}" = Catalyst Control Center Graphics Previews Common
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "012Net" = 012Net
    "13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
    "abgx360" = abgx360 v1.0.2
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "Browser Defender_is1" = Browser Defender 2.0.6.15
    "BSPlayerf" = BS.Player FREE
    "CCleaner" = CCleaner
    "Cheat-Defender" = Cheat-Defender
    "C-Media USB Sound" = Steel Sound 5H USB
    "DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
    "DAEMON Tools Toolbar" = DAEMON Tools Toolbar
    "ESL Wire_is1" = ESL Wire 1.3
    "Fraps" = Fraps
    "GamersFirst War Rock" = War Rock
    "GameSpy Arcade" = GameSpy Arcade
    "HijackThis" = HijackThis 1.99.1
    "ICQToolbar" = ICQ Toolbar
    "ImgBurn" = ImgBurn
    "Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MapleStory" = MapleStory
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Silverlight" = Microsoft Silverlight
    "mIRC" = mIRC
    "Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
    "myBabylon_English Toolbar" = myBabylon_English Toolbar
    "SAW - The Video Game_is1" = SAW - The Video Game
    "Security Task Manager" = Security Task Manager 1.7h
    "Steam App 10" = Counter-Strike
    "Steam App 100" = Condition Zero Deleted Scenes
    "Steam App 11020" = TrackMania Nations Forever
    "Steam App 240" = Counter-Strike: Source
    "Steam App 25700" = Madballs in... Babo:Invasion
    "Steam App 320" = Half-Life 2: Deathmatch
    "Steam App 33310" = R.U.S.E. Beta
    "Steam App 340" = Half-Life 2: Lost Coast
    "Steam App 440" = Team Fortress 2
    "Steam App 500" = Left 4 Dead
    "SWAT 4" = SWAT 4
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Octoshape Streaming Services" = Octoshape Streaming Services
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 25/05/2010 17:02:55 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
    Description = ‏‏תקלה ביישום IEXPLORE.EXE, גירסה 8.0.6001.18702, תקלה במודול msxml3.dll,
    גירסה 8.100.1051.0, כתובת התקלה 0x00005c60‏.

    Error - 25/05/2010 17:12:22 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
    Description = ‏‏תקלה ביישום IEXPLORE.EXE, גירסה 8.0.6001.18702, תקלה במודול msxml3.dll,
    גירסה 8.100.1051.0, כתובת התקלה 0x00005c60‏.

    Error - 30/05/2010 14:44:24 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
    Description = ‏‏תקלה ביישום razercfg.exe, גירסה 1.0.0.1, תקלה במודול razercfg.exe,
    גירסה 1.0.0.1, כתובת התקלה 0x0000da37‏.

    Error - 30/05/2010 18:53:43 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
    Description = ‏‏תקלה ביישום sclient.exe, גירסה 4.0.0.0, תקלה במודול sc.dll, גירסה
    4.0.0.0, כתובת התקלה 0x00016d00‏.

    Error - 02/06/2010 16:25:13 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
    Description = ‏‏יישום לא מגיב Ventrilo.exe, גירסה 2.1.4.0, מודול חוסר תגובה hungapp,
    גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

    Error - 02/06/2010 16:25:57 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
    Description = ‏‏תקלה ביישום ts3client_win32.exe, גירסה 1.0.0.0, תקלה במודול fmodex.dll,
    גירסה 0.4.29.2, כתובת התקלה 0x00074c4e‏.

    Error - 03/06/2010 12:56:25 | Computer Name = ANTON-220854676 | Source = Application Error | ID = 1000
    Description = ‏‏תקלה ביישום razercfg.exe, גירסה 1.0.0.1, תקלה במודול razercfg.exe,
    גירסה 1.0.0.1, כתובת התקלה 0x0000da37‏.

    Error - 06/06/2010 15:22:17 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
    Description = ‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 8.0.6001.18702, מודול חוסר תגובה
    hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

    Error - 06/06/2010 15:22:28 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
    Description = ‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 8.0.6001.18702, מודול חוסר תגובה
    hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

    Error - 06/06/2010 15:22:29 | Computer Name = ANTON-220854676 | Source = Application Hang | ID = 1002
    Description = ‏‏יישום לא מגיב IEXPLORE.EXE, גירסה 8.0.6001.18702, מודול חוסר תגובה
    hungapp, גירסה 0.0.0.0, כתובת חוסר תגובה 0x00000000‏.

    [ System Events ]
    Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
    Description = The COMODO Internet Security Helper Service service failed to start
    due to the following error: %%3

    Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
    Description = The ESET Service service failed to start due to the following error:
    %%3

    Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Eset install launcher
    (7295) service to connect.

    Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
    Description = The Eset install launcher (7295) service failed to start due to the
    following error: %%1053

    Error - 02/07/2010 20:59:01 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cmdGuard cmdHlp Inspect

    Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
    Description = The COMODO Internet Security Helper Service service failed to start
    due to the following error: %%3

    Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
    Description = The ESET Service service failed to start due to the following error:
    %%3

    Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Eset install launcher
    (7295) service to connect.

    Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7000
    Description = The Eset install launcher (7295) service failed to start due to the
    following error: %%1053

    Error - 02/07/2010 21:22:49 | Computer Name = ANTON-220854676 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    cmdGuard cmdHlp Inspect


    < End of report >
     
  15. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
  16. 2010/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Split it between couple of replies.
     
  17. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    OTL logfile created on: 03/07/2010 03:25:52 - Run 1
    OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 97.65 Gb Total Space | 28.55 Gb Free Space | 29.23% Space Free | Partition Type: NTFS
    Drive D: | 200.43 Gb Total Space | 141.59 Gb Free Space | 70.65% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ANTON-220854676
    Current User Name: Administrator
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/03 03:21:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    PRC - [2010/06/26 20:17:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    PRC - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
    PRC - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () -- C:\Program Files\Gigabyte\EasySaver\essvr.exe
    PRC - [2008/07/03 12:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/12/13 10:03:20 | 000,801,280 | ---- | M] (Friendly Technologies) -- C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe
    PRC - [2005/08/11 14:18:10 | 000,083,608 | ---- | M] (Friendly Technologies) -- C:\Program Files\012Net\012Net-Cable dialer\fts.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/03 03:21:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    MOD - [2008/11/05 07:21:57 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
    MOD - [2008/04/14 13:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (ekrn)
    SRV - File not found [Auto | Stopped] -- -- (eins7295) Eset install launcher (7295)
    SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
    SRV - File not found [Auto | Stopped] -- -- (cmdAgent)
    SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
    SRV - [2010/01/03 17:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
    SRV - [2009/02/05 13:43:26 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/07/03 03:22:17 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\gdrv.sys -- (gdrv)
    DRV - [2010/07/03 01:35:01 | 000,061,624 | ---- | M] (Prevx) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pxrts.sys -- (pxrts)
    DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/03/26 21:49:28 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2010/03/24 20:33:52 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
    DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
    DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
    DRV - [2010/02/01 12:28:20 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ESLvnic.sys -- (ESLvnic1)
    DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/04/29 05:30:44 | 003,643,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2009/04/01 13:28:32 | 000,093,184 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2008/10/30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2008/04/14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/04/14 02:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
    DRV - [2007/04/16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
    DRV - [2005/11/03 07:50:48 | 001,391,296 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudaxu)
    DRV - [2005/09/07 11:09:36 | 000,017,230 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Wirelecf.SYS -- (Wirelecf)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
    IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://il.msn.com/iat/us_il.aspx
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 F4 B2 BD D5 B0 CA 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com "
    FF - prefs.js..browser.search.defaultenginename: "Ask.com "
    FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch "
    FF - prefs.js..browser.search.order.1: "Ask.com "
    FF - prefs.js..browser.search.selectedEngine: "Ask.com "
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=15788&l=dis "
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
    FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
    FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
    FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=IMB&o=15785&locale=en_US&apn_uid=BEB11100-3FDD-45AB-9674-BDAEE5E68E16&apn_ptnrs=HQ&apn_sauid=89B56A0A-BF91-4A96-9FC6-ECDC79E75127&apn_dtid=&q= "

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/01 23:03:30 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/26 20:17:56 | 000,000,000 | ---D | M]

    [2010/04/04 18:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
    [2010/07/01 21:15:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions
    [2010/04/23 19:00:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/01 13:25:22 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    [2010/04/20 18:00:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    [2010/06/21 23:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\illimitux@illimitux.net
    [2010/06/04 22:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\extensions\toolbar@ask.com
    [2010/07/02 20:00:50 | 000,002,555 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lyd6mmkz.default\searchplugins\askcom.xml
    [2010/04/04 18:53:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/04/20 19:43:27 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    [2010/04/01 19:10:52 | 000,001,960 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\morfix-dic.xml
    [2010/04/01 19:10:52 | 000,001,008 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-he.xml

    O1 HOSTS File: ([2010/07/03 01:25:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll File not found
    O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
    O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Program Files\Zynga\tbZyng.dll File not found
    O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
    O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [%FP%012-L2TP fts.exe] C:\Program Files\012Net\012Net-Cable dialer\fts.exe (Friendly Technologies)
    O4 - HKLM..\Run: [%FP%012-L2TP FWPortal.exe] C:\Program Files\012Net\012Net-Cable dialer\FWPortal.exe (Friendly Technologies)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
    O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe File not found
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [PRISMSVR.EXE] File not found
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE File not found
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
    O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop Components:0 (Моя текущая домашняя страница) - About:Home
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/02/18 21:38:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/18 21:37:30 | 000,000,000 | ---D | M]
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave8 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave9 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)
     
  18. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/03 03:21:03 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/03 02:35:50 | 001,013,584 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2010/07/03 01:40:00 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/07/03 01:36:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/07/03 01:36:00 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/07/03 01:36:00 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/07/03 01:36:00 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/07/03 01:36:00 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/07/03 01:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/07/03 01:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/07/03 01:35:01 | 000,061,624 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
    [2010/07/03 01:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
    [2010/07/03 01:18:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/03 01:04:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/03 00:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
    [2010/07/03 00:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
    [2010/07/02 20:02:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/02 20:02:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/02 20:02:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/02 05:09:31 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2010/07/02 05:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
    [2010/07/02 05:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
    [2010/07/02 01:24:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
    [2010/07/02 01:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/07/02 00:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/07/02 00:51:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
    [2010/07/02 00:17:25 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
    [2010/07/01 23:46:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2010/07/01 23:46:18 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
    [2010/07/01 22:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
    [2010/07/01 22:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/07/01 21:04:11 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2010/07/01 20:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
    [2010/07/01 19:56:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
    [2010/07/01 19:38:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Threat Expert
    [2010/07/01 19:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\BS_Player
    [2010/07/01 19:38:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
    [2010/07/01 19:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Zynga
    [2010/07/01 19:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\myBabylon_English
    [2010/07/01 19:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Conduit
    [2010/07/01 00:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/06/30 17:01:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/06/30 17:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/06/30 17:00:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/06/30 17:00:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\BS_Player
    [2010/06/30 17:00:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
    [2010/06/30 17:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\myBabylon_English
    [2010/06/30 17:00:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Conduit
    [2010/06/30 17:00:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Zynga
    [2010/06/30 17:00:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
    [2010/06/30 00:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\LittleFighter2
    [2010/06/29 20:27:27 | 005,341,184 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System\cmcnfgu.cpl
    [2010/06/29 20:27:27 | 000,917,504 | R--- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\cmds3du.dll
    [2010/06/29 20:27:27 | 000,098,304 | R--- | C] (C-Media) -- C:\WINDOWS\System32\cmudau.dll
    [2010/06/29 20:27:26 | 000,016,384 | R--- | C] (C-Media Corporation) -- C:\WINDOWS\System32\cmpropu.dll
    [2010/06/29 19:33:50 | 000,000,000 | ---D | C] -- C:\Program Files\Steel Sound 5H USB
    [2010/06/28 18:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AdobeStockPhotos
    [2010/06/28 01:43:35 | 003,170,352 | ---- | C] (Wizet) -- C:\ProMS.exe
    [2010/06/25 01:53:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
    [2010/06/10 11:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/06/10 11:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
    [2010/06/04 23:04:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
    [2010/05/30 20:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/05/30 20:24:07 | 000,031,104 | ---- | C] (Cypress Semiconductor) -- C:\WINDOWS\System32\drivers\CYUSB.sys
    [2010/05/30 20:24:07 | 000,022,784 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\WINDOWS\System32\drivers\dadder.sys
    [2010/05/07 15:49:35 | 007,909,376 | ---- | C] (Wizet) -- C:\GM-Client.exe
    [2010/05/07 12:28:19 | 007,909,376 | ---- | C] (Wizet) -- C:\ChilliStory.exe
    [2010/05/07 12:12:20 | 000,000,000 | ---D | C] -- C:\IcyMs
    [2010/05/03 00:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
    [2010/04/27 14:23:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AskToolbar
    [2010/04/27 14:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
    [2010/04/24 22:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\הקבצים שלי שהתקבלו
    [2010/04/24 21:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
    [2010/04/24 21:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2010/04/24 21:56:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
    [2010/04/24 21:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
    [2010/04/24 21:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2010/04/24 21:51:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
    [2010/04/23 22:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
    [2010/04/23 22:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
    [2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
    [2010/04/23 14:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
    [2010/04/23 14:52:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
    [2010/04/23 14:51:57 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
    [2010/04/23 11:45:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2010/04/20 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\myBabylon_English
    [2010/04/20 19:37:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FlashFXP
    [2010/04/20 18:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\AskBarDis
    [2010/04/20 18:00:01 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP
    [2010/04/20 18:00:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
    [2010/04/19 22:43:29 | 000,000,000 | ---D | C] -- C:\Nexon
    [2010/04/19 22:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2010/04/19 20:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
    [2010/04/18 22:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Updater
    [2010/04/18 22:32:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
    [2010/04/18 22:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
    [2010/04/18 22:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
    [2010/04/18 22:30:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
    [2010/04/18 22:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/04/18 22:29:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
    [2010/04/18 22:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2010/04/17 23:34:09 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/04/17 23:34:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/04/16 03:00:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
    [2010/04/16 03:00:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
    [2010/04/15 16:58:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
    [2010/04/13 19:35:36 | 000,000,000 | ---D | C] -- C:\fd
    [2010/04/10 12:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\cache
    [2010/04/07 19:38:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
    [2010/04/07 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
    [2010/04/07 19:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
    [2010/04/07 18:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Threat Expert
    [2010/04/07 18:08:41 | 001,652,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2010/04/07 18:08:41 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2010/04/07 18:08:41 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2010/04/07 18:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
    [2010/04/07 16:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FullTiltPoker
    [2010/04/07 14:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    [2010/04/07 14:54:02 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
    [2010/04/07 14:54:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Yahoo!
    [2010/04/07 14:54:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/04/05 18:48:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
    [2010/04/05 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FTL Shared
    [2010/04/05 16:21:36 | 000,000,000 | ---D | C] -- C:\Program Files\012Net
    [2010/04/04 18:53:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
    [2010/04/04 18:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/07/03 03:26:45 | 000,526,118 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/07/03 03:26:45 | 000,443,480 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/07/03 03:26:45 | 000,072,456 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/07/03 03:22:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/03 03:22:06 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
    [2010/07/03 03:22:02 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/03 03:22:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/03 03:21:19 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
    [2010/07/03 03:21:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
    [2010/07/03 03:21:15 | 009,606,994 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
    [2010/07/03 03:21:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2010/07/03 03:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/07/03 01:36:11 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/07/03 01:35:01 | 000,061,624 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
    [2010/07/03 01:34:57 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
    [2010/07/03 01:26:04 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/03 01:25:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/07/03 01:18:35 | 000,000,293 | RHS- | M] () -- C:\boot.ini
    [2010/07/02 20:02:33 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/07/02 01:17:41 | 000,319,840 | ---- | M] () -- C:\WINDOWS\eins1326.dll
    [2010/07/01 22:41:58 | 000,000,560 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/01 22:41:58 | 000,000,223 | ---- | M] () -- C:\Boot.bak
    [2010/07/01 22:23:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/06/30 17:25:08 | 001,013,584 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
    [2010/06/30 00:35:58 | 000,000,809 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Little Fighter 2.lnk
    [2010/06/28 18:07:43 | 000,101,893 | ---- | M] () -- C:\Documents and Settings\Administrator\AdobeFnt10.lst
    [2010/06/22 19:05:04 | 000,002,269 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/06/11 03:22:28 | 000,158,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/11 03:06:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/10 13:44:36 | 000,000,213 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Team Fortress 2.url
    [2010/06/08 04:16:01 | 000,763,832 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
    [2010/06/08 02:21:02 | 001,652,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2010/05/31 05:41:56 | 000,000,103 | ---- | M] () -- C:\KiKi.cfg
    [2010/05/20 18:54:13 | 000,000,101 | ---- | M] () -- C:\settings.ini
    [2010/05/18 21:12:38 | 000,000,047 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\long
    [2010/05/14 23:35:51 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\mIRC.lnk
    [2010/05/10 22:27:45 | 003,150,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\castrations.wmv
    [2010/05/07 12:27:54 | 002,948,786 | ---- | M] () -- C:\ChilliStory.rar
    [2010/05/07 12:27:15 | 010,444,702 | ---- | M] () -- C:\ChilliStoru_Item_Patch2.rar
    [2010/05/07 12:20:23 | 000,017,925 | ---- | M] () -- C:\ProMS20100507122023.dmp
    [2010/05/07 12:02:20 | 000,017,925 | ---- | M] () -- C:\ProMS20100507120220.dmp
    [2010/05/01 03:38:18 | 000,000,158 | ---- | M] () -- C:\ShockMS.zip
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/27 14:23:05 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
    [2010/04/26 21:34:05 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
    [2010/04/24 21:57:34 | 000,027,848 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2010/04/18 22:31:18 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
    [2010/04/18 22:26:57 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
    [2010/04/17 23:14:31 | 000,001,614 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike.lnk
    [2010/04/17 11:27:47 | 004,753,169 | ---- | M] () -- C:\SkIdRow.jc2.rar
    [2010/04/17 09:24:09 | 006,254,737 | ---- | M] () -- C:\PC4-FiLES.rld.rar
    [2010/04/17 09:23:08 | 004,003,483 | ---- | M] () -- C:\crk.rld.jc2.rar
    [2010/04/15 14:02:44 | 016,266,486 | ---- | M] () -- C:\Item.wz
    [2010/04/15 00:14:04 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/04/13 16:20:43 | 005,890,371 | ---- | M] () -- C:\fnatic-vs-sk-dust2-1004110119-de_dust2.rar
    [2010/04/07 14:54:01 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
    [2010/04/07 09:53:12 | 000,000,050 | ---- | M] () -- C:\ChilliStory.bat
    [2010/04/04 19:12:43 | 000,002,021 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Assassin's Creed II.lnk
    [2010/04/04 18:53:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
    [2010/04/04 18:53:52 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/04/04 18:53:52 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/07/03 01:36:11 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/07/03 01:18:35 | 000,000,223 | ---- | C] () -- C:\Boot.bak
    [2010/07/03 01:18:32 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/07/02 20:02:33 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/07/02 01:17:41 | 000,319,840 | ---- | C] () -- C:\WINDOWS\eins1326.dll
    [2010/07/02 00:26:35 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/06/29 20:27:47 | 000,000,482 | R--- | C] () -- C:\WINDOWS\System\CmcnfgU.ini
    [2010/06/29 20:27:27 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System\cmsnxeye.exe
    [2010/06/29 20:27:18 | 000,002,563 | R--- | C] () -- C:\WINDOWS\Cmudau.ini
    [2010/06/29 19:33:51 | 000,004,286 | R--- | C] () -- C:\WINDOWS\control.ico
    [2010/06/29 19:33:51 | 000,001,150 | R--- | C] () -- C:\WINDOWS\tray.ico
    [2010/06/28 18:07:43 | 000,101,893 | ---- | C] () -- C:\Documents and Settings\Administrator\AdobeFnt10.lst
    [2010/06/28 01:43:35 | 000,000,101 | ---- | C] () -- C:\settings.ini
    [2010/06/10 13:44:36 | 000,000,213 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Team Fortress 2.url
    [2010/05/14 23:35:51 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\mIRC.lnk
    [2010/05/13 12:30:00 | 000,000,047 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\long
    [2010/05/12 03:00:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
    [2010/05/10 22:27:18 | 003,150,944 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\castrations.wmv
    [2010/05/07 12:28:19 | 000,000,050 | ---- | C] () -- C:\ChilliStory.bat
    [2010/05/07 12:27:43 | 002,948,786 | ---- | C] () -- C:\ChilliStory.rar
    [2010/05/07 12:27:15 | 010,444,702 | ---- | C] () -- C:\ChilliStoru_Item_Patch2.rar
    [2010/05/07 12:20:23 | 000,017,925 | ---- | C] () -- C:\ProMS20100507122023.dmp
    [2010/05/07 12:02:20 | 000,017,925 | ---- | C] () -- C:\ProMS20100507120220.dmp
    [2010/04/27 14:22:53 | 000,000,250 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    [2010/04/18 22:31:18 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Adobe Gamma.lnk
    [2010/04/15 17:13:18 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
    [2010/04/13 16:20:43 | 005,890,371 | ---- | C] () -- C:\fnatic-vs-sk-dust2-1004110119-de_dust2.rar
    [2010/04/07 18:08:41 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
    [2010/04/07 18:08:41 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll.old
    [2010/04/07 18:08:41 | 000,763,832 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2010/04/07 18:08:41 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
    [2010/04/07 18:08:41 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
    [2010/04/07 18:08:41 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
    [2010/04/07 14:54:01 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
    [2010/04/05 16:21:27 | 000,011,264 | ---- | C] () -- C:\WINDOWS\icfutil.exe
    [2010/04/05 16:21:27 | 000,001,536 | ---- | C] () -- C:\WINDOWS\RunHiddenConsole.exe
    [2010/04/04 18:53:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/04/04 18:53:52 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/04/04 18:53:52 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
    [2010/04/01 12:09:21 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll
    [2010/03/07 18:32:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/02/18 21:55:25 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2010/02/18 21:33:42 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2010/02/18 21:33:41 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2010/02/18 21:33:41 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2005/09/07 11:09:36 | 000,017,230 | ---- | C] () -- C:\WINDOWS\System32\drivers\Wirelecf.SYS
    [1993/07/24 02:31:02 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\msvcrt10.dll

    ========== LOP Check ==========

    [2010/03/04 15:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\abgx360
    [2010/06/10 11:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer
    [2010/03/22 23:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BSplayer Pro
    [2010/03/26 22:06:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
    [2010/03/26 21:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
    [2010/02/24 19:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DNA
    [2010/04/20 19:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FlashFXP
    [2010/07/03 02:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
    [2010/03/03 11:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn
    [2010/03/27 02:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nexon
    [2010/03/06 19:20:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Octoshape
    [2010/03/02 23:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Publish Providers
    [2010/03/02 23:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sony
    [2010/05/14 17:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
    [2010/03/25 18:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
    [2010/02/18 21:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
    [2010/02/18 22:08:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
    [2010/07/01 22:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/04/17 23:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2010/03/26 22:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2010/03/26 21:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
    [2010/07/02 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
    [2010/04/20 18:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FlashFXP
    [2010/03/04 16:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
    [2010/04/19 22:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
    [2010/07/03 01:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
    [2010/07/03 02:13:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
    [2010/06/10 11:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
    [2010/07/03 03:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/06/28 22:06:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
    [2010/03/25 18:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
    [2010/07/03 03:01:00 | 000,000,250 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/03/29 23:58:04 | 000,003,952 | ---- | M] () -- C:\0001_config.cfg
    [2010/03/29 23:58:04 | 000,000,480 | ---- | M] () -- C:\0002_server.cfg
    [2010/03/29 23:58:04 | 000,001,073 | ---- | M] () -- C:\0003_userconfig.cfg
    [2010/03/18 20:04:14 | 000,070,905 | ---- | M] () -- C:\a205eTNkeWQ6byFic1BpfG57Nl5fJ3dNamtmcjtDJns=.jpg
    [2010/03/18 20:22:22 | 000,060,976 | ---- | M] () -- C:\a21jTC83fTdqO1JmcyM8IG5RZShlWHZ2ZmdpP2tBJkU=.jpg
    [2010/03/18 20:16:22 | 000,077,251 | ---- | M] () -- C:\aGhqTF88ezdscCQwclJsTmp7ZlVhXXZ4ZWk0QWZyT3c=.jpg
    [2010/03/18 20:00:54 | 000,057,776 | ---- | M] () -- C:\amhlfGRmSzhkPVE0QyI3TGxROV4xV016Zzo5bDxJJUs=.jpg
    [2010/02/18 21:38:05 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2008/12/13 23:37:45 | 000,006,510 | ---- | M] () -- C:\Base.wz
    [2010/07/01 22:41:58 | 000,000,223 | ---- | M] () -- C:\Boot.bak
    [2010/07/03 01:18:35 | 000,000,293 | RHS- | M] () -- C:\boot.ini
    [2008/12/13 23:37:45 | 000,118,784 | ---- | M] () -- C:\Canvas.dll
    [2009/11/22 20:11:20 | 202,171,008 | ---- | M] () -- C:\Character.wz
    [2010/05/07 12:27:15 | 010,444,702 | ---- | M] () -- C:\ChilliStoru_Item_Patch2.rar
    [2010/04/07 09:53:12 | 000,000,050 | ---- | M] () -- C:\ChilliStory.bat
    [2010/03/01 03:57:57 | 007,909,376 | ---- | M] (Wizet) -- C:\ChilliStory.exe
    [2010/05/07 12:27:54 | 002,948,786 | ---- | M] () -- C:\ChilliStory.rar
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/07/03 01:29:42 | 000,031,728 | ---- | M] () -- C:\ComboFix.txt
    [2010/02/18 21:38:05 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/03/18 19:59:04 | 000,012,512 | ---- | M] () -- C:\CONFIG_NjhoTDM3UGxlPCQydyZne2wkZ1VjKkx6ZWc5bG5AJUg=.txt
    [2010/04/17 09:23:08 | 004,003,483 | ---- | M] () -- C:\crk.rld.jc2.rar
    [2010/02/18 22:05:12 | 000,000,086 | ---- | M] () -- C:\csb.log
    [2008/12/13 23:37:48 | 007,852,215 | ---- | M] () -- C:\Effect.wz
    [2008/12/13 23:37:48 | 000,745,638 | ---- | M] () -- C:\Etc.wz
    [2010/04/13 16:20:43 | 005,890,371 | ---- | M] () -- C:\fnatic-vs-sk-dust2-1004110119-de_dust2.rar
    [2008/10/14 14:06:04 | 000,277,697 | ---- | M] (INCA Internet Co., Ltd.) -- C:\GameGuard.des
    [2009/10/12 08:18:46 | 007,909,376 | ---- | M] (Wizet) -- C:\GM-Client.exe
    [2008/12/13 23:37:48 | 000,253,952 | ---- | M] () -- C:\Gr2D_DX8.dll
    [2010/06/30 00:54:51 | 000,004,804 | ---- | M] () -- C:\graph.log
    [2010/03/18 18:58:00 | 000,000,108 | ---- | M] () -- C:\HanumMS.bat
    [2008/10/14 14:06:10 | 000,352,256 | ---- | M] (Intel Corporation) -- C:\ijl15.dll
    [2010/04/17 11:31:59 | 000,000,225 | ---- | M] () -- C:\INSTRAC.txt
    [2010/02/18 21:38:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/04/15 14:02:44 | 016,266,486 | ---- | M] () -- C:\Item.wz
    [2010/02/11 13:10:22 | 000,216,936 | ---- | M] () -- C:\JC2 readme_EN.rtf
    [2010/02/11 13:10:22 | 000,227,899 | ---- | M] () -- C:\JC2 readme_ES.rtf
    [2010/02/11 13:10:22 | 000,225,057 | ---- | M] () -- C:\JC2 readme_FR.rtf
    [2010/02/11 13:10:21 | 000,326,190 | ---- | M] () -- C:\JC2 readme_GE.rtf
    [2010/02/11 13:10:21 | 000,247,791 | ---- | M] () -- C:\JC2 readme_IT.rtf
    [2010/02/11 13:10:21 | 000,251,063 | ---- | M] () -- C:\JC2 readme_PL.rtf
    [2010/02/11 13:10:21 | 000,297,158 | ---- | M] () -- C:\JC2 readme_RU.rtf
    [2010/02/19 13:12:30 | 000,002,362 | ---- | M] () -- C:\Just Cause 2_disk1.sim
    [2010/02/19 13:12:30 | 000,000,268 | ---- | M] () -- C:\Just Cause 2_disk1.sis
    [2010/05/31 05:41:56 | 000,000,103 | ---- | M] () -- C:\KiKi.cfg
    [2008/12/17 08:34:52 | 000,011,776 | ---- | M] () -- C:\KiKi.dll
    [2010/03/23 22:08:25 | 000,000,040 | ---- | M] () -- C:\KydMS.bat
    [2008/10/14 14:08:16 | 000,290,816 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\l3codeca.acm
    [2008/10/14 14:08:16 | 000,013,336 | ---- | M] () -- C:\List.wz
    [2010/03/18 20:36:14 | 000,002,878 | ---- | M] () -- C:\LOG_OWw3TTE6TmU6bCEwdCA5eW8gZVcyJ3ZHZjdocmVAfXg=.txt
    [2008/12/13 23:38:02 | 443,770,292 | ---- | M] () -- C:\Map.wz
    [2008/10/14 14:21:34 | 000,000,401 | ---- | M] () -- C:\MapleStoryUS.ini
    [2008/12/13 23:38:21 | 206,320,793 | ---- | M] () -- C:\Mob.wz
    [2008/12/13 23:38:21 | 003,485,868 | ---- | M] () -- C:\Morph.wz
    [2010/02/18 21:38:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/12/13 23:38:21 | 000,143,360 | ---- | M] () -- C:\NameSpace.dll
    [2010/03/18 20:25:22 | 000,057,420 | ---- | M] () -- C:\Nm43TTNqem1nZ05fdVNleToials0VnZ2Y2xjbGVAfXc=.jpg
    [2008/12/13 23:38:22 | 031,455,410 | ---- | M] () -- C:\Npc.wz
    [2008/10/14 14:44:16 | 000,409,680 | ---- | M] (INCA Internet Co., Ltd.) -- C:\npkcrypt.dll
    [2008/10/14 14:44:16 | 000,023,217 | ---- | M] (INCA Internet Co., Ltd.) -- C:\npkcrypt.sys
    [2008/10/14 14:44:18 | 000,026,344 | ---- | M] () -- C:\npkcrypt.vxd
    [2008/10/14 14:44:18 | 000,015,472 | ---- | M] (INCA Internet Co., Ltd.) -- C:\npkcusb.sys
    [2008/10/14 14:44:20 | 000,053,248 | ---- | M] (INCA Internet Co., Ltd.) -- C:\npkpdb.dll
    [2008/04/14 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/04/14 13:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/03/12 09:42:33 | 000,000,035 | ---- | M] () -- C:\NxStStory.bat
    [2010/03/18 20:35:52 | 000,056,233 | ---- | M] () -- C:\NzxpIjBoS2c7aCNec046UWpSNVxgW0l5YTllPDxCe0s=.jpg
    [2010/03/18 20:32:38 | 000,074,309 | ---- | M] () -- C:\OGs3JDJkUWQ5cE8ycXw8eW4hYyxgKEx6ZWNqPjtAIkw=.jpg
    [2010/03/27 01:51:43 | 979,508,940 | ---- | M] () -- C:\OhMyNoobV62.rar
    [2008/12/15 19:38:32 | 000,000,089 | ---- | M] () -- C:\OhMyNoobV62.txt
    [2010/03/18 20:10:02 | 000,047,403 | ---- | M] () -- C:\OWtieWNqS2dsPU8xdyVmfG5RYVUxVEVHZWM1PTtxfXc=.jpg
    [2010/07/03 03:21:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/03/21 19:18:57 | 000,000,046 | ---- | M] () -- C:\PassoverMS.bat
    [2008/10/14 14:44:30 | 001,388,544 | ---- | M] () -- C:\Patcher.exe
    [2010/04/19 18:53:09 | 000,002,211 | ---- | M] () -- C:\Patcher.log
    [2010/04/17 09:24:09 | 006,254,737 | ---- | M] () -- C:\PC4-FiLES.rld.rar
    [2008/12/13 23:38:22 | 000,114,688 | ---- | M] () -- C:\PCOM.dll
    [2008/11/11 09:27:40 | 003,170,352 | ---- | M] (Wizet) -- C:\ProMS.exe
    [2010/05/07 12:20:23 | 000,001,482 | ---- | M] () -- C:\ProMS20100507.LOG
    [2010/05/07 12:02:20 | 000,017,925 | ---- | M] () -- C:\ProMS20100507120220.dmp
    [2010/05/07 12:20:23 | 000,017,925 | ---- | M] () -- C:\ProMS20100507122023.dmp
    [2008/12/13 23:38:22 | 002,792,856 | ---- | M] () -- C:\Quest.wz
    [2008/12/13 23:38:25 | 028,791,144 | ---- | M] () -- C:\Reactor.wz
    [2010/03/25 17:46:07 | 000,000,042 | ---- | M] () -- C:\ReaLifeMs.bat
    [2008/12/13 23:38:25 | 000,049,152 | ---- | M] () -- C:\ResMan.dll
    [2010/02/18 22:03:15 | 000,002,619 | ---- | M] () -- C:\RHDSetup.log
    [2010/07/03 03:22:50 | 000,000,124 | ---- | M] () -- C:\service.log
    [2010/05/20 18:54:13 | 000,000,101 | ---- | M] () -- C:\settings.ini
    [2008/12/13 23:38:25 | 000,086,016 | ---- | M] () -- C:\Shape2D.dll
    [2010/05/01 03:38:18 | 000,000,158 | ---- | M] () -- C:\ShockMS.zip
    [2010/04/17 11:27:47 | 004,753,169 | ---- | M] () -- C:\SkIdRow.jc2.rar
    [2008/12/13 23:38:34 | 047,776,466 | ---- | M] () -- C:\Skill.wz
    [2008/12/13 23:38:46 | 267,728,874 | ---- | M] () -- C:\Sound.wz
    [2008/12/13 23:38:46 | 000,147,456 | ---- | M] () -- C:\Sound_DX8.dll
    [2009/03/17 14:10:08 | 000,000,029 | ---- | M] () -- C:\StartGame.bat
    [2009/11/13 22:11:46 | 003,424,028 | ---- | M] () -- C:\String.wz
    [2008/12/13 23:38:46 | 000,000,483 | ---- | M] () -- C:\TamingMob.wz
    [2010/07/03 02:56:04 | 000,033,820 | ---- | M] () -- C:\TDSSKiller.txt
    [2008/12/13 23:38:47 | 013,602,497 | ---- | M] () -- C:\UI.wz
    [2010/03/08 23:22:45 | 000,000,047 | ---- | M] () -- C:\VeRtIgO-MS.bat
    [2008/10/14 14:53:46 | 000,524,288 | ---- | M] (Wizet) -- C:\WzFlashRenderer.dll
    [2008/12/07 00:39:52 | 000,176,276 | ---- | M] () -- C:\WzMss.dll
    [2010/03/18 20:19:24 | 000,059,686 | ---- | M] () -- C:\Z2c3TTI4TDhqcH1kdyRpfW1TZywvXUdHODliQGZyIkU=.jpg
    [2010/03/18 20:29:08 | 000,048,218 | ---- | M] () -- C:\ZGloUTFkeWg6aX1icyVoSz59Y1ZkXXVMaWo1aTt2T3g=.jpg
    [2010/03/18 20:13:46 | 000,067,323 | ---- | M] () -- C:\ZGpoTTFtSTlqPlJjcyE4SmxOaV5eJ3dLamVobzp1JEc=.jpg
    [2010/03/18 20:06:36 | 000,065,874 | ---- | M] () -- C:\Zmg3fGJmT2Y3aE9mcCVnemlQYlhdVkh2ZWpjbDxxTns=.jpg
    [2010/03/30 08:47:58 | 000,000,279 | ---- | M] () -- C:\קיצור דרך אל ‎דיסק מקומי‏ (C‎).lnk

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 21:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 20:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 21:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 20:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2009/04/29 04:18:06 | 000,442,368 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
    [2008/04/14 13:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
    [2008/04/14 13:00:00 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
    [2008/04/14 13:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
    [2009/03/08 04:22:38 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
    [2008/04/14 13:00:00 | 000,237,056 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
    [2008/04/14 13:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
    [2008/04/14 13:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
    [2008/04/14 13:00:00 | 000,007,168 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
    [2008/10/23 14:39:40 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
    [2008/04/14 13:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
    [2008/04/14 13:00:00 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2010/02/18 23:23:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2010/02/18 23:23:55 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2010/02/18 23:23:55 | 000,933,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/14 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/14 13:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2help.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2010/02/18 21:48:15 | 000,000,079 | ---- | M] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf
    [2010/02/18 21:48:15 | 000,000,079 | ---- | C] ()(C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\???????? ??? ????.scf) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Свернуть все окна.scf

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    < End of report >
     
  19. 2010/07/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download Security Check from HERE, and save it to your Desktop.

    * Double-click SecurityCheck.exe
    * Follow the onscreen instructions inside of the black box.
    * A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    ================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (ekrn)
      SRV - File not found [Auto | Stopped] -- -- (eins7295) Eset install launcher (7295)
      SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)
      SRV - File not found [Auto | Stopped] -- -- (cmdAgent)
      DRV - [2010/03/24 20:33:52 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
      DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
      DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
      IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
      O4 - HKLM..\Run: [PRISMSVR.EXE] File not found
      O4 - HKLM..\Run: [WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE File not found
      O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
      O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
      O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found
      O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2010/07/02 05:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO
      [2010/07/02 05:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
      [2010/07/02 01:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
      [2010/04/23 22:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
      [2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
      [2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
      [2010/04/17 23:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
      [2010/07/01 22:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
      [2010/07/02 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
      @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
      @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
       "EnableFirewall" =dword:00000001
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [Reboot]
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
     
  20. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    All processes killed
    Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (ekrn)> in the current context!
    Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (eins7295) Eset install launcher (7295)> in the current context!
    Error: Unable to interpret <SRV - File not found [On_Demand | Stopped] -- -- (EhttpSrv)> in the current context!
    Error: Unable to interpret <SRV - File not found [Auto | Stopped] -- -- (cmdAgent)> in the current context!
    Error: Unable to interpret <DRV - [2010/03/24 20:33:52 | 000,095,872 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)> in the current context!
    Error: Unable to interpret <DRV - [2010/03/24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)> in the current context!
    Error: Unable to interpret <DRV - [2010/03/24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)> in the current context!
    Error: Unable to interpret <IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found> in the current context!
    Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
    Error: Unable to interpret <O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found> in the current context!
    Error: Unable to interpret <O4 - HKLM..\Run: [PRISMSVR.EXE] File not found> in the current context!
    Error: Unable to interpret <O4 - HKLM..\Run: [WiFiCFG.EXE] C:\Program Files\802.11g USB2.0 adapter\WiFiCFG.EXE File not found> in the current context!
    Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found> in the current context!
    Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found> in the current context!
    Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll File not found> in the current context!
    Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found> in the current context!
    Error: Unable to interpret <O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found> in the current context!
    Error: Unable to interpret <[2010/07/02 05:09:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMODO> in the current context!
    Error: Unable to interpret <[2010/07/02 05:03:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader> in the current context!
    Error: Unable to interpret <[2010/07/02 01:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET> in the current context!
    Error: Unable to interpret <[2010/04/23 22:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton> in the current context!
    Error: Unable to interpret <[2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller> in the current context!
    Error: Unable to interpret <[2010/04/23 22:38:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller> in the current context!
    Error: Unable to interpret <[2010/04/17 23:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9> in the current context!
    Error: Unable to interpret <[2010/07/01 22:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software> in the current context!
    Error: Unable to interpret <[2010/07/02 01:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET> in the current context!
    Error: Unable to interpret <@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2> in the current context!
    Error: Unable to interpret <@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86> in the current context!
    Error: Unable to interpret <@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8> in the current context!
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\ "EnableFirewall" |dword:00000001 /E : value set successfully!
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 25815025 bytes
    ->Temporary Internet Files folder emptied: 3951627 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 53779512 bytes
    ->Flash cache emptied: 1034647 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temporary Internet Files folder emptied: 33862406 bytes
    ->Flash cache emptied: 405 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 140320 bytes
    ->Flash cache emptied: 405 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 116203 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 31448913 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 143.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    OTL by OldTimer - Version 3.2.7.0 log created on 07032010_044819

    Files\Folders moved on Reboot...
    File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YHZMML9X\st[1] not found!
    File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YHZMML9X\st[2] not found!
    File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YHZMML9X\st[3] not found!
    File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YHZMML9X\st[4] not found!

    Registry entries deleted on Reboot...
     
  21. 2010/07/03
    adamexsa

    adamexsa Inactive Thread Starter

    Joined:
    2010/07/02
    Messages:
    20
    Likes Received:
    0
    Results of screen317's Security Check version 0.99.4
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Antivirus out of date! (On Access scanning disabled!)
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Out of date HijackThis installed!
    Malwarebytes' Anti-Malware
    HijackThis 1.99.1
    CCleaner
    Adobe Flash Player 10.0.45.2
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.